When an organization runs a wireless LAN, however, issues can arise at the data link layer, even though the confidentiality of VPN users' transmitted data is secure.
For example, consider DNS traffic. Wireless networks using the VPN security model must allow unauthenticated users' DNS traffic through the firewall so that VPN clients may verify and locate their endpoints. A few years ago at DefCon, a popular hackers' convention, security researcher Dan Kaminsky introduced a technique called DomainCasting. Such a hacking method allows individuals to gain free Internet access by using DNS traffic as a covert channel. Individuals can use this technique to gain unauthorized entry into a wireless network.
An access control technique, like the 802.1X networking standard, can extend protection to the data link layer. To learn more about implementing 802.1x on your wireless network, read the Information Security magazine article: The X Factor.
This was first published in July 2007