1. War Driving
◦ Driving around scanning for unsecured networks to gain free Internet access or access network hosts
and resources. Just because you can, does not mean its legal or ethical to do so
Hackers (Crackers)
◦ Exploiting weak security measures (such as WEP and defaults) to gain access with malicious intent
Rogue Access Points
◦ An access point installed by an employee (or contractor) without authorisation. Typically does not
conform to enterprise security policy or configurations and becomes a weak link.
Man in Middle Attack
◦ Software can be used to capture wireless traffic such as authentication and association requests.
Security keys can be discovered and used for malicious activity
◦ Counter with intrusion prevention systems that monitor the RF band and scan for rogue access
points, ad-hoc connections and other activity
DOS Denial of Service
◦ Signal interference from sources such as cordless phones, microwaves can cause noise on channels
and prevent frames from reaching their destinations
◦ Flooding the BSS with CTS or disassociate messages which cause collisions and disrupt operations
2. WEP
◦ Wired Equivalent Privacy which uses a WEP key as the secret and RC4 as the
cipher to encrypt the data
◦ WEP was the first standard. The WEP key can now be easily discovered using a
tool.
◦ This method should NO LONGER be used
WPA
◦ WIFI protected access based on the draft 802.11i standard
◦ Interim security standard while developing WPA 2
WPA2
◦ WIFI protected access 2 that implements the ratified 802.11i standard
◦ This is the current security standard used to certify new devices
WPS
◦ WiFI Protected Setup was intended to simplify security with a push button and
pin.
◦ Major security flaw discovered late 2011 and this method should be disabled
802.1x /EAP extensions
◦ A method that keeps wireless logical ports closed until the user authenticates.
(not covered here – its in the Diploma course)
3. WiFi Protected Access
◦ WiFi alliance security certified protocol
◦ Interim protocol while IEEE 802.11i standard developed
Uses the TKIP Temporal Key Integrity Protocol
◦ TKIP uses the RC4 cipher (which WEP uses)
◦ 3 features added to fix the flaws in WEP and prevent discovery
of the secret key
◦ Michael – MIC message integrity code to prevent tampering and
replay attacks
MIC – message integrity code added to the frame and encrypted
with the data
A replay attack captures an authentication exchange and attempts to
resend the packets at a later time to get access without knowing the
key
4. WiFi Protected Access 2
◦ WPA 2 implements the IEEE 802.11i security standard but is certified
and tested as WPA2
WPA2 implements
◦ TKIP as the key management protocol for older devices
◦ Michael message integrity code (MIC)
◦ Uses CCMP encryption protocol with a new cipher: AES Advanced
Encryption Standard
AES requires AES capable hardware, TKIP is used for encryption for older
equipment
Authentication methods
◦ Pre-shared Key PSK
◦ Enterprise (EAP/Radius/TLS protocols) which do not allow data frames
through the AP port until the user has successfully authenticated.
This can be integrated with Active Directory network accounts
5. WiFi Protected Setup
◦ Created to allow easy security setup for adding new devices to
the Wlan
◦ Uses a PIN, Push button, near field communications or USB
configuration transfer
◦ Can be broken easily by brute-force attack (Dec 2011)
Solution
◦ Disable WPS by applying a firmware update