Home > Ask the Security Experts > Network Security Questions & Answers > Will securing a wireless LAN make the data link layer vulnerable?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Will securing a wireless LAN make the data link layer vulnerable?

Mike Chapple EXPERT RESPONSE FROM: Mike Chapple

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 16 June 2007
If a VPN is used to secure a wireless LAN, is the data link layer vulnerable? If so, what can be done to protect the data link layer?

>
EXPERT RESPONSE
It depends upon your perspective. If you're an individual user of the wireless LAN, and you consistently use a VPN connection that tunnels all of your traffic back to a secure network, you have nothing to worry about.

When an organization runs a wireless LAN, however, issues can arise at the data link layer, even though the confidentiality of VPN users' transmitted data is secure.

For example, consider DNS traffic. Wireless networks using the VPN security model must allow unauthenticated users' DNS traffic through the firewall so that VPN clients may verify and locate their endpoints. A few years ago at DefCon, a popular hackers' convention, security researcher Dan Kaminsky introduced a technique called DomainCasting. Such a hacking method allows individuals to gain free Internet access by using DNS traffic as a covert channel. Individuals can use this technique to gain unauthorized entry into a wireless network.

An access control technique, like the 802.1X networking standard, can extend protection to the data link layer. To learn more about implementing 802.1x on your wireless network, read the Information Security magazine article: The X Factor.

More information:

  • Learn how VPNs can address WiPhishing threats.
  • Find out how to combine 802.1X and VLANs for wireless LAN authorization.


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Network Security
    What are the differences between intrusion detection and intrusion prevention?
    Will there be DMZ routing issues if several firewalls serve as the default gateway?
    Should tunnel connections be initiated from an ISP to a internal data center, or vice versa?
    What are the top LAN security issues in a client-server network environment?
    What warning signs will indicate the presence of a P2P botnet?
    What reporting tools are available for an enterprise IDS?
    Is it possible to allow select access to IP addresses using Windows Server 2003?
    Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
    What are best practices for creating an IDS and maintaining a signature database?
    What are the best ways to hide system information from network scanning software?

    Wireless LAN Architecture
    Video: Setting up a secure wireless network
    How to build security into a virtualized server environment
    Are wireless networks inherently insecure?
    Is it possible to identify a fake wireless access point?
    How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses
    Wi-Fi simplicity edging out Wi-Fi security
    Cisco issues warning for wireless LAN controller flaws
    Aruba bolsters mobile suite with security acquisition
    VeriSign, AirMagnet team up for wireless IPS
    Check Point promises more VoIP security, fewer slowdowns
    Wireless LAN Architecture Research

    SSL
    Debian: A niche OS with a not-so-niche security flaw
    The Shortcut Guide to Extended Validation SSL Certificates
    Product review: Array Networks SPX2000
    How to test the security of personal details submitted to a website
    Should enterprises implement a mandatory iPhone VPN?
    Should iPhone email be sent without SSL encryption?
    How to secure an FTP connection
    Can Trojans and other malware exploit split-tunnel VPNs to infiltrate a network?
    What are the risks of connecting a Web service to an external system via SSL?
    What is the most secure way for application developers to manage cookies?

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    SSL VPN  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts