Today's the birthday. Yippee. In years past I would have been pretty happy about it, but something changed in the last year and I am now *much* more acutely aware of the passing of time and how little of it may be left. A maudlin thought, that. I am trying to look at the bright side, which is substantial, but I can't shake the feeling that the odometer clicking over one more digit is no longer a good thing.
On more productive fronts, I need to bone up on 802.11x security for a set of conferences where I have a speaking slot. I'm having a hard time reconciling my view that 802.11 is a wonderful workgroup and collaboration tool with the more widely-held view that 802.11 is just not secure enough for corporate use. My take on that is yes, WEP is very weak as encryption goes, but so what? Most corporate data isn't worth protecting - for that matter, it's not worth publishing in the clear. I guess I have a problem with all the people piling on the "802.11 is insecure" bandwagon. All they're doing is insuring that companies will avoid the technology, when in fact WLANs with even minimal protections (WEP, RADIUS) are much more secure than the memos and papers that you routinely find in conference rooms and in trash.
I suppose I can summarize my position as "don't label 802.11 as too insecure for corporate use till you do some real thinking about the data you're trying to protect and the context". For example, do we really care if someone (with GREAT difficulty, from most people's POV) could packet sniff and eventually decode the minutes of our staff meetings? The only valid concern I can see is that once the WLAN link is hacked, the intruder is now able to snoop around the intranet and do...whatever application or data store-level security will let him/her do. Perhaps the answer is every WLAN access point should have an embedded firewall (have to do some research on that). Anyway, that's the big technical issue for the week.
9:35:48 AM 
|
|
