If you accept the idea that encryption and 802.1x do not provide adequate protection for a wireless LAN, the next logical step is to find another way to keep intruders out of your network. You also need a firewall.

A firewall is a proxy server that filters all the data that passes through it on the way to or from a network, based on a set of rules established by the network manager. For example, a firewall might reject data from an unknown source or files that match a particular source (such as a virus). Or it might pass all data moving from the LAN to the Internet, but only allow certain types of data from the Internet. The most common use of a firewall in a LAN is at the gateway to the Internet, as shown in Figure 12-4. The firewall ...