Rogue access points, data interception, DoS downtime -- these are all Wi-Fi threats that can spell trouble for mobile security managers. Wireless network security requires constant attention, and to help keep track of the many potential threats, we outline our Top 10 Wi-Fi threats and offer guidance on how to protect against them.
Gone are the early days of Wi-Fi, when CSOs lost sleep over threats like WEP cracking and war driving. 802.11n products have matured to the point where many enterprises are investing in larger, faster WLANs to support mission-critical applications. And yet, pros know that security is never to be taken for granted. Here, we offer our Top 10 Wi-Fi Threats and explain why diligence is (still) required.
1. Data Interception:
Today, its widely understood that data sent over Wi-Fi can be captured by eavesdroppers -- easily, within a few hundred feet; even farther with directional antennas. Fortunately, all Wi-Fi CERTIFIED products now support AES-CCMP data encryption and integrity. Unfortunately, there are still legacy products that only speak TKIP, and many WLANs are configured to accept both AES and TKIP. But TKIP is vulnerable to message integrity check (MIC) attacks that allow a limited set of spoofed frames to be injected -- for example, ARP. Although resulting risks are modest, the writing is on the wall: The time has come to retire TKIP and require AES-CCMP.
2. Denial of Service:
WLANs are inherently vulnerable to DoS. Everyone shares the same unlicensed frequencies, making competition inevitable in populated areas. The good news: As enterprise WLANs migrate to 802.11n, they can use channels in the larger, less-crowded 5 GHz band, reducing accidental DoS. Moreover, contemporary access points (APs) can auto-adjust channels to circumvent interference. But that still leaves DoS attacks: Phony messages sent to disconnect users, consume AP resources, and keep channels busy. To neutralize common DoS attack methods like Deauth Floods, look for newer products that support 802.11w management frame protection.
3. Rogue APs:
Business network penetration by unknown, unauthorized APs has long been a top worry. Fortunately, most enterprise WLANs now use legitimate APs to scan channels for possible rogues in their spare time. Unfortunately, verifying true rogues by tracing their wired network connectivity is a skill that ordinary WLAN gear has yet to perfect. Without accurate classification, automated rogue blocking is a risky proposition. To not just detect, but effectively mitigate rogue APs, deploy a Wireless IPS that can reliably differentiate between harmless neighbors, personal hotspots, and network-connected rogues that pose real danger, taking policy-based action to trace, block, and locate the latter.