what about the new PEAP protocol ?
------------------------
"Robinson, Sonja" <[EMAIL PROTECTED]> wrote:
------------------------
>802.11b which is used by current wireless devise is inherently insecure and
>WEP is NOT secure. It is imperative that you use VPN to secure any
>transmissions. Also, make sure that all defaults are turned off/changed and
>lock down the SSID as much as possible. That is unless you want to be war
>driven and cracked. There will be some new products out shortly (1/2Q2003)
>that will be much more secure for wireless however, a GOOD VPN set up will
>mitigate most current issues.
>
>Netstumber is a great war driver.
>
>-----Original Message-----
>From: Chris Martin [mailto:[EMAIL PROTECTED]]
>Sent: Sunday, November 17, 2002 8:18 PM
>To: Brian Bettger
>Cc: [EMAIL PROTECTED]
>Subject: RE: Wireless security and VPN
>
>The 802.11x (I think that's what it's called) system may be what you are
>looking for. This system utilises the client authenticating to a RADIUS
>server via EAP. Most Cisco wireless gear has this WEP type (called
>LEAP). It's quite strong and the keys change regularly at predetermined
>intervals.
>
>Even if you use VPN stuff like L2TP or PPTP you'll still have an
>authentication process, however LEAP/802.11x integrates all that very
>seamlessly.
>
>Hope this helps,
>
>Chris Martin
>
>-----Original Message-----
>From: Brian Bettger [mailto:[EMAIL PROTECTED]]
>Sent: Friday, 15 November 2002 4:12 AM
>To: [EMAIL PROTECTED]
>Subject: Wireless security and VPN
>
>Hello,
>
>I am searching for a product that incorporates a Wireless Access Point
>AND VPN authentication to use for nearly all of our wireless rollouts.
>As you know SSID and WEP are possibly not enough to keep people out of
>networks. An integrated VPN authentication after SSID and WEP, BUT
>before network authentication would be REALLY nice. In other words, I
>turn on my laptop, PDA or workstation, it establishes the primary
>connection through the use of SSID and WEP, then stops, leaving port
>1723 open, dropping all other traffic or attack attempts until I make a
>secure VPN connection. As soon as I establish the VPN connection I am
>then prompted (or not) with my NT, Novell, or whatever login.
>
>The thought is, a war driver could possibly crack WEP, access to the WAP
>but is then faced with needing to establish a VPN connection even before
>he can gain information about the network. The war driver / cracker
>could only scan and see port 1723.
>
>Please pass this on as a request for development if possible. Another
>point is that it would be nice to have this bundled into one appliance.
>Additionally pass this on to anyone else you feel may help.
>
>Yes, I have looked into Proxim's solution, but it is over priced for my
>clients (SOHO to medium size business, 25-100 users) and requires two
>appliances, the WAP and then the VPN appliance.
>
>
>Brian Bettger
>Systems Engineer
>Diversint, Inc.
>Diversified Internet Services Group
>
>360-404-2044
>
>www.diversint.com
>
>Technology is Business
>
>
>
>**********************************************************************
>This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for
>the individual(s) named herein or others specifically authorized to receive the
>communication. If you are not the intended recipient, you are hereby notified that
>any dissemination, distribution or copying of this communication is strictly
>prohibited. If you have received this communication in error, please notify the
>sender of the error immediately, do not read or use the communication in any manner,
>destroy all copies, and delete it from your system if the communication was sent via
>email.
>
>
>
>
>**********************************************************************
>
