SlideShare a Scribd company logo

Dispelling Top Ten Wireless Security Myths

AirTight Networks
AirTight Networks

Understanding of wireless security is unfortunately marred by many myths. Some are even propagated as wireless LAN best practices. Plug-and-play wireless users tend to blindly follow these diktats without confirming their veracity. In turn, they only end up contributing to wireless malpractices galore. Myths about wireless security can be both dangerous and costly. Many organizations spend valuable resources in implementing these urban legends that give a false sense of security and leave private networks and sensitive data exposed. In this paper, we will revisit and debunk top ten wireless security myths.

TechnologyBusiness
1 of 5
Download to read offline
AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths A White Paper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com © 2008 AirTight Networks, Inc. All rights reserved.
AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Understanding of wireless security is unfortunately marred by many myths. Some are even propagated as wireless LAN best practices. Plug-and-play wireless users tend to blindly follow these diktats without confirming their veracity. In turn, they only end up contributing to wireless malpractices galore. Myths about wireless security can be both dangerous and costly. Many organizations spend valuable resources in implementing these urban legends that give a false sense of security and leave private networks and sensitive data exposed. In this paper, we will revisit and debunk top ten wireless security myths. Myth #1: My wireless LAN (WLAN) is safe because I have a firewall securing my wired corporate LAN from the Internet. Non-wireless security solutions such as firewall and intrusion detection systems operate at layer 3 (i.e., network layer) and above. A WLAN presents a potential entry point into your wired corporate LAN at layers 1 and 2 (i.e., physical and link layers), circumventing all wired security measures. Your authorized users can bypass your firewall policies and content filters using wireless access and connect to potentially dangerous external WLANs. In short, wireless has made the traditional “harden-the-network-perimeter” approach obsolete. Myth #2: I already got my wired corporate LAN scanned from an auditor, so I do not need to worry about wireless security threats. Non-wireless scanning tools are powerful in detecting anomalies and vulnerabilities on a wired network. But they fail to capture vulnerabilities at layers 1 and 2 of the wireless LAN. It is a good idea to periodically audit your network against wireless vulnerabilities using appropriate wireless vulnerability assessment solutions. © 2008 AirTight Networks, Inc. All rights reserved. 2
AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Myth #3: My company does not own a wireless LAN, so I do not need to worry about wireless security threats. Even if an enterprise does not own a wireless LAN, today, it is almost impossible to remain untouched by the wireless presence. Employees may deploy a rogue AP or unauthorized, malicious users may connect wireless devices opening backdoors to your organization’s private backbone network. Employees using laptops may access external WLANs exposing sensitive data. This means that even a single wireless device on your premises, let alone a wireless LAN, can open a wireless backdoor to your corporate back- bone network that is otherwise protected. Hence, even if an enterprise does not officially deploy a WLAN, it must address the wireless security threat. Myth #4: We use WEP to secure all our WiFi communication, so our over-the-air data is secure. The legacy Wired Equivalent Privacy (WEP) encryption gives a false sense of security. It is well-known that WEP is broken and can be compromised in minutes exposing over-the- air data. Using WEP is widely considered as a malpractice by wireless security experts. Organizations should replace WEP by more recent, stronger alternatives such as WPA2 or at least adopt other remediation solutions that proactively protect WEP devices. Myth #5: We use WPAWPA2802.11i for all our WiFi communication, so our network is secure. As a response to the flaws in WEP, WiFi Protected Access (WPA) was proposed. It was upgraded to WPA2-the implementation of the IEEE 802.11i standard. WPA or WPA2, if used with pre-shared key (PSK) are still vulnerable to dictionary attacks that can crack the password. Further, simply using WPA/WPA2 does not secure your network. Vulnerabilities such as rogue APs, clients misassociating with external APs and ad-hoc networks that bypass your security policy control can still expose your data and network to unauthorized access. Denial-of-service attacks can also continue to disrupt your WLAN. Myth #6: LEAP enables effective WLAN security. The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary security solution developed by Cisco. The authentication mechanism in LEAP, based on the MS-CHAPv2 protocol, is known to be flawed. It can be exploited using a brute force dictionary attack, and has in fact been rated by the CVE standard as a highest severity vulnerability. Even using strong passwords with LEAP does not obviate the threat. © 2008 AirTight Networks, Inc. All rights reserved. 3
AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Myth #7: MAC address filtering on wireless access points is effective in securing WLANs. Bypassing MAC filtering is easy. Freely available software tools can be used to sniff MAC addresses being used by devices in the vicinity. MAC spoofing is one of the easiest attacks to launch, and filtering MAC addresses does not provide any security for your wireless LAN. MAC filtering is not only ineffective, but it is cumbersome to maintain for a reasonable-sized wireless LAN. Myth #8: Turning off SSID broadcast is a step towards securing a WLAN. It is a common misconception that turning off SSID broadcast on a wireless AP will not allow unauthorized users to discover the AP. Freely available software tools exist that actively probe and discover APs that respond to these probes. Passive sniffing of wireless traffic can also allow hackers to discover wireless APs in the vicinity. Turning off SSID broadcast is not only ineffective, but it in fact leads to another severe vulnerability. Authorized clients that usually connect to enterprise APs, probe for the hidden SSID. A hacker can sniff this information and use it to launch a honeypot attack. Myth #9: Need for wireless security ends in my airspace. Managing wireless vulnerabilities is not limited to an organization’s premises. Wireless users carry their corporate laptops when they travel. If they connect to WLANs outside the premise, say in a coffee shop across the world, they are still at risk. Recent survey by AirTight Networks at several airports in the US and worldwide captured the elevated threats to wireless devices from viral SSIDs and ad-hoc networks. To carry wireless security on the road, wireless client security software—that enforces corporate security policies and manages how a wireless client behaves and connects—is essential. Myth #10: Need for wireless security is hyped. Non-wireless vulnerability assessment tools fail miserably to capture wireless vulner- abilities and hence tend to mislead users in believing that wireless vulnerabilities do not exist. Businesses can ignore wireless security at their own peril. Many published studies across industry and academia show that wireless is everywhere and so are wireless threats. Recently, advisory firms such as RSA, Gartner, SANS, and Farpoint Group have repeatedly ranked wireless security as a top ten concern. To conclude, stay away from these fallacies. Implement real security measures for protecting your networks and data. © 2008 AirTight Networks, Inc. All rights reserved. 4
AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths About AirTight Networks AirTight Networks is the industry standard for wireless vulnerability management and the only company that offers a flexible, end-to-end solution that gives customers visibility into their wireless security posture and a choice in how they manage it. AirTight’s SpectraGuard Enterprise provides a robust wireless intrusion prevention system (WIPS). Its SpectraGuard Online service is the world’s first on demand wireless vulnerability management service which provides a flexible approach to addressing wireless vulner- abilities with no capital investment. AirTight’s patented technology delivers the key elements of an effective WIPS to eliminate false alarms, block wireless threats immediately and automatically and locate wireless devices and events with pinpoint precision. AirTight’s customers include global retail, financial services, corporate, education and government organizations. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit www.airtightnetworks.com Wireless Vulnerability Management AirTight Networks, Inc. 339 N. Bernardo Avenue #200, Mountain View, CA 94043 T +1.877.424.7844 T 650.961.1111 F 650.961.1169 www.airtightnetworks.com info@airtightnetworks.com © 2008 AirTight Networks, Inc. All rights reserved. AirTight Networks and the AirTight Networks logo are trademarks, and AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks mentioned herein are properties of their respective owners. Specifications are subject to change without notice.

Recommended

Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseAirTight Networks
 
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Networks
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsAirTight Networks
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecurityAirTight Networks
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...AirTight Networks
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitAirTight Networks
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfAirTight Networks
 
Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?AirTight Networks
 

Recommended

Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseAirTight Networks
 
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Networks
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsAirTight Networks
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecurityAirTight Networks
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...AirTight Networks
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitAirTight Networks
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfAirTight Networks
 
Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?AirTight Networks
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013AirTight Networks
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks
 
Financial Districs Wi Fi Scan
Financial Districs Wi Fi ScanFinancial Districs Wi Fi Scan
Financial Districs Wi Fi ScanAirTight Networks
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesAirTight Networks
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w TutorialAirTight Networks
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight Networks
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014AirTight Networks
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration AirTight Networks
 
AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution briefAirTight Networks
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1AirTight Networks
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsAirTight Networks
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseAirTight Networks
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsAirTight Networks
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?AirTight Networks
 
When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksAirTight Networks
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte AttackAirTight Networks
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAirTight Networks
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

More Related Content

Viewers also liked

Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013AirTight Networks
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks
 
Financial Districs Wi Fi Scan
Financial Districs Wi Fi ScanFinancial Districs Wi Fi Scan
Financial Districs Wi Fi ScanAirTight Networks
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesAirTight Networks
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight Networks
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014AirTight Networks
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration AirTight Networks
 

Viewers also liked (9)

Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your Enterprise
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6
 
Financial Districs Wi Fi Scan
Financial Districs Wi Fi ScanFinancial Districs Wi Fi Scan
Financial Districs Wi Fi Scan
 
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
 

More from AirTight Networks

AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution briefAirTight Networks
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1AirTight Networks
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsAirTight Networks
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseAirTight Networks
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsAirTight Networks
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?AirTight Networks
 
When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksAirTight Networks
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAirTight Networks
 

More from AirTight Networks (11)

AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSP
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution brief
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1
 
WPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQsWPA2 Hole196 Vulnerability FAQs
WPA2 Hole196 Vulnerability FAQs
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the Enterprise
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
 
When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS Attacks
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan Analysis
 

Recently uploaded

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Dispelling Top Ten Wireless Security Myths

  • 1. AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths A White Paper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com © 2008 AirTight Networks, Inc. All rights reserved.
  • 2. AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Understanding of wireless security is unfortunately marred by many myths. Some are even propagated as wireless LAN best practices. Plug-and-play wireless users tend to blindly follow these diktats without confirming their veracity. In turn, they only end up contributing to wireless malpractices galore. Myths about wireless security can be both dangerous and costly. Many organizations spend valuable resources in implementing these urban legends that give a false sense of security and leave private networks and sensitive data exposed. In this paper, we will revisit and debunk top ten wireless security myths. Myth #1: My wireless LAN (WLAN) is safe because I have a firewall securing my wired corporate LAN from the Internet. Non-wireless security solutions such as firewall and intrusion detection systems operate at layer 3 (i.e., network layer) and above. A WLAN presents a potential entry point into your wired corporate LAN at layers 1 and 2 (i.e., physical and link layers), circumventing all wired security measures. Your authorized users can bypass your firewall policies and content filters using wireless access and connect to potentially dangerous external WLANs. In short, wireless has made the traditional “harden-the-network-perimeter” approach obsolete. Myth #2: I already got my wired corporate LAN scanned from an auditor, so I do not need to worry about wireless security threats. Non-wireless scanning tools are powerful in detecting anomalies and vulnerabilities on a wired network. But they fail to capture vulnerabilities at layers 1 and 2 of the wireless LAN. It is a good idea to periodically audit your network against wireless vulnerabilities using appropriate wireless vulnerability assessment solutions. © 2008 AirTight Networks, Inc. All rights reserved. 2
  • 3. AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Myth #3: My company does not own a wireless LAN, so I do not need to worry about wireless security threats. Even if an enterprise does not own a wireless LAN, today, it is almost impossible to remain untouched by the wireless presence. Employees may deploy a rogue AP or unauthorized, malicious users may connect wireless devices opening backdoors to your organization’s private backbone network. Employees using laptops may access external WLANs exposing sensitive data. This means that even a single wireless device on your premises, let alone a wireless LAN, can open a wireless backdoor to your corporate back- bone network that is otherwise protected. Hence, even if an enterprise does not officially deploy a WLAN, it must address the wireless security threat. Myth #4: We use WEP to secure all our WiFi communication, so our over-the-air data is secure. The legacy Wired Equivalent Privacy (WEP) encryption gives a false sense of security. It is well-known that WEP is broken and can be compromised in minutes exposing over-the- air data. Using WEP is widely considered as a malpractice by wireless security experts. Organizations should replace WEP by more recent, stronger alternatives such as WPA2 or at least adopt other remediation solutions that proactively protect WEP devices. Myth #5: We use WPAWPA2802.11i for all our WiFi communication, so our network is secure. As a response to the flaws in WEP, WiFi Protected Access (WPA) was proposed. It was upgraded to WPA2-the implementation of the IEEE 802.11i standard. WPA or WPA2, if used with pre-shared key (PSK) are still vulnerable to dictionary attacks that can crack the password. Further, simply using WPA/WPA2 does not secure your network. Vulnerabilities such as rogue APs, clients misassociating with external APs and ad-hoc networks that bypass your security policy control can still expose your data and network to unauthorized access. Denial-of-service attacks can also continue to disrupt your WLAN. Myth #6: LEAP enables effective WLAN security. The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary security solution developed by Cisco. The authentication mechanism in LEAP, based on the MS-CHAPv2 protocol, is known to be flawed. It can be exploited using a brute force dictionary attack, and has in fact been rated by the CVE standard as a highest severity vulnerability. Even using strong passwords with LEAP does not obviate the threat. © 2008 AirTight Networks, Inc. All rights reserved. 3
  • 4. AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths Myth #7: MAC address filtering on wireless access points is effective in securing WLANs. Bypassing MAC filtering is easy. Freely available software tools can be used to sniff MAC addresses being used by devices in the vicinity. MAC spoofing is one of the easiest attacks to launch, and filtering MAC addresses does not provide any security for your wireless LAN. MAC filtering is not only ineffective, but it is cumbersome to maintain for a reasonable-sized wireless LAN. Myth #8: Turning off SSID broadcast is a step towards securing a WLAN. It is a common misconception that turning off SSID broadcast on a wireless AP will not allow unauthorized users to discover the AP. Freely available software tools exist that actively probe and discover APs that respond to these probes. Passive sniffing of wireless traffic can also allow hackers to discover wireless APs in the vicinity. Turning off SSID broadcast is not only ineffective, but it in fact leads to another severe vulnerability. Authorized clients that usually connect to enterprise APs, probe for the hidden SSID. A hacker can sniff this information and use it to launch a honeypot attack. Myth #9: Need for wireless security ends in my airspace. Managing wireless vulnerabilities is not limited to an organization’s premises. Wireless users carry their corporate laptops when they travel. If they connect to WLANs outside the premise, say in a coffee shop across the world, they are still at risk. Recent survey by AirTight Networks at several airports in the US and worldwide captured the elevated threats to wireless devices from viral SSIDs and ad-hoc networks. To carry wireless security on the road, wireless client security software—that enforces corporate security policies and manages how a wireless client behaves and connects—is essential. Myth #10: Need for wireless security is hyped. Non-wireless vulnerability assessment tools fail miserably to capture wireless vulner- abilities and hence tend to mislead users in believing that wireless vulnerabilities do not exist. Businesses can ignore wireless security at their own peril. Many published studies across industry and academia show that wireless is everywhere and so are wireless threats. Recently, advisory firms such as RSA, Gartner, SANS, and Farpoint Group have repeatedly ranked wireless security as a top ten concern. To conclude, stay away from these fallacies. Implement real security measures for protecting your networks and data. © 2008 AirTight Networks, Inc. All rights reserved. 4
  • 5. AIRTIGHT NETWORKS WHITE PAPER Dispelling Top Ten Wireless Security Myths About AirTight Networks AirTight Networks is the industry standard for wireless vulnerability management and the only company that offers a flexible, end-to-end solution that gives customers visibility into their wireless security posture and a choice in how they manage it. AirTight’s SpectraGuard Enterprise provides a robust wireless intrusion prevention system (WIPS). Its SpectraGuard Online service is the world’s first on demand wireless vulnerability management service which provides a flexible approach to addressing wireless vulner- abilities with no capital investment. AirTight’s patented technology delivers the key elements of an effective WIPS to eliminate false alarms, block wireless threats immediately and automatically and locate wireless devices and events with pinpoint precision. AirTight’s customers include global retail, financial services, corporate, education and government organizations. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit www.airtightnetworks.com Wireless Vulnerability Management AirTight Networks, Inc. 339 N. Bernardo Avenue #200, Mountain View, CA 94043 T +1.877.424.7844 T 650.961.1111 F 650.961.1169 www.airtightnetworks.com info@airtightnetworks.com © 2008 AirTight Networks, Inc. All rights reserved. AirTight Networks and the AirTight Networks logo are trademarks, and AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks mentioned herein are properties of their respective owners. Specifications are subject to change without notice.