From: P729 (p729@cox.net)
Date: Wed Nov 27 2002 - 20:16:53 GMT-3
My bad. LEAP can also "rotate" the WEP key after an interval, but this is
not quite as robust as TKIP.
Regards,
Mas Kato
https://ecardfile.com/id/mkato
----- Original Message -----
From: "P729" <p729@cox.net>
To: "Wright, Jeremy" <JA_WRIGHT@admworld.com>; <ccielab@groupstudy.com>
Sent: Wednesday, November 27, 2002 12:19 PM
Subject: Re: Wireless Security
While LEAP does address one of the problems with WEP--that of obtaining the
key via authentication, it really doesn't make WEP any stronger (less
predictable or more resistant to brute-force attacks). For that one could
employ a VPN as suggested--or TKIP, which rotates the keys on a per-packet
basis (like rotating your shields against the Borg...). Both LEAP and TKIP
are available with the latest Aironet 350 firmware release, as well as the
1200 series. For non-Cisco, it's my understanding that TKIP "has been
submitted for standards body consideration," so who knows where it is in the
adoption process...
Regards,
Mas Kato
https://ecardfile.com/id/mkato
----- Original Message -----
From: "Chuck Church" <cchurch@optonline.net>
To: "Wright, Jeremy" <JA_WRIGHT@admworld.com>; <ccielab@groupstudy.com>
Sent: Wednesday, November 27, 2002 10:03 AM
Subject: Re: Wireless Security
Jeremy,
Sounds like WEP is not enough security for your needs. Cisco does have
LEAP available now which addresses the faults of WEP, but I don't think it's
available for the 340/350 Aironets. If you already have wireless equipment
that can't run EAP, I think IPSec over the wireless is going to be the most
secure. I've never personally tried using a Cisco VPN client with a
wireless NIC, so you might want to check with TAC first. I suppose you
could also do a VPN to an MS or Novell server, if you dont' have a hardware
device that can act as a VPN server. Although trusting your network
security to MS is kind of like having Homer guard your donut...
Chuck Church
CCIE #8776, MCNE, MCSE
----- Original Message -----
From: "James R. Scobey" <jscobey@sms.com>
To: "Wright, Jeremy" <JA_WRIGHT@admworld.com>; <ccielab@groupstudy.com>
Sent: Wednesday, November 27, 2002 11:25 AM
Subject: Re: Wireless Security
> The netscreen does port to port IPSEC encryption... one of their product
> briefs specifies it's use for encrypting traffic over wireless LANs. A
bit
> pricey, though.
> ----- Original Message -----
> From: "Wright, Jeremy" <JA_WRIGHT@admworld.com>
> To: <ccielab@groupstudy.com>
> Sent: Wednesday, November 27, 2002 9:04 AM
> Subject: OT: Wireless Security
>
>
> > we are trying to nail down out wireless security on top of what we
already
> > have...possibly installing some type of vpn client software on the
> wireless
> > client and have a vpn server on the wired side. bluesocket.com has some
> > awesome boxes that supports all of the major encryption technologies and
a
> > lot of sweet features I would like to have but it appears too expensive
> with
> > what we are trying to do. does anyone have any recommendations? all of
our
> > wireless clients are all on the same subnet also. thanks.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ************************
> > Jeremy Wright
> > Network Analyst
> > Archer Daniels Midland
> > ja_wright@admworld.com
> > (217)451-4063
> >
> > ************************
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:12 GMT-3