Ask the Expert

Securing traffic at endpoints of a WLAN

On the wireless LAN tip, using a VPN is great, but what about the possibility of a "hijacked" connection? The traffic in the VPN pipe is secure, but what about the endpoints?


    Requires Free Membership to View

With a VPN covering the wireless connection, it would be impossible to "hijack" the connection in the classical sense. For those not familiar with the term, a "hijacked" session is one in which the the attacker can take over the connection of a legitimate user, after the legitimate user has completed the authentication process.

The VPN prevents this, because the encrypted channel essentially provides continuous authentication. That is, there is no way for the attacker to insert himself into the middle of that stream without having the same encryption algorithm and key.

Now, as you point out, security at the endpoints is critical. Your endpoints are your mobile user and whatever server is on the far side of the VPN. Whatever security you would normally provide for those units if connected by a wired LAN is the minimum you would want in the wireless environment. Because the mobile user may have additional security concerns due to location, the security required may need to be greater than for a wired LAN.

One other note, a VPN will provide protection for confidentiality and integrity, but will do nothing for availability. If an attacker just wants to keep your access points from providing service, he just needs to generate enough requests for connection. Even though the connections won't go through, as he won't be able to create the proper VPN tunnel, it could cause a denial of service for your access point. How likely this scenario is for your environment is something that should be assessed during a security assessment of your network.


For more information on this topic, visit these other searchSecurity resources:
Best Web Links: Infrastructure and Network Security

This was first published in January 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: