Bill Lindley wrote: > Alan Dayley wrote: >> The clients would be doing "office" stuff like file sharing, > > I'd be concerned about file sharing over a wireless network, because of > the potential of corruption when airplanes fly overhead, and because > anyone within a few hundred feet will be able to penetrate wireless > networks even when allegedly 'secured.' At the least, do you want some > kid in the parking lot using the office SMTP server to send spam, > leading to the ISP shutting down the connection? I can't say I've ever heard of airplanes flying overhead causing problems. Can you explain what's going on there? Corruption shouldn't be an issue either since TCP/IP is pretty good about dealing with dropped and/or corrupted packets. Wireless security isn't quite as bad as it used to be. Some are actually quite secure. Here's a quick run-down: WEP - Completely broken. It's worth using only to keep out the ultra-casual sniffers or browsers. WPA-PSK (Pre shared key) - Good! It's secure enough that the only real way to crack in is a brute dictionary approach on the shared password. It's probably easier to do social engineering to get the password. WPA2-PSK (with AES) - Even better. Still can be beat by having easy to guess passwords, though. WPA2-RADIUS - Great! Needs a central Radius server (can be done via FreeRADIUS). This is strong enough that the computation to crack it is completely unfeasible. The only real way to crack it is via a rubber hose attack (i.e., "give me the cert or I'll beat you over the head with this rubber hose). If you are ultra paranoid, then you can go a step farther and use a VPN method. This way, you'd leave the access point wide open (no encryption) but the only host (may be the access point itself) that can be accessed is a VPN gateway. Any computer could get on the wireless network, but they couldn't actually *do* anything unless they authenticate with the VPN. Routers like the Linksys WRT54G can be setup to have OpenVPN running directly on the router itself. > Physical connections will always offer higher speeds and better security. True!