I have more of a theory or concept type question.
My place of work offers free wireless internet to customers. One costomer asked me if it were a secured connection. I have no WEP (which in insecure anyway) or WAP1/2 or anything else.
Question 1: If one customer is surfing the internet through the wireless, could another user sniff their traffic if we are using WPA? If both computers are using the same WPA Key, couldn't they decrypt the sniffed data? or does WPA create a random key off the pre-shared key? I do not know enough about this.
Question 2: Is there any way to automatically encrypt data, say after accepting a certificate (or something)? We currently use a Blue Socket Gateway, which handles user authentication, but I do not think it handles encryption.
I am just looking for general implementations that someone has used or leads to more information.
Question 3: My boss thinks that if attempt to implement ANY type of encryption/security, we are setting ourselves up for a lawsuit. Do you think this is the case? He thinks if we have an open use-at-your-own-risk network, this is better than a partially secured network.