On Tue, 2006-09-19 at 15:33 +0200, Frans Haarman wrote: > On 9/19/06, chris barry <[EMAIL PROTECTED]> wrote: > > Q: if the website gives away the password/key, how do you limit access? > > Is there some generic login, published in the company (like on the > > conference room wall), used first to get this session data? How would > > this login data be secured wirelessly? ssl? > > A: The idea is a https website which authenticates against a server > inside the network. >
Can you diagram the flow, showing client, firewall and auth server? My concern is the communication between the fw and the auth server. In my scenario, I maintain two non-connecting parallel networks: one is the wired production Lan, and other is a separate wireless network. For in-house wireless users to access the production Lan, they must VPN in. This allows guests access to the Internet, but keeps them off of my production net. I want to lock down the wireless network too, but not make it too cumbersome for clueless visitors to get at their email, web, etc. Your idea seems promising, but I would lean more toward a posted password changed daily or weekly to get to the session login data. -C
