Will securing a wireless LAN make the data link layer vulnerable?

Ask the Expert

Will securing a wireless LAN make the data link layer vulnerable?

If a VPN is used to secure a wireless LAN, is the data link layer vulnerable? If so, what can be done to protect the data link layer?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

It depends upon your perspective. If you're an individual user of the wireless LAN, and you consistently use a VPN connection that tunnels all of your traffic back to a secure network, you have nothing to worry about.

When an organization runs a wireless LAN, however, issues can arise at the data link layer, even though the confidentiality of VPN users' transmitted data is secure.

For example, consider DNS traffic. Wireless networks using the VPN security model must allow unauthenticated users' DNS traffic through the firewall so that VPN clients may verify and locate their endpoints. A few years ago at DefCon, a popular hackers' convention, security researcher Dan Kaminsky introduced a technique called DomainCasting. Such a hacking method allows individuals to gain free Internet access by using DNS traffic as a covert channel. Individuals can use this technique to gain unauthorized entry into a wireless network.

An access control technique, like the 802.1X networking standard, can extend protection to the data link layer. To learn more about implementing 802.1x on your wireless network, read the Information Security magazine article: The X Factor.

More information:

  • Learn how VPNs can address WiPhishing threats.
  • Find out how to combine 802.1X and VLANs for wireless LAN authorization.
  • This was first published in July 2007