Company wireless direction needed

Hello,

We have an exec in our company that is getting a new laptop and would
like to utilize the Wireless capabilities.
He would like a Wireless access point in his office, connected to our
wired LAN, that will allow him to use his laptop from anyplace in his
office.

I know that I can set this up pretty much out of the box but would
like some suggestions on what should be considered when marrying the
networks and what needs to be looked at where security is concerned.

Your comments are appreciated.

TIA

On 18 Sep 2003 13:26:56 -0700, Cammy spoketh

>Hello,
>
>We have an exec in our company that is getting a new laptop and would
>like to utilize the Wireless capabilities.
>He would like a Wireless access point in his office, connected to our
>wired LAN, that will allow him to use his laptop from anyplace in his
>office.
>
>I know that I can set this up pretty much out of the box but would
>like some suggestions on what should be considered when marrying the
>networks and what needs to be looked at where security is concerned.
>
>Your comments are appreciated.
>
>TIA

At least, you'll have to get something that supports WPA. Since he's
getting a new laptop, there's an "addition" to XP from MS that'll enable
WPA for many wireless cards. You'll also need an Access Point that
supports WPA ... Next, follow best practices: Enable best encryption
(with WPA, that would probably be AES), do MAC address filtering and
disable SSID broadcasts. If the WAP connects to a managed switch,
consider enabling port security there to only allow the MAC address of
the WAP and the MAC address of the laptop.

If you really want to secure it, take a look at what www.bluesocket.com
has to offer. They have these VPN Gateway devices, which allows you to
secure your wireless communication using IPSec. This is an expensive
solution, but it's the most secure...


Lars M. Hansen
www.hansenonline.net

Whoa trigger! You need to configure WEP and turn off SSID broadcast, or
someone is going to sit in the parking lot of your company and have fun with
your network!


"Cammy" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hello,
>
> We have an exec in our company that is getting a new laptop and would
> like to utilize the Wireless capabilities.
> He would like a Wireless access point in his office, connected to our
> wired LAN, that will allow him to use his laptop from anyplace in his
> office.
>
> I know that I can set this up pretty much out of the box but would
> like some suggestions on what should be considered when marrying the
> networks and what needs to be looked at where security is concerned.
>
> Your comments are appreciated.
>
> TIA

and enable MAC filtering/authorization

"WiFi Nerdling" <WiFi-(E-Mail Removed)> wrote in message
news:Eepab.1053$(E-Mail Removed) ...
> Whoa trigger! You need to configure WEP and turn off SSID broadcast, or
> someone is going to sit in the parking lot of your company and have fun
with
> your network!
>
>
> "Cammy" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > Hello,
> >
> > We have an exec in our company that is getting a new laptop and would
> > like to utilize the Wireless capabilities.
> > He would like a Wireless access point in his office, connected to our
> > wired LAN, that will allow him to use his laptop from anyplace in his
> > office.
> >
> > I know that I can set this up pretty much out of the box but would
> > like some suggestions on what should be considered when marrying the
> > networks and what needs to be looked at where security is concerned.
> >
> > Your comments are appreciated.
> >
> > TIA
>
>

Be aware of Group policies in a Domain as a lot if not most of the cards
authenticate at a user level and dont migrate Machine policies well.

You could get around this by connecting with cable initially when setting up
then switch to wireless when your happy policies have migrated to laptop.


Don


"Cammy" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hello,
>
> We have an exec in our company that is getting a new laptop and would
> like to utilize the Wireless capabilities.
> He would like a Wireless access point in his office, connected to our
> wired LAN, that will allow him to use his laptop from anyplace in his
> office.
>
> I know that I can set this up pretty much out of the box but would
> like some suggestions on what should be considered when marrying the
> networks and what needs to be looked at where security is concerned.
>
> Your comments are appreciated.
>
> TIA

"Cammy" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hello,
>
> We have an exec in our company that is getting a new laptop and would
> like to utilize the Wireless capabilities.
> He would like a Wireless access point in his office, connected to our
> wired LAN, that will allow him to use his laptop from anyplace in his
> office.
>
> I know that I can set this up pretty much out of the box but would
> like some suggestions on what should be considered when marrying the
> networks and what needs to be looked at where security is concerned.
>
> Your comments are appreciated.
>
> TIA

Others here have good suggestions should you want to put your WAP inside
your network. In my company's case however, we wanted our customers and
board members that visit on site regularly to also be able to access the
Internet via wireless, and without intervention from the IT Department (me).

Do you already have a good VPN solution for remote access in place that
makes use of IPSec, 3DES encryption, etc., and an extra IP address available
from your ISP? If so, you could just get a wireless router and stick it
outside your firewall and outside your corporate LAN and let your exec VPN
back into the corporate network.

For us, it was a lot simpler, easy to let our visitors get Internet access
to fetch their own mail, browse, etc., keeps the unwashed masses off my
corporate network and still maintain a high level of security for our
corporate data.

That's the best of both worlds as I see it. The worst that could happen is
some guy in the parking lot can surf the web for free... BFD! We have a 6Mb
DSL connection, I think we can spare it.

HTH

--Greg

Lars -

Great information. Thanks

Lars M. Hansen <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>. ..
> On 18 Sep 2003 13:26:56 -0700, Cammy spoketh
>
> >Hello,
> >
> >We have an exec in our company that is getting a new laptop and would
> >like to utilize the Wireless capabilities.
> >He would like a Wireless access point in his office, connected to our
> >wired LAN, that will allow him to use his laptop from anyplace in his
> >office.
> >
> >I know that I can set this up pretty much out of the box but would
> >like some suggestions on what should be considered when marrying the
> >networks and what needs to be looked at where security is concerned.
> >
> >Your comments are appreciated.
> >
> >TIA
>
> At least, you'll have to get something that supports WPA. Since he's
> getting a new laptop, there's an "addition" to XP from MS that'll enable
> WPA for many wireless cards. You'll also need an Access Point that
> supports WPA ... Next, follow best practices: Enable best encryption
> (with WPA, that would probably be AES), do MAC address filtering and
> disable SSID broadcasts. If the WAP connects to a managed switch,
> consider enabling port security there to only allow the MAC address of
> the WAP and the MAC address of the laptop.
>
> If you really want to secure it, take a look at what www.bluesocket.com
> has to offer. They have these VPN Gateway devices, which allows you to
> secure your wireless communication using IPSec. This is an expensive
> solution, but it's the most secure...
>
>
> Lars M. Hansen
> www.hansenonline.net

"Greg Kirkham" <no-(E-Mail Removed)> wrote in message news:<hvHab.7571$(E-Mail Removed) gy.com>...
> "Cammy" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > Hello,
> >
> > We have an exec in our company that is getting a new laptop and would
> > like to utilize the Wireless capabilities.
> > He would like a Wireless access point in his office, connected to our
> > wired LAN, that will allow him to use his laptop from anyplace in his
> > office.
> >
> > I know that I can set this up pretty much out of the box but would
> > like some suggestions on what should be considered when marrying the
> > networks and what needs to be looked at where security is concerned.
> >
> > Your comments are appreciated.
> >
> > TIA
>

I'd recomend checking out nocatauth at http://www.nocat.net its
usefull for keeping people off that arn't supposed to be in. It runs
in linux so you have to know a bit about that. It also needs a
computer but an old one can work.