Title :
Tackling security vulnerabilities in VPN-based wireless deployments
Author :
Fazal, Lookman ; Ganu, Sachin ; Kappes, Martin ; Krishnakumar, A.S. ; Krishnan, P.
Author_Institution :
Avaya Lab. Res., NJ, USA
Abstract :
Current "best practice" recommendations for enterprise wireless deployments suggest the use of VPNs from a wireless client for both authentication and privacy. In this paper, we demonstrate a security issue with such deployments, which we refer to as the hidden wireless router vulnerability. This vulnerability is inherent in the VPN-based wireless LAN architecture, and leads to unsuspecting clients becoming conduits for an attack, exploiting features readily available in popular operating systems like Windows and Linux. We describe the attack scenario, and possible solutions for both detecting and locating such hidden wireless routers. Our solutions include a range of possibilities stretching from purely passive to active probing methods, and access point-based solutions. We describe our techniques and results of our implementation and experiments.
Keywords :
business communication; data privacy; message authentication; operating systems (computers); telecommunication network routing; telecommunication security; virtual private networks; wireless LAN; VPN; access point-based solution; authentication; enterprise wireless deployment; hidden wireless router vulnerability; operating system; privacy; router detection; router location; security vulnerability; wireless LAN architecture; wireless client; Authentication; Communication system security; IP networks; Intrusion detection; Network servers; Portable computers; Privacy; Virtual private networks; Wireless LAN; Wireless networks;
Conference_Titel :
Communications, 2004 IEEE International Conference on
Print_ISBN :
0-7803-8533-0
DOI :
10.1109/ICC.2004.1312460
