Using VPN for Wireless

With the recent popularity of wireless technologies like 802.11a, 802.11b, and 802.11g, there is increased concern with making the wireless connections as secure as wired connections. One of the simplest factors that helps secure wired connections is that all the network jacks are physically secured within the building. Access to one of these network ports requires access to the office itself. Given the nature of wireless technologies, the client needs only proximity to the access point. What this means is that clients outside the office could potentially gain access to the internal network. One of the most common ways to avoid this security issue is to place the wireless connection outside the internal network. Typically, the connection is placed in the DMZ or Demilitarized Zone. By placing the access point in the DMZ outside the firewall the connection becomes akin to the Internet connection. At this point, wireless connections, just like remote users, would logically connect via a VPN connection.

For companies that use a classic DMZ, which is to say that there is a "third leg" on the firewall that separates hosts from both the Internet and the internal network, access points should be placed in a separate DMZ. This prevents wireless clients from doing several potentially destructive things such as

• Attacking DMZ hosts from inside the DMZ itself

• Leaching Internet access

• Launching denial of service attacks from corporate owned IP ranges

• Sending SPAM from corporate owned IP ranges

• Performing denial of service attacks on the DMZ by binding multiple IP addresses and causing IP conflicts

• Sniffing traffic between the DMZ and internal hosts