What are the most serious vulnerabilities in the IEEE 802.11 standard, and how can we protect against them?
Many of the wireless network vulnerabilities associated with IEEE 802.11-based networks are related to lax configuration of the devices themselves. Some common configuration errors include missing or weak encryption (WEP – with weak initialization vector or weak pre-shared keys), default authentication credentials to the management stations, devices missing the latest firmware and security patches and incorrect signal tuning leading to signal leakage, among others. The issue is further exacerbated by insufficient monitoring of the wireless infrastructure. This hampers the ability of the enterprise to deal with rogue access points, thereby increasing the likelihood of man-in-the-middle or denial-of-service attacks.
A lot of these weaknesses can be addressed by a robust wireless device configuration, strong authentication/access requirements, real-time monitoring and regular wireless surveys. Use of EAP and 802.1x with the AAA protocol can help prevent the threat from man-in-the-middle and rogue access points. Use of sniffers and other monitoring devices can help track down other systems searching for connections on the wireless network. Periodic “walkabouts” with a signal analyzer or wireless intrusion prevention systems can also help isolate or triangulate rogue devices. They can also identify and tune sources of signal bleed, thereby containing the wireless network within physical locations that require it.
Related Q&A from Anand Sastry, featured expert
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses.continue reading
Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to ...continue reading
When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.