Re: encryption

From: Saliya Wimalaratne (
Date: 2002-07-26 00:53:27 UTC

On Thu, 25 Jul 2002, Eric Johanson wrote:

> The best solution for supporting windows clients I've found/seen:
> 802.1x (not sure if hostap supports that...)
> pptp (poptop)

Gotta disagree :)

IMO, the best solution for secured WLAN traffic is:

  1. a wireless node that does not forward packets to other wireless devices (i.e. forces all traffic out the ether port)
  2. wireless-client-to-gateway-on-ether IPSec

There are a number of papers that say when you have physical access to the medium (which you do) it's not trustable - though the ones I read didn't mention whether they were discussing MSCHAP or MSCHAPv2.

c) filtering rules on ether port denying all non-IPSec traffic



This archive was generated by hypermail 2.1.4.