David:
Heya. In my experience, wireless-access points are
always placed on the outside of a corporate LAN's firewall, on
a specific interface. And that interface is setup to deny all
traffic not of type IPSec or PPTP. A VPN server is then setup
behind the firewall, and all wireless members are then required
to authenticate with a VPN client to the VPN server.
Without this authentication, any wireless member can
still access the WAN connection...which turns out to be a big
feature, as contractors/partners/customers who come to visit
the facility can still VPN back into their own corporate LAN.
Otherwise...regarding firewall-authentication for
wireless users, I *think* that's what NoCat's all about. Along
those lines, I started a project called "Radiance" once that
was a lot like you described. I can dig up some details if
you're interested...
-Scott
On Tue, 25 Mar 2003, David Douthitt wrote:
> I've been working with this new Airport (Apple's 802.11b wireless) and
> finding out just how insecure America's wireless networks are.
>
> Seems like a good purpose for a 486 or Pentium with two network cards
> would be to act as a firewall and proxy between wireless clients and
> the rest of the network. Each base station or access point could then
> be isolated from the rest of the network, and only authorized clients
> could be allowed in.
>
> Authorization could be done over SSL, and all access could be
> controlled via web proxy and ftp proxy. SSH could be used for terminal
> access (through the firewall).
>
> Are people using these "wireless" solutions that way? Is there one out
> there already?
>
> --
> David Douthitt
> [EMAIL PROTECTED]
> UNIX SysAdmin - HP/UX, UnixWare, Linux
> LPIC-1, Linux +
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by:
> The Definitive IT and Networking Event. Be There!
> NetWorld+Interop Las Vegas 2003 -- Register today!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
>
> _______________________________________________
> leaf-devel mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-devel
>
-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
