Most IEEE 802.11a and b wireless products today use the Wired Equivalent Privacy (WEP) for encryption. The basic problem is that without WEP, someone with a laptop and a high-gain antenna can sit in your parking lot and sniff the network traffic crossing your wireless LAN, but with this encryption, the WLAN traffic now has security equivalent to your regular CAT5 Ethernet network, in theory.
Unfortunately, the WEP standard has some pretty big security flaws and while it's better than nothing, you should still consider any traffic that crosses this link to be compromised.
For a high-level overview of a few of WEP's many problems, visit:
This is extremely disappointing news because using point-to-point wireless bridging has a fantastic financial case. For under $1000, you can build a point-to-point wireless link that can comfortably connect two buildings over 10 miles apart at 11 Mbps with no recurring fees! When you compare this to leasing a point-to-point T1, for which most companies will pay $2000 for the setup, and recurring monthly fees of around $500-1000 per month, for which you only get 1.544 Mbps of bandwidth, the choice is clear... except for that lingering security problem.
What does this have to do with VPNs? Well, for those of you using wireless bridging, your network might look like this:
building1 building2 --hub--WAPbridge<)))))(((((>WAPbridge--hub--
If it does, consider putting a router in front of the wireless bridges on each side of the link. This router would need to support IPSec and have two Ethernet (preferably Fast Ethernet) interfaces.
Then, configure an encrypted tunnel between the two routers so that all the traffic passing over the wireless link is now encrypted with the far more respectable security of DES or 3DES.
That would look like this:
building1 building2 --hub--router--WAPbridge<)))(((>WAPbridge--router--hub--
By using this simple VPN technology in combination with WEP, your wireless links should be safe enough so that you can take advantage of the tremendous cost savings and still sleep at night.
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.
This was first published in June 2003