> Every IT auditor that has walked through my door has point-blank asked
> me if I have 802.11x in use.  I say 'no' - they say 'good thing'.
> They red tag it immediately - vpn or no vpn.    And I don't mean that
> these are fly-by-night auditors... we're talking OIG, D&T, KPMG...
> government and public heavy weights to name a few.

Yes but the problem is that this just seems like idiocy.  If you send info 
into the Internet "ether" you *assume* anyone has access to the virtual 
"spectrum" and can eavsdrop on the physical transmission.

The rule about 802.11x seems arbitary and *stupid*.  Furthermore, one would 
expect the auditors to at least acknowledge that is is a bureaucratic 
stupidity.  The point is that the encryption should be private-key for the 
local wireless LAN that makes eavesdropping *irrelevant*.