RE: wireless security question.

["Keith T. Morgan" <keith.morgan () terradon com>]

> 1) Folks who rely on other security measures - IPsec being 
> the most obvious

IPSEC is good.

> 5) 128 bit WEP on as deterent.  is it worth the effort - low security 
> requirements.  somewhat 404 (see 3), but not too bad if you 
> know what you are 
> doing.

I say layer your security.  Enjoy the attacker's dissapointment when he FINALLY cracks that key, and all he can see is 
ESP and ISAKMP key exchanges.  WEP+IPSEC is good stuff.

> In the case of 1) how would one stop external users using the 
> APs as private 
> network bridges? 

MAC address locking may help here.  Though, it's a fairly trivial layer of security, as you can usually reset your mac 
address to one that's authorized.  Though the damage associated with an attacker using your WAP as a network bridge, or 
for thier own personal use between two or more nodes is far less severe than having them punch a hole into the soft 
chewy center of things.

> In the case of 6) how does one distribute the WEP keys at 
> each update?  


Don't have an answer here.  AFAIK, that still has to be done manually.  Coaching a normal user through WEP key changes 
on a regular basis sounds like a nightmare in a large network.  Ugh.  Any WiFi vendors listening?  Key exchange daemons 
in the works anywhere?

**************************************************************************************************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or  the 
sender immediately and do not disclose the contents to anyone or make copies.

**************************************************************************************************