An excellent article over at Wi-Fi Networking News discusses a report on USA Today’s website that claims reporters from Federal Computer Week found wireless networks on government property that were not properly secured. Glenn Fleishman does an excellent job of explaining why 802.1X alone is not better than WEP (it is a comparison of apples and oranges), as well as putting down the notion that T-Mobile’s move to support WPA encryption with 802.1X authentication is necessarily more secure.
That said, I would be concerned about the possibility of unauthorised wireless access points in the network, whether at a government site or just a regular company. It is far too easy to plug in a $40 access point and open a hole in the network. Using 802.1X on the wired connections, as suggested in the Wi-Fi Networking News article, is not a bad solution to this. It can also prevent people plugging their personal laptops or other devices into the network, which in a secure environment is essential.
Newer enterprise solutions also include rogue AP detection features to help a network administrator monitor the wireless environment looking for potential problems. Wireless setups should include something to allow continual monitoring of the wireless traffic, and if something is detected that does not match the known networks an alert should be issued so that somebody can check out what the new wireless device is. It could simply be an access point that has been reset to factory defaults and is now offering totally open access to the network.