My question is regarding the connection between a WLAN-enabled PDA and a Wireless Access Point. First, how do you eliminate the risk of spoofing? Can you have an overlay point-to-point connection over a broadcast medium? Finally, could you please explain what Layer 2 security really means in the wireless context? Spoofing can occur at (at least) two layers: wireless stations can spoof by using another station's MAC address, and hosts...
can spoof by using another host's IP address. You cannot prevent MAC address spoofing, but authenticating based on something besides MAC address can ensure that spoofed frames don't get very far into your network. For example, use 802.1X with client certificates (EAP-TLS) or tunneled user-level authentication (PEAP or EAP-TTLS). To prevent IP address spoofing, use a security measure with message source authentication – for example, IPsec VPN tunnels. IPsec hashed message authentication codes (HMACs) detect when any host except the legitimate peer sends a packet with a spoofed source IP address, discarding spoofed packets.
Yes, you can overlay point-to-point connections on a broadcast medium. TCP connections that ride Ethernet illustrate this point, as do 802.11 peer-to-peer ad hoc connections over wireless. If you don't want others on the broadcast medium to eavesdrop on or participate in your point-to-point connection, you must use cryptographic protection – for example, IPsec transport mode.
Layer two security for wireless LANs refers to security measures applied at the Media Access (MAC) layer. IEEE 802 standard security measures provide authentication, confidentiality, message integrity (with WPA/802.11i), and access control (with 802.1X). These measures are applied to the layer two protocol - the 802.11 management and data frames that flow over the physical medium. You may also have seen products with proprietary layer two security - they just use different frame encapsulation or crypto algorithms to secure the layer two protocol, protecting frames over the air between the station and AP.
Related Q&A from Lisa Phifer, Wireless Networking Expert
Wireless expert Lisa A. Phifer explains to what extent WEP cracking remains a worrisome issue. It all depends on your company's WLAN security policy.continue reading
Wireless expert, Lisa Phifer explains that it may not be worth enhancing Wi-Fi ad hoc mode since Wi-Fi Direct is a better alternative for enabling ...continue reading
Wireless expert Lisa Phifer responds to a question regarding a Mi-Fi and Android smartphone mobile hotspot comparison. She provides an in depth ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.