IP Security (IPSec) is a framework of open standards for ensuring secure
private communication over IP networks. IPSec Virtual Private Networks (VPNs)
use the services defined within IPSec to ensure confidentiality, integrity, and
authenticity of data communications across networks such as the Internet. VPN
deployment is illustrated in Figure
. IPSec also has
a practical application to secure WLANs. It does this by overlaying IPSec on
top of 802.11 wireless traffic.
When deploying IPSec in a WLAN
environment, an IPSec client is placed on every PC connected to the wireless
network
. The
user is required to establish an IPSec tunnel and to route any traffic to the
wired network, as shown in Figure
. Filters are put
in place to prevent wireless traffic from reaching any destination other than
the VPN concentrator and the DHCP/DNS server. The VPN clients can also be
terminated on an IOS Firewall router or a PIX Security Appliance.
IPSec
provides for the confidentiality of IP traffic. It also has authentication and
anti-replay capabilities using Message Digest 5 (MD5) or Secure Hash Algorithm
(SHA). Confidentiality is achieved through encryption, which uses Data
Encryption Standard (DES), Triple DES (3DES) or AES. The process is shown in
Figure
.
Filtering
can provide an additional layer of wireless security. Filters can be created to
filter a Protocol or IP port. When an access point is designed for VPN-only
use, filters like the one in Figure
can be used.
These filters are to only allow specified traffic such as Encapsulated Security
Payload (ESP) and Internet Key Exchange (IKE), which are necessary for secure
VPN communication