I am interested to know as to how secure is wi-fi for hospital or corporate use. what needs to be done (any additional software or hardware) to make wi-fi a secure medium?
any help is appreciated :)

FWIW, the company I work at is looking at the same issue. What I have heard from 2 separate consultants is "don't do it", at least at this time, if you have real worries re. industrial espionage or similar issues.

Most wireless access points can limit access to devices with a specific MAC address. Do that. It can be secure if you want it to... most are too lazy or do not know how to properly implement.

WIFI is by no means secure. If someone has the right tools it can be cracked even if you use MAC filtering and encryption. I think the best option would be to implement Remote Authentication Dial In User Service (RADIUS). To take it a step further make the Wireless Access Point available outside the fire wall and implement VPN. There has been discussion of a new security standard for 802.11 called WPA but they are already finding flaws in it.

I would be careful using WIFI especially in the Helathcare and Financial industries. If anything make sure your IT department is the one to roll it out. A good CIO will make sure that the appropriate measures are taken to limit outside threats.

That being said, I use it at home and work and I love it.

The only way to really secure corporate data if one of your chief concerns is data security (if not the biggest concern) is to use a VPN solution and treat the WLAN as an "un-trusted" network. Network layer VPN can be a bear to setup and maintain. (Don’t get me started on that :twisted: ). A much more user and administrator friendly approach is to go with a 'newer' application layer SSL VPN solution. (it has been around but in the past 6-12 months really picked up some steam.) Neoteris is a market leader at this and has been picked as best in bread by "Network Computing". You will find them expensive as with other SSL VPN vendors but you can get entry level appliances for about $10,000 and skale to which extra services you require. Even if you get 2 or 3 extras the Neoteris IVE solution is priced well the last time I checked. Cisco just got into the mix and their VPN Concentrator is much less expensive. It is a new release from them and you know improvements are on the way. Depending on your companies level of exposure this may be just as good of a solution at a much smaller price. :lol:

Anything WEP based IS NOT SECURE :!: . Cisco has some great docs on this. Cisco (http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a008009c8b3.shtml) This does not say much of anything about SSL VPN, like I said that technology is new for Cisco but it will give you a good picture of WEP security and how it can be made better. You can patch up WEP fairly well but as long as you are using WEP your organization is vulnerable. You just need to decide what is considered acceptable risk.

Also consider HIDS systems on wireless clients. This will help your client side security a whole bunch.

Most wireless access points can limit access to devices with a specific MAC address. Do that. It can be secure if you want it to... most are too lazy or do not know how to properly implement.

MAC addresses can be spoofed, though, so that is not a completely secure solution.

I agree with RADIUS server authentication or VPN.

yep yep MAC address are sent in the clear, no encryption. Most any sniffer can get the MAC. Also many network cards support software MAC spoofing.

Just as a side note that may be amusing to some of you. The Wireless Users Group in Dallas went around and made maps of all the access points they found using a large antenna hooked up to a built in car computer. They show in the maps also which are secured and which are open. Here are the results, in the pdf, scroll down to the bottom to see the map.
http://www.dfwwireless.org/TAN.pdf
http://www.dfwwireless.org/nodes.htm
Such a small percentage of companies enable any sort of WEP or other security features. But I guess that's good for all of us with Wi-Fi enabled PDAs.

Thank you all for your responses. I shall certainly be asking my IT dept to implement any Wi-Fi. I needed to get some background information.
Besides VPN, not much options I see :!:

For enterpise there are a few things you can do to secure wifi. One is using 802.11g with wpa with a radius backend. There was a writeup that short wpa keys can be exploited but this isn't the case when using a radius server.