Question : Wireless access point security

Offering quite a few points for this question as I expect I will be splitting the answers between a few people and there are a few questions.

1) We have a few people with notebooks who use wireless when they are traveling abroad to access the Internet in hotel rooms etc... but we have no access point at work and the notebooks often try to connect to other wireless networks in the are which we don't want to happen.
Anyone know of any software that will automatically disable a wireless interface if a cable is detected on the LAN port? A software firewall would be another choice but not ideal.

2) How to secure a wireless access point. Oviously turn on WEB, enable only specific MAC addresses to connect to the access point, and turn off the ap's announcements.
Can WEP keys be configured on a client per access point?
We would want to have a WEP key configured but for the user to also be able to connect to public access points in hotels etc... without having to remove the WEP key.
How easy is it to crack WEP keys and bypass the MAC restrictions? Any links to articles?

3) We could connect the AP to the Internet side of our firewall and make all users have to use a VPN client to access the network. If we do this we would need a AP with a built in router/firewall but it must not use NAT as this often causes problems if there are multiple VPN clients running behind it.
Any suggestions?

Answer : Wireless access point security

How easy it is to crack WEP is hard to answer. The answer is that it can be done. See: http://www.netstumbler.org/showthread.php?t=11161&highlight=cracking+wep
Getting past MAC authentication is not hard once the (hacker,thieves, whatever) have a vaild MAC address to use.
If your VPN can not handle many connections from a NAT'ed address then you might see if you can get a small bank of public IP's to hand out via DHCP.

I do not know of any client that will automaticly disable when ethernet is connected. I do know there are wireless cards that come with good software that allows you to setup many differant profiles depending where you are at with your laptop. So you can have one setup with your work SSID/WEP key and such, and have another profile that is setup for traveling. Then the user only has to click on the profile and choose "activate" or something like that.

My experience is that WEP keys are assigned at the Access Point, and all the clients have to have the same key.

Another thought for you is that Cisco Access Points have a Radius option so you can force people to put in username and passwords before getting on the network. Another option would be to get a Orinoco AP-2500 that has hotspot abilty and it has much more restictions you can place on people who use it. http://www.proxim.com/products/wifi/ap/ap2500/index.html

Random Solutions

Cable internet and Cisco router

DNS conflict between internal domain and external website/email accounts

How to setup Outlook Express using IMAP with SBS2008

NDIS.VXD Error Message in Win 98SE ICS

Internet Access Restriction

Group Policy - Disabling Windows Media Player Radio Tuner

Sharing printer and network attached drive across two networks

DNS issue or something else?

How to connect Tomcat with Microsoft IIS 6.0?

Recommend a good virtual private server (VPS) host for website?