David Wagner
Tue, 13 Feb 2001 17:14:14 -0800
Arnold G. Reinhold wrote:
>Thus there is a need for a short term remedy that can work with the
>existing standard.
Maybe the easiest short term remedy that does not require
any changes to hardware is the following:
* Put the wireless network outside your firewall
(or place a firewall between your wireless network and your
internal, security-sensitive network), and
* Use a VPN with strong end-to-end cryptographic authentication
and encryption (e.g., IPSEC or equivalent)
In short, don't trust the wireless devices to provide security
-- treat the wireless cards as a way of getting insecure access,
and then use an independent security mechanism.