Re Matthew's comments of a wireless connected end point being hacked...My understanding was that with the end point in infrastructure mode and the AP configured to not allow inter-endpoint communication you could quite easily bypass this problem...

Orrrrr am I off track because it is possible to hyjack an end point's connection to an AP?

Aye, it is a good thing to use VPNs on wireless connections. You migth want to use other link-layer features as well though. For instance, if I'm joe cracker and I know that you're running an AP that only allows VPN connections to get through, then I'll just bind to the AP, hack your machine (the one running the VPN client) and use it's previously established connection through the VPN. Ergo, VPN + only talking to specific MAC addresses is a good idea.

I was very surprised to see that 802.11 did not use the security features from 802.10. Anyone ever looked at 802.10? It's philosophically similar to IPSec.

Edited by author 07-11-2003 07:24 PM

Lately, I've been thinking that the best way to go is to … use OS X's VPN client to encrypt my connection without using WEP or WPA.

A revolutionary idea! We could extend this thought to other situations. If only we could develop some sort of generic IP Security protocol, somehow…

sorry, this is a pet peeve of mine

One password is a very smart move. If the process is too compex then residental users and SOHO users are going to give up and stick with plain-text. WPA simplifies encryption. That is a step in the right direction.

FYI: This article is syndicated from Small Net Builder, which has many in-depth Wi-Fi articles.

There's a somewhat dated, but useful "WiFi security checklist" over at Cryptonomicon.Net. http://www.cryptonomicon.net/modules.php?n...iewarticle&artid=10

If I may say so, Cory, 'pip pip!' That is the best way to handle wireless security with current technology: Treat the wireless like a very insecure wired link. There's no way to secure the link, so instead secure the traffic you send on it. OS X and *nix make it especially easy to build your own VPN system. I haven't had as much success getting Windows boxes to initiate sessions (They can client fine) but that's ok.. I don't run many servers off of Win :)