1. Home
  2. Networking
  3. Wireless lan security

Chapter 6. Wireless Vulnerabilities

Wireless networks are particularly vulnerable to attacks because it is difficult to prevent physical access to them. The only advantage they have in this respect is that an attacker must be in physical proximity to the network, which can limit the pool of potential attackers. However, with cheap antennae, such as those at http://www.cantenna.com, an attacker can pick up or send signals from up to a few miles away. To secure a wireless network, an administrator should know what types of vulnerabilities exist and what types of attacks can exploit them.

Wireless networks are subject to both passive and active attacks. A passive attack is one in which an attacker just captures signals, whereas an active attack is one in which an attacker sends signals, too. Passive attacks are exceedingly easy to carry out with wireless antennae and are undetectable. Any good security mechanism must start with the assumption that an attacker can see everything.

This chapter presents a methodology for understanding how the various wireless networking vulnerabilities relate to each other. It also describes each type of vulnerability and provides examples, both real and theoretical. Although this chapter focuses primarily on basic 802.11, it also delves into EAP-based protocols, ad-hoc mode security, and rogue access points (APs).

Note that the purpose of mentioning attack tools in this chapter is not to teach people how to attack networks. That is already better documented on many websites. The purpose is to give network administrators an introduction to what they will be facing. A demonstration of attacks can be a useful tactic for an administrator who is facing the task of justifying a security budget request to a skeptical superior. The attackers already understand the attacks and the tools. Many administrators need to catch up quickly, and this chapter aims to help them. By knowing the threat, they can better plan and deploy their defenses.



    		Chapter 1. Securing WLANs Overview
    		Chapter 2. Basic Security Mechanics and Mechanisms
    		Chapter 3. WLAN Standards
    		Chapter 4. WLAN Fundamentals
    		Chapter 5. WLAN Basic Authentication and Privacy Methods
    		Chapter 6. Wireless Vulnerabilities
    		Attacker Objectives
    		Reconnaissance Attacks
    		DoS Attacks
    		Authentication Attacks
    		WEP Keystream and Plaintext Recovery
    		WEP Key Recovery Attacks
    		Attacks on EAP Protocols
    		Rogue APs
    		Ad-Hoc Mode Security
    		Summary
    		Chapter 7. EAP Authentication Protocols for WLANs
    		Chapter 8. WLAN Encryption and Data Integrity Protocols
    		Chapter 9. SWAN: End-to-End Security Deployment
    		Chapter 10. Design Guidelines for Secure WLAN
    		Chapter 11. Operational and Design Considerations for Secure WLANs
    		Chapter 12. WLAN Security Configuration Guidelines and Examples
    		Chapter 13. WLAN Deployment Examples
    		Appendix A. Resources and References