The following excerpt is from Chapter 4 of the free e-book "The tips and tricks guide to securing Windows Server 2003" written by Roberta Bragg and available at Realtimepublishers.com. Click for the complete book excerpt
Standard security options plus fire walling
Placing a WAP on the internal side of the corporate firewall is not firewalling the access point. Wireless connectivity does not go through the firewall. However, you can firewall the WAP by placing a firewall or remote access server between the WAP and the rest of your network. You can then require virtual private network (VPN) connectivity to the internal LAN, or at the very least, authentication to the remote access server. No internal network resources can be accessed until this authentication is accomplished. Figure 4.16 illustrates this technique. In the figure, the WAP is connected to the external card of a remote access server. Although it is possible to obtain connection to the WAP, connectivity to any internal resource can only be acquired if connection to the remote access server is successful. Additional restrictions such as port filtering or the addition of an actual firewall is also possible.
Figure 4.16: Setting up a firewall for wireless clients.
Click for the next excerpt in this series: Add 802.1x technology.