Not All VPNs Secure For WLAN Traffic, Vendor Warns

A WLAN security vendor said Monday said that a flaw in certain virtual private networks (VPNs) can lead to security flaws that expose corporate data on wireless networks.

Specifically, Newbury Networks cited a flaw initially found by the U.K.'s National Infrastructure Security Coordination Center in IPSec, a set of protocols frequently used to create VPNs. The potential threat results in a security hole in some configurations that enables attackers to divert VPN data after it's been decrypted.

Because the data is intercepted as the traffic flows between security gateways, the threat is particularly severe for wireless LANs in which the decrypted information is passing over the air, Newbury said in a statement.

"It is remarkably easy for attackers to intercept traffic between Wi-Fi devices," Matthew Gray, Newbury's founder and chief technology officer, warned. "Many organizations rely on VPNs to secure traffic over their wireless networks. This latest vulnerability is yet another example of how VPNs are not sufficient to protect networks from wireless attacks."

Newbury provides wireless security products for enterprises.