-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/19/07 8:16 AM, Tonnerre LOMBARD wrote:
> Personally, I use IPsec to secure my WLAN, and I can only recommend that > to others. It is very effective. IPSec can be an effective safeguard -- for IP headers and the upper-layer protocols and payloads above them. On the other hand it's a misconception to think IPSec will "secure my WLAN." IPSec doesn't know and doesn't care what link layer it runs over. There is some layer-2 stuff that happens before layer-3 handshaking begins -- 802.11 association and deassociation, possibly layer-2 learning, and 802.1X authentication if that's used. IPSec will not and cannot secure any of this. Wireless LANs are a technology in which sensitive data may go in the clear at L2 before L3 gets started. In this case L2 security mechanisms such as WPA are appropriate, and do not rule out the use of complementary mechanisms like IPSec or SSL. Even if you don't care about authenticating or encrypting L2 data, there's still the issue of bandwidth and resource consumption at L2. 802.11 is extremely chatty. Using WPA or (if you must) WEP to keep the airwaves free (well, to the extent possible) can help there. dn iD8DBQFHQgxFyPxGVjntI4IRAnLAAJ0Ysf5O3t8To4QcUBibQ2Yih6QA1QCfX++A 9su1m/P6DfqsnyNlLCDy0oo= =dfhp -----END PGP SIGNATURE-----
