Ron DuFresne wrote: > > we are considering > > implimenting an EAP encrypted AP directly on the lan, and I > am looking for > > reasons to say it should be DMZed..... > > All wireless traffic should be treated as unsecured, and > pushed through a > DMZ/encryption tunneled setup. <snip>
Agreed. If the packets/hashes can be accessed it can be compromised. "Unbreakable" has been touted from the 48-bit Netscape encryption that took USC's distributed network a week to crack, to Oracle 9i that took one day to compromise, I believe. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html