-
March 11th, 2004, 04:29 PM
#11
Just an update with more specifics...The boss just wants a few wireless notebooks to be able to connect to the existing LAN, and we're looking at well-ranged 802.11 b/g devices. Does that pinpoint things a bit better?
-
March 11th, 2004, 06:59 PM
#12
Junior Member
Couple of things.
- if you can avoid deploying wireless at all, do so
- if you must deploy wireless, here are few tips:
- do NOT put the WAP on your internal network, hang it off of a DMZ on your firewall and require users to VPN into your network once they've connected to the WAP
- DO use WEP, it's weak, but every little bit helps (think defense in depth)
- DO use MAC address filtering (again, defense in depth)
- Once you've got the network set up, take your own laptop and walk around the building to see how far your radio signal reaches. Limiting the signal strength is beyond the scope of a simple forum post, but at least knowing how far you've just extended your network will make you aware of your exposure.
- get your hands on a WAP that supports WPA (basically WEP with TKIP)
Those are some quick points off the top of my head.
--Ben
-
March 11th, 2004, 07:27 PM
#13
- if you can avoid deploying wireless at all, do so
- if you must deploy wireless, here are few tips:
- do NOT put the WAP on your internal network, hang it off of a DMZ on your firewall and require users to VPN into your network once they've connected to the WAP
- DO use WEP, it's weak, but every little bit helps (think defense in depth)
- DO use MAC address filtering (again, defense in depth)
- Once you've got the network set up, take your own laptop and walk around the building to see how far your radio signal reaches. Limiting the signal strength is beyond the scope of a simple forum post, but at least knowing how far you've just extended your network will make you aware of your exposure.
- get your hands on a WAP that supports WPA (basically WEP with TKIP)
Very good advice venom600...
I do not work in a large crowded city where security 10 or 20 feet outside of my building would be a concern. I suppose I do sometimes need to figure in the possibilities of industial espionage, Bandwidth hijacking, and possibly Homeland security against Terrorism, and other risks when suggesting a simple fix for a small in-house network.
AngelicKnight... what is the element of security you are trying to achieve, are there people out there who could benifit from cracking your network?
I have a question; are you the bug, or the windshield?
-
March 30th, 2004, 04:14 PM
#14
are there people out there who could benifit from cracking your network?
Yeah wardrivers!
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
-Walt Whitman-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|