On Tue, Oct 29, 2002 at 09:35:01AM -0500, Phillip Hofmeister wrote: > Laptop (IPSEC CLient) -> WAP -> Server (DHCP AND IPSEC Host) -> Local > Network. In order to get inside the network you will have to get past > the IPSEC Host, which of course will require a key that has a valid > certificate from the local CA.
IPsec has the added advantage that it can be used to protect all wireless traffic from eavesdroppers. At the USENIX Annual Technical Conference in Monterey, CA this past June, the company providing wireless network connectivity used such a system. Since it was IPsec, people using *BSD, Windows, Linux, etc were able to use it. They also had things configured in such a way that if you couldn't or didn't want to use IPsec, you could use "guest" mode, which didn't require anything other than basic 802.11b functionality, but meant that you could do only a limited amount of stuff on the network (i.e. most outgoing ports were filtered, especially ones that would have you sending your password in the clear over a wireless link). I forget the name of that company, but could dig it up if anybody wants it. Of course, all they really did was take a Linux box and configure it just right to get this functionality, so if time is more plentiful for you than money, you could likely build the same kind of system yourself. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
msg07574/pgp00000.pgp
Description: PGP signature
