Home > Ask the Security Experts > Network Security Questions & Answers > Will securing a wireless LAN make the data link layer vulnerable?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Will securing a wireless LAN make the data link layer vulnerable?

Mike Chapple EXPERT RESPONSE FROM: Mike Chapple

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 16 June 2007
If a VPN is used to secure a wireless LAN, is the data link layer vulnerable? If so, what can be done to protect the data link layer?

>
EXPERT RESPONSE
It depends upon your perspective. If you're an individual user of the wireless LAN, and you consistently use a VPN connection that tunnels all of your traffic back to a secure network, you have nothing to worry about.

When an organization runs a wireless LAN, however, issues can arise at the data link layer, even though the confidentiality of VPN users' transmitted data is secure.

For example, consider DNS traffic. Wireless networks using the VPN security model must allow unauthenticated users' DNS traffic through the firewall so that VPN clients may verify and locate their endpoints. A few years ago at DefCon, a popular hackers' convention, security researcher Dan Kaminsky introduced a technique called DomainCasting. Such a hacking method allows individuals to gain free Internet access by using DNS traffic as a covert channel. Individuals can use this technique to gain unauthorized entry into a wireless network.

An access control technique, like the 802.1X networking standard, can extend protection to the data link layer. To learn more about implementing 802.1x on your wireless network, read the Information Security magazine article: The X Factor.

More information:

  • Learn how VPNs can address WiPhishing threats.
  • Find out how to combine 802.1X and VLANs for wireless LAN authorization.


    • Sound Off! -   Be the first to post a message to Sound Off!


    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Network Security
    Will Cisco's plan to open access to the IOS improve network security?
    Will VoIP attacks result in more than just spam?
    Should enterprises implement a mandatory iPhone VPN?
    Will organizations that lag behind on IPv6 adoption have greater security risks?
    Should iPhone email be sent without SSL encryption?
    How to secure an FTP connection
    DMVPN configuration: Is an additional firewall needed between the router and the Internet?
    Is centralized logging worth all the effort?
    What are the pros and cons of shaping P2P packets?
    Should an ISP keep corrupted machines off of a network?

    Wireless LAN Architecture
    Is it possible to identify a fake wireless access point?
    How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses
    Wi-Fi simplicity edging out Wi-Fi security
    Cisco issues warning for wireless LAN controller flaws
    Aruba bolsters mobile suite with security acquisition
    VeriSign, AirMagnet team up for wireless IPS
    Check Point promises more VoIP security, fewer slowdowns
    TJX breach tied to Wi-Fi exploits
    Cisco urges Wireless Control System upgrade
    Apple fixes flaws in AirPort Extreme Base Station
    Wireless LAN Architecture Research

    SSL
    How to test the security of personal details submitted to a website
    Should enterprises implement a mandatory iPhone VPN?
    Should iPhone email be sent without SSL encryption?
    How to secure an FTP connection
    Can Trojans and other malware exploit split-tunnel VPNs to infiltrate a network?
    What are the risks of connecting a Web service to an external system via SSL?
    What is the most secure way for application developers to manage cookies?
    Secure file copying with WinSCP
    Should an IT staff be concerned with a network's physical security?
    Will FTP ever be a secure way to transfer files?

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    SSL VPN  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice

    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts