[geeks] Wireless AP

Dan Duncan dand at pcisys.net
Thu Feb 12 17:35:06 CST 2004


On Thu, 12 Feb 2004, Bill Bradford wrote:
> Just put a wireless AP/bridge behind the PIX.

Ouch.

I trust wireless about as much as I trust the internet.

I have my wireless AP in my pseudo-DMZ (where I have a few
servers) as my front end firewall/router.  Behind that is my back-end
firewall/router where I have most of my workstations.

I have my wireless fairly well locked down (no SSID broadcast, full WEP,
restricted to certain MAC addresses) and I STILL don't trust it.
If someone hacks it they can access out to the internet and the few
open ports on my pseudo-DMZ servers which are open to the internet
anyway, so enjoy.  I'm thinking of adding a few more ssh tunnels
to permit ftp or other cleartext protocols from behind the second
firewall but for now that stuff is off.  (Mmm, ssh tunnelly goodness)

My workstations are behind TWO firewalls from the net and ONE from
persistent netstumblers.

-DanD

-- 
#  Dan Duncan (kd4igw)  dand at pcisys.net  http://pcisys.net/~dand
# The ice cream truck in my neighborhood plays Helter Skelter. -Steven Wright



More information about the geeks mailing list