[Sussex] WAP Security advice...

Matthew Macdonald-Wallace matthew at truthisfreedom.org.uk
Thu Nov 27 23:49:31 UTC 2003 

On Thu, 2003-11-27 at 18:07, Mark Harrison wrote:
> Here's an interesting one for you...

Oh good, a post-pub/moot challenge! :p

> I have a client who wants a wireless network, but is UTTERLY PARANOID about
> the security implications thereof. They understand WEP vulnerabilities, and
> MAC spoofing. They are sophisticated, and, among other things, have a
> web-portal that uses 128-bit SSL to deliver applications to corporate users
> "out on the Internet".
> 
> I have suggested that a way to deliver their requirement would be to put
> some Wireless Access Points in a Secure Subnet off their firewall. They like
> this suggestion, and have just given the project the go-ahead.
> 
> They already have a "Connections DMZ" on a physically separate network
> interface on the firewall, which connects to third-parties over dedicated
> links. This is where they're going to put it.
> 
> The networking side is all sorted... so the interesting question is.... do I
> run WEP or not?

Unless you want people like Jon and myself taking a look at what's
there, yes.

> The client wants this network for two purposes:
> 
> - To give own staff Internet access including access to corporate
> applications through existing portal
> - To give visitors (including non-executive directors!) access to the
> Internet
> 
> Given that it's ONLY Internet traffic, part of me says it's insecure
> anyway.... it's just as vulnerable to interception on the Internet as over
> the wireless. If people are going to secure sites, then fair enough, they'll
> have their own security. WEP would just make it much more complex to
> configure... particularly for visitors who are going to turn up with their
> kit, and get a laminated card from reception about network names and the
> like...
> What do people think?
 To put a complete downer on it, regardless of how secure you make it,
if someone wants to break it, they will (not jon and myself!)  Wep and a
firewall would be a good combination, and IMHO, if this complicates
things for other users, then it's not always a bad thing.

My £0.02,

Matt
--
+----------------------------------+
|Matthew Macdonald-Wallace                  |
|The Truth Will Set you Free              |
|http://www.truthisfreedom.org.uk/  |
+----------------------------------+
"There is madmen in the world, and there are terror." George W. Bush
February 14, 2000 Comment reported by the Associated Press.

More information about the Sussex mailing list