Cool. Thanks. I think I'll see if I can engage a local firm to help out.
Kurt On Wed, Jun 9, 2010 at 12:04, Joe Tinney <jtin...@lastar.com> wrote: > I wasn't involved in the implementation, so I really couldn't say how it was > done here. I know that I can't get to any of our 'protected' network segments > but I haven't done any scientific pen testing. > > -----Original Message----- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Wednesday, June 09, 2010 2:18 PM > To: NT System Admin Issues > Subject: Re: OTish: Wireless network configuration > > Understand that - how do you verify it that it works as designed? > > On Wed, Jun 9, 2010 at 06:33, Joe Tinney <jtin...@lastar.com> wrote: >> Access control and routing is done by our core firewall and router for all >> of our networks. This is the configuration that Phil is referring to. >> >> -----Original Message----- >> From: Kurt Buff [mailto:kurt.b...@gmail.com] >> Sent: Tuesday, June 08, 2010 10:34 PM >> To: NT System Admin Issues >> Subject: Re: OTish: Wireless network configuration >> >> I wonder how you verify the security of such an arrangement? >> >> On Tue, Jun 8, 2010 at 19:20, Joe Tinney <jtin...@lastar.com> wrote: >>> While I'm not the one that configured them, our Cisco wireless access >>> points are configured with two SSID's: one on a VLAN that goes to our >>> transparent proxy and without access to our other networks and the other on >>> a VLAN that functions just like our client wired network segment. The first >>> one is an open Guest network and the latter is WPA2 secured. >>> >>> I'm not sure what your network devices would enable you to do but this has >>> been rock solid configuration for us. >>> >>> -----Original Message----- >>> From: Kurt Buff [mailto:kurt.b...@gmail.com] >>> Sent: Tuesday, June 08, 2010 7:29 PM >>> To: NT System Admin Issues >>> Subject: OTish: Wireless network configuration >>> >>> All, >>> >>> We've got a decent wireless network at $WORK, but I'm dissatisified with >>> it, because it lacks good guest access. >>> >>> We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which >>> currently are in our HP 3400cl layer 3 switch on our production network. >>> There's a single SSID across all of them, and I've got them all configured >>> on a single VLAN. Works great, but as mentioned there is no guest access. >>> >>> I could just stick them all physically outside our firewall, and give the >>> wireless users an IPSec VPN client, but I really would prefer not to do >>> that. >>> >>> I've been doing some reading, but don't have a good handle on how to move >>> to a configuration that would work well - without the VPN, that is. >>> >>> I'm casting about for ideas - anyone have a solution they like? >>> Preferably without spending tons of money, of course. >>> >>> Kurt >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
