Wireless Security
Wireless Infrastructure Nov 01 2011 01:54AM
Seth Fogie (seth fogieonline com) (4 replies)
RE: Wireless Infrastructure Nov 01 2011 03:12PM
Kripton, Bruce (Kripton Bruce scrippshealth org)

The answer is always "it depends", followed shortly by the comment that
you're looking at the tip of an Iceberg of unknown size :-)

I have seen and implemented both of the scenarios you outlined below
many times, and each was purpose built predicated upon security and or
regulatory requirements.

That said, one of the unexpected by-products was that I have also seen
employees and staff "migrate" from the more restrictive corporate
network to the one less restrictive (and possibly less monitored as

Based upon that "learning", you'll probably want to consider not making
the Guest network too attractive for the other employees to jump on,
unless that isn't a concern. The secondary part is that open Guest
networks are attractive for folks to consume all available bandwidth on,
so if rate or traffic limiting is not considered as part of the plan on
a per user basis, you'll likely end up with one or two Internet hogs
ruining the experience for all others.

Lastly, again on the topic of Guest or open networks, you'll want to
consider at least basic web site filtering and blocking as well as
logging and service restrictions as needed. Typically I see web and
email needs dominate the Guest requirements list, while streaming media
and gaming may not be practical in a limited bandwidth implementation. I
have also seen law enforcement make log and monitoring requests of the
IS / IT admin staff that run the "Guest" network because a user, likely
malicious in traffic and or email, is abusing an open wireless system,
so keep that in mind as well.

Hope this helps ...


-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Seth Fogie
Sent: Monday, October 31, 2011 6:55 PM
To: wifisec (at) securityfocus (dot) com [email concealed]
Subject: Wireless Infrastructure

I have a security related infrastructure question:

Proposal: Provide guest access to anyone at all remote sites.
Reasoning: Guests need to have a distraction for long wait times

1. Create a Guest SSID and tag it with the external VLAN and then tunnel
the traffic back over the site-to-site VPN via the broadband modem and
route this traffic to an external connection over the same link that
provides internal VLAN traffic.
2. Build a separate infrastructure for wireless Guest traffic and
purchase a dedicated internet connection for all guest traffic per site.
3. ????

This e-mail and any files transmitted with it may contain privileged and confidential information and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any dissemination or copying of this e-mail or any of its attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sending individual or entity by e-mail and permanently delete the original e-mail and attachment(s) from your computer system. Thank you for your cooperation.

[ reply ]
RE: Wireless Infrastructure Nov 01 2011 09:44AM
Charlton, Ceri \(CSS\) (Ceri Charlton capita co uk)
Re: Wireless Infrastructure Nov 01 2011 09:05AM
Cedric Blancher (blancher cartel-securite fr)
Re: Wireless Infrastructure Nov 01 2011 02:06AM
Kurt Buff (kurt buff gmail com)


Privacy Statement
Copyright 2010, SecurityFocus