WLAN Attack Countermeasures

Go back to Tutorial

  • RF management – At the most basic level, IT managers should look for a WLAN system that can dynamically optimise and manage RF transmissions in real-time so that coverage does not extend beyond intended areas, a concept known as “RF bleed-over”. This will provide better overall RF security and will particularly help mitigate the risk of probing and discovery attacks. In addition, it is often good policy to disable SSID Broadcasts at the access point whenever possible. The benefit of this is twofold: one, the number of accidental client associations to the WLAN can be significantly reduced since only clients that know the SSID are able to associate to the WLAN and two, casual “war drivers” will be less likely to probe the WLAN since the SSID is “cloaked”.
  • Strong authentication and encryption – There is no substitute for strong authentication and encryption in a wireless network. This helps to convert a wireless LAN from an untrusted to a trusted network. Access Point authentication is key to any WLAN as it prevents unauthorized devices from masquerading as valid APs via MAC spoofing. Built in x.509 certificates, for example, can prevent rogue APs from accessing the wired infrastructure and access points with trusted AP protection prevent authorized clients from associating to rogue APs. Strong user based authentication is also critical. Solutions like 802.1x, VPNs, PKI certificates, or tokens have proven themselves quite effective at preventing attackers from gaining access to both wireless and wireline networks. Companies looking to install a WLAN systems should look for one that supports dynamic keys using TKIP, such as WPA2 (802.11i). This helps to eliminate many of the security vulnerabilities associated with the original WEP standard.
  • Attack signature detection and intrusion protection – One of the most critical security solutions for WLANs is a robust real-time intrusion detection and prevention system with integrated attack signatures. With this in place, probing programs and rogue access points can be detected and isolated from the rest of the WLAN before they compromise security. For example, DoS attacks like “Airjack” or “void11” can be easily located, and the WLAN can change channels and adjust power output to mitigate their risks. Other types of denial of service attacks, such as RF jamming attacks, can be detected by a WLAN system capable of monitoring the received signal strength indication (RSSI) threshold and noise floor levels as well as elevated CRC error count levels at the MAC layer. With RF interference detection, dynamic channel assignment and auto power adjustment, intelligent WLAN systems are able to avoid interference generated by frequency jamming devices.
  • Client integrity checking – With the proper WLAN security, IT staff can identify the presence of misconfigured WLAN clients and other potential security policy violations before they pose a problem. For example, if clients have open WLAN adapters enabled or Ad-Hoc networking enabled, a “RF aware” WLAN system can identify and locate the devices with configuration violations and dynamically dissociate these devices from the rest of the WLAN, if required. Exclusion lists can prevent that device from re-associating with the WLAN until remediation has taken place. Monitoring the RF environment can also prevent unwanted accidental client associations by identifying clients that experience these types of associations. Once identified, these clients can be placed on an exclusion list to prevent further connections until the configuration settings have been corrected. To protect against MAC spoofing attacks an intelligent WLAN system can be configured to automatically detect these attacks and exclude offending machines from the WLAN. This can be done by flagging any occurrence in which the manufacturer name of a detected WLAN adapter differs from the known OUI (Organizationally Unique Identifier) for that equipment. Once detected, an intelligent WLAN system can prevent the known attacker from connecting to any nearby access points or any access points located throughout the entire WLAN. By disallowing spoofed MAC devices onto the WLAN and monitoring RF channel assignments certain types of man in the middle attacks can be thwarted, such as Monkey Jack, which relies on MAC spoofing and unauthorized channel assignment.
  • Delivering air tight WLAN security – With the proper tools in place, an enterprise wireless network can be as secure, if not more secure, than traditional wireline deployments. The key issue for enterprises is to understand what threats exist, what risks they pose and how to control them. One of the first lines of defence is real-time detection of common physical and MAC layer threats, like the ones identified here. When coupled with intelligent RF management, secure encryption, network access control, and location based security, enterprises have all the tools necessary to confidently deploy business critical applications over their Wireless LANs.

Go back to Tutorial

WLAN Attacks
Cyber Crime Techniques

Get industry recognized certification – Contact us

keyboard_arrow_up
Open chat
Need help?
Hello 👋
Can we help you?