I think it's fair to say that our (NOC) concerns are more based on unauthorized access to our network than whether someone's individual data is secure. ONE bad guy can cause LOTS of damage with unauthorized access. This one bad guy, should he feel the need to kill a server, for example, would certainly have the skill to beat WEP. That's why we use VPN.
I'm attaching our Knowledge Base website: http://kb.indiana.edu/ I typed in "VPN Wireless" and came up with tons of info. For sure, there are details for nearly all OS VPN clients. I haven't looked at all, but I'm pretty sure that even if a platform doesn't have VPN built in, a user can get it for free (not sure about MACs). To date, I haven't heard one complaint. Also, we're doing everything possible at Indiana to get people up to XP anyway. Hope this is valuable. Kirt Guinn Wireless Project Analyst University Information Technology Services Indiana University (812) 855-1784 -----Original Message----- From: Nicola Foggi [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 11:48 PM To: [EMAIL PROTECTED] Subject: Re: [WIRELESS-LAN] Wireless Survey WEP is definitely not perfect, and we don't recommend anyone passing sensitive data over the wireless network. Yes VPN is definitely secure, however but you have to think about now you're requiring the end user to have a piece of software installed on there machine on top of ensuring the wireless card is properly setup... Do you leave Allow Broadcast SSID to Associate so that most cards by default can pick up the wireless network? I would be interessted to see the difference in responses from schools in a major city vs other schools. I can stand in my office and pickup at least 2 other wireless networks (not on our network) and if I go down to the street corner I pickup anywhere between 5-10 different access points. 802.1x would be great if all cards supported it... Maybe someday in the perfect world they'll ratify a standard for securing wireless that was meant to secure wireless!! Nicola Foggi Networks and Telecom DePaul University >>> [EMAIL PROTECTED] 11/21/02 21:12 PM >>> Agreed! Besides the proprietary stuff, WEP 128 has security problems that are well documented. We use VPN all the way - encrypted to the key stroke. We also consider a move to 802.1x, but are waiting for the complimentary (802.11stuff) that's coming. So, to answer the other questions: 1) We don't do WEP, since we feel it's not worthy, and not worth the risk. 2) VPN all the way. We have a "Knowledge Base" web site that gives users directions on configuration, that seems to work even at the knucklehead level (I did it on my own, first try). 3) No DHCP for wireless. 4) No charge. We currently have Orinoco (~300 nodes on two campuses), but are awaiting RFP results, and intend to expand to 1500 by Summer of 2004. 802.11b until 802.11g is ready. Kirt Guinn Wireless Project Manager Indiana University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/memdir/cg/.
