A couple of other built-in features can help with authentication too.One is the media access control (MAC) address. This is a uniqueaddress written into the firmware of a network card. An administratorcan configure the network so that only certain MAC addresses can logon. (The weak link? A hacker can watch the airwaves for a successfullog-on, change his own MAC address on his computer or laptop and thengain network access.) The second is the service set identifier (SSID),an alphanumeric ID hard-coded into a wireless device. If the clientdoesn't have the same SSID as the server, access is denied. Most usersleave the SSID at its default settings, which can be looked up online,so administrators should be sure to change the default.

2 Segment the WLAN from therest of the network.

If the data passing through the wireless LAN isn't sensitive, it maybe enough to separate the traffic from the rest of the network. Thatcan be done with firewalls, treating the wireless access point likeany other router.

Another related option is a virtual LAN, which partitions the networkand allows certain users to access only certain resources. That's thesolution at Paul, Hastings, Janofsky & Walker, an international lawfirm based in Los Angeles, where in a few new conference roomsvisiting clients can use free wireless Internet access. When avisiting user boots up a laptop with a wireless network card, itidentifies a WLAN connection and a message appears: "Welcome to PaulHastings' virtual network. Please click here for Internet access" - amodified version of the message coffee-slurpers get when they accessthe for-pay WLANs Starbucks has installed at many locations.

Theoretically, anyone nearby could get free Internet access, althoughCIO Mary Odson says the signal degrades noticeably near the windows,and even inside the building.