Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
SP2 beta for Windows Server 2008, Vista available
'Tis the season for layoffs, firm reports
Number crunching: Stats about energy consumption, virtualization and cloud computing
Nokia's new N97 vs. the iPhone: Latest smartphone showdown
5 Must-Do Cyber Security Steps for Obama
Telco spending could drop more than 10% next year
Wanted: A long-term data center strategy
Microsoft tools build bridge between OpenXML, other formats
FastSoft technology speeds downloads for Getty Images
Open source developers set out software road map for 2020
VMware expands desktop virtualization capabilities
FBI warns of holiday cyber scams
Apple removes antivirus support page
Apple antivirus advice 'big to-do about nothing'
Cisco renews call for national broadband strategy
Wireless/Mobile /

VPNs and wireless LAN security

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Joanie Wexler
Network World Wireless in the Enterprise Newsletter, 08/29/01

Because wireless LAN security (or the perceived lack of it) has been a headline-grabber lately, several readers have written in asking for more detail on using Layer 3 VPNs to protect their wireless data.

Using VPN technology for wireless LANs is generally recommended, but it can present one of those situations where you must weigh your need to keep network administration simple against the value of your data. Your decision will depend on the size of your organization, the reach of your wireless LAN installation and your security needs.

From a policy perspective, it makes sense to treat the wireless LAN just as you would the corporate backbone and put your 802.11 access points on the corporate VPN. Wireless LAN users access the network just as remote dial or Internet users would, a process requiring authentication. One way to do this is to place the 802.11 access point behind the corporate firewall, requiring that wireless clients authenticate to the VPN or firewall using third-party software. The benefit here is most of the authentication takes place independently of the wireless network, keeping access point maintenance simple (and keeping equipment costs down).

Some vendors such as Colubris Networks, though, argue that the VPN capabilities should be bundled right into the access point to ensure the highest degree of privacy. Colubris has added L2TP VPN tunneling and IPSec encryption and authentication to its enterprise-strength CN1050 802.11b access points.

The theory here is that in a wireless LAN setup, as traffic volumes grow, you can basically just add new access points, which serve as repeaters that automatically forward traffic from one access point to another. So communication hitting an access point could be repeated to another access point before authentication takes place. (In other words, a user must gain access to the network in order to be authenticated in the first place.)

Access points without integrated VPN capabilities, then, are viewed as creating a security hole. Anyone with an IEEE 802.11b network interface card in their client device who is in the transmission range of the access point can connect to that access point and hop on the wireless network. The unauthenticated user cannot easily penetrate a corporate backbone secured by a firewall and VPN, but can gain access to the data traversing unsecured access points.

RELATED LINKS

Colubris Networks

Researchers break wireless LAN encryption algorithm
Computerworld, 08/10/01

Serious security weakness in 802.11b wireless LANs ex
Network World Fusion, 08/06/01

NextWave charges ahead despite FCC appeal
Network World, 08/27/01

Ultrafast wireless technology set to lift off
Network World, 08/27/01

Joanie Wexler is an independent networking technology writer/editor in Campbell, Calif., who has spent most of her career analyzing trends and news in the computer networking industry. She welcomes your comments on the articles published in this newsletter, as well as your ideas for future article topics. Reach her at joanie@jwexler.com.

Network World Wireless archive
Past newsletters.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.