On Tue, Oct 29, 2002 at 09:35:01AM -0500, Phillip Hofmeister wrote:
> Laptop (IPSEC CLient) -> WAP -> Server (DHCP AND IPSEC Host) -> Local
> Network.  In order to get inside the network you will have to get past
> the IPSEC Host, which of course will require a key that has a valid
> certificate from the local CA.

IPsec has the added advantage that it can be used to protect all
wireless traffic from eavesdroppers.

At the USENIX Annual Technical Conference in Monterey, CA this past
June, the company providing wireless network connectivity used such a
system.  Since it was IPsec, people using *BSD, Windows, Linux, etc were
able to use it.  They also had things configured in such a way that if
you couldn't or didn't want to use IPsec, you could use "guest" mode,
which didn't require anything other than basic 802.11b functionality,
but meant that you could do only a limited amount of stuff on the
network (i.e. most outgoing ports were filtered, especially ones that
would have you sending your password in the clear over a wireless link).

I forget the name of that company, but could dig it up if anybody wants
it.  Of course, all they really did was take a Linux box and configure
it just right to get this functionality, so if time is more plentiful
for you than money, you could likely build the same kind of system
yourself.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: msg07574/pgp00000.pgp
Description: PGP signature

Reply via email to