Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > AP where on network

Reply
Thread Tools

AP where on network

 
 
Joe Mickelson
Guest
Posts: n/a
 
      08-16-2007
Is it ok to put an access point behind a firewall as opposed to before
it (on the outside)?

If my users want to connect to the network, they have to authenticate
and get authorization which I'm guessing a router would route the Auth
& Auth requests to a Radius server on a dmz, but then it seems like
they wouldn't have all the normal protection of entering through the
firewall as a normal user would.

So where should the wifi normally be on a small LAN, inside, or
outside, DMZ of a LAN? Pros/cons?

 
Reply With Quote
 
 
 
 
Todd H.
Guest
Posts: n/a
 
      08-16-2007
Joe Mickelson <(E-Mail Removed)> writes:

> Is it ok to put an access point behind a firewall as opposed to before
> it (on the outside)?
>
> If my users want to connect to the network, they have to authenticate
> and get authorization which I'm guessing a router would route the Auth
> & Auth requests to a Radius server on a dmz, but then it seems like
> they wouldn't have all the normal protection of entering through the
> firewall as a normal user would.
>
> So where should the wifi normally be on a small LAN, inside, or
> outside, DMZ of a LAN? Pros/cons?


Keeping the wlan in the DMZ has a significant pro in that your
firewall will prevent WLAN traffic (generally less trusted due to the
inability to physically control access with certainty) from hitting
your wired LAN. the con is that if you need wireless clients to
access wired LAN resources, then you need to implement a VPN (which
isn't that hard these days with openvpn available as a module for 3rd
party firmware available for low cost routers).

The concern about wireless users protection from internet threats can
be mitigated if a wireless router/firewall is chosen instead of just
an AP.

Details vary - are we talking about a home network or something a bit
more heavy duty?

--
Todd H.
http://www.toddh.net/
 
Reply With Quote
 
 
 
 
Leythos
Guest
Posts: n/a
 
      08-16-2007
In article <(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> Keeping the wlan in the DMZ has a significant pro in that your
> firewall will prevent WLAN traffic (generally less trusted due to the
> inability to physically control access with certainty) from hitting
> your wired LAN. the con is that if you need wireless clients to
> access wired LAN resources, then you need to implement a VPN (which
> isn't that hard these days with openvpn available as a module for 3rd
> party firmware available for low cost routers).


If the firewall permits it, you can use Firewall Authentication via
HTTP/HTTPS instead of the VPN - using a browser to auth with the
firewall and then use a rule to allow AUTH>LAN from DMZ. This means that
you don't have to do a VPN, so you get better speed/performance.

--
Leythos - (E-Mail Removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
No "Wireless Network Connection" available in network connection =?Utf-8?B?am9raW5kYTE=?= Wireless Networking 7 10-16-2012 07:32 AM
Network did not assign network address Bill Babakian Wireless Networking 3 11-21-2004 08:15 PM
lost use of network printer connceted via wireless network after p =?Utf-8?B?Ul9DX0Jyb3duX0py?= Wireless Networking 0 11-05-2004 08:34 PM
My Network Places | Entire Network ?? Rush Wireless Networking 0 09-21-2004 09:43 PM
Network Computer Reboots when Laptop Connects to Wireless Network Charles Law Wireless Networking 7 09-14-2004 02:11 PM



Advertisments