Re: But why
A firewall and proxy wont help too much if you don't plan ahead - they'll still be plugged in. OK they won't get to t'interwebs but you can bet the Boss will soon fix that. You are better off putting them where you can see them and using VLANs and extra WiFi SSIDs to segregate the things from your real LANs. Get your IDS and whatever else sniffing and poking around to watch what they are up to. Investigate NAC as well while you are at it (mmm Packet Fence)
At the rate I'm creating VLANs I'm going to be looking into QinQ fairly soon .... and that's just at home.
Biting the hand that feeds IT
