Security Basicsmailing list archives
RE: Wireless security and VPN
From: "Chris Martin" <chris.martin () smartech com au>
Date: Mon, 18 Nov 2002 12:17:55 +1100
The 802.11x (I think that's what it's called) system may be what you arelooking for. This system utilises the client authenticating to a RADIUSserver via EAP. Most Cisco wireless gear has this WEP type (calledLEAP). It's quite strong and the keys change regularly at predeterminedintervals.Even if you use VPN stuff like L2TP or PPTP you'll still have anauthentication process, however LEAP/802.11x integrates all that veryseamlessly.Hope this helps,Chris Martin-----Original Message-----From: Brian Bettger [mailto:brianb () diversint com] Sent: Friday, 15 November 2002 4:12 AMTo: security-basics () securityfocus comSubject: Wireless security and VPNHello,I am searching for a product that incorporates a Wireless Access PointAND VPN authentication to use for nearly all of our wireless rollouts.As you know SSID and WEP are possibly not enough to keep people out ofnetworks. An integrated VPN authentication after SSID and WEP, BUTbefore network authentication would be REALLY nice. In other words, Iturn on my laptop, PDA or workstation, it establishes the primaryconnection through the use of SSID and WEP, then stops, leaving port1723 open, dropping all other traffic or attack attempts until I make asecure VPN connection. As soon as I establish the VPN connection I amthen prompted (or not) with my NT, Novell, or whatever login.The thought is, a war driver could possibly crack WEP, access to the WAPbut is then faced with needing to establish a VPN connection even beforehe can gain information about the network. The war driver / crackercould only scan and see port 1723. Please pass this on as a request for development if possible. Anotherpoint is that it would be nice to have this bundled into one appliance.Additionally pass this on to anyone else you feel may help.Yes, I have looked into Proxim's solution, but it is over priced for myclients (SOHO to medium size business, 25-100 users) and requires twoappliances, the WAP and then the VPN appliance.Brian BettgerSystems EngineerDiversint, Inc.Diversified Internet Services Group360-404-2044www.diversint.comTechnology is Business
Current thread:
- Wireless security and VPNBrian Bettger (Nov 16)
- Re: Wireless security and VPNSteve Cooper (Nov 16)
- <Possible follow-ups>
- RE: Wireless security and VPNKeith T. Morgan (Nov 16)
- RE: Wireless security and VPNChris Martin (Nov 18)
- RE: Wireless security and VPNDozal, Tim (Nov 19)
- RE: Wireless security and VPNRobinson, Sonja (Nov 22)
- Re: RE: Wireless security and VPNpeter.ve () pandora be (Nov 25)
- RE: RE: Wireless security and VPNAshcraft, Brian S (Contractor) (Nov 26)
- RE: RE: Wireless security and VPNRobinson, Sonja (Nov 26)
- RE: RE: Wireless security and VPNJeffrey Eliasen (Nov 27)