Wireless Security
Wireless Infrastructure Nov 01 2011 01:54AM
Seth Fogie (seth fogieonline com) (4 replies)
RE: Wireless Infrastructure Nov 01 2011 03:12PM
Kripton, Bruce (Kripton Bruce scrippshealth org)
RE: Wireless Infrastructure Nov 01 2011 09:44AM
Charlton, Ceri \(CSS\) (Ceri Charlton capita co uk)
Hi Seth,

It depends an awful lot on:
Size of area to be covered.
Number of guests who need concurrent access.
Regulatory/compliance/general security requirement applying to the
internal area you're trying to keep separate.

That said, my usual recommendation, for most customers' environments is
that unless the guest network needs to cover a huge area, it is usually
better to have a dedicated air-gapped network and internet connection
for guest wifi access. If it's only one area it needs to cover (EG a
lobby in one office), I have never seen an instance where it wasn't
cheaper to have a single dedicated internet connect and WAP set up for
this purpose.

I have seen customers' non-technical bean counters perceive a standalone
as, "spending more money on something we already have" when they hear
that routing it over the existing network is technically possible. It
needs *very* little work to be required, disruption to the internal
network internet access or even perceived risk to compliance/security of
the internal network before the cost of segmentation, testing/proving
segmentation and ongoing maintenance dwarves the $50 a month it would
cost to provide a standalone WAP.



-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Seth Fogie
Sent: 01 November 2011 01:55
To: wifisec (at) securityfocus (dot) com [email concealed]
Subject: Wireless Infrastructure

I have a security related infrastructure question:

Proposal: Provide guest access to anyone at all remote sites.
Reasoning: Guests need to have a distraction for long wait times

1. Create a Guest SSID and tag it with the external VLAN and then
tunnel the traffic back over the site-to-site VPN via the broadband
modem and route this traffic to an external connection over the same
link that provides internal VLAN traffic.
2. Build a separate infrastructure for wireless Guest traffic and
purchase a dedicated internet connection for all guest traffic per site.
3. ????


This email and any attachment to it are confidential. Unless you are the intended recipient, you may not use, copy or disclose either the message or any information contained in the message. If you are not the intended recipient, you should delete this email and notify the sender immediately.

Any views or opinions expressed in this email are those of the sender only, unless otherwise stated. All copyright in any Capita material in this email is reserved.

All emails, incoming and outgoing, may be recorded by Capita and monitored for legitimate business purposes.

Capita exclude all liability for any loss or damage arising or resulting from the receipt, use or transmission of this email to the fullest extent permitted by law.

[ reply ]
Re: Wireless Infrastructure Nov 01 2011 09:05AM
Cedric Blancher (blancher cartel-securite fr)
Re: Wireless Infrastructure Nov 01 2011 02:06AM
Kurt Buff (kurt buff gmail com)


Privacy Statement
Copyright 2010, SecurityFocus