1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Why VPN can’t replace Wi-Fi security

Discussion in 'News' started by tripwire45, May 29, 2007.

Click here to banish ads and support Certforums by becoming a Premium Member
  1. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster


    Why VPN can’t replace Wi-Fi security

    Every time the subject of wireless LAN security comes up, people ask me about VPN as a solution for securing Wi-Fi. (Wi-Fi is the common marketing name for 802.11 wireless LANs). I’ve always told people that VPN security shouldn’t be a substitute for good Wi-Fi security, and I even posted a comprehensive guide to enterprise wireless LAN security, but a loyal group of VPN-only supporters has always argued for a VPN-only alternative. I’m going to explain VPN and Wi-Fi security as best I can and why there is a right time and right place for each architecture.

    The whole story is at blogs.zdnet.com.
    Certifications: A+ and Network+


    1. stuPeas
      Excuse my ignorance, but I thought VPN and wireless refer to two totally different things.
      Wireless being a way to have hosts on a LAN without wires and in fairly close proximity.
      VPN being a method of Extending a LAN to a remote location by tunneling through a public WAN such as the Internet.
      I don't quite understand how the two could even be used in the same context!! (saying that, I haven't followed the link yet!).
    2. tripwire45
      It's a fairly common practice to try and increase the security of a wireless connection by running it through a VPN tunnel. Since VPN creates a virtual point-to-point connection over a public network, in theory, running a wifi connection through that tunnel should provide the same level of security as a "road warrior" or end user working from home using VPN to connect to their employer's LAN.

      Try reading the article. It should make more sense after you do. :wink:
    3. zebulebu
      Excellent article.

      I love George Ou - he has that rare gift in the technical blogging world - the ability to expound clearly on topics that are reasonably complex without dumbing down to the point where they become similar to industry coundbites.

      This is one of his best pieces yet - cheers for the linkage!
    4. Crito
      Count me in with the VPN and SSL guys. If you want to secure your data over a public network then the transmission has to be secured end-to-end. Wireless "best practices" provide a false sense of security. In general, all enabling WEP/WPA does is prevent people from using your internet connection without permission. XP SP2/Vista's firewall and DEP creates the exact same surface area for attack as your SOHO AP/router.

      EDIT: "In general" means the same doesn't necessarily apply in a corporate environment. And that's what's wrong with best practices IMO; they're a one size fits all approach. You don't put bars on all your windows like they do at Fort Knox, do you? Why not?

    Share This Page