Best match of security and wireless requirements.

Enforces authentication and encryption at the link level, supporting all protocols.

Gives low-overhead alternative to support wired and wireless environments.

Greatest compatibility as a majority of wireless devices have a browser.

Easy for guest users and visitors to use.

Highest security model available; can use digital certificates or two-factor authentication.

Generally available for computing platforms.

Can be met with existing VPN infrastructure (for example, Internet telecommuters).

Good support in most devices for 64- and 128-bit encryption.

Straightforward configuration.

Built-in encryption in wireless card.

Non- Windows-XP users will need to buy and install client; clients not readily available for all platforms.

Not all access points support 802.1X.

802.1X EAP-compatible RADIUS authentication server needed to grant/deny access.

Doesn’t work with embedded devices.

Doesn’t provide encryption.

Traffic easily spoofed in wired or wireless environments; doesn’t protect wireless-to-wireless connections.

IPSec configuration and policy distribution is complex and problematic, especially across platforms and vendors.

Performance at LAN speeds can be problematic for laptops; central VPN security gateway might need to be upgraded.

Doesn’t support non-IP or multimedia IP; doesn’t protect wireless-to-wireless connections.

Many theoretical security problems.

WEP keys are widely known and shared.

Does not provide end-system/ end-user authentication.