As of now this is done - multiple SSID , multiple VLANs on AP and my
APs are now connected to Layer2 switch, 802.1q enabled on the switch
port.
What are the steps to be done on the switch to secure it ?
On 5/25/07, Cedric Blancher <blancher (at) cartel-securite (dot) fr [email concealed]> wrote:
> Le jeudi 24 mai 2007 à 21:20 -0500, Tsu a écrit :
> > You have taken a hostile attitude on a technical discussion.
>
> You're right. My bad.
>
> > Concerning the vulnerability attacks: If everyone in the world took
> > your excellent recommendations and implemented them throughout their
> > switched infrastructure then there wouldn't be any issues w/ VLANs.
> > Unfortunately, as I said before this is usually not the case.
>
> This can be extended to anything. If people we doing IT like
> recommandations, we would be out of job. But we don't tell them to do
> something else.
>
> > Not to mention this thread was started by someone that was new to
> > VLAN's asking about using them for security. In a sense you are
> > telling someone asking about a kite how to launch a rocket ship.
>
> I feel someone being new to wireless networks and the way you implement
> it, maybe not to VLAN as a general matter. In addition to this, I just
> ask the question.
> If we were talking about one AP, although I don't agree on VLAN
> security, I would tend to follow for your way, for the sake of
> configuration pain. But, we're talking of 10 APs. What does he do ? Cut
> in half ? 5 of each ? Or double them, i.e. 20 ?
>
> To rephrase, I and you don't know about the context, and killing one
> solution that could be valuable just because you think the guy is not
> good enough to make it right, does not seem to me to be quite a valuable
> answer, especially because it lies on a wrong statement.
>
> I use to see a lot of vulnerable websites, secure one being the
> exception. I don't tell people not to use PHP unless they clearly don't
> need it. I use to see awfully configured firewalls, I don't tell people
> not to use firewalls. Etc.
>
> > if you are providing wireless access to the public then you should
> > physically separate the networks or at least firewall them off from
> > one another.
>
> I don't understand your last statement. Or you separate, or you
> firewall. So if we use VLAN, we have to firewall VLANs from each other,
> right ? Who stated we didn't need to firewall VLANs from each other ?
>
> Have a good day too.
>
>
> --
> http://sid.rstack.org/
> PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
> >> Hi! I'm your friendly neighbourhood signature virus.
> >> Copy me to your signature file and help me spread!
>
>
As of now this is done - multiple SSID , multiple VLANs on AP and my
APs are now connected to Layer2 switch, 802.1q enabled on the switch
port.
What are the steps to be done on the switch to secure it ?
On 5/25/07, Cedric Blancher <blancher (at) cartel-securite (dot) fr [email concealed]> wrote:
> Le jeudi 24 mai 2007 à 21:20 -0500, Tsu a écrit :
> > You have taken a hostile attitude on a technical discussion.
>
> You're right. My bad.
>
> > Concerning the vulnerability attacks: If everyone in the world took
> > your excellent recommendations and implemented them throughout their
> > switched infrastructure then there wouldn't be any issues w/ VLANs.
> > Unfortunately, as I said before this is usually not the case.
>
> This can be extended to anything. If people we doing IT like
> recommandations, we would be out of job. But we don't tell them to do
> something else.
>
> > Not to mention this thread was started by someone that was new to
> > VLAN's asking about using them for security. In a sense you are
> > telling someone asking about a kite how to launch a rocket ship.
>
> I feel someone being new to wireless networks and the way you implement
> it, maybe not to VLAN as a general matter. In addition to this, I just
> ask the question.
> If we were talking about one AP, although I don't agree on VLAN
> security, I would tend to follow for your way, for the sake of
> configuration pain. But, we're talking of 10 APs. What does he do ? Cut
> in half ? 5 of each ? Or double them, i.e. 20 ?
>
> To rephrase, I and you don't know about the context, and killing one
> solution that could be valuable just because you think the guy is not
> good enough to make it right, does not seem to me to be quite a valuable
> answer, especially because it lies on a wrong statement.
>
> I use to see a lot of vulnerable websites, secure one being the
> exception. I don't tell people not to use PHP unless they clearly don't
> need it. I use to see awfully configured firewalls, I don't tell people
> not to use firewalls. Etc.
>
> > if you are providing wireless access to the public then you should
> > physically separate the networks or at least firewall them off from
> > one another.
>
> I don't understand your last statement. Or you separate, or you
> firewall. So if we use VLAN, we have to firewall VLANs from each other,
> right ? Who stated we didn't need to firewall VLANs from each other ?
>
> Have a good day too.
>
>
> --
> http://sid.rstack.org/
> PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
> >> Hi! I'm your friendly neighbourhood signature virus.
> >> Copy me to your signature file and help me spread!
>
>
[ reply ]