Re: Wireless Security

From: Chuck Church (cchurch@optonline.net)
Date: Wed Nov 27 2002 - 21:34:46 GMT-3

• Next message: Kurt Kruegel: "Re: Wireless Security"
• Previous message: Charles T. Alexander: "Callback Secure Timers"
• Maybe in reply to: James R. Scobey: "Re: Wireless Security"
• Next in thread: Kurt Kruegel: "Re: Wireless Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

So it's safe to assume your SSID isn't tsunami? :)

Chuck Church
CCIE #8776, MCNE, MCSE

----- Original Message -----
From: "iron_tri" <iron_tri@msn.com>
To: "Chuck Church" <cchurch@optonline.net>; "Wright, Jeremy"
<JA_WRIGHT@admworld.com>; <ccielab@groupstudy.com>
Sent: Wednesday, November 27, 2002 7:13 PM
Subject: Re: Wireless Security

> Chuck,
>
> LEAP should be available for all Cisco Wireless products, even the new
1200
> series. I have deployed this technology in hospitals so the docs can
update
> patient records via an IPAQ. Cool stuff. I have also deployed the
> following scenario which is very secure. It was a building to building
> implementation. For simplicity's sake, Building A is headquarters, and
> Building B is remote (across the parking lot). It was going to cost the
> customer too much money to trench fiber, so we looked at wireless,
however,
> the customer was a government contractor...big time....see making nuclear
> capable warheads, so it had to be tight and private. We put a Cisco
Aironet
> bridge on top of each building and we had excellent line of site.
Building
> A housed a Cisco 3030 VPN concentrator, and Building B (remote side)
housed
> a Cisco 3002 VPN hardware client. Anything that crossed the wireless link
> was heavily encrypted, plus we implented WEP along with 128K encryption.
We
> also hashed the keys every 30 seconds. So, even if you sniffed, busted
the
> key, busted the 128K, and busted WEP, you still had to deal with the IPSEC
> tunnel built between the hardware client and the concentrator. I don't
know
> if it would apply to this situation, but it will work and its fairly
secure.
> It was also fun to implement and the customer was happy. :)
>
>
> JP
>
> ----- Original Message -----
> From: "Chuck Church" <cchurch@optonline.net>
> To: "Wright, Jeremy" <JA_WRIGHT@admworld.com>; <ccielab@groupstudy.com>
> Sent: Wednesday, November 27, 2002 11:03 AM
> Subject: Re: Wireless Security
>
>
> > Jeremy,
> >
> > Sounds like WEP is not enough security for your needs. Cisco does
> have
> > LEAP available now which addresses the faults of WEP, but I don't think
> it's
> > available for the 340/350 Aironets. If you already have wireless
> equipment
> > that can't run EAP, I think IPSec over the wireless is going to be the
> most
> > secure. I've never personally tried using a Cisco VPN client with a
> > wireless NIC, so you might want to check with TAC first. I suppose you
> > could also do a VPN to an MS or Novell server, if you dont' have a
> hardware
> > device that can act as a VPN server. Although trusting your network
> > security to MS is kind of like having Homer guard your donut...
> >
> > Chuck Church
> > CCIE #8776, MCNE, MCSE
> >
> >
> > ----- Original Message -----
> > From: "James R. Scobey" <jscobey@sms.com>
> > To: "Wright, Jeremy" <JA_WRIGHT@admworld.com>; <ccielab@groupstudy.com>
> > Sent: Wednesday, November 27, 2002 11:25 AM
> > Subject: Re: Wireless Security
> >
> >
> > > The netscreen does port to port IPSEC encryption... one of their
product
> > > briefs specifies it's use for encrypting traffic over wireless LANs.
A
> > bit
> > > pricey, though.
> > > ----- Original Message -----
> > > From: "Wright, Jeremy" <JA_WRIGHT@admworld.com>
> > > To: <ccielab@groupstudy.com>
> > > Sent: Wednesday, November 27, 2002 9:04 AM
> > > Subject: OT: Wireless Security
> > >
> > >
> > > > we are trying to nail down out wireless security on top of what we
> > already
> > > > have...possibly installing some type of vpn client software on the
> > > wireless
> > > > client and have a vpn server on the wired side. bluesocket.com has
> some
> > > > awesome boxes that supports all of the major encryption technologies
> and
> > a
> > > > lot of sweet features I would like to have but it appears too
> expensive
> > > with
> > > > what we are trying to do. does anyone have any recommendations? all
of
> > our
> > > > wireless clients are all on the same subnet also. thanks.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > ************************
> > > > Jeremy Wright
> > > > Network Analyst
> > > > Archer Daniels Midland
> > > > ja_wright@admworld.com
> > > > (217)451-4063
> > > >
> > > > ************************

• Next message: Kurt Kruegel: "Re: Wireless Security"
• Previous message: Charles T. Alexander: "Callback Secure Timers"
• Maybe in reply to: James R. Scobey: "Re: Wireless Security"
• Next in thread: Kurt Kruegel: "Re: Wireless Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:12 GMT-3