SlideShare a Scribd company logo

Dispelling Top Ten Wireless Security Myths

AirTight Networks
AirTight Networks

Understanding of wireless security is unfortunately marred by many myths. Some are even propagated as wireless LAN best practices. Plug-and-play wireless users tend to blindly follow these diktats without confirming their veracity. In turn, they only end up contributing to wireless malpractices galore. Myths about wireless security can be both dangerous and costly. Many organizations spend valuable resources in implementing these urban legends that give a false sense of security and leave private networks and sensitive data exposed. In this paper, we will revisit and debunk top ten wireless security myths.

TechnologyBusiness
1 of 5
Download to read offline
AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths A White Paper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com © 2008 AirTight Networks, Inc. All rights reserved.
AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Understanding of wireless security is unfortunately marred by many myths. Some are even propagated as wireless LAN best practices. Plug-and-play wireless users tend to blindly follow these diktats without confirming their veracity. In turn, they only end up contributing to wireless malpractices galore. Myths about wireless security can be both dangerous and costly. Many organizations spend valuable resources in implementing these urban legends that give a false sense of security and leave private networks and sensitive data exposed. In this paper, we will revisit and debunk top ten wireless security myths. Myth #1: My wireless LAN (WLAN) is safe because I have a firewall securing my wired corporate LAN from the Internet. Non-wireless security solutions such as firewall and intrusion detection systems operate at layer 3 (i.e., network layer) and above. A WLAN presents a potential entry point into your wired corporate LAN at layers 1 and 2 (i.e., physical and link layers), circumventing all wired security measures. Your authorized users can bypass your firewall policies and content filters using wireless access and connect to potentially dangerous external WLANs. In short, wireless has made the traditional “harden-the-network-perimeter” approach obsolete. Myth #2: I already got my wired corporate LAN scanned from an auditor, so I do not need to worry about wireless security threats. Non-wireless scanning tools are powerful in detecting anomalies and vulnerabilities on a wired network. But they fail to capture vulnerabilities at layers 1 and 2 of the wireless LAN. It is a good idea to periodically audit your network against wireless vulnerabilities using appropriate wireless vulnerability assessment solutions. © 2008 AirTight Networks, Inc. All rights reserved. 2
AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Myth #3: My company does not own a wireless LAN, so I do not need to worry about wireless security threats. Even if an enterprise does not own a wireless LAN, today, it is almost impossible to remain untouched by the wireless presence. Employees may deploy a rogue AP or unauthorized, malicious users may connect wireless devices opening backdoors to your organization’s private backbone network. Employees using laptops may access external WLANs exposing sensitive data. This means that even a single wireless device on your premises, let alone a wireless LAN, can open a wireless backdoor to your corporate back- bone network that is otherwise protected. Hence, even if an enterprise does not officially deploy a WLAN, it must address the wireless security threat. Myth #4: We use WEP to secure all our WiFi communication, so our over-the-air data is secure. The legacy Wired Equivalent Privacy (WEP) encryption gives a false sense of security. It is well-known that WEP is broken and can be compromised in minutes exposing over-the- air data. Using WEP is widely considered as a malpractice by wireless security experts. Organizations should replace WEP by more recent, stronger alternatives such as WPA2 or at least adopt other remediation solutions that proactively protect WEP devices. Myth #5: We use WPAWPA2802.11i for all our WiFi communication, so our network is secure. As a response to the flaws in WEP, WiFi Protected Access (WPA) was proposed. It was upgraded to WPA2-the implementation of the IEEE 802.11i standard. WPA or WPA2, if used with pre-shared key (PSK) are still vulnerable to dictionary attacks that can crack the password. Further, simply using WPA/WPA2 does not secure your network. Vulnerabilities such as rogue APs, clients misassociating with external APs and ad-hoc networks that bypass your security policy control can still expose your data and network to unauthorized access. Denial-of-service attacks can also continue to disrupt your WLAN. Myth #6: LEAP enables effective WLAN security. The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary security solution developed by Cisco. The authentication mechanism in LEAP, based on the MS-CHAPv2 protocol, is known to be flawed. It can be exploited using a brute force dictionary attack, and has in fact been rated by the CVE standard as a highest severity vulnerability. Even using strong passwords with LEAP does not obviate the threat. © 2008 AirTight Networks, Inc. All rights reserved. 3
AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Myth #7: MAC address filtering on wireless access points is effective in securing WLANs. Bypassing MAC filtering is easy. Freely available software tools can be used to sniff MAC addresses being used by devices in the vicinity. MAC spoofing is one of the easiest attacks to launch, and filtering MAC addresses does not provide any security for your wireless LAN. MAC filtering is not only ineffective, but it is cumbersome to maintain for a reasonable-sized wireless LAN. Myth #8: Turning off SSID broadcast is a step towards securing a WLAN. It is a common misconception that turning off SSID broadcast on a wireless AP will not allow unauthorized users to discover the AP. Freely available software tools exist that actively probe and discover APs that respond to these probes. Passive sniffing of wireless traffic can also allow hackers to discover wireless APs in the vicinity. Turning off SSID broadcast is not only ineffective, but it in fact leads to another severe vulnerability. Authorized clients that usually connect to enterprise APs, probe for the hidden SSID. A hacker can sniff this information and use it to launch a honeypot attack. Myth #9: Need for wireless security ends in my airspace. Managing wireless vulnerabilities is not limited to an organization’s premises. Wireless users carry their corporate laptops when they travel. If they connect to WLANs outside the premise, say in a coffee shop across the world, they are still at risk. Recent survey by AirTight Networks at several airports in the US and worldwide captured the elevated threats to wireless devices from viral SSIDs and ad-hoc networks. To carry wireless security on the road, wireless client security software—that enforces corporate security policies and manages how a wireless client behaves and connects—is essential. Myth #10: Need for wireless security is hyped. Non-wireless vulnerability assessment tools fail miserably to capture wireless vulner- abilities and hence tend to mislead users in believing that wireless vulnerabilities do not exist. Businesses can ignore wireless security at their own peril. Many published studies across industry and academia show that wireless is everywhere and so are wireless threats. Recently, advisory firms such as RSA, Gartner, SANS, and Farpoint Group have repeatedly ranked wireless security as a top ten concern. To conclude, stay away from these fallacies. Implement real security measures for protecting your networks and data. © 2008 AirTight Networks, Inc. All rights reserved. 4
AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths About AirTight Networks AirTight Networks is the industry standard for wireless vulnerability management and the only company that offers a flexible, end-to-end solution that gives customers visibility into their wireless security posture and a choice in how they manage it. AirTight’s SpectraGuard Enterprise provides a robust wireless intrusion prevention system (WIPS). Its SpectraGuard Online service is the world’s first on demand wireless vulnerability management service which provides a flexible approach to addressing wireless vulner- abilities with no capital investment. AirTight’s patented technology delivers the key elements of an effective WIPS to eliminate false alarms, block wireless threats immediately and automatically and locate wireless devices and events with pinpoint precision. AirTight’s customers include global retail, financial services, corporate, education and government organizations. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit www.airtightnetworks.com Wireless Vulnerability Management AirTight Networks, Inc. 339 N. Bernardo Avenue #200, Mountain View, CA 94043 T +1.877.424.7844 T 650.961.1111 F 650.961.1169 www.airtightnetworks.com info@airtightnetworks.com © 2008 AirTight Networks, Inc. All rights reserved. AirTight Networks and the AirTight Networks logo are trademarks, and AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks mentioned herein are properties of their respective owners. Specifications are subject to change without notice.

Recommended

Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseAirTight Networks
 
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Networks
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsAirTight Networks
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecurityAirTight Networks
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...AirTight Networks
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitAirTight Networks
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfAirTight Networks
 
Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?AirTight Networks
 

Recommended

Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseAirTight Networks
 
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Networks
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsAirTight Networks
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecurityAirTight Networks
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...AirTight Networks
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitAirTight Networks
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfAirTight Networks
 
Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?AirTight Networks
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013AirTight Networks
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks
 
Financial Districs Wi Fi Scan
Financial Districs Wi Fi ScanFinancial Districs Wi Fi Scan
Financial Districs Wi Fi ScanAirTight Networks
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesAirTight Networks
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w TutorialAirTight Networks
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight Networks
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014AirTight Networks
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration AirTight Networks
 
AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution briefAirTight Networks
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1AirTight Networks
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsAirTight Networks
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseAirTight Networks
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsAirTight Networks
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?AirTight Networks
 
When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksAirTight Networks
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte AttackAirTight Networks
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAirTight Networks
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 

More Related Content

Viewers also liked

Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013AirTight Networks
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks
 
Financial Districs Wi Fi Scan
Financial Districs Wi Fi ScanFinancial Districs Wi Fi Scan
Financial Districs Wi Fi ScanAirTight Networks
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesAirTight Networks
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight Networks
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014AirTight Networks
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration AirTight Networks
 

Viewers also liked (9)

Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your Enterprise
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6
 
Financial Districs Wi Fi Scan
Financial Districs Wi Fi ScanFinancial Districs Wi Fi Scan
Financial Districs Wi Fi Scan
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
 

More from AirTight Networks

AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution briefAirTight Networks
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1AirTight Networks
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsAirTight Networks
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseAirTight Networks
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsAirTight Networks
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?AirTight Networks
 
When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksAirTight Networks
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAirTight Networks
 

More from AirTight Networks (11)

AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSP
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution brief
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQs
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the Enterprise
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
 
When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS Attacks
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan Analysis
 

Recently uploaded

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Dispelling Top Ten Wireless Security Myths

  • 1. AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths A White Paper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com © 2008 AirTight Networks, Inc. All rights reserved.
  • 2. AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Understanding of wireless security is unfortunately marred by many myths. Some are even propagated as wireless LAN best practices. Plug-and-play wireless users tend to blindly follow these diktats without confirming their veracity. In turn, they only end up contributing to wireless malpractices galore. Myths about wireless security can be both dangerous and costly. Many organizations spend valuable resources in implementing these urban legends that give a false sense of security and leave private networks and sensitive data exposed. In this paper, we will revisit and debunk top ten wireless security myths. Myth #1: My wireless LAN (WLAN) is safe because I have a firewall securing my wired corporate LAN from the Internet. Non-wireless security solutions such as firewall and intrusion detection systems operate at layer 3 (i.e., network layer) and above. A WLAN presents a potential entry point into your wired corporate LAN at layers 1 and 2 (i.e., physical and link layers), circumventing all wired security measures. Your authorized users can bypass your firewall policies and content filters using wireless access and connect to potentially dangerous external WLANs. In short, wireless has made the traditional “harden-the-network-perimeter” approach obsolete. Myth #2: I already got my wired corporate LAN scanned from an auditor, so I do not need to worry about wireless security threats. Non-wireless scanning tools are powerful in detecting anomalies and vulnerabilities on a wired network. But they fail to capture vulnerabilities at layers 1 and 2 of the wireless LAN. It is a good idea to periodically audit your network against wireless vulnerabilities using appropriate wireless vulnerability assessment solutions. © 2008 AirTight Networks, Inc. All rights reserved. 2
  • 3. AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Myth #3: My company does not own a wireless LAN, so I do not need to worry about wireless security threats. Even if an enterprise does not own a wireless LAN, today, it is almost impossible to remain untouched by the wireless presence. Employees may deploy a rogue AP or unauthorized, malicious users may connect wireless devices opening backdoors to your organization’s private backbone network. Employees using laptops may access external WLANs exposing sensitive data. This means that even a single wireless device on your premises, let alone a wireless LAN, can open a wireless backdoor to your corporate back- bone network that is otherwise protected. Hence, even if an enterprise does not officially deploy a WLAN, it must address the wireless security threat. Myth #4: We use WEP to secure all our WiFi communication, so our over-the-air data is secure. The legacy Wired Equivalent Privacy (WEP) encryption gives a false sense of security. It is well-known that WEP is broken and can be compromised in minutes exposing over-the- air data. Using WEP is widely considered as a malpractice by wireless security experts. Organizations should replace WEP by more recent, stronger alternatives such as WPA2 or at least adopt other remediation solutions that proactively protect WEP devices. Myth #5: We use WPAWPA2802.11i for all our WiFi communication, so our network is secure. As a response to the flaws in WEP, WiFi Protected Access (WPA) was proposed. It was upgraded to WPA2-the implementation of the IEEE 802.11i standard. WPA or WPA2, if used with pre-shared key (PSK) are still vulnerable to dictionary attacks that can crack the password. Further, simply using WPA/WPA2 does not secure your network. Vulnerabilities such as rogue APs, clients misassociating with external APs and ad-hoc networks that bypass your security policy control can still expose your data and network to unauthorized access. Denial-of-service attacks can also continue to disrupt your WLAN. Myth #6: LEAP enables effective WLAN security. The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary security solution developed by Cisco. The authentication mechanism in LEAP, based on the MS-CHAPv2 protocol, is known to be flawed. It can be exploited using a brute force dictionary attack, and has in fact been rated by the CVE standard as a highest severity vulnerability. Even using strong passwords with LEAP does not obviate the threat. © 2008 AirTight Networks, Inc. All rights reserved. 3
  • 4. AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Myth #7: MAC address filtering on wireless access points is effective in securing WLANs. Bypassing MAC filtering is easy. Freely available software tools can be used to sniff MAC addresses being used by devices in the vicinity. MAC spoofing is one of the easiest attacks to launch, and filtering MAC addresses does not provide any security for your wireless LAN. MAC filtering is not only ineffective, but it is cumbersome to maintain for a reasonable-sized wireless LAN. Myth #8: Turning off SSID broadcast is a step towards securing a WLAN. It is a common misconception that turning off SSID broadcast on a wireless AP will not allow unauthorized users to discover the AP. Freely available software tools exist that actively probe and discover APs that respond to these probes. Passive sniffing of wireless traffic can also allow hackers to discover wireless APs in the vicinity. Turning off SSID broadcast is not only ineffective, but it in fact leads to another severe vulnerability. Authorized clients that usually connect to enterprise APs, probe for the hidden SSID. A hacker can sniff this information and use it to launch a honeypot attack. Myth #9: Need for wireless security ends in my airspace. Managing wireless vulnerabilities is not limited to an organization’s premises. Wireless users carry their corporate laptops when they travel. If they connect to WLANs outside the premise, say in a coffee shop across the world, they are still at risk. Recent survey by AirTight Networks at several airports in the US and worldwide captured the elevated threats to wireless devices from viral SSIDs and ad-hoc networks. To carry wireless security on the road, wireless client security software—that enforces corporate security policies and manages how a wireless client behaves and connects—is essential. Myth #10: Need for wireless security is hyped. Non-wireless vulnerability assessment tools fail miserably to capture wireless vulner- abilities and hence tend to mislead users in believing that wireless vulnerabilities do not exist. Businesses can ignore wireless security at their own peril. Many published studies across industry and academia show that wireless is everywhere and so are wireless threats. Recently, advisory firms such as RSA, Gartner, SANS, and Farpoint Group have repeatedly ranked wireless security as a top ten concern. To conclude, stay away from these fallacies. Implement real security measures for protecting your networks and data. © 2008 AirTight Networks, Inc. All rights reserved. 4
  • 5. AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths About AirTight Networks AirTight Networks is the industry standard for wireless vulnerability management and the only company that offers a flexible, end-to-end solution that gives customers visibility into their wireless security posture and a choice in how they manage it. AirTight’s SpectraGuard Enterprise provides a robust wireless intrusion prevention system (WIPS). Its SpectraGuard Online service is the world’s first on demand wireless vulnerability management service which provides a flexible approach to addressing wireless vulner- abilities with no capital investment. AirTight’s patented technology delivers the key elements of an effective WIPS to eliminate false alarms, block wireless threats immediately and automatically and locate wireless devices and events with pinpoint precision. AirTight’s customers include global retail, financial services, corporate, education and government organizations. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit www.airtightnetworks.com Wireless Vulnerability Management AirTight Networks, Inc. 339 N. Bernardo Avenue #200, Mountain View, CA 94043 T +1.877.424.7844 T 650.961.1111 F 650.961.1169 www.airtightnetworks.com info@airtightnetworks.com © 2008 AirTight Networks, Inc. All rights reserved. AirTight Networks and the AirTight Networks logo are trademarks, and AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks mentioned herein are properties of their respective owners. Specifications are subject to change without notice.