- Table of Contents
- Overview
- Web Application Security
- Operating System Security
- Network Security
- Hardening Your System
- Wireless Security
- Wireless Basics
- Frequency and Data
- Using the Spectrum
- Why is Wireless Security Important?
- Wired Equivalent Privacy (WEP)
- MAC Filtering
- Radiation Zone
- Demilitarized Zone (DMZ)
- Firewall
- Virtual Private Network (VPN)
- Remote Authentication Dial-In User Service (RADIUS)
- Setting Up Windows 2003 for PEAP
- Setting Up Windows 2003 for PEAP, Part 2
- Setting Up Windows 2003 for PEAP, Part 3
- Temporal Key Integrity Protocol (TKIP)
- Advanced Encryption Standard (AES)
- Secure Sockets Layer (SSL)
- Intrusion-Detection System (IDS)
- Wireless Intrusion Detection Solutions
- Practical SOHO Public WLAN Setup
- ZoneCD: The Secure Way to Share Your Internet Connection
- ZoneCD, Part 2: Online Configuration Options
- ZoneCD, Part 3: Gateway Options
- Natural Wi-Fi Jamming
- Wi-Fi Protected Access (WPA)
- WPA Part 2: Weak IV's
- WPA Part 3: WPA Fixes
- Securing Your Wireless PDA Connection
- Securing Your Wireless PDA Connection, Part 2
- Wireless Intrusion Detection Tools
- Wireless Intrusion Detection Tools, Part 2
- Wireless Intrusion Detection Tools, Part 3
- Handheld/PDA/Smartphone Wireless Sniffing
- Airpwn: Owning the Airwaves
- Wireless Denial of Service Attacks
- Wireless RF Audits
- Professional RF Analyzers
- Open Source Tools: ntop
- War-Driving Exposed
- Wireless Karma
- KisMAC
- Handheld War-driving
- WEPWedgie
- Byte-Sized Decryption of WEP with Chopchop, Part 1
- Byte-Sized Decryption of WEP with Chopchop, Part 2
- Fragmentation Attacks
- WEP Fragmentation Attack in Detail
- Windows Wireless Sniffers
- Penetration Testing with SILICA
- Owning the Auditors: WPA-PSK and USB Sticks
- Owning the Auditors: Cain and Abel
- The 10 Minute Wireless VPN: iPIG
- Informit Articles and Sample Chapters
- Mobile Security
- Data Forensics
- Legal and Ethical Issues of Security
- Home User Security
- Additional Resources
- Job Security for the IT Security Industry
- A Biased Book Review: Chained Exploits: Advanced Hacking Attacks from Start to Finish
- Security of Mechanical Locks
- Information Security in Academics
- Holiday Security: Hackers Don’t Take Holidays
- Gary McGraw on Building Secure Software
- Gary McGraw on Exploiting Online Games
- A Student-Hacker Showdown at the Collegiate Cyber Defense Competition
- The Collegiate Cyber Defense Competition Year 3: Revenge of the Red Cell
- Questions from RSA 2007
- How to Steal 80,000 Identities in One Day
Virtual Private Network (VPN)
Last updated Jan 1, 2004.
When discussing firewalls, it's worth mentioning virtual private networks (VPNs). A VPN is a virtual, encrypted network built on top of an existing network. This is also known as tunneling, because the encrypted data stream is set up and maintained within a normal, unencrypted connection. A VPN extends the safe internal network out to the remote user. Therefore, the remote wireless user exists in both networks at the same time. The wireless network remains available, but a VPN tunnel is created to connect the remote client to the internal network, thus making all the resources of the internal network available.
The reason we need to discuss VPNs with firewalls is because they often are integrated into one appliance or software package. A firewall can be set up to completely block all incoming requests, with the exception of authorized VPN clients. This will not only ensure a strong measure of security at the access point, but provide an additional measure of security to WLAN users and their data.
As discussed earlier, the encryption used by most implementations of WEP is flawed. A hacker with a laptop and a Pringles can for an antenna can sit within the WLAN's radiation zone and capture enough data to crack the WEP password. By having this password, the hacker can then set up his computer to capture all data traveling through the air. Since he has the encryption password, he can decipher all the WEP-protected data and "see" the information. Email, documents, and passwords can all be gleaned this way.
However, if you use VPN encryption in addition to (or instead of ) WEP encryption, a hacker would have to decipher the data twice. The first layer is the crackable WEP encryption and the second layer is the robust VPN encryption. Because a hacker cannot easily reproduce the VPN's pass phrase, certificate, or smartcard key, the success rate at cracking the VPN traffic will be very low.
While using both a VPN and WEP is definitely to your advantage, there's a major downside. The problem arises due to the additional processing that encrypting and deciphering data requires. Using WEP with VPN on a properly configured firewall/access point will impact transmission speed and throughput. In other words, it would take 10 minutes to send a file over a VPN with WEP enabled, but it would only take 2 minutes without encryption. This impact can have serious consequences to network connectivity and may all but eliminate the end user's enthusiasm for the wireless connection.
In addition, using VPN over wireless requires that client software be installed on every user's device. This requirement creates a few issues for end users. For example, most VPN software is written for the Windows platform. This means that Macs, *nix-based computers, and palmtop computers may not be able to connect to the WLAN. While this may not be an issue for most home and small businesses, it could have a serious impact on large or rapidly growing corporations.
Digg
Del.icio.us
Save To Your Account
