at Tuesday, February 11, 2003 5:47 PM, Jeff Newmiller <[EMAIL PROTECTED]> was seen to say: >> Since security is a major concern when attached to the Internet, why >> not make use of the three-interface firewall solution within >> Bearing/Shorewall and place the wireless access point on that third >> interface of the firewall within the DMZ? >> Maybe I'm overlooking a "barn-door" security breach, but it just >> seems logical to use your wireless devices on "that" interface, and >> routing traffic accordingly. >> Anyone else have any thoughts on this? > A DMZ is not an appropriate place for a workstation in most cases. > Machines on a DMZ should be regarded as potential sacrificial lambs, > and kept isolated from the rest of your local network. This is not > normally acceptable for workstation use. A dmz is a perfectly acceptable place to put a wireless hub - you definitely don't want it to have unrestricted access to the main lan, but you don't want it on the internet either. In fact, if you consider your lan traffic at all sensitive, I could recommend blocking all but IPSEC from the wireless hub - the wireless devices can use a vpn client to connect "inwards" and you have all the convenience of wireless networking with the security of a decent encryption setup (and of course that allows those workstations (presumably laptops) to be used across the internet too) If your lan isn't that sensitive, that is probably overkill though :)
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
