Home: www.packetnexus.com
Some good ideas about wireless networking. We recently had a "wireless summit" here at SDSC and UCSD. We brought together staff, system admins, network admins, some faculty, and one of the authors of 802.11. I'll post some notes from our workshop later, but I will offer a few quick tidbits: * WEP is useless; use end-to-end encryption, such as IPSEC, SSH, or SSL, whatever you have. WEP requires long-term keys, which everyone will need to have, and also limits the number of connections per access point. It costs more and does less than end-to-end software encryption. * *require* some form of strong authentication (with auditing) to use the wireless network * you can't stop a DoS within a single access point, you can restrict DoS (perhaps) to only the wireless net, you MUST restrict DoS from the wireless net to the rest of your nets (and the world) * the wireless net should be unrouted, and "flat"; don't mix wireless and wired on the same subnet, it is easier to run a single wireless net for an sntire campus (unrouted class-A if needed) than to deal with mixed wired/wireless issues * a really cranky and agressive firewall/filter/proxy between the wireless net and all your other nets is pretty much a requirement. - --tep Back to the Index