Case Project: Determining Vulnerabilities of Wireless Networks After conducting
ID: 3913384 • Letter: C
Question
Case Project: Determining Vulnerabilities of Wireless Networks
After conducting a security test on the Alexander Rocco network, you discover that the company has a wireless router configured to issue IP addresses to connecting stations. Vistumbler indicates that channel 6 is active, the SSID is linksys, and WEP is enabled.
Based on this information, write a one-page report listing possible vulnerabilities of the WLAN’s current configuration. Your report should include recommendations for improving wireless security.
Explanation / Answer
Possible vulnerabilities are following
1. ssid looks default
Service Set Identifier (SSID) sholuld not be factory default, and turn off SSID broadcasting. If possible, adjust access point (AP) antennas and power levels to avoid signal leakage to areas where coverage is neither required nor desirable.
2. Wireless data requires data encryption.
Built-in wireless LAN encryption (such as Wired Equivalent Privacy) is weak. Instead, use virtual private network technologies such as IPsec with triple DES to protect data. Avoid proprietary schemes in order to assure maximum interoperability
3. Limit or control where WLAN traffic can go.
If the wireless LAN is to be used for a selected purpose, such as to access an enterprise resource planning system, then place specific packet filters on the wireless LAN to allow only that access.
4. Should not place APs on desks or other places that can be easily accessed.
Unscrupulous visitors or careless employees can easily move, replace or reset the APs. Security can't be assured in such insecure locations. Instead, move management and security to the wiring closet.
5. Prevent denial-of-service attacks by ensuring adequate bandwidth management on the wireless LAN.
The wireless LAN bandwidth is relatively limited and shared by multiple users. Particularly in environments in which different users need to perform different mission-critical tasks, this bandwidth must be policed to provide fair access.