Hello,
I have worked with wireless technology on and off for
a few years now and feel I have a solid grasp of
general best practice, but would appreciate some of
your thoughts on the below subjects. I am aware of
other infrastructure and configuration settings
necessary to minimize the wireless footprint and
maximize security (disable SSID broadcast, change
admin passwords, place the AP in the DMZ on a switched
network / VLAN, etc). I realize this type of question
has been asked on lists before, but the majority of
answers alsways default to the configurations from the
previous sentence. I would greatly appreciate
specific input on the following questions:
The questions below are asked with the intention of
deploying wireless in a bank/hostpital type
environment.
1. Security Controls
What have you seen / implemented as a standard for
wireless security? I know LEAP is out of the question
due to the dictionary attack vulerability. Possibly
PEAP or some other 802.1x standard?
Authentication - I usually see authentication through
the DMZ to a back end Radius or Active Directory
server. Any other options?
Do you require your users to VPN through the DMZ to
access internal network resources?
2. How have you detered users from using their
laptops at the local coffee shop? Policies and
procedures are a start, but are any system level
controls in place to only allow connections to the
corporate environment? I would be concered an
employee may have information traveling in the air on
an open network (or have their machines comprimized
while drinking some latte).
3. Rogue Wireless Detection - I have done much
reading on this subject and would like to know how you
all tackle this issue. Some suggest cool toys like
AirDefense, etc. Others suggest some sort of MAC
monitoring on switches/routers. I am a fan of walking
around with Kismet every few weeks. The major issue I
have encountered with walking around is the problem of
neighboring buildings (in a downtown environment).
It's easy enough to find the APs you know about, but
finding a rogue AP connected to your network becomes a
challenge with all of the other APs popping up. The
only way I have found around this is to take a best
guess based on signal/noise strength and go from
there. Any thoughts/suggestions on what you have read
or deployed?
I realize there is no silver bullet for all of these
questions and that there is a balance that is
necessary between security, functionality, ease of
use, management, and not loading the air with so much
overhead that wireless connections become unusable.
Your feedback is greatly appreciated.
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
Now with Pop-Up Blocker. Get it for free!
http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/5AhqlB/TM
---------------------------------------------------------------------~->
*******
Wireless LAN Weblog - WLAN Forum
http://www.wireless--lan.com/wlanforum.html
Wireless LAN Search
http://search.freefind.com/find.html?id=6750665
Wireless LAN Jobs - WLAN Jobs
http://groups.yahoo.com/group/wlanjobs/
Top WLAN Sites
http://topsitelists.com/topsites.cgi?ID=1&user=wirelesslan&area=bestsites
Wireless LAN Books
http://www.stockhelp.net/bluetoothbooks.html
If you got this from someone else you can join at
http://groups.yahoo.com/group/wirelesslan/ or
mailto:[EMAIL PROTECTED]
To unsubscribe: mailto:[EMAIL PROTECTED]
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/wirelesslan/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
