What are the most serious vulnerabilities in the IEEE 802.11 standard, and how can we protect against them?
Many of the wireless network vulnerabilities associated with IEEE 802.11-based networks are related to lax configuration of the devices themselves. Some common configuration errors include missing or weak encryption (WEP – with weak initialization vector or weak pre-shared keys), default authentication credentials to the management stations, devices missing the latest firmware and security patches and incorrect signal tuning leading to signal leakage, among others. The issue is further exacerbated by insufficient monitoring of the wireless infrastructure. This hampers the ability of the enterprise to deal with rogue access points, thereby increasing the likelihood of man-in-the-middle or denial-of-service attacks.
A lot of these weaknesses can be addressed by a robust wireless device configuration, strong authentication/access requirements, real-time monitoring and regular wireless surveys. Use of EAP and 802.1x with the AAA protocol can help prevent the threat from man-in-the-middle and rogue access points. Use of sniffers and other monitoring devices can help track down other systems searching for connections on the wireless network. Periodic “walkabouts” with a signal analyzer or wireless intrusion prevention systems can also help isolate or triangulate rogue devices. They can also identify and tune sources of signal bleed, thereby containing the wireless network within physical locations that require it.
This was first published in August 2011