With a VPN covering the wireless connection, it would be impossible to "hijack" the connection in the classical sense. For those not familiar with the term, a "hijacked" session is one in which the the attacker can take over the connection of a legitimate user, after the legitimate user has completed the authentication process. The VPN prevents this, because the encrypted channel essentially provides continuous authentication. That is, there is no way for the attacker to insert himself into the middle of that stream without having the same encryption algorithm and key. Now, as you point out, security at the endpoints is critical. Your endpoints are your mobile user and whatever server is on the far side of the VPN. Whatever security you would normally provide for those units if connected by a wired LAN is the minimum you would want in the wireless environment. Because the mobile user may have additional security concerns due to location, the security required may need to be greater than for a wired LAN. One other note, a VPN will provide protection for confidentiality and integrity, but will do nothing for availability. If an attacker just wants to keep your access points from providing service, he just needs to generate enough requests for connection. Even though the connections won't go through, as he won't be able to create the proper VPN tunnel, it could cause a denial of service for your access point. How likely this scenario is for your environment is something that should be assessed during a security assessment of your network.
For more information on this topic, visit these other searchSecurity resources:
Best Web Links: Infrastructure and Network Security
Dig deeper on Wireless LAN Design and Setup
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.