If there internal network can be accessed when the AP is on the outside interface of the firewall they have some serious issues with their firewall, becuase this means that not only people coming in through wireless but anyone coming from the internet can get to their internal network.

Normally putting the AP outside the firewall and treating wireless users as telecommuters and forcing them to VPN in is an acceptable solution, however this implies that the firewall is actualy doing what it is supposed to.


Ken

Lile Elam wrote:
Hi folks,

So I have a client who had an AP on their internal business network
which was completely open... no password or WEP was enabled. Needless
to say, anyone could connect to any machine on their network from
the street.

I suggested that we put the AP on the outside of their firewall and leave it open. We tried this but it turns out that access to
inside machines was still available.

So we turned on WEP and set a password on the AP for the network.
Now I was talking with a few network geeks in a hottub about this
and we were discussing what the best configuration would be... the majority of response was that I should move the AP back into
the internal network and leave WEP on.
This was a surprise... I would have thought that you would want
to keep the AP in the DMZ zone... and not on the internal network.
Also, I am wondering why people could see the internal network machines from the DMZ... was the router not really protecting the
internal network?

Ideally I would like to set up such clients with AP's in the DMZ
zones that are completely open so that there will be more public
access points.
Would love to hear folks comments on the above... and ideas on what the best config would be.
thanks,

-lile

hacker artist
GeekMaids.Com - Creating Order out of Chaos... Cleaning and Beyond!

--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless

--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless

Reply via email to