Computer Security - Public Wireless Network together with Private Wireless Network

11-15-2007, 08:39 AM

My organization has a proposal from a vendor which will run 2 wireless
networks seperated by using VLAN tagging. One network is for business use
and the 2nd for guest access. The guest access communication packets will
actually traverse our physical wire through our firewalls and mulitple
security zones before leaving out to the internet. I believe this will be a
major compromise to our overall security posture but can't find
documentation to prove it.
i have found some VLAN vulnerability info but no security best practice
white papers recommending against it. Does anyone out there have a credible
source of information that could spell out the reason not to do this? Or,
any documentation on setting up a seperate wireless mesh network connected
straight to the internet for guest access? Any info would very greatly
appreciated.

PL

11-15-2007, 03:54 PM

"PL" <> writes:

> My organization has a proposal from a vendor which will run 2 wireless
> networks seperated by using VLAN tagging. One network is for business
> use and the 2nd for guest access.

Does the vendor rhyme with Crisco? And the solution rhyme with
Flaironet?

If so, that's best of breed stuff.

> The guest access communication packets will actually traverse our
> physical wire through our firewalls and mulitple security zones
> before leaving out to the internet. I believe this will be a major
> compromise to our overall security posture but can't find
> documentation to prove it. i have found some VLAN vulnerability
> info but no security best practice white papers recommending against
> it. Does anyone out there have a credible source of information that
> could spell out the reason not to do this? Or, any documentation on
> setting up a seperate wireless mesh network connected straight to
> the internet for guest access? Any info would very greatly
> appreciated.

You have a legitimate concern.

The security of the installation depends on the security of the
switches involved. VLAN tagging is quite strong if you can trust the
switches and devices implementing it to be up to date with updates.

Very large corporate and commercial data centers rely on vlan tagging
to work, so if there were current vulnerabilities, you should hear a
BIG stink about it in the press.

Naturally there's no harm in pushing a hungry vendor on the point and
seeing if there's a way it can be configured to use a dedicated DSL
line or whatever so that a minimum of guest traffic traverses any part
of your network, or the least possible number of devices on your
network.

Best Regards,
--
Todd H.
http://www.toddh.net/

Todd H.

11-15-2007, 03:54 PM	#2
Todd H. Posts: n/a	Re: Public Wireless Network together with Private Wireless Network "PL" <> writes: > My organization has a proposal from a vendor which will run 2 wireless > networks seperated by using VLAN tagging. One network is for business > use and the 2nd for guest access. Does the vendor rhyme with Crisco? And the solution rhyme with Flaironet? If so, that's best of breed stuff. > The guest access communication packets will actually traverse our > physical wire through our firewalls and mulitple security zones > before leaving out to the internet. I believe this will be a major > compromise to our overall security posture but can't find > documentation to prove it. i have found some VLAN vulnerability > info but no security best practice white papers recommending against > it. Does anyone out there have a credible source of information that > could spell out the reason not to do this? Or, any documentation on > setting up a seperate wireless mesh network connected straight to > the internet for guest access? Any info would very greatly > appreciated. You have a legitimate concern. The security of the installation depends on the security of the switches involved. VLAN tagging is quite strong if you can trust the switches and devices implementing it to be up to date with updates. Very large corporate and commercial data centers rely on vlan tagging to work, so if there were current vulnerabilities, you should hear a BIG stink about it in the press. Naturally there's no harm in pushing a hungry vendor on the point and seeing if there's a way it can be configured to use a dedicated DSL line or whatever so that a minimum of guest traffic traverses any part of your network, or the least possible number of devices on your network. Best Regards, -- Todd H. http://www.toddh.net/ Todd H.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
adhoc wireless network I NEED HELP PRETTY PLEAS	abouttosmashmylaptop	General Help Related Topics	0	04-06-2008 11:11 PM
IMHO, Digital SECAM video is better than Analog NTSC video	Radium	DVD Video	167	10-25-2006 04:16 AM
Setting up a Network -- Wired or Wireless?	shopzero.net	DVD Video	1	07-24-2006 07:18 PM
Re: adding wireless to a wired network	AG	A+ Certification	3	01-14-2005 08:52 AM
Re: adding wireless to a wired network	Remo	A+ Certification	0	01-07-2005 06:31 PM

11-15-2007, 08:39 AM	#1
	Public Wireless Network together with Private Wireless Network My organization has a proposal from a vendor which will run 2 wireless networks seperated by using VLAN tagging. One network is for business use and the 2nd for guest access. The guest access communication packets will actually traverse our physical wire through our firewalls and mulitple security zones before leaving out to the internet. I believe this will be a major compromise to our overall security posture but can't find documentation to prove it. i have found some VLAN vulnerability info but no security best practice white papers recommending against it. Does anyone out there have a credible source of information that could spell out the reason not to do this? Or, any documentation on setting up a seperate wireless mesh network connected straight to the internet for guest access? Any info would very greatly appreciated. PL