Securing Wireless Networks

["doug" <doug () ravennasprings com>]

I'm setting up a wireless environment with the wireless net firewalled
from the internal net with a L2TP-IPSec VPN connecting the two networks.

I'm curious about best practices:

1)  Is there a need to encrypt the wireless traffic if the VPN is
needed?
I'm thinking not.  
For corporate networks, closing all ports to the wireless LAN thus
requiring VPN connections to the internal network will provide adequate
security.  Leaving the wireless net otherwise unsecured will improve
performance.

For SoHo networks, turning on encryption on the wireless network
[WPA-PSK] and allowing direct Wireless --> Internet traffic will
accommodate "guest" and "family" users in this environment.  Keeping the
VLAN connection to the internal network keeps the corporate network
secure.

2)  In each case, what sort of additional protection is needed on the
client?
        
Assume an XP client, are software firewalls in addition to the Windows
Firewall advisable?  Is the XP VPN client adequately secure?  I've
looked at Astaro's Secure Client, but this might be overkill.

Thanks

---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals.  Norwich University is fulfilling this demand with its MS in
Information Security offered online.  Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------