Problem solve Get help with specific problems with your technologies, process and projects.

VPNs for wireless devices

A look at some of the issues involved with combining WEP and VPNs.

One of the benefits of the eventual conversion to IPv6 from IPv4 is the increase in available addresses. All these addresses will make it that much easier to connect wireless devices to the network. The security of those devices is going to become a major concern in the next few years. Here is an article from Informit that that discusses issues combining VPNs for wireless devices and WEP.

A VPN is a virtual, encrypted network built on top of an existing network. This is also known as tunneling, because the encrypted data stream is set up and maintained within a normal, unencrypted connection. A VPN extends the safe internal network out to the remote user. Therefore, the remote wireless user exists in both networks at the same time. The wireless network remains available, but a VPN tunnel is created to connect the remote client to the internal network, thus making all the resources of the internal network available.

VPNs and firewalls are often integrated into one appliance or software package. A firewall can be set up to completely block all incoming requests, with the exception of authorized VPN clients. This will not only ensure a strong measure of security at the access point, but provide an additional measure of security to WLAN users and their data.

The encryption used by most implementations of WEP is flawed. A hacker with a laptop and a Pringles can for an antenna can sit within the WLAN's radiation zone and capture enough data to crack the WEP password. By having this password, the hacker can then set up his computer to capture all data traveling through the air. Since he has the encryption password, he can decipher all the WEP-protected data and "see" the information. Email, documents, and passwords can all be gleaned this way.

However, if you use VPN encryption in addition to (or instead of ) WEP encryption, a hacker would have to decipher the data twice. The first layer is the crackable WEP encryption and the second layer is the robust VPN encryption. Because a hacker cannot easily reproduce the VPN's pass phrase, certificate, or smartcard key, the success rate at cracking the VPN traffic will be very low.

While using both a VPN and WEP is definitely to your advantage, there's a major downside. The problem arises due to the additional processing that encrypting and deciphering data requires. Using WEP with VPN on a properly configured firewall/access point will impact transmission speed and throughput. In other words, it would take 10 minutes to send a file over a VPN with WEP enabled, but it would only take 2 minutes without encryption. This impact can have serious consequences to network connectivity and may all but eliminate the end user's enthusiasm for the wireless connection.

In addition, using VPN over wireless requires that client software be installed on every user's device. This requirement creates a few issues for end users. For example, most VPN software is written for the Windows platform. This means that Macs, *nix-based computers, and palmtop computers may not be able to connect to the WLAN. While this may not be an issue for most home and small businesses, it could have a serious impact on large or rapidly growing corporations.

Read more about WLAN security at Informit.

This was last published in July 2005

Dig Deeper on WAN technologies and services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.