[c-nsp] firewalling authenticated wireless traffic
John Kougoulos
koug at intracom.gr
Wed Feb 10 09:12:32 EST 2010
>
> We offer wireless connectivity to about 500 to 1000 user/devices that
> authenticate with machine & domain credentials via WPA2.
> My thought is that our wireless traffic is likely more secure that our plain
> wired networks - at this point without 802.1x on lan.
>
but the wireless signal travels probably outside your premises.
Therefore someone who has stolen a laptop will stop near your building and
get inside your network easily, since most probably the credentials are
saved on the PC.
And you rely on WPA2 because it has not been broken. yet.
Client VPN & two factor authentication is safer I think, but I guess
you'll have to forget about wifi phones.
you can also block user-to-user traffic (like private vlans) to avoid eg
attacks between the associated machines, while not connected on the vpn.
Regards,
John
More information about the cisco-nsp
mailing list