> Every IT auditor that has walked through my door has point-blank asked
> me if I have 802.11x in use. I say 'no' - they say 'good thing'.
> They red tag it immediately - vpn or no vpn. And I don't mean that
> these are fly-by-night auditors... we're talking OIG, D&T, KPMG...
> government and public heavy weights to name a few.
Yes but the problem is that this just seems like idiocy. If you send info
into the Internet "ether" you *assume* anyone has access to the virtual
"spectrum" and can eavsdrop on the physical transmission.
The rule about 802.11x seems arbitary and *stupid*. Furthermore, one would
expect the auditors to at least acknowledge that is is a bureaucratic
stupidity. The point is that the encryption should be private-key for the
local wireless LAN that makes eavesdropping *irrelevant*.
(text/plain)