-----BEGIN PGP SIGNED MESSAGE-----
I would reverse the firewall and encryption box, unless you want to give
unlimited access between the sites (the encryption boxes will tunnel
through the firewalls)
Other then that I think you have the right idea.
David Lang
On Sun, 20 Jun 1999 [EMAIL PROTECTED] wrote:
> Date: Sun, 20 Jun 1999 14:43:22 +0200
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: Firewall??!!
>
> Ok guys/gals... now after all the nice hot-air discussions about NT vs Uniks...
>
> ... can anybody tell me how I could protect a wireless LAN? *G*
>
> That's serious... we're looking into buying one of those wireless devices which
> will handle somewhere between 2 and 10 Mbps (best case though)... to connect a
> couple of remote offices.
>
> As far as I see I'm pretty cleartext through the air... and anybody with the
> right equipment could sniff the hell out of my traffic...
>
> So I guess something like this would be most sensible:
>
> One of my sites(main master site):
>
> [Main] [Encryp-] [ Fire ] [ Wire-]
> [ ]---[ tion ]---[ ]---[ less ]- - - T H I S - I S - A I R -
> [Site] [ box ] [ wall ] [device]
>
>
>
>
> [ WLAN ] [ Fire ] [Encryp-] [Customer]
> A I R - [ ]---[ ]---[ tion ]---[ ]
> [Device] [ wall ] [ box ] [ Site ]
>
>
>
> Well... hope it doesn't wrapp!!! ;-)
>
> Isn't that a bit too complicated? I mean it's great to have a free 2 - 10 Mb
> link to the customers (you pay somewhere around 14'000 sFr [1] monthly for a 2
> Mb link to the net) but having 3to4 boxes on every site is really not too cool.
>
> Can anybody suggest any good Wireless LAN manufacturer? Any suggestions to the
> scenario (yeah I know that most firewalls can encrypt traffic... this scheme is
> just schmematic *G*). I had a look at Lucent... however... they didn't had much
> pictures ;-)))
>
> Cheers
>
> Boris Pavalec [QPB]
> Network / System Engineer [MCSE]
> Highend Computing Systems
> Switzerland - Zuerich
>
> http://www.nt-admin.net
> [EMAIL PROTECTED]
>
>
>
> [1] Which is about 12'000$
>
>
"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBN21ReT7msCGEppcbAQEkHwf7BY4116Mgai8fykHQV16GokpmueCe7Ona
YcKq0T8ugiNGjqe7pBVNSKRZuGHk4ftaRCEColoB5C6eMFo8hz0vD5GIPJkDfYUM
8I67+lZmO5YFXxaoQvc/lsfzrlnB1A+nFjag9+X3PaFhK59mjTq/9FCoQMKzGk3G
dpe8nRBQMAXvcb5fWLEbsL2Uzb0izpjP+tDUg1dh6j3qBtIxxF+QBeoCbGuyybnO
FFZKlrVDY/MYt6u+xM16Lb9cg9QB1pEskpQnF38zY9B2KiL3OFqPUQVUO/5qlD/P
zIDGhYZo1/sPKZtVWnFuFzVgiG/X264IGILpzI0FPALM2wMypbGnWg==
=TTaM
-----END PGP SIGNATURE-----
WINMAIL.DAT
