We have now covered various methods for setting up a VPN connection between two hosts or two subnets over the Internet. However, in recent years a new problem has surfaced in the form of wireless internet connections such as 802.11 (WiFi) and Bluetooth. The need for encryption, even when two machines are next to each other in the same room, is stronger than ever. This chapter explains how to encrypt internal LAN connections using IPsec.
As with most emerging technologies, various vendors are implementing methods to protect the link layer against rogue intrusions, or methods for removing compromised hosts from the network. The IETF Dynamic Host Configuration working group (the same group that wrote the DHCP standard) is working on protecting the DHCP protocol with encryption, based on DNSSEC. Meanwhile, Microsoft has been adding a feature called Network Access Protection (NAP) into its latest beta releases of Windows, Longhorn, and Vista. These technologies...