> > 1) Folks who rely on other security measures - IPsec being > the most obvious
IPSEC is good. > 5) 128 bit WEP on as deterent. is it worth the effort - low security > requirements. somewhat 404 (see 3), but not too bad if you > know what you are > doing. > I say layer your security. Enjoy the attacker's dissapointment when he FINALLY cracks that key, and all he can see is ESP and ISAKMP key exchanges. WEP+IPSEC is good stuff. > > In the case of 1) how would one stop external users using the > APs as private > network bridges? MAC address locking may help here. Though, it's a fairly trivial layer of security, as you can usually reset your mac address to one that's authorized. Though the damage associated with an attacker using your WAP as a network bridge, or for thier own personal use between two or more nodes is far less severe than having them punch a hole into the soft chewy center of things. > > In the case of 6) how does one distribute the WEP keys at > each update? > Don't have an answer here. AFAIK, that still has to be done manually. Coaching a normal user through WEP key changes on a regular basis sounds like a nightmare in a large network. Ugh. Any WiFi vendors listening? Key exchange daemons in the works anywhere? ************************************************************************************************** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies. **************************************************************************************************
