Background and Risks Associated With Wireless Technologies

With the advent of wireless technology for transmitting data and voice, the well-known and relied upon controls instituted using perimeter devices are disappearing. Gone are the physical security controls, such as security guards, cameras and locks that were effective in protecting wired networks and data transmissions.

The major vulnerabilities result from the users of wireless technologies not addressing the following:

• Reliance on WEP for encryption
• Wireless networks not being segregated from other networks
• Descriptive SSID or AP names being used
• Hard-coded MAC addresses
• Weak or nonexistent key management
• Beacon packets that have not been disabled or are “enabled”
• Distributed APs
• Default passwords/IP addresses
• WEP weak key avoidance
• DHCP being used on WLANs
• Unprotected rogue access points
• The risks and threats associated with attacks against wireless networks are widespread including:
• Attacks where message traffic is captured and analyzed and encryption keys cracked, i.e., initialization vector—IV
• Resource theft, where Internet access is obtained that in return is used as a launch pad for other attacks, i.e., cyclincal redundancy check (CRC-32)
• Denial-of-service due to signal interference and propagation of threat from viruses and worms

In addition, as with other types of technologies, the greatest weakness with wireless security is not the technical shortcomings but out-of-the-box insecure installations. The human factor is typically the weakest link.

www.bestitdocuments.com