Routing over Airport?
Scott Lewis
sglewis at mac.com
Thu Dec 28 12:26:29 PST 2006
Used to work for a small mutual fund financier in NYC. Paranoid about security. We had sales people who always wanted to use wireless when in the office. We hung our wireless network on the OTHER side of our firewall, used encryption and MAC filtering and made users of the network IPSEC VPN in to have one more layer of protection.
Our IPSEC VPN connections were protected with a SecureID PIN. Users needed to register their MAC address, be configured for our wireless pass phrase, have IPSEC, enter a four digit pin on their card, and then enter the resulting 6 digits into their IPSEC client, and THEN they got on the network. They could skip the last step and surf the web, of course.
On Thursday, December 28, 2006, at 06:14AM, "Matt Johnston" <root at nimug.org> wrote:
>
>On 28 Dec 2006, at 10:59, Patxi Roca wrote:
>
>> How unsafe is this? As far as I know, I've never been compromised,
>> but then in this building, signal loss is so great it takes two
>> routers to get coverage in a 250 meter apartment...
>
>MAC addresses can be spoofed.
>
>MY opinion is that wireless security should be all or nothing.
>
>We run two wireless gateways. A captive portal WLAN which is wide
>open to the public, for public access. And our own internal WLAN
>which uses WPA, RADIUS and MAC restrictions.
>
>The only secure wireless access point is a switched off wireless
>access point.
>_______________________________________________
>MacOSX-admin mailing list
>MacOSX-admin at omnigroup.com
>http://www.omnigroup.com/mailman/listinfo/macosx-admin
>
>
More information about the MacOSX-admin
mailing list