At 09:03 PM 5/9/2004, you wrote: >1. Security Controls >What have you seen / implemented as a standard for wireless security?
802.1x with WPA, PEAP works great. Most of the time you need a supplicant client on the user's PC for this. We use Funk's Odyssey client. YOu can download it free to test. If you have an Enterprise class access point you can implement 802.1x and try it all for free. There's really no other decent way in my opinion! >Authentication - I usually see authentication through the DMZ to a back >end Radius or Active Directory >server. Any other options? With our setup the user never gets past the access point until he's considered secure. The AP does the authentication back to the RADIUS server on behalf of the user and only when the user has been verified does the path open further. The PC's Windows credentials do the job and the user knows nothing of passwords, logins, WEP keys or anything else other than how to log on to his PC. >Do you require your users to VPN through the DMZ to access internal >network resources? All external users should be required to use VPN. No need for it inside with the 802.1x solution. > >2. How have you detered users from using their laptops at the local >coffee shop? Why do that? The VPN is encrypted. If you block them, they lose the very ability of being able to work from home, conventions, coffee shops, etc. >3. Rogue Wireless Detection - There are many ways to do this.A scanner of sorts that has the ability of detecting MACS on your network is a possible route. It looks for MACS that you don't recognize. Kismet and other monitors are good too. The Air Defense and AirMagnet solutions are expensive, but also serve a purpose. Your IT staff could be trained to look for telltale signs (like strange boxes with antennas sitting on people's desks, etc) ------------------------ Yahoo! Groups Sponsor ---------------------~--> Yahoo! Domains - Claim yours for only $14.70 http://us.click.yahoo.com/Z1wmxD/DREIAA/yQLSAA/5AhqlB/TM ---------------------------------------------------------------------~-> ******* Wireless LAN Weblog - WLAN Forum http://www.wireless--lan.com/wlanforum.html Wireless LAN Search http://search.freefind.com/find.html?id=6750665 Wireless LAN Jobs - WLAN Jobs http://groups.yahoo.com/group/wlanjobs/ Top WLAN Sites http://topsitelists.com/topsites.cgi?ID=1&user=wirelesslan&area=bestsites Wireless LAN Books http://www.stockhelp.net/bluetoothbooks.html If you got this from someone else you can join at http://groups.yahoo.com/group/wirelesslan/ or mailto:[EMAIL PROTECTED] To unsubscribe: mailto:[EMAIL PROTECTED] Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/wirelesslan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
