Paul,
A company that I previously worked at used WEP 128 with a bi-weekly key update at all
their US offices (plus a measure of physical security). The updated key was
distributed using an NT authenticated intranet webpage. This of course was backed up
with a highly monitored network, strongl
: wireless security question.
>
> 1) Folks who rely on other security measures - IPsec being
> the most obvious
IPSEC is good.
> 5) 128 bit WEP on as deterent. is it worth the effort - low security
> requirements. somewhat 404 (see 3), but not too bad if you
> know wha
i can answer the 1 point:
a) User Authentication via existing databases eg LDAP, RADIUS, Win NT
Domain or Win 2K Active Directory (no need to manage a separate
database or use vulnerable MAC address authentication )
b) Fine grained access control allowing per user/role based rights for
specific s
paul van den bergen wrote:
>
6) 128 WEP + regular key update. with or without IPsec.
My questions relates to scenario 1 and 6, to me the interesting ones.
In the case of 1) how would one stop external users using the APs as private
network bridges?
In the case of 6) how does one distribute
Totally agreed. WEP is wired equivalency...it's just a deterrent, most
don't realize that.
1) lock down the AP as tight as you can then make the AP's IP
non-routable, on it's own network that can't make it past the firewall,
put it in a DMZ, pick-your-poison, etc. Then use your authenticated VPN
>
> 1) Folks who rely on other security measures - IPsec being
> the most obvious
IPSEC is good.
> 5) 128 bit WEP on as deterent. is it worth the effort - low security
> requirements. somewhat 404 (see 3), but not too bad if you
> know what you are
> doing.
>
I say layer your security.