Attack Category/Target Countermeasures Man-in-the- Middle Message Confidentiality Physical Security T802.1x or VPNs; Strong Authentication Protocols PKI, Mutual Authentication, Secret Keys, Passwords etc. RF Jamming Network Availability Mac Filtering Firewalls (wired IDS (Wired, DMZ architecture i Dynamic Channel Assignment. Dictionary Attacks Crack passwords) Network Access Strong Password Policy, x and VPNs 802.11 Frame Injection Network Availability WPA & i (MIC Algorithm) Evil Twin AP Message Confidentiality Use of Wireless Intrusion Detection or Prevention System Use of X Port Access Control for robust mutual authentication Use of strong Extensible Authentication Protocol (EAP-TLS, EAP-TTLS, or PEAP) to check servers signature Use of product like Wavelink Avalanche or Windows Active Directory Group Policy Objects to administer 802.11 and X parameters on Windows PCs for centrally-manage PCs Users education. Session Hijacking Network Access ix VPNs AP Phishing Message Confidentiality Use of Wireless Intrusion Prevention System (WIPS); Use of strong Extensible Authentication Protocol (EAP-TLS, EAP- TTLS, or PEAP) to check servers signature Use of Personal Firewalls for Wireless Devices In summary, there are ten steps that need to betaken in order to deploy a secured enterprise wireless LAN after an assessment has been carried out. They are Document a wireless security policy Break the wireless network into SSIDs Implement access controls Deploy authentication credentials Encrypt wireless data Harden WLAN infrastructure Defend wireless clients Monitor wireless traffic Prevent wireless intrusions Enforce network security 28
Wireless Local Area Network (WLAN): Security Risk Assessment and Countermeasures Nwabude Arinze Sunday - 40 -
Wireless Local Area Network (WLAN): Security Risk Assessment and Countermeasures Nwabude Arinze Sunday - 41 -