From: Brian Capouch (brianc_at_palaver.net)
Date: 2002-04-20 05:00:20 UTC
Jouni Malinen wrote:
> That said, I would still recommend using IPSec or secure shell tunnels
> etc. on top of link layer. WEP could still be used if it is required
> for some reasons, but the real security would then be provided on
> higher layer.
The short discussion below doesn't pertain directly to the HostAP driver, but might be of some interest to others who are using the driver.
My "need" for WEP came about somewhat by surprise; I do in fact use IPSec to secure everything that I have that goes over the air.
I was surprised to hear, and even more surprised to have Lucent verify, that the various management messages that are sent out between STAs and APs are sent in the clear if WEP isn't being used. There is no way to use IPSec to protect SNMP traffic between an AP and a station running management software.
Their advice was, summarized: "It's WEP or cleartext; there is no other option if you are going to manage your infrastructure. That's why you better get your equipment upgraded to the "hackproof" (my term) WEP+ that is now part of all the stock Lucent firmware distributions."
I'll be glad to stand corrected if I muddied up any of this, but since APs *do* have to be managed, my former lack of interest in WEP has now been transmogrified.