Interesting network setup
I recently read about a particular corporate network setup that I thought was interesting. Most companies that I know of have their internal network wired with cat-5 cable for their workstations, and they also have a wireless component of the network for employees or visitors with laptops. This wireless network is obviously secured because you can’t have someone parking their car and hopping onto your network, thus getting access to your internal network.
The setup that I read about had the same components: an internal wired network for their workstations, and a wireless network for laptops. However, the wireless network was completely wide open. No access code needed, just fire up your laptop and start browsing. Theres one catch though; the wireless network was not connected to their internal network. So anyone who gets access to their wireless can browse the internet, and thats about it, its no different than the connection at starbucks. The usage for employees would be to connect to the wireless network and the VPN onto the corporate network to gain access to the systems they needed (email, fileshare, etc.).
To me, this actually seems MORE secure than the typical setup and much less of a hassle. It seems that everytime I need to connect to a wireless network its a pain in the ass to get the access key, type it in wrong (inevitably), and finally get connected. With this setup you don’t need to mess with that, and you’ve still got the VPN to restrict access to the company’s network.
I thought it was pretty slick.
Jamie said,
Wrote on June 27, 2006 @ 2:05 pm
The only problem that I can see with this is using someone’s network to download kiddie porn or bittorrent or numerous other things that someone would use someone else’s network for.
That is the main reason that we have an access key and access control lists at my house is that I do not want some random person using my network connection and then it coming back to me. Especially with the RIAA and MPAA and their tactics of suing people now a days, you are opening up a can of worms to have the companies IP address tracked.
It is a good idea to help keep out viruses from the normal network, but what you propose is NOT more secure.
ben said,
Wrote on June 27, 2006 @ 3:33 pm
I see your point, its not more secure from that perspective of people using your internet access for bad things, I suppose it could still be regulated somehow without being on the corporate network, I don’t know all the details, just something I heard of and found interesting.