9.14 Security Vulnerabilities with Public-Access Wireless Networks

Given the exponential growth in the use of wireless devices in corporate settings, especially when used to support mobile workforces, it is well known that many vulnerabilities in the WLAN architecture exist. When mobile users attempt to connect (even using a secure VPN solution) from a public-access point, the risk that their machine can be attacked is great. Conference centers are a good example of public spaces that are used to provide wireless network access to users who wish to connect to the Internet and subsequently establish a VPN connection (or tunnel) into their own organization. Airports and certain coffee franchises have created hotspots to satisfy this demand for WLAN access. These untrusted public networks introduce three primary risks:

They are accessible by anyone , even malicious users, because of their public nature.
They serve as a bridge to a user 's network, potentially allowing a hacker lurking on the public network to attack or gain access to the bridged network.
They use high RF transmission power levels to generate a strong signal, which can allow a hacker to eavesdrop more readily on their signals.

Organizations should take steps to protect themselves from this public space threat. Users often need direct access to resources (either public or private) within their organization. Organizations should protect their public resources using an application layer security protocol such as Transport Layer Security (TLS), which is the IETF version of SSL. For private resources, organizations should use an IPSec-compliant VPN solution to secure their connections. This will significantly reduce the risk of eaves-dropping and unauthorized access to private resources.