Shorewall users - Feb 2002 - Wireless Access Point

For all the security gurus,

I want to put a wireless access point on our system that would be part of
the public network - see seattlewireless.net

I''m hoping to run a floppy only firewall, so putting the access point
in
the firewall probably won''t work.  But, we do have a webserver in a
DMZ,
and the accesspoint could go there - perhaps easiest to do.

Is that a big security risk?  Should I bag the floppy firewall idea and
put the access point in the firewall, or perhaps set up another old
pentium as the access point and 1) add another interface to the firewall,
or 2) let the access point be on the DMZ subnet.

-- 
Sincerely,

David Smead
http://www.amplepower.com.

David Smead wrote:
> For all the security gurus,
>
> I want to put a wireless access point on our system that would be part of
> the public network - see seattlewireless.net
>
> I''m hoping to run a floppy only firewall, so putting the access
point in
> the firewall probably won''t work.  But, we do have a webserver in
a DMZ,
> and the accesspoint could go there - perhaps easiest to do.
>
> Is that a big security risk?  Should I bag the floppy firewall idea and
> put the access point in the firewall, or perhaps set up another old
> pentium as the access point and 1) add another interface to the firewall,
> or 2) let the access point be on the DMZ subnet.
No gurus required for this one!  :-)

If this is a public network, then you should treat it just like the rest of
the world''s public networks.  Regardless of the hardware/firewall
software
used, i would put the access point on the _outside_ of the firewall.

Paul
http://paulgear.webhop.net