My question is regarding the connection between a WLAN-enabled PDA and a Wireless Access Point. First, how do you...
eliminate the risk of spoofing? Can you have an overlay point-to-point connection over a broadcast medium? Finally, could you please explain what Layer 2 security really means in the wireless context? Spoofing can occur at (at least) two layers: wireless stations can spoof by using another station's MAC address, and hosts can spoof by using another host's IP address. You cannot prevent MAC address spoofing, but authenticating based on something besides MAC address can ensure that spoofed frames don't get very far into your network. For example, use 802.1X with client certificates (EAP-TLS) or tunneled user-level authentication (PEAP or EAP-TTLS). To prevent IP address spoofing, use a security measure with message source authentication – for example, IPsec VPN tunnels. IPsec hashed message authentication codes (HMACs) detect when any host except the legitimate peer sends a packet with a spoofed source IP address, discarding spoofed packets.
Yes, you can overlay point-to-point connections on a broadcast medium. TCP connections that ride Ethernet illustrate this point, as do 802.11 peer-to-peer ad hoc connections over wireless. If you don't want others on the broadcast medium to eavesdrop on or participate in your point-to-point connection, you must use cryptographic protection – for example, IPsec transport mode.
Layer two security for wireless LANs refers to security measures applied at the Media Access (MAC) layer. IEEE 802 standard security measures provide authentication, confidentiality, message integrity (with WPA/802.11i), and access control (with 802.1X). These measures are applied to the layer two protocol - the 802.11 management and data frames that flow over the physical medium. You may also have seen products with proprietary layer two security - they just use different frame encapsulation or crypto algorithms to secure the layer two protocol, protecting frames over the air between the station and AP.
Dig Deeper on Wireless LAN Implementation
Related Q&A from Lisa Phifer
Understanding the functions of a wireless access point vs. wireless router will help you deploy the right device for the right circumstance.continue reading
Learn the difference between a site-to-site VPN and a remote-access VPN, as well as the protocols used for each one.continue reading
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.