· Isolating the wireless network on a private LAN is an option for those who like the security of Virtual Private Networks (VPNs). IPSec (IP Security) is available as an even stronger alternative to WPA and WPA2. IPSec supports the secure exchange of packets at the IP layer and has been deployed widely to implement VPNs. Although a less secure VPN option than IPSec, Point-to-Point Tunneling Protocol (PPTP) can be layered over WEP to provide authentication and a second layer of encryption as an option for those who need support for older laptop systems. Whatever solution is used, you must be sure road warriors always access corporate resources over connections that are protected using strong encryption, either via a VPN or using SSL-enabled web pages.

· Isolating clients by preventing them from talking to one another on the wireless network is an option which prevents wireless hackers from attacking other users. This is especially useful in public wireless networks, and client isolation is a common feature in the more advanced wireless access points and hotspot kits.

· Controlling access to the wireless network while also enabling access for guests is often a problem. Many wireless devices support guest access by segregating unauthenticated users in a separate virtual LAN apart from the corporate network. You may also want to impose a simple firewall that supports web authentication.

· Access to the wireless network can also be restricted to machines whose MAC addresses match addresses on an approved list. The list can be either static or stored on a RADIUS server for look-up.

· Finally, most of the more sophisticated access points have adjustable signal strengths, varying from only a few milliwatts up to several hundred milliwatts. Varying the signal strength can prevent signal from leaking out of the building to surrounding buildings and parking lots, and can prevent eavesdroppers from picking up the wireless signal while sitting in their vehicles or in a nearby building.