From: iron_tri (iron_tri@msn.com)
Date: Wed Nov 27 2002 - 21:13:07 GMT-3
Chuck,
LEAP should be available for all Cisco Wireless products, even the new 1200
series. I have deployed this technology in hospitals so the docs can update
patient records via an IPAQ. Cool stuff. I have also deployed the
following scenario which is very secure. It was a building to building
implementation. For simplicity's sake, Building A is headquarters, and
Building B is remote (across the parking lot). It was going to cost the
customer too much money to trench fiber, so we looked at wireless, however,
the customer was a government contractor...big time....see making nuclear
capable warheads, so it had to be tight and private. We put a Cisco Aironet
bridge on top of each building and we had excellent line of site. Building
A housed a Cisco 3030 VPN concentrator, and Building B (remote side) housed
a Cisco 3002 VPN hardware client. Anything that crossed the wireless link
was heavily encrypted, plus we implented WEP along with 128K encryption. We
also hashed the keys every 30 seconds. So, even if you sniffed, busted the
key, busted the 128K, and busted WEP, you still had to deal with the IPSEC
tunnel built between the hardware client and the concentrator. I don't know
if it would apply to this situation, but it will work and its fairly secure.
It was also fun to implement and the customer was happy. :)
JP
----- Original Message -----
From: "Chuck Church" <cchurch@optonline.net>
To: "Wright, Jeremy" <JA_WRIGHT@admworld.com>; <ccielab@groupstudy.com>
Sent: Wednesday, November 27, 2002 11:03 AM
Subject: Re: Wireless Security
> Jeremy,
>
> Sounds like WEP is not enough security for your needs. Cisco does
have
> LEAP available now which addresses the faults of WEP, but I don't think
it's
> available for the 340/350 Aironets. If you already have wireless
equipment
> that can't run EAP, I think IPSec over the wireless is going to be the
most
> secure. I've never personally tried using a Cisco VPN client with a
> wireless NIC, so you might want to check with TAC first. I suppose you
> could also do a VPN to an MS or Novell server, if you dont' have a
hardware
> device that can act as a VPN server. Although trusting your network
> security to MS is kind of like having Homer guard your donut...
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
>
>
> ----- Original Message -----
> From: "James R. Scobey" <jscobey@sms.com>
> To: "Wright, Jeremy" <JA_WRIGHT@admworld.com>; <ccielab@groupstudy.com>
> Sent: Wednesday, November 27, 2002 11:25 AM
> Subject: Re: Wireless Security
>
>
> > The netscreen does port to port IPSEC encryption... one of their product
> > briefs specifies it's use for encrypting traffic over wireless LANs. A
> bit
> > pricey, though.
> > ----- Original Message -----
> > From: "Wright, Jeremy" <JA_WRIGHT@admworld.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Wednesday, November 27, 2002 9:04 AM
> > Subject: OT: Wireless Security
> >
> >
> > > we are trying to nail down out wireless security on top of what we
> already
> > > have...possibly installing some type of vpn client software on the
> > wireless
> > > client and have a vpn server on the wired side. bluesocket.com has
some
> > > awesome boxes that supports all of the major encryption technologies
and
> a
> > > lot of sweet features I would like to have but it appears too
expensive
> > with
> > > what we are trying to do. does anyone have any recommendations? all of
> our
> > > wireless clients are all on the same subnet also. thanks.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > ************************
> > > Jeremy Wright
> > > Network Analyst
> > > Archer Daniels Midland
> > > ja_wright@admworld.com
> > > (217)451-4063
> > >
> > > ************************
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:12 GMT-3