Many of the flaws in one are echoed, to some degree, in the other.
It would be much more difficult to interfere with a wired network than a wireless one, even given that both have "perfect" physical security.
I can hang a high-gain yagi or dish from some distance and pretty much disrupt all of your wireless activity (unless you have EMF-grade windws). Frequency hopping of the original 802.11 was a bit more difficult to disrupt, but a decent, cheap, made-at-home 2.4G jammer can wipe the entire spectrum. Nuts, Bluetooth will show up as "full-spectrum noise" on decent equipment.
I built, as a demo, a "jammer" for cellular to show the manager of a health club that was worried about people using cellphones in the locker room. I also demo'd a system to kill cellular cameras (well, any digital, but phones were the concern). Cellular jammers are available outside the US, and are frequently used in theaters and restaraunts to thwart the inconsiderate and their miserable, ever-ringing annoyances.
As far as man-in-the-middle attacks, they are easier than I ever thought, once I saw it implemented. Without details .... basically it involves poisoning the ARP cache of both end systems. There are "a few" chunks of software around that accomplish man-in-the-middle with relative ease.
Of course, getting the data, and doing something with it, are two different colored horses. That "safety" can be defeated with a little "Social Engineering" and / or theft ... depending on the motivation of the interested party. The weakest link in any security scheme (wired or wireless) is still the humans that use it.
Given that the above is ~accurate, it would be much more difficult to gain internal access to a wired network than catching / pumping some stray RF to prosecute the attack. With larger campuses, the ability to catch a little RF goes down, but it's not impossible ... it's just an antenna issue at that point.
Even with multiple layers of heavy security, penetrating some networks is as easy as offering a little free "content" or porn: People download it, and infect the system. A good IDS will reveal most of the common stuff, but there's no (practical, cheap, easy) way to keep all of the signature files up-to-date with the malicious software creation.
When you consider that even very strong security can be breached (like SecureID was a few years ago), IMO, things that need to be kept secret should be kept off of wireless links.
As it has been since the start, the best protection is a strong Security Policy, strictly enforced to remove the weaker human elements, and vigilance to the traffic on your network. Educating the end-user is a big part of that. Eduating the lower management to be aware of "what constitutes a risk," and educating the upper management as to why enforcement is critical is always a good starting point.
If you aren't actively watching the traffic on your network, then you don't know (really) what's moving through your system.
I believe you'll find that some of the easiest networks to penetrate are the one that brag about their strong security. They've convinced themselves that their network is wrapped up tight ... and they relax ... then you can get 'em. There is no benefit to strong security, some of the time.
To get back to the original point: IMO, it's still much easier to get into a wireless system with common security than it is to get into a wired network with common security. It's much easier to disrupt (i.e. DOS / DDOS) a wireless network than a comparable wired system.
Look at how many warehouses are using wireless in their picking and inventory maintenance processes. It's easy enough for a competitor to suck those waves and see how you're doing, or jam those signals periodically to slow the system down (or kill it for a while).
.02, FWIW
Scott
