The Cisco-authorized CCNA-related courses suggest several categories of threats:Thinking about it, although the above category of threats pertain to Enterprise setting, the first two are applicable even to a SOHO or home user.
To reduce the risk of such attacks, three main types of tools can be used on a WLAN:
- War drivers: The attacker often just wants to gain Internet access for free. This person drives around, trying to find APs that have no security or weak security. The attacker can use easily downloaded tools and high-gain directional antennas (easily purchased and installed).
- Hackers: The motivation for hackers is to either find information or deny services. Interestingly, the end goal may be to compromise the hosts inside the wired network, using the wireless network as a way to access the Enterprise network without having to go through Internet connections that have firewalls.
- Employees: Employees can unwittingly help hackers gain access to the Enterprise network in several ways. An employee could go to an office supply store and buy an AP for less than $100, install the AP in his office, using default settings of no security, and create a small wireless LAN. This would allow a hacker to gain access to the rest of the Enterprise from the coffee shop across the street. Additionally, if the client does not use encryption, company data going between the legitimate employee client PC and the Enterprise network can be easily copied and understood by attackers outside the building.
- Rogue AP: The attacker captures packets in the existing wireless LAN, finding the SSID and cracking security keys (if they are used). Then the attacker can set up her own AP, with the same settings, and get the Enterprise's clients to use it. In turn, this can cause the individuals to enter their usernames and passwords, aiding in the next phase of the attacker's plan.
- Mutual authentication
- Intrusion Prevention tools
Interestingly, among the 3 approaches mentioned to reduce the risk of such attacks, Cisco focused most on the Authentication and Encryption tools to address the threat. Only recently they announced Adaptive Wireless Intrusion Prevention System as part of their Mobility solution. Looks like so far they thought good Authentication and Encryption would be enough to protect the WLAN from attacks. However, Cisco is accepting the need of Wireless IPS now, something it was seen as denying so far.