Q

Securing traffic at endpoints of a WLAN

On the wireless LAN tip, using a VPN is great, but what about the possibility of a "hijacked" connection? The traffic in the VPN pipe is secure, but what about the endpoints?


With a VPN covering the wireless connection, it would be impossible to "hijack" the connection in the classical sense. For those not familiar with the term, a "hijacked" session is one in which the the attacker can take over the connection of a legitimate user, after the legitimate user has completed the authentication process.

The VPN prevents this, because the encrypted channel essentially provides continuous authentication. That is, there is no way for the attacker to insert himself into the middle of that stream without having the same encryption algorithm and key.

Now, as you point out, security at the endpoints is critical. Your endpoints are your mobile user and whatever server is on the far side of the VPN. Whatever security you would normally provide for those units if connected by a wired LAN is the minimum you would want in the wireless environment. Because the mobile user may have additional security concerns due to location, the security required may need to be greater than for a wired LAN.

One other note, a VPN will provide protection for confidentiality and integrity, but will do nothing for availability. If an attacker just wants to keep your access points from providing service, he just needs to generate enough requests for connection. Even though the connections won't go through, as he won't be able to create the proper VPN tunnel, it could cause a denial of service for your access point. How likely this scenario is for your environment is something that should be assessed during a security assessment of your network.


For more information on this topic, visit these other searchSecurity resources:
Best Web Links: Infrastructure and Network Security

This was first published in January 2002

Dig deeper on Wireless LAN Design and Setup

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close