Hello I am still using Cisco AIR-352 with 12.3(8) IOS as access point, to provide connectivity on my wlan ad 802.11b speeds, with WPA-PSK TKIP security.
I have on a site, two AIR-BR352 point to point links at about 4km. The bridges BR350 uses Wep128 security, and I know that it is unsecure. On the config pages, I have enable MIC and TKIP settings.
So in the end I have these options enabled: WEP 128 CISCO MIC TKIP
This is the extract from cisco's documentations about the two options.
# Message Integrity Check (MIC) -- MIC is an additional WEP security feature that prevents attacks on encrypted packets called bit-flip attacks. The MIC, implemented on both the access point and all associated client devices, adds a few bytes to each packet to make the packets tamperproof.
# Temporal Key Integrity Protocol (TKIP) -- TKIP, also known as WEP key hashing, is an additional WEP security feature that defends against an attack on WEP in which the intruder uses an unencrypted segment called the initialization vector (IV) in encrypted packets to calculate the WEP key.
In the end, these bridges are in WEP128, but are they vulnerable to the common wep flaws (IV vector, and vulnerable to airsnort's scans) ?
To be secure, I use a GRE+IPSEC (at the moment using DES encryption, later I will use AES128) tunnel between the two sites connected via the wifi bridge, to be more secure.