[vpn] wep

Jose Muniz jmuniz at loudcloud.com
Thu Jun 6 18:45:00 EDT 2002 

Well said Tom...

You know, I heard once, about a user that walk through the golden gate bridge
and jumped to his
dead... He was tightly embracing his Laptop..  Unfortunately my Security
Solution did not save his life....
as assumed by the exec staff   :-P

Also to corroborate a little more, on this set up as I mention you do NOT need
split tunneling....
"the tunnel splitting is dictated by the policy" so you could I guess....
As all the traffic will be tunneled to the Netscreen anyway...  The IKE auth
will also
protect your Wireless range by the way..

Jose.

Tom McHugh wrote:

> Regarding the shaky-handed user munging the configuration of NetScreen's
> software client, you can get around that concern by creating the policies
> and saving them in a "protected" mode.  This will prevent the casual user
> from messing with the config.  The more adventurous user can open the
> configuration in a text editor and remove the protected setting, but only if
> s/he knows what to change.
>
> Tom McHugh, Senior Systems Engineer
> mailto:tomm at spectrum-systems.com
>
> Spectrum Systems, Inc.
> "Today's Technology--Solutions for Tomorrow"
>
> 11320 Random Hills Road, Suite 630
> Fairfax, VA 22030-6001
> 703-591-7400 x218
> 703-591-9780 (Fax)
> http://www.spectrum-systems.com/
>
> Concerned about the security of your network?  Spectrum Systems' Network
> Security products and services can take the worry out of protecting your
> network.  Call us at 800-929-3781 or visit us at
> http://www.spectrum-systems.com to learn more.
>
> > -----Original Message-----
> > From: Travis Watson [mailto:rtwatson at qwest.net]
> > Sent: Thursday, June 06, 2002 9:36 AM
> > To: Pete Jacob
> > Cc: vpn-securityfocus
> > Subject: Re: [vpn] wep
> >
> >
> > Pete,
> >
> > Someone else already suggested it (don't have the name available), but
> > going the VPN route with client software is the way to go to get what
> > you want.  The original suggestor pointed you toward
> > Netscreen, which is
> > also probably a good choice, though you certainly have options.
> >
> > I've implemented this at one site and it worked fine (though we went
> > with a different device).  The only thing I would prepare you
> > for is the
> > shaky hand user messing up his/her client software and
> > calling you *all
> > the time* until they get used to it.  Additionally, you may have to
> > allow for split-tunneling so people can get to local resources.  It
> > depends on what users are doing and how you are set up, but it's a
> > decision you will have to make early on.  Generally speaking,
> > split-tunneling is bad juju, but since your users are already on the
> > inside, it's not near as big of a vulnerability.  Just make sure their
> > web-surfing pulls through the tunnel if the WAP is between
> > them and your
> > Internet POP.
> >
> > Good luck.
> >
> > --Travis
> >
> >
> > On Mon, 2002-06-03 at 09:28, Pete Jacob wrote:
> > > Hello~
> > > I was wondering if anyone knew of a good solution to help
> > my problem...
> > > I have an external wireless connection to an office across
> > the street using
> > > a Breeze com 802.11B
> > > technology... but the equipment will only use a 40bit WEP key.
> > > I would like to accomplish the following:
> > > 1. treat both sites as a different broadcast domains
> > > 2. have some sort of magical box that will provide some
> > sort of magical
> > > vpn/3des encryption, and have two ether net ports
> > > in it, one to connect to the network another to connect to
> > the wireless
> > > network, then back at the remote site it
> > > would do the same...
> > >
> > > I was thinking that Cisco probably makes what I need but
> > since I am only a
> > > lowly ccna it might be
> > > to difficult to configure, and too costly.
> > > I also think I should be able to do this with a pee cea,
> > and two nics...
> > > but this sounds like a bad idea.
> > >
> > >
> > > Thanks~
> > > Pete.
> > > ----
> > >
> >
> > >
> > > ---
> > > Outgoing mail is certified Virus Free.
> > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > Version: 6.0.368 / Virus Database: 204 - Release Date: 5/29/2002
> > >
> > > ----
> > >
> >
> > > VPN is sponsored by SecurityFocus.com
> >
> >
> >
> > VPN is sponsored by SecurityFocus.com
> >
>
> VPN is sponsored by SecurityFocus.com

--
Jose Muniz
Network Engineering
Loudcloud, Inc.
(408)744-7583 Direct
page-jmuniz at loudcloud.com
-------------------------
http://www.loudcloud.com



VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list