On Wed, 11 Sep 2002, Jared Mauch wrote:
There are a lot of things one can do:
1) enable wep 2) rotate wep keys 3) authenticate by mac-address 4) restrict dhcp to known mac-addresses 5) force utilization of vpn/ipsec client
Suddenly laying down UTP doesn't seem so bad anymore...
Obviously not all of these solutions are available in all cases, but in a home or small lan-environment a subset of these will increase security (even if it's reinforcing the screen door with 1/16" of balsa wood)
You can forget rotating WEP keys on anything that isn't four times as expensive as what most people have at home. Authentication by MAC address doesn't buy you anything since someone else can "borrow" the MAC address. Does anyone have experience with using asymmetric WEP keys? (= key 1 for AP -> client and key 2 for client -> AP.) I'm thinking about doing this so I can at least obscure my upstream traffic even if the downstream WEP key is public knowledge. Obviously this isn't anything near safe, but this way I'd risk the inconvenience of someone stealing my HTTP cookies or passwords and messing up my settings for some non-essential web services. (Anything even remotely sensitive will run over SSH or SSL of course.)