An excellent new way of securing your wireless network, pioneered at
RIPE and
IETF meetings.
It involves using
IPsec to secure the link between your computer and the
wireless access point (WAP). To create the connection, your laptop sends a
RSA public key along with its
DHCP request, which the WAP puts in
DNS, and then creates an
IPsec tunnel between itself and the laptop, and vice versa.
Since the key is in the
reverse DNS from the host, not only is your connection between the WAP and your laptop secured, but also between any host on the
Internet which has its own keys in
DNS and using a
OE compatible IPsec implementation (only
FreeS/WAN so far).
Having this
tunnel means all traffic through it is encrypted, and thus, unsnoopable by anybody listening. Since the WAP also has tunnels open to (hopefully) all other attendees laptops, all traffic passing over the
wavelan is secure from
eavesdropping.