I've been holding off on posting to the thread 'cause I"m so damned busy lately, but since someone invoked me by name, I've been pulled out of my shell. :-)
Yes, this is a core feature of the Sputnik Enterprise Gateway and Wireless Router - allowing you to put your AP inside your firewall, but forcing all users to strongly authenticate before being given access, via a local authentication agent and local datastore. Enrique, thanks for the vote of confidence, we're working our assess off getting something really cool to show (and sell) to you folks ASAP. /me re-enters lurker mode Dave On Mon, 2002-10-28 at 17:54, Enrique LaRoche wrote: > I think this problem is the single biggest impediment to either prolific > hotspots or mesh networks. > I think a modified Sputnik paradigm or some simple steps to impliment this > would be one of the best things this group could do for the community as a > whole. > > Hey David (Sifrey)I would have no problem Purchasing your software at a > price of under $100.00 if the authentication was local as an option. > Same Idea as before but local authentication and default separation of the > Lan from the Wireless. > > Thanks > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:wireless-admin@;lists.bawug.org]On Behalf Of Seoane, Dan > Sent: Monday, October 28, 2002 4:26 PM > To: 'Lile Elam'; '[EMAIL PROTECTED]' > Cc: '[EMAIL PROTECTED]' > Subject: RE: [BAWUG] AP placement on network ? > > > The more secure way would be to put it outside the firewall, use LEAP or > EAP/TLS for authentication and VPN back into the corp. net. Static WEP alone > is easily cracked but you will still have a secondary auth. To get past to > get to the corp. net. But the problem is that if someone gets associated to > your wireless segment then any systms on that segment and the AP is > vulnerable and will be compromised and then they get past your F/W. > > -d > > -----Original Message----- > From: Lile Elam [mailto:lile@;art.net] > Sent: Monday, October 28, 2002 2:53 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: [BAWUG] AP placement on network ? > > > > Hi folks, > > So I have a client who had an AP on their internal business network which > was completely open... no password or WEP was enabled. Needless to say, > anyone could connect to any machine on their network from the street. > > I suggested that we put the AP on the outside of their firewall > and leave it open. We tried this but it turns out that access to inside > machines was still available. > > So we turned on WEP and set a password on the AP for the network. > > Now I was talking with a few network geeks in a hottub about this and we > were discussing what the best configuration would be... > the majority of response was that I should move the AP back into the > internal network and leave WEP on. > > This was a surprise... I would have thought that you would want to keep the > AP in the DMZ zone... and not on the internal network. Also, I am wondering > why people could see the internal network > machines from the DMZ... was the router not really protecting the internal > network? > > Ideally I would like to set up such clients with AP's in the DMZ zones that > are completely open so that there will be more public access points. > > Would love to hear folks comments on the above... and ideas on > what the best config would be. > > thanks, > > -lile > > hacker artist > GeekMaids.Com - Creating Order out of Chaos... Cleaning and Beyond! > > -- > general wireless list, a bawug thing <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless > -- > general wireless list, a bawug thing <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless > > -- > general wireless list, a bawug thing <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless -- David L. Sifry GPG Key: http://www.sifry.com/david/key.html Key Fingerprint: 7E60 4EDE EB5F AA2D 2F25 8CD3 FE17 C4F8 BDE8 D1B0 -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
