Rogue Access Points and Devices

For the protection of privacy in mind using the Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) authentication in wireless network deployment and counter mode with cipher-block chaining message authentication code Protocol (CCMP). If this concept is foreign to you because they will soon be explained, don't worry. Simply put, right now, this is a very powerful method of authentication and encryption.

Now, though, it is assumed that in some buildings, access point is placed improperly, labs and buildings around the Conference Room access to poor radio coverage and it hard to connect to the wireless network when they connect, they experience very poor performance. With axioms people love free wireless and mobility, so in Conference rooms and laboratories of poor end-user experience creates unexpected motivation of employees to deploy "rogue" access points.

Some employees, almost invariably and quite innocently, will bring a cheaper product from a local electronics store in Conference rooms or laboratories one of the access points with poor coverage, find free Ethernet jacks, and the deployment of an unauthorized, rogue access points, possibly with weak security is best.

Obviously, this was a catastrophic network security vulnerabilities. Conference room or lab location along the surrounding buildings would almost guarantee the radio signals from the access point can be accessed from outside the building. Attackers often find unsecured Wlan to use and does not require too much technical skills, to find them. If an unauthorized user is associated to the rogue users free access to a business network, you can do all kinds of naughty things.

In this example, authorized to implement stronger authentication and encryption of wireless network security. But there is no obvious weaknesses, unlike the official wireless network, wireless security has a serious problem!

This example shows a Cisco is commonly termed "frustration inside" rogue access point. These are rogue access points deployed by the internal personnel experience frustration because there is no wireless access or decay of WLAN performance.

Although the "malicious" rogue access point device has a whole different class. Damage these are rogue wireless devices in your network the singular purpose of bad guys. Is not difficult to imagine tailgating to bypass the building security in your enterprise, and then find an available Ethernet jacks and deploy rogue access points, he can later use employee parasites attack from outside the building.

There is software available, that can become any one computer with a wireless network adapter is a software-based access points. Attackers use these software-based access points to persuade a wireless client to connect to them. Wireless client connections, attackers attempt to trick, wireless clients will give valuable information or other attackers to compromise in any way on the client device. This method of attack is particularly effective in the environment of public hotspots.

Vulnerabilities Inherent to the Standards Definitions

The underlying IEEE 802.11 standards definitions have some inherent vulnerabilities, which fall into two categories:

• Authentication and encryption weaknesses
• Unauthenticated management and control frames

The sections that follow look at some of the details.

Authentication and Encryption Weaknesses:

Authentication simply through the use of technologies to determine who and which devices are not allowed to the network and those who control access to the network and network resources. Encryption protects data frames on the network, the encryption algorithm used to obfuscate the contents of the frame border crossing. When you consider the vulnerabilities inherent in the transmission of media, it is quite obvious why it is really important that the security concept and the Wlan authentication and encryption.

The original IEEE 802.11 standard was announced in 1997 and called out to call for short wired equivalent privacy or WEP authentication and data privacy mechanism. This name because it reflects the standards designers provide a roughly equivalent to your wireless with wired Ethernet network data privacy framework that the original target. In other words, it is supposed to be as difficult to break WEP encryption because it is a violation of the physical security of enterprises in order to gain access to the wired network. WEP standard was designed to be "reasonably strong" safety and implement tradeoff between simplicity and exportability.


WEP shared key concepts. WEP WLAN to connect the two terminals share a secret key. WEP key can be used to authenticate the wireless devices if a device has a WEP key, it must be empowered!

Additionally encrypted using WEP key wireless LAN data transmission between each end of the connection. Original 1997 versions of the 802.11 specifications call out a 40-bit WEP key. In 1999, the specification allows expansion to a 104-bit key lengths. These keys to statically configure WLAN devices will be used.

Because 802.11 WLAN technologies began to take off, a lot of smart people in the cryptographic community began to take a good look at WEP as a security mechanism. In 2000 and 2001, several publishing landmark document detailing the WEP key issues. If you're really interested, the document lists the reference at the end of this chapter, they make excellent reading to combat insomnia.

These documents were published not long after, exploit tools appeared on the scene. These tools now readily available on the Internet, it is very easy to use, even for novices. So the most important thing to know about WEP is its irreversibility of Ley lines, and should not be used. It is worth repeating: WEP is entirely due to incorrect data privacy encryption flaws; do not use it.

Known to WEP WLAN security is not the answer, I of the IEEE developed 802.11 working group with a strong security plan for the future. 802.11 in 2004 I approved the work of the task force.

While I of the 802.11 standards are in draft form, the Wi-Fi Alliance released its claims based on a subset I of the 802.11 standard. The first iteration of these requirements is called Wi-Fi Protected Access (WPA). Updates to these requirements is based on a complete and approved 802.11 standards I, known as Wi-Fi Protected Access version 2 (time). Industry as a whole has been relocated to the 802.11 i/WPAv2 based on safety, this is where you should be. In later chapters, you'll learn more about WPAv2.

Understanding WLAN Security Challenges

You should know what you're trying to ensure safety and learn how the bad guys try to take advantage of their vulnerability point for any network. How can you really separate the hype and sensible security policy design and choose the right WLAN security technology?

This will give those old quotes about understanding your enemy from the likes of the importance of the art of war is a good place. But we know that's disgusting all the good that has been used by other authors quotes. So we'll spare you (and myself).

Instead, let us into the right to discuss security risks. Discussions Center on the back of Wlan security risk rather than specific attacks and weaknesses of regional areas. This is basically because the books have a long life, and you're reading this, today's latest and greatest wireless LAN vulnerabilities may be old news. But the risk remains unchanged. The risk discussion is, as follows:

• Vulnerability inherent in radio transmission media
• Vulnerabilities inherent in standard definition
• Flows inherent vulnerability
• Readily available performance analysis and attack tools
• Misconfigured wireless devices and clients
• Rogue access points and equipment

Summary the following section should have a good overview of Wlan real risks and should be ready to have a closer look at the building blocks to address these vulnerabilities.