wireless internal vs external

[William Stegman <stegmanw () comcast net>]

fter researching wireless security, and testing deployment of an
internal wireless solution, that is wireless connected to the corporate
LAN, and external wireless, an AP connected to the Internet, I’m
convinced the internal solution is the most secure. The problem is that
the “higher ups” are not convinced. My rationale is that using eap/tls
with tkip or aes on an aironet 1200 provides much more security and
scalability than using a lniksys that sits on the Internet. I can create
access-lists on the aironet to prevent unauthorized attempts to the http
protocol, vlans, and it has VoIP capability. The biggest problem with
the outside wireless solution is that it is using WEP, and if I’m
connected to my LAN and then also connect to the outside, I’ve
essentially turned my laptop into a gateway that offers very little
firewall protection, zonelabs is installed on most laptops. So, does
anyone have any experience or opinion I can consider? I feel that the
“inside wireless solution” has had a sort of unjustified boogeyman aura
to it, but perhaps someone else has some further insight.

Thank you,

/William Stegman - Network Administrator/

TransCore - Hummelstown