As part of a defense in depth strategy, I think Win2 and XP offer some good features that would help lock down a wireless LAN. Certificate-based file encrytion and ip authenication between the lan clients seem like a good fit to me. That way, if an intruder did penetrate your lan, he would be unable to access any files unless he also hacked your certificate server, which would take more time. Hopefully you would detect the intruder with your IDS before he was able to crack the certificate server. You could pull the cert server off-line after it created the authorized certificates, but that would not permit you to renew the certificates daily.... What do you think, Alan?

I just ordered an access point, looking forward to doing some white hat experimentation and testing.

Regards,