RE: Custom Wireless Solution

802.11b has some degree of inherent security.
one can apply WEP (Wireless Equivalency Protocol) to encryption the data,
but even that has been shown to be vulnerable
((In)Security of the WEP algorithm)

there are a few alternatives that can be used to make it more secure:
  [1] deploy a setup whereby one has per-user dynamically-changing WEP
      keys. details on how one vendor can do this are at:

http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/1281_pp.htm
      details on how to actually configure it is at:

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/a
p350scg/ap350ch3.htm#xtocid586920

  [2] don't trust the link layer, and encrypt everything you send.
      this could be as simplistic as adding MAC-address filters to your
      access-points and building a tunnel of some kind (eg. IPsec, or
      even as simplistic as SSH port-forwarding).

if one is prone to be paranoia, using both [1] and [2] probably makes sense.

cheers,

lincoln.

Metricom Ricochet Advantage Technology Overview.url (205 Bytes)

AeroComm Inc The Worldwide Leader in Affordable Complete Wireless Solutions.url (119 Bytes)

Proxim Home Page.url (115 Bytes)

Stratum Wirefree Bridge Family.url (171 Bytes)

Mike Schoenecker wrote:

if one is prone to be paranoia, using both [1] and [2] probably makes sense.

Except that it is currently impractical for many sites since it requires
an entirely Cisco end-to-end shop including the Cisco (or Microsoft's)
RADIUS server.

John

Mike Schoenecker wrote:
> if one is prone to be paranoia, using both [1] and [2] probably makes sense.

Except that it is currently impractical for many sites since it requires
an entirely Cisco end-to-end shop including the Cisco (or Microsoft's)
RADIUS server.

Since all these products are bridges, wouldn't it make sense to just have
an Open/FreeBSD box at either end with two nics? Both os's can do IPSEC
tunnels, and both end nodes will only be bridging a single MAC address.

You end up with a "clean" network design (since you've got an actual
endpoint or 'router') and you can encrypt your traffic with a bit more
confidence than with the WEP stuff...

Charles