Most wireless access points come preconfigured or have an automatic setup routine that lets you simply connect the access point to create a simple wireless network. However, the default configuration typically has little or no security. Wireless networks are vulnerable to the following specific security attacks:
Vulnerability |
Description |
War driving |
With war driving, an attacker scans an area looking for available wireless networks. This is typically accomplished using a high-gain antenna, or by driving around looking for wireless networks in various locations. |
Hacker |
A hacker is anyone that commits computer and cyber crimes by gaining unauthorized access to computer systems. A hacker can exploit system vulnerabilities, elevate privilege, and introduce new vulnerabilities that allow the attacker greater access to systems and data on the network. |
Rogue access point |
A rogue access point is an unauthorized access point added to the network.
|
Spoofed access point |
A spoofed access point is an access point that is configured to look like a legitimate access point. Spoofed access points generally occur in a public area, such as an Internet cafe or public hotspot. The attacker sets up an open access point using an SSID that resembles the business name. The attacker can then monitor traffic of those connected to the spoofed access point. |
Countermeasures to these vulnerabilities include:
Countermeasure |
Description |
Authentication |
Authentication is the process of validating identity.
|
Encryption |
Encryption is the process of using an algorithm or other method to transform data from plaintext to unreadable text. Because wireless transmissions are easily captured, you should implement some form of encryption on your wireless network to lower the chances of attackers successfully discovering the packet's contents. |
Intrusion Detection System (IDS) |
An IDS is a hardware or software device that examines the network to identify possible in-progress attacks. An IDS monitors, logs, and detects security breaches, and generates alerts if the attack is deemed to be severe. |
Cisco Structured Wireless-Aware Network (SWAN) |
Cisco's SWAN is a proprietary approach to securing and managing wireless networks. With SWAN:
|
Credit: Testout 640-802 CCNA Notes
ไม่มีความเห็น