[vpn] wep
Tom McHugh
TomM at spectrum-systems.com
Thu Jun 6 13:59:05 EDT 2002
Regarding the shaky-handed user munging the configuration of NetScreen's
software client, you can get around that concern by creating the policies
and saving them in a "protected" mode. This will prevent the casual user
from messing with the config. The more adventurous user can open the
configuration in a text editor and remove the protected setting, but only if
s/he knows what to change.
Tom McHugh, Senior Systems Engineer
mailto:tomm at spectrum-systems.com
Spectrum Systems, Inc.
"Today's Technology--Solutions for Tomorrow"
11320 Random Hills Road, Suite 630
Fairfax, VA 22030-6001
703-591-7400 x218
703-591-9780 (Fax)
http://www.spectrum-systems.com/
Concerned about the security of your network? Spectrum Systems' Network
Security products and services can take the worry out of protecting your
network. Call us at 800-929-3781 or visit us at
http://www.spectrum-systems.com to learn more.
> -----Original Message-----
> From: Travis Watson [mailto:rtwatson at qwest.net]
> Sent: Thursday, June 06, 2002 9:36 AM
> To: Pete Jacob
> Cc: vpn-securityfocus
> Subject: Re: [vpn] wep
>
>
> Pete,
>
> Someone else already suggested it (don't have the name available), but
> going the VPN route with client software is the way to go to get what
> you want. The original suggestor pointed you toward
> Netscreen, which is
> also probably a good choice, though you certainly have options.
>
> I've implemented this at one site and it worked fine (though we went
> with a different device). The only thing I would prepare you
> for is the
> shaky hand user messing up his/her client software and
> calling you *all
> the time* until they get used to it. Additionally, you may have to
> allow for split-tunneling so people can get to local resources. It
> depends on what users are doing and how you are set up, but it's a
> decision you will have to make early on. Generally speaking,
> split-tunneling is bad juju, but since your users are already on the
> inside, it's not near as big of a vulnerability. Just make sure their
> web-surfing pulls through the tunnel if the WAP is between
> them and your
> Internet POP.
>
> Good luck.
>
> --Travis
>
>
> On Mon, 2002-06-03 at 09:28, Pete Jacob wrote:
> > Hello~
> > I was wondering if anyone knew of a good solution to help
> my problem...
> > I have an external wireless connection to an office across
> the street using
> > a Breeze com 802.11B
> > technology... but the equipment will only use a 40bit WEP key.
> > I would like to accomplish the following:
> > 1. treat both sites as a different broadcast domains
> > 2. have some sort of magical box that will provide some
> sort of magical
> > vpn/3des encryption, and have two ether net ports
> > in it, one to connect to the network another to connect to
> the wireless
> > network, then back at the remote site it
> > would do the same...
> >
> > I was thinking that Cisco probably makes what I need but
> since I am only a
> > lowly ccna it might be
> > to difficult to configure, and too costly.
> > I also think I should be able to do this with a pee cea,
> and two nics...
> > but this sounds like a bad idea.
> >
> >
> > Thanks~
> > Pete.
> > ----
> >
>
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.368 / Virus Database: 204 - Release Date: 5/29/2002
> >
> > ----
> >
>
> > VPN is sponsored by SecurityFocus.com
>
>
>
> VPN is sponsored by SecurityFocus.com
>
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list