[c-nsp] firewalling authenticated wireless traffic

John Kougoulos koug at intracom.gr
Wed Feb 10 09:12:32 EST 2010

>   We offer wireless connectivity to about 500 to 1000 user/devices that
> authenticate with machine & domain credentials via WPA2.

> My thought is that our wireless traffic is likely more secure that our plain
> wired networks - at this point without 802.1x on lan.

but the wireless signal travels probably outside your premises. 
Therefore someone who has stolen a laptop will stop near your building and 
get inside your network easily, since most probably the credentials are 
saved on the PC.

And you rely on WPA2 because it has not been broken. yet.

Client VPN & two factor authentication is safer I think, but I guess 
you'll have to forget about wifi phones.

you can also block user-to-user traffic (like private vlans) to avoid eg 
attacks between the associated machines, while not connected on the vpn.


More information about the cisco-nsp mailing list