Wireless Local Area Networks and Firewalls

[supplyandd]

Wireless Local Area Networks (WLANs) are increasingly popular, due to their convenience and their low cost. But network security professionals nearly unanimously agree that WLAN segments should not be connected directly to trusted/internal networks; they should instead be set up as DMZ (demilitarized zone) networks separated both from the internal network and from other (wired) DMZs by a firewall. Why ?

 

[dotcomguy]

The main reason is because wireless networking is a radio technology: all network traffic in a WLAN is broadcast over radio waves that can be trivially eavesdropped by unauthorized passersby. Besides the obvious privacy problem, this eavesdropping exposure also makes it easier for an attacker to connect to and pretend to be a legitimate user of a WLAN.

 

[Sachiel]

Emerging WLAN technologies such as WPA may effectively and transparently encrypt all traffic to mitigate eavesdropping exposures, but as of this writing, the predominant WLAN technology is still 802.11b, a.k.a. "WiFi," typically implemented without WPA (which is backward-compatible with 802.11b). Although 802.11b natively supports encryption via the "Wired Equivalent Privacy" protocol, WEP is not trustworthy: it was found to have fatal flaws very soon after its details were made public.

 

[kiz9999]

isn't a WPA or a WEP key sufficent enough to protect your wireless LAN? thats all i am using.