Eliminating the risk of spoofing
My question is regarding how to implement a secure connection between the PDA
and a wireless access point and eliminate the risk of spoofing. Is it possible to implement an
overlay point-to-point connection over a broadcast medium? Could you please explain what layer 2
security really means in the wireless context?
It's tough to completely eliminate the chances of spoofing, but a good solution is
implementing host-based authentication on your access point(s). Given enough time, effort, and
money, you could implement practically any type of point to point protocol over your wireless
network that you could over a wired network. I would suggest looking into Extensible Authentication
Protocol (EAP) or Lightweight Extensible Authentication Protocol (LEAP) for integration into your
wireless apps. Check out the WPA, 802.11i, and 802.1x standards, which all address these
If I understand your layer 2 security question correctly, this is basically referring to what I've
mentioned above -- authentication using EAP/802.1x that requires the user/client to authenticate
itself to the network via a password, token, digital certificate, etc. This is in contrast to a
standard layer 3 solution such as a standard VPN running across a wireless network.
This was first published in July 2003