WLAN Security: Isolating the Entire WLAN
Many companies operate a virtual private network (VPN) to allow their users to securely gain access to network resources when operating their mobile computers on a remote and unsecured network. This allows the IT department to isolate the remote computers from the unsecured network that they are on and to connect the remote computer to the corporate network.
With this same mentality, the IT department can operate its wireless network entirely outside of the corporate network, which lessens concerns about unknown wireless users accessing corporate information because the wireless network does not touch the corporate network.
For a user to access corporate data, he would establish a VPN connection back to the corporate office through the wireless network. In this case, it is no different than if he was in a coffee shop using his unsecured wireless network. After the VPN connection is established, all network information from the mobile computer is encrypted and secured until it arrives back on the corporate network.
In this isolated WLAN scenario, security of the wireless signal is not as important because all corporate information is secured with the VPN connection. Therefore, if you have no encryption through to WPA2 on the wireless network, it is not a big deal, but using the highest level of encryption is still recommended because it never hurts to be too secure.
If an unauthorized user gains access to the wireless network, she is very limited to the information she can do on that network. She can only access what is on the wireless network, which are other wireless clients and the firewall.
When corporate users are on the wireless network, they can either access the Internet or use their VPN solution to make a connection (via a VPN tunnel) back to their corporate network in a secure manner, as shown in the following figure. This is not an uncommon scenario.