Summary

For a variety of reasons, wireless VPNs are here to stay even when the more secure 802.11i standard completely replaces the traditional WEP. In this chapter, we reviewed various VPN protocols, implementations, and topologies from the wireless security viewpoint. Because we are talking about the network hardware-independent defense mechanisms deployed above the second layer, the hardening methodologies described here apply well to securing different types of wireless networks. These can include infrared, non-802.11-compliant, 802.15, 802.16, and other types of wireless links. We have focused on IPSec as the de facto VPN protocol standard and default IPv6 security implementation. The practical examples of IPSec solutions for wireless network security we provide employ FreeS/WAN for Linux and the default IPSec capabilities of Windows 2000. Protection of both point-to-point (bridged) wireless links and point-to-multipoint WLANs was covered. We are confident that many readers will find this information quite useful in securing various wireless networks. Deploying a proper VPN can be a "good old" alternative to using 802.11i or can supplement 802.11-specific security standards as part of a well-thought-out defense-in-depth policy.