WLANs are vulnerable to specialized attacks. Many of these attacks exploit
technology weaknesses since 802.11 WLAN security is relatively new. There are
also many configuration weaknesses since some companies are not using the
security features of WLANs on all their equipment. Many devices are shipped
with default administrator passwords. Finally, there are policy weaknesses.
When a company does not have a clear wireless policy on wireless usage,
employees may set up their own APs. An employee setup AP is known as a rogue
AP, which is rarely secure.
There are people eager, willing, and
qualified to take advantage of WLAN vulnerabilities. They are constantly trying
to discover and exploit new vulnerabilities. Numerous papers have been written
on the topic of 802.11 security. The following major vulnerabilities are
summarized:
- Weak device-only authentication - Client devices are authenticated. Users
are not authenticated.
- Weak data encryption - Wired Equivalent Privacy (WEP) has been proven
ineffective as a means to encrypt data.
- No message integrity – The Integrity Check Value (ICV) has been proven
ineffective as a means of ensuring message integrity.
802.11 security vulnerabilities can be a barrier to enterprise WLAN
deployment. To address these vulnerabilities, Cisco has developed the Cisco
Wireless Security Suite to provide robust enhancements to WEP encryption and
centralized, user-based authentication.
In this section, numerous
activities demonstrate the multiple methods utilized in configuring Cisco
wireless security.