Protecting wireless LANs

Most IEEE 802.11a and b wireless products today use the Wired Equivalent Privacy (WEP) for encryption. The basic problem is that without WEP, someone with a laptop and a high-gain antenna can sit in your parking lot and sniff the network traffic crossing your wireless LAN, but with this encryption, the WLAN traffic now has security equivalent to your regular CAT5 Ethernet network, in theory.

Unfortunately, the WEP standard has some pretty big security flaws and while it's better than nothing, you should still consider any traffic that crosses this link to be compromised.

For a high-level overview of a few of WEP's many problems, visit:

    Requires Free Membership to View


This is extremely disappointing news because using point-to-point wireless bridging has a fantastic financial case. For under $1000, you can build a point-to-point wireless link that can comfortably connect two buildings over 10 miles apart at 11 Mbps with no recurring fees! When you compare this to leasing a point-to-point T1, for which most companies will pay $2000 for the setup, and recurring monthly fees of around $500-1000 per month, for which you only get 1.544 Mbps of bandwidth, the choice is clear... except for that lingering security problem.

What does this have to do with VPNs? Well, for those of you using wireless bridging, your network might look like this:

  building1                       building2

If it does, consider putting a router in front of the wireless bridges on each side of the link. This router would need to support IPSec and have two Ethernet (preferably Fast Ethernet) interfaces.

Then, configure an encrypted tunnel between the two routers so that all the traffic passing over the wireless link is now encrypted with the far more respectable security of DES or 3DES.

That would look like this:

  building1                               building2

By using this simple VPN technology in combination with WEP, your wireless links should be safe enough so that you can take advantage of the tremendous cost savings and still sleep at night.

Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.

This was first published in June 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.