Hallo [EMAIL PROTECTED], am Mittwoch, 23. Oktober 2002 um 11:13:36 schrieben Sie:
> Hi List > we are going to setup a WLAN in a warehouse to enable the forklifters to > communicate with with the warehouse management (WM) system. The company, > which will install all the equipment suggested to setup a Cisco Secure ACS > for security reasons. However, I would prefer the installation of a firewall > and having a separate network segment for this WLAN, because the traffic > between the WM system and the forklifts isn't critical at all, but the traffic > on the company LAN is. So, my idea is to restrict the traffic going through > this firewall to only the needed protocols and IPs (outgoing and incoming), > to protect the rest of the companys LAN. > Any thoughts, caveats, comments? > TIA > Mario Hi Mario, two completely different ways: 1) securing the wireless traffic. Establishing strong AAA and (with Cisco wireless equipment) quite secure communication on the wLAN. Quite cheap: Only the Cisco Secure ACS is needed, if you already use Cisco wLAN equipment. It is quite easy to configure and maintain, but be sure to keep it redundant. Synchronization works well. 2) securing the internal network. Equally valid and good. You don't see the need to secure the wireless communication, but the internal network. Needed: stateful inspection box. CAVE: What will be your filtering criterium at the firewall? The source ip? Bad idea at a wLAN. But if you are experienced in firewalling, it'll do what you want. The point is: it is surely more secure, when you keep intruders completely out. And you can do that by a TACACS+-Server and Cisco EAP-TLS. Seems quite good until now. I think, costs for buying and maintaining a firewall (e.g. Cisco PIX 501) and Cisco Secure ACS are quite similar, setup is easier with the ACS. And it's end-to-end security. Seems the better solution. Just my 3.141 euro-cents, Best regards, Malte von dem Hagen. -- DocValde web: http://www.DocValde.net eMail: [EMAIL PROTECTED] icq: 71581747
