AP where on network

Discussion in 'Computer Security' started by Joe Mickelson, Aug 16, 2007.

  1. Is it ok to put an access point behind a firewall as opposed to before
    it (on the outside)?

    If my users want to connect to the network, they have to authenticate
    and get authorization which I'm guessing a router would route the Auth
    & Auth requests to a Radius server on a dmz, but then it seems like
    they wouldn't have all the normal protection of entering through the
    firewall as a normal user would.

    So where should the wifi normally be on a small LAN, inside, or
    outside, DMZ of a LAN? Pros/cons?
     
    Joe Mickelson, Aug 16, 2007
    #1
    1. Advertising

  2. Joe Mickelson

    Todd H. Guest

    Joe Mickelson <> writes:

    > Is it ok to put an access point behind a firewall as opposed to before
    > it (on the outside)?
    >
    > If my users want to connect to the network, they have to authenticate
    > and get authorization which I'm guessing a router would route the Auth
    > & Auth requests to a Radius server on a dmz, but then it seems like
    > they wouldn't have all the normal protection of entering through the
    > firewall as a normal user would.
    >
    > So where should the wifi normally be on a small LAN, inside, or
    > outside, DMZ of a LAN? Pros/cons?


    Keeping the wlan in the DMZ has a significant pro in that your
    firewall will prevent WLAN traffic (generally less trusted due to the
    inability to physically control access with certainty) from hitting
    your wired LAN. the con is that if you need wireless clients to
    access wired LAN resources, then you need to implement a VPN (which
    isn't that hard these days with openvpn available as a module for 3rd
    party firmware available for low cost routers).

    The concern about wireless users protection from internet threats can
    be mitigated if a wireless router/firewall is chosen instead of just
    an AP.

    Details vary - are we talking about a home network or something a bit
    more heavy duty?

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Aug 16, 2007
    #2
    1. Advertising

  3. Joe Mickelson

    Leythos Guest

    In article <>, says...
    > Keeping the wlan in the DMZ has a significant pro in that your
    > firewall will prevent WLAN traffic (generally less trusted due to the
    > inability to physically control access with certainty) from hitting
    > your wired LAN. the con is that if you need wireless clients to
    > access wired LAN resources, then you need to implement a VPN (which
    > isn't that hard these days with openvpn available as a module for 3rd
    > party firmware available for low cost routers).


    If the firewall permits it, you can use Firewall Authentication via
    HTTP/HTTPS instead of the VPN - using a browser to auth with the
    firewall and then use a rule to allow AUTH>LAN from DMZ. This means that
    you don't have to do a VPN, so you get better speed/performance.

    --
    Leythos - (remove 999 to email me)

    Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
    create filth and put it on the web for any kid to see: Just take a look
    at some of the FILTH he's created and put on his website:
    http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
    to children (the link I've include does not directly display his filth).
    You can find the same information by googling for 'PCBUTTS1' and
    'exposed to kids'.
     
    Leythos, Aug 16, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Charles Law
    Replies:
    7
    Views:
    1,058
    Charles Law
    Sep 14, 2004
  2. Rush

    My Network Places | Entire Network ??

    Rush, Sep 21, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    1,852
  3. =?Utf-8?B?Ul9DX0Jyb3duX0py?=

    lost use of network printer connceted via wireless network after p

    =?Utf-8?B?Ul9DX0Jyb3duX0py?=, Nov 5, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    1,014
    =?Utf-8?B?Ul9DX0Jyb3duX0py?=
    Nov 5, 2004
  4. Bill Babakian

    Network did not assign network address

    Bill Babakian, Nov 21, 2004, in forum: Wireless Networking
    Replies:
    3
    Views:
    13,007
    Bill Babakian
    Nov 21, 2004
  5. =?Utf-8?B?am9raW5kYTE=?=

    No "Wireless Network Connection" available in network connection

    =?Utf-8?B?am9raW5kYTE=?=, Nov 27, 2004, in forum: Wireless Networking
    Replies:
    7
    Views:
    19,687
    preeuzee
    Oct 16, 2012
Loading...

Share This Page