Re: Wireless Security

From: iron_tri (iron_tri@msn.com)
Date: Thu Nov 28 2002 - 01:13:55 GMT-3

• Next message: Joe A: "PIX NAT"
• Previous message: kym blair: "Re: 4000M Flash issues -- 16MB"
• Maybe in reply to: James R. Scobey: "Re: Wireless Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Not that I remember. Wait a minute, did we change that? Kidding :)
----- Original Message -----
From: "Chuck Church" <cchurch@optonline.net>
To: "iron_tri" <iron_tri@msn.com>; "Wright, Jeremy"
<JA_WRIGHT@admworld.com>; <ccielab@groupstudy.com>
Sent: Wednesday, November 27, 2002 5:34 PM
Subject: Re: Wireless Security

> So it's safe to assume your SSID isn't tsunami? :)
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
>
>
> ----- Original Message -----
> From: "iron_tri" <iron_tri@msn.com>
> To: "Chuck Church" <cchurch@optonline.net>; "Wright, Jeremy"
> <JA_WRIGHT@admworld.com>; <ccielab@groupstudy.com>
> Sent: Wednesday, November 27, 2002 7:13 PM
> Subject: Re: Wireless Security
>
>
> > Chuck,
> >
> > LEAP should be available for all Cisco Wireless products, even the new
> 1200
> > series. I have deployed this technology in hospitals so the docs can
> update
> > patient records via an IPAQ. Cool stuff. I have also deployed the
> > following scenario which is very secure. It was a building to building
> > implementation. For simplicity's sake, Building A is headquarters, and
> > Building B is remote (across the parking lot). It was going to cost the
> > customer too much money to trench fiber, so we looked at wireless,
> however,
> > the customer was a government contractor...big time....see making
nuclear
> > capable warheads, so it had to be tight and private. We put a Cisco
> Aironet
> > bridge on top of each building and we had excellent line of site.
> Building
> > A housed a Cisco 3030 VPN concentrator, and Building B (remote side)
> housed
> > a Cisco 3002 VPN hardware client. Anything that crossed the wireless
link
> > was heavily encrypted, plus we implented WEP along with 128K encryption.
> We
> > also hashed the keys every 30 seconds. So, even if you sniffed, busted
> the
> > key, busted the 128K, and busted WEP, you still had to deal with the
IPSEC
> > tunnel built between the hardware client and the concentrator. I don't
> know
> > if it would apply to this situation, but it will work and its fairly
> secure.
> > It was also fun to implement and the customer was happy. :)
> >
> >
> > JP
> >
> > ----- Original Message -----
> > From: "Chuck Church" <cchurch@optonline.net>
> > To: "Wright, Jeremy" <JA_WRIGHT@admworld.com>; <ccielab@groupstudy.com>
> > Sent: Wednesday, November 27, 2002 11:03 AM
> > Subject: Re: Wireless Security
> >
> >
> > > Jeremy,
> > >
> > > Sounds like WEP is not enough security for your needs. Cisco does
> > have
> > > LEAP available now which addresses the faults of WEP, but I don't
think
> > it's
> > > available for the 340/350 Aironets. If you already have wireless
> > equipment
> > > that can't run EAP, I think IPSec over the wireless is going to be the
> > most
> > > secure. I've never personally tried using a Cisco VPN client with a
> > > wireless NIC, so you might want to check with TAC first. I suppose
you
> > > could also do a VPN to an MS or Novell server, if you dont' have a
> > hardware
> > > device that can act as a VPN server. Although trusting your network
> > > security to MS is kind of like having Homer guard your donut...
> > >
> > > Chuck Church
> > > CCIE #8776, MCNE, MCSE
> > >
> > >
> > > ----- Original Message -----
> > > From: "James R. Scobey" <jscobey@sms.com>
> > > To: "Wright, Jeremy" <JA_WRIGHT@admworld.com>;
<ccielab@groupstudy.com>
> > > Sent: Wednesday, November 27, 2002 11:25 AM
> > > Subject: Re: Wireless Security
> > >
> > >
> > > > The netscreen does port to port IPSEC encryption... one of their
> product
> > > > briefs specifies it's use for encrypting traffic over wireless LANs.
> A
> > > bit
> > > > pricey, though.
> > > > ----- Original Message -----
> > > > From: "Wright, Jeremy" <JA_WRIGHT@admworld.com>
> > > > To: <ccielab@groupstudy.com>
> > > > Sent: Wednesday, November 27, 2002 9:04 AM
> > > > Subject: OT: Wireless Security
> > > >
> > > >
> > > > > we are trying to nail down out wireless security on top of what we
> > > already
> > > > > have...possibly installing some type of vpn client software on the
> > > > wireless
> > > > > client and have a vpn server on the wired side. bluesocket.com has
> > some
> > > > > awesome boxes that supports all of the major encryption
technologies
> > and
> > > a
> > > > > lot of sweet features I would like to have but it appears too
> > expensive
> > > > with
> > > > > what we are trying to do. does anyone have any recommendations?
all
> of
> > > our
> > > > > wireless clients are all on the same subnet also. thanks.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ************************
> > > > > Jeremy Wright
> > > > > Network Analyst
> > > > > Archer Daniels Midland
> > > > > ja_wright@admworld.com
> > > > > (217)451-4063
> > > > >
> > > > > ************************

• Next message: Joe A: "PIX NAT"
• Previous message: kym blair: "Re: 4000M Flash issues -- 16MB"
• Maybe in reply to: James R. Scobey: "Re: Wireless Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:12 GMT-3