302:
Thus the user may not even know they have an unsecured Ad hoc network in operation on their computer. If they are also using a wired or wireless infrastructure network at the same time, they are providing a bridge to the secured organizational network through the unsecured Ad hoc connection. Bridging is in two forms. A direct bridge, which requires the user actually configure a bridge between the two connections and is thus unlikely to be initiated unless explicitly desired, and an indirect bridge which is the shared resources on the user computer. The indirect bridge may expose private data that is shared from the user's computer to LAN connections, such as shared folders or private
Network Attached Storage, making no distinction between authenticated or private connections and unauthenticated Ad-Hoc networks. This presents no threats not already familiar to open/public or unsecured wifi access points, but firewall rules may be circumvented in the case of poorly configured operating systems or local settings.
373:). Once this is done, the hacker connects to a real access point through another wireless card offering a steady flow of traffic through the transparent hacking computer to the real network. The hacker can then sniff the traffic. One type of man-in-the-middle attack relies on security faults in challenge and handshake protocols to execute a âde-authentication attackâ. This attack forces AP-connected computers to drop their connections and reconnect with the hacker's soft AP (disconnects the user from the modem so they have to connect again using their password which one can extract from the recording of the event). Man-in-the-middle attacks are enhanced by software such as LANjack and AirJack which automate multiple steps of the process, meaning what once required some skill can now be done by
62:(WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a
1286:(which some consider to be the future of the internet ) is already in place. One could roam around and always be connected to Internet if the nodes were open to the public, but due to security concerns, most nodes are encrypted and the users do not know how to disable encryption. Many people consider it proper etiquette to leave access points open to the public, allowing free access to Internet. Others think the default encryption provides substantial protection at small inconvenience, against dangers of open access that they fear may be substantial even on a home DSL router.
20:
405:
recovery of the wireless network, during which all of the initial handshake codes are re-transmitted by all devices, providing an opportunity for the malicious attacker to record these codes and use various cracking tools to analyze security weaknesses and exploit them to gain unauthorized access to the system. This works best on weakly encrypted systems such as WEP, where there are a number of tools available which can launch a dictionary style attack of "possibly accepted" security keys based on the "model" security key captured during the network recovery.
1305:. For example, when accessing an internet bank, one would almost always use strong encryption from the web browser and all the way to the bank â thus it should not be risky to do banking over an unencrypted wireless network. The argument is that anyone can sniff the traffic applies to wired networks too, where system administrators and possible hackers have access to the links and can read the traffic. Also, anyone knowing the keys for an encrypted wireless network can gain access to the data being transferred over the network.
357:
detect it. Anyone with an 802.11 receiver (laptop and wireless adapter) and a freeware wireless packet analyzer can obtain the MAC address of any transmitting 802.11 within range. In an organizational environment, where most wireless devices are "on the air" throughout the active working shift, MAC filtering provides only a false sense of security since it prevents only "casual" or unintended connections to the organizational infrastructure and does nothing to prevent a directed attack.
843:(EAP) have initiated an even greater amount of security. This, as EAP uses a central authentication server. Unfortunately, during 2002 a Maryland professor discovered some shortcomings . Over the next few years these shortcomings were addressed with the use of TLS and other enhancements. This new version of EAP is now called Extended EAP and is available in several versions; these include: EAP-MD5, PEAPv0, PEAPv1, EAP-MSCHAPv2, LEAP, EAP-FAST, EAP-TLS, EAP-TTLS, MSCHAPv2, and EAP-SIM.
97:
752:) to establish the security using an 8 to 63 character passphrase. The PSK may also be entered as a 64 character hexadecimal string. Weak PSK passphrases can be broken using off-line dictionary attacks by capturing the messages in the four-way exchange when the client reconnects after being deauthenticated. Wireless suites such as
904:
client and the network are authenticated using certificates and per-session WEP keys. EAP-FAST also offers good protection. EAP-TTLS is another alternative made by
Certicom and Funk Software. It is more convenient as one does not need to distribute certificates to users, yet offers slightly less protection than EAP-TLS.
764:
announcement of this 'crack' was somewhat overblown by the media, because as of August, 2009, the best attack on WPA (the Beck-Tews attack) is only partially successful in that it only works on short data packets, it cannot decipher the WPA key, and it requires very specific WPA implementations in order to work.
1122:
Rate limiting frustrates both the attacker, and the legitimate users. This helps but does not fully solve the problem. Once DoS traffic clogs the access line going to the internet, there is nothing a border firewall can do to help the situation. Most DoS attacks are problems of the community which
1075:
It is practical in some cases to apply specialized wall paint and window film to a room or building to significantly attenuate wireless signals, which keeps the signals from propagating outside a facility. This can significantly improve wireless security because it is difficult for hackers to receive
301:
The security hole provided by Ad hoc networking is not the Ad hoc network itself but the bridge it provides into other networks, usually in the corporate environment, and the unfortunate default settings in most versions of
Microsoft Windows to have this feature turned on unless explicitly disabled.
1308:
If services like file shares, access to printers etc. are available on the local net, it is advisable to have authentication (i.e. by password) for accessing it (one should never assume that the private network is not accessible from the outside). Correctly set up, it should be safe to allow access
981:
The newest and most rigorous security to implement into WLAN's today is the 802.11i RSN-standard. This full-fledged 802.11i standard (which uses WPAv2) however does require the newest hardware (unlike WPAv1), thus potentially requiring the purchase of new equipment. This new hardware required may be
968:
The disadvantage with the end-to-end method is, it may fail to cover all traffic. With encryption on the router level or VPN, a single switch encrypts all traffic, even UDP and DNS lookups. With end-to-end encryption on the other hand, each service to be secured must have its encryption "turned on",
944:
encryption methods are not good enough for protecting valuable data like passwords and personal emails. Those technologies add encryption only to parts of the communication path, still allowing people to spy on the traffic if they have gained access to the wired network somehow. The solution may be
903:
There are other types of
Extensible Authentication Protocol implementations that are based on the EAP framework. The framework that was established supports existing EAP types as well as future authentication methods. EAP-TLS offers very good protection because of its mutual authentication. Both the
108:
The risks to users of wireless technology have increased as the service has become more popular. There were relatively few dangers when wireless technology was first introduced. Hackers had not yet had time to latch on to the new technology, and wireless networks were not commonly found in the work
1137:
With increasing number of mobile devices with 802.1X interfaces, security of such mobile devices becomes a concern. While open standards such as Kismet are targeted towards securing laptops, access points solutions should extend towards covering mobile devices also. Host based solutions for mobile
1109:
Only when the firewall gets back an ACK, which would happen only in a legitimate connection, would the firewall send the original SYN segment on to the server for which it was originally intended. The firewall does not set aside resources for a connection when a SYN segment arrives, so handling a
404:
The DoS attack in itself does little to expose organizational data to a malicious attacker, since the interruption of the network prevents the flow of data and actually indirectly protects data by preventing it from being transmitted. The usual reason for performing a DoS attack is to observe the
356:
MAC filtering is effective only for small residential (SOHO) networks, since it provides protection only when the wireless device is "off the air". Any 802.11 device "on the air" freely transmits its unencrypted MAC address in its 802.11 headers, and it requires no special equipment or software to
257:
Violation of the security perimeter of a corporate network can come from a number of different methods and intents. One of these methods is referred to as âaccidental associationâ. When a user turns on a computer and it latches on to a wireless access point from a neighboring company's overlapping
129:
installed do not feel that they need to address wireless security concerns. In-Stat MDR and META Group have estimated that 95% of all corporate laptop computers that were planned to be purchased in 2005 were equipped with wireless cards. Issues can arise in a supposedly non-wireless organization
1118:
Rate limiting can be used to reduce a certain type of traffic down to an amount the can be reasonably dealt with. Broadcasting to the internal network could still be used, but only at a limited rate for example. This is for more subtle DoS attacks. This is good if an attack is aimed at a single
520:
There is no ready designed system to prevent from fraudulent usage of wireless communication or to protect data and functions with wirelessly communicating computers and other entities. However, there is a system of qualifying the taken measures as a whole according to a common understanding what
1297:
The wireless network is after all confined to a small geographical area. A computer connected to the
Internet and having improper configurations or other security problems can be exploited by anyone from anywhere in the world, while only clients in a small geographical range can exploit an open
1289:
The density of access points can even be a problem â there are a limited number of channels available, and they partly overlap. Each channel can handle multiple networks, but places with many private wireless networks (for example, apartment complexes), the limited number of Wi-Fi radio channels
1105:
Validating the handshake involves creating false opens, and not setting aside resources until the sender acknowledges. Some firewalls address SYN floods by pre-validating the TCP handshake. This is done by creating false opens. Whenever a SYN segment arrives, the firewall sends back a SYN/ACK
763:
There was information, however, that Erik Tews (the man who created the fragmentation attack against WEP) was going to reveal a way of breaking the WPA TKIP implementation at Tokyo's PacSec security conference in
November 2008, cracking the encryption on a packet in 12 to 15 minutes. Still, the
453:
requests, which the malicious access point uses to obtain keystream data. The malicious access point then repeatedly sends a deauthentication packet to the client, causing the client to disconnect, reconnect, and send additional ARP requests, which the malicious access point then uses to obtain
1298:
wireless access point. Thus the exposure is low with an open wireless access point, and the risks with having an open wireless network are small. However, one should be aware that an open wireless router will give access to the local network, often including access to file shares and printers.
261:
Accidental association is a case of wireless vulnerability called as "mis-association". Mis-association can be accidental, deliberate (for example, done to bypass corporate firewall) or it can result from deliberate attempts on wireless clients to lure them into connecting to attacker's APs.
1165:
Mobile patient monitoring devices are becoming an integral part of healthcare industry and these devices will eventually become the method of choice for accessing and implementing health checks for patients located in remote areas. For these types of patient monitoring systems, security and
248:
The modes of unauthorised access to links, to functions and to data is as variable as the respective entities make use of program code. There does not exist a full scope model of such threat. To some extent the prevention relies on known modes and methods of attack and relevant methods for
1187:
needs to be integrated. This server can be a computer on the local network, an access point / router with integrated authentication server, or a remote server. AP's/routers with integrated authentication servers are often very expensive and specifically an option for commercial usage like
1273:
used for remote network access. RADIUS, developed in 1991, was originally proprietary but then published in 1997 under ISOC documents RFC 2138 and RFC 2139. The idea is to have an inside server act as a gatekeeper by verifying identities through a username and password that is already
496:, and large organizations, the preferred solution is often to have an open and unencrypted, but completely isolated wireless network. The users will at first have no access to the Internet nor to any local network resources. Commercial providers usually forward all web traffic to a
507:
Wireless networks are less secure than wired ones; in many offices intruders can easily visit and hook up their own computer to the wired network without problems, gaining access to the network, and it is also often possible for remote intruders to gain access to the network through
397:) or network with bogus requests, premature successful connection messages, failure messages, and/or other commands. These cause legitimate users to not be able to get on the network and may even cause the network to crash. These attacks rely on the abuse of protocols such as the
1322:
On the other hand, in some countries including
Germany, persons providing an open access point may be made (partially) liable for any illegal activity conducted via this access point. Also, many contracts with ISPs specify that the connection may not be shared with other persons.
969:
and often every connection must also be "turned on" separately. For sending emails, every recipient must support the encryption method, and must exchange keys correctly. For Web, not all web sites offer https, and even if they do, the browser sends out IP addresses in clear text.
258:
network, the user may not even know that this has occurred. However, it is a security breach in that proprietary company information is exposed and now there could exist a link from one company to the other. This is especially true if the laptop is also hooked to a wired network.
84:
have found wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks. As a result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.
822:
This stands for
Temporal Key Integrity Protocol and the acronym is pronounced as tee-kip. This is part of the IEEE 802.11i standard. TKIP implements per-packet key mixing with a re-keying system and also provides a message integrity check. These avoid the problems of WEP.
270:âMalicious associationsâ are when wireless devices can be actively made by attackers to connect to a company network through their laptop instead of a company access point (AP). These types of laptops are known as âsoft APsâ and are created when a cyber criminal runs some
130:
when a wireless laptop is plugged into the corporate network. A hacker could sit out in the parking lot and gather information from it through laptops and/or other devices, or even break in through this wireless cardâequipped laptop and gain access to the wired network.
297:
networks can pose a security threat. Ad hoc networks are defined as networks between wireless computers that do not have an access point in between them. While these types of networks usually have little protection, encryption methods can be used to provide security.
249:
suppression of the applied methods. However, each new mode of operation will create new options of threatening. Hence prevention requires a steady drive for improvement. The described modes of attack are just a snapshot of typical methods and scenarios where to apply.
693:(WPA and WPA2) security protocols were later created to address the problems with WEP. If a weak password, such as a dictionary word or short character string is used, WPA and WPA2 can be cracked. Using a long enough random password (e.g. 14 random letters) or
146:, gain unauthorized access to internal network resources as well as to the internet, and then use the information and resources to perform disruptive or illegal acts. Such security breaches have become important concerns for both enterprise and home networks.
113:
methods, and in the carelessness and ignorance that exists at the user and corporate IT level. Hacking methods have become much more sophisticated and innovative with wireless access. Hacking has also become much easier and more accessible with easy-to-use
429:. The hacker injects bogus networking re-configuration commands that affect routers, switches, and intelligent hubs. A whole network can be brought down in this manner and require rebooting or even reprogramming of all intelligent networking devices.
224:
like disabling open switchports during switch configuration and VLAN configuration to limit network access are available to protect the network and the information it contains, but such countermeasures must be applied uniformly to all network devices.
187:, thus allowing all the PCs in the home to access the Internet through the "base" PC. However, lack of knowledge among users about the security issues inherent in setting up such systems often may allow others nearby access to the connection. Such
1096:
This may have negative effects if done automatically. An attacker could knowingly spoof attack packets with the IP address of a corporate partner. Automated defenses could block legitimate traffic from that partner and cause additional problems.
237:(M2M) communication. Such industrial applications often have specific security requirements. Evaluation of these vulnerabilities and the resulting vulnerability catalogs in an industrial context when considering WLAN, NFC and ZigBee are available.
1729:
869:
and helps minimize the original security flaws by using WEP and a sophisticated key management system. This EAP-version is safer than EAP-MD5. This also uses MAC address authentication. LEAP is not secure; THC-LeapCracker can be used to break
543:(WIPS) is a concept for the most robust way to counteract wireless security risks. However such WIPS does not exist as a ready designed solution to implement as a software package. A WIPS is typically implemented as an overlay to an existing
1092:
Black holing is one possible way of stopping a DoS attack. This is a situation where we drop all IP packets from an attacker. This is not a very good long-term strategy because attackers can change their source address very quickly.
892:
This stands for
Protected Extensible Authentication Protocol. This protocol allows for a secure transport of data, passwords, and encryption keys without the need of a certificate server. This was developed by Cisco, Microsoft, and
720:
Wi-Fi
Protected Access (WPA) is a software/firmware improvement over WEP. All regular WLAN-equipment that worked with WEP are able to be simply upgraded and no new equipment needs to be bought. WPA is a trimmed-down version of the
1174:
In order to implement 802.11i, one must first make sure both that the router/access point(s), as well as all client devices are indeed equipped to support the network encryption. If this is done, a server such as
972:
The most prized resource is often access to the Internet. An office LAN owner seeking to restrict such access will face the nontrivial enforcement task of having each user authenticate themselves for the router.
464:
The attack was named the "Caffe Latte" attack by researcher Vivek Ramachandran because it could be used to obtain the WEP key from a remote traveler in less than the 6 minutes it takes to drink a cup of coffee.
1066:
are physical tokens in the cards that utilize an embedded integrated circuit chip for authentication, requiring a card reader. USB Tokens are physical tokens that connect via USB port to authenticate the user.
1274:
pre-determined by the user. A RADIUS server can also be configured to enforce user policies and restrictions as well as record accounting information such as connection time for purposes such as billing.
1733:
1199:
such as RADIUS, ADS, NDS, or LDAP. The required software can be picked from various suppliers as Microsoft, Cisco, Funk Software, Meetinghouse Data, and from some open-source projects. Software includes:
617:. Requiring clients to set their own addresses makes it more difficult for a casual or unsophisticated intruder to log onto the network, but provides little protection against a sophisticated attacker.
1192:. Hosted 802.1X servers via the Internet require a monthly fee; running a private server is free yet has the disadvantage that one must set it up and that the server needs to be on continuously.
982:
either AES-WRAP (an early version of 802.11i) or the newer and better AES-CCMP-equipment. One should make sure one needs WRAP or CCMP-equipment, as the 2 hardware standards are not compatible.
1394:
1009:
WPA2 has been found to have at least one security vulnerability, nicknamed Hole196. The vulnerability uses the WPA2 Group Temporal Key (GTK), which is a shared key among all users of the same
2141:
353:â capabilities. Combine these programs with other software that allow a computer to pretend it has any MAC address that the hacker desires, and the hacker can easily get around that hurdle.
547:
infrastructure, although it may be deployed standalone to enforce no-wireless policies within an organization. WIPS is considered so important to wireless security that in July 2009, the
282:(VPNs) offer no barrier. Wireless 802.1X authentications do help with some protection but are still vulnerable to hacking. The idea behind this type of attack may not be to break into a
1017:. It is named after page 196 of the IEEE 802.11i specification, where the vulnerability is discussed. In order for this exploit to be performed, the GTK must be known by the attacker.
1196:
322:, and wireless printers and copiers should be secured. These non-traditional networks can be easily overlooked by IT personnel who have narrowly focused on laptops and access points.
274:
that makes their wireless network card look like a legitimate access point. Once the thief has gained access, they can steal passwords, launch attacks on the wired network, or plant
1166:
reliability are critical, because they can influence the condition of patients, and could leave medical professionals in the dark about the condition of the patient if compromised.
2512:
1984:
413:
In a network injection attack, a hacker can make use of access points that are exposed to non-filtered network traffic, specifically broadcasting network traffic such as â
1084:
Most DoS attacks are easy to detect. However, a lot of them are difficult to stop even after detection. Here are three of the most common ways to stop a DoS attack.
73:
as a replacement to WPA2. Certification began in June 2018, and WPA3 support has been mandatory for devices which bear the "Wi-Fi CERTIFIEDâ˘" logo since July 2020.
168:. Built-in wireless networking might be enabled by default, without the owner realizing it, thus broadcasting the laptop's accessibility to any computer nearby.
454:
additional keystream data. Once the malicious access point has collected a sufficient amount of keystream data. the WEP key can be cracked with a tool like .
1578:
920:, that promises to enhance security on both wired and wireless networks. Wireless access points that incorporate technologies like these often also have
1006:
The number of WPA and WPA2 networks are increasing, while the number of WEP networks are decreasing, because of the security vulnerabilities in WEP.
548:
2170:
516:. One general solution may be end-to-end encryption, with independent authentication on all resources that should not be available to the public.
1623:
1025:
Unlike 802.1X, 802.11i already has most other additional security-services such as TKIP. Just as with WPAv1, WPAv2 may work in cooperation with
1315:
It is very common to pay a fixed monthly fee for the Internet connection, and not for the traffic â thus extra traffic will not be detrimental.
1042:
860:
1779:
80:
pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking is prone to some security issues.
500:
which provides for payment and/or authorization. Another solution is to require the users to connect securely to a privileged network using
349:
to allow only authorized computers with specific MAC IDs to gain access and utilize the network. However, programs exist that have network â
1367:
1293:
According to the advocates of Open Access Points, it should not involve any significant risks to open up wireless networks for the public:
887:
2014:
1003:
algorithm as a mandatory feature. Both WPA and WPA2 support EAP authentication methods using RADIUS servers and preshared key (PSK).
445:. The Caffe Latte attack works by tricking a client with the WEP password stored to connect to a malicious access point with the same
209:
Wireless security is another aspect of computer security. Organizations may be particularly vulnerable to security breaches caused by
1123:
can only be stopped with the help of ISP's and organizations whose computers are taken over as bots and used to attack other firms.
2260:
1853:
1992:
1312:
With the most popular encryption algorithms today, a sniffer will usually be able to compute the network key in a few minutes.
999:
is a WiFi Alliance branded version of the final 802.11i standard. The primary enhancement over WPA is the inclusion of the
1871:
1382:
1159:
784:-networks (non-continuous secure network connections) may be set up under the 802.11-standard. VPN implementations include
540:
534:
486:
86:
2213:
1495:
1030:
773:
660:
the IEEE has declared it "deprecated", and while often supported, it is seldom or never the default on modern equipment.
614:
192:
90:
2327:"A novel implementation of signature, encryption and authentication (SEA) protocol on mobile patient monitoring devices"
2546:
2471:
2458:
2445:
2381:
2356:
2124:
2049:
1967:
1430:
1387:
1026:
840:
777:
717:
compliance. With all those encryption schemes, any client in the network that knows the keys can read all the traffic.
581:(Service Set Identifier). This provides very little protection against anything but the most casual intrusion efforts.
477:
For closed networks (like home users and organizations) the most common way is to configure access restrictions in the
398:
1232:
Client software comes built-in with Windows XP and may be integrated into other OS's using any of following software:
1047:
This stands for WLAN Authentication and Privacy Infrastructure. This is a wireless security standard defined by the
1352:
286:
or other security measures. Most likely the criminal is just trying to take over the client at the Layer 2 level.
46:. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the
1220:
817:
730:
446:
1515:
278:. Since wireless networks operate at the Layer 2 level, Layer 3 protections such as network authentication and
188:
1536:
81:
1826:
2551:
705:
WPA virtually uncrackable. The second generation of the WPA security protocol (WPA2) is based on the final
422:
760:. Still, WPA Personal is secure when used with âgoodâ passphrases or a full 64-character hexadecimal key.
521:
shall be seen as state of the art. The system of qualifying is an international consensus as specified in
1357:
757:
450:
184:
2422:
2398:
2178:
1283:
1282:
Today, there is almost full wireless network coverage in many urban areas â the infrastructure for the
1139:
835:
802.1X standard already improved the authentication and authorization for access of wireless and wired
319:
216:
If an employee adds a wireless interface to an unsecured port of a system, they may create a breach in
195:
if their computer automatically selects a nearby unsecured wireless network to use as an access point.
1627:
675:
took until 2008 to prohibit its use â and even then allowed existing use to continue until June 2010.
149:
If router security is not activated or if the owner deactivates it for convenience, it creates a free
2518:
2284:
1755:
1337:
1062:
use is a method of authentication relying upon only authorized users possessing the requisite token.
221:
1318:
Where Internet connections are plentiful and cheap, freeloaders will seldom be a prominent nuisance.
1988:
1787:
1708:
1560:. IEEE ETFA 2014 â 19th IEEE International Conference on Emerging Technology and Factory Automation
733:
encryption algorithm was developed for WPA to provide improvements to WEP that could be fielded as
663:
Concerns were raised about its security as early as 2001, dramatically demonstrated in 2005 by the
647:
555:
recommending the use of WIPS to automate wireless scanning and protection for large organizations.
438:
390:
366:
279:
275:
55:
2149:
1415:
IEEE Standard for Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications
381:
are particularly vulnerable to any attack since there is little to no security on these networks.
1195:
To set up a server, server and client software must be installed. Server software required is an
800:. However, this extra layer of security may also be cracked with tools such as Anger, Deceit and
656:
standard was the original encryption standard for wireless, but since 2004 with the ratification
109:
place. However, there are many security risks associated with the current wireless protocols and
1923:
597:
ID filtering. However, an attacker can simply sniff the MAC address of an authorized client and
2238:
874:'s version of LEAP and be used against computers connected to an access point in the form of a
690:
684:
414:
63:
59:
2039:
865:
This stands for the Lightweight Extensible Authentication Protocol. This protocol is based on
1600:
1302:
737:
upgrades to existing 802.11 devices. The WPA profile also provides optional support for the
672:
478:
394:
370:
126:
2527:
2065:
1119:
server because it keeps transmission lines at least partially open for other communication.
563:
There are a range of wireless security measures, of varying effectiveness and practicality.
950:
801:
756:
can crack a weak passphrase in less than a minute. Other WEP/WPA crackers are AirSnort and
509:
138:
Anyone within the geographical network range of an open, unencrypted wireless network can "
2326:
8:
962:
593:
from known, pre-approved MAC addresses. Most wireless access points contain some type of
2087:
1780:"Cafe Latte with a Free Topping of Cracked WEP - Retrieving WEP Keys From Road-Warriors"
1730:"Caffe Latte with a Free Topping of Cracked WEP: Retrieving WEP Keys from Road-Warriors"
1377:
921:
836:
577:
A simple but ineffective method to attempt to secure a wireless network is to hide the
234:
210:
1895:
e.g. âWeaknesses in the Key Scheduling Algorithm of RC4â by Fluhrer, Mantin and Shamir
191:
is usually achieved without the wireless network operator's knowledge; it may even be
19:
2467:
2454:
2441:
2377:
2352:
2120:
2091:
2045:
1963:
1668:
1557:
1426:
1372:
1342:
1180:
958:
946:
875:
458:
342:
204:
180:
115:
66:-based system to authenticate the connecting device, following the standard 802.11X.
47:
153:. Since most 21st-century laptop PCs have wireless networking built in (see Intel "
1658:
1418:
925:
572:
442:
217:
143:
2477:
1558:"Security Vulnerabilities and Risks in Industrial Usage of Wireless Communication"
1076:
the signals beyond the controlled area of a facility, such as from a parking lot.
314:
devices are not safe from hacking and should be regarded as a security risk. Even
2507:
1362:
1189:
1132:
493:
378:
150:
139:
24:
1905:
1875:
369:
attacker entices computers to log into a computer which is set up as a soft AP (
337:) occurs when a hacker is able to listen in on network traffic and identify the
2217:
2174:
1471:
1422:
1059:
913:
749:
748:
based authentication using 802.1X. WPA Personal uses a pre-shared Shared Key (
702:
635:
497:
350:
330:
315:
1446:
38:
is the prevention of unauthorized access or damage to computers or data using
2540:
2503:
2142:"Ultimate wireless security guide: A primer on Cisco EAP-FAST authentication"
1672:
1663:
1650:
941:
632:
590:
522:
374:
346:
77:
43:
671:
admitted a massive security breach due in part to a reliance on WEP and the
2145:
2018:
1709:"The Caffe Latte Attack: How It Works – and How to Block It"
1270:
991:
954:
894:
797:
706:
544:
513:
334:
1941:
183:
make it fairly easy to set up a PC as a wireless LAN "base station" using
2116:
1579:"Top reasons why corporate WiFi clients connect to unauthorized networks"
1332:
1248:
1063:
878:. Anwrap and asleap finally are other crackers capable of breaking LEAP.
753:
726:
626:
594:
482:
338:
1808:
2199:
2037:
1210:
805:
714:
694:
653:
610:
449:
as the target network. After the client connects, the client generates
110:
2324:
1686:
668:
311:
461:
wireless stack, but other operating systems may also be vulnerable.
1000:
738:
734:
698:
489:
can be used to provide wireless LAN security in this network model.
271:
154:
39:
1106:
segment, without passing the SYN segment on to the target server.
393:(DoS) occurs when an attacker continually bombards a targeted AP (
96:
2531:
2304:
937:
722:
552:
158:
157:" technology), they do not need a third-party adapter such as a
93:(WIDS) are commonly used to enforce wireless security policies.
2522:
2261:"The best hardware security keys for two-factor authentication"
1508:
1261:
1176:
1054:
917:
866:
745:
741:
algorithm that is the preferred algorithm in 802.11i and WPA2.
710:
294:
165:
101:
441:
key and does not require a nearby access point for the target
2464:
Design and Implementation of WLAN Authentication and Security
1347:
1155:
Mutual authentication schemes such as WPA2 as described above
1048:
1014:
1010:
871:
793:
473:
There are three principal ways to secure a wireless network.
176:
172:
119:
1145:
Security within mobile devices fall under three categories:
1271:
AAA (authentication, authorization and accounting) protocol
1184:
1110:
large number of false SYN segments is only a small burden.
996:
832:
789:
785:
657:
638:
mechanisms to devices wishing to attach to a Wireless LAN.
578:
481:. Those restrictions may include encryption and checks on
426:
418:
122:-based tools being made available on the web at no charge.
70:
1301:
The only way to keep communication truly secure is to use
1162:
solutions now offer wireless security for mobile devices.
2110:
781:
664:
528:
501:
468:
283:
162:
2451:
Real 802.11 Security: Wi-Fi Protected Access and 802.11i
1906:"FBI Teaches Lesson In How To Break Into Wi-Fi Networks"
1772:
2200:"WiGLE â Wireless Geographic Logging Engine â Stats"
2038:
Kevin Beaver; Peter T. Davis; Devin K. Akin (2011).
2015:"One-minute WiFi crack puts further pressure on WPA"
1985:"Once thought safe, WPA Wi-Fi encryption is cracked"
1958:
Beaver, Kevin; Davis, Peter T. (13 September 2005).
1228:
SkyFriendz (free cloud solution based on freeRADIUS)
457:
The Caffe Latte attack was demonstrated against the
220:that would allow access to confidential materials.
2374:
RADIUS: Securing Public Access to Private Resources
1496:"How to: Define Wireless Network Security Policies"
2285:"How to: Improve Wireless Security with Shielding"
1747:
1169:
839:. In addition to this, extra measures such as the
598:
437:The Caffe Latte attack is another way to obtain a
310:Non-traditional networks such as personal network
851:EAP-versions include LEAP, PEAP and other EAP's.
2538:
2371:
2325:Khamish Malhotra; Stephen Gardner; Will Mepham.
1488:
549:Payment Card Industry Security Standards Council
325:
2396:
1854:"The six dumbest ways to secure a wireless LAN"
1648:
1472:"How Can You Secure a Wi-Fi Network With WPA2?"
1013:, to launch attacks on other users of the same
243:
233:Wireless communication is useful in industrial
2390:
1809:"Official PCI Security Standards Council Site"
1655:Journal of Digital Forensics, Security and Law
1043:WLAN Authentication and Privacy Infrastructure
861:Lightweight Extensible Authentication Protocol
69:In January 2018, the Wi-Fi Alliance announced
2349:Wireless Networks, Hacks and Mods for Dummies
2088:"Extensible Authentication Protocol Overview"
2066:"Extensible Authentication Protocol Overview"
2012:
1953:
1951:
1624:"What is Ad-Hoc Mode in Wireless Networking?"
907:
228:
2346:
1924:"Analyzing the TJ Maxx Data Security Fiasco"
1753:
1621:
1368:Payment Card Industry Data Security Standard
1079:
1055:Smart cards, USB tokens, and software tokens
888:Protected Extensible Authentication Protocol
725:security standard that was developed by the
360:
2478:"The Evolution of 802.11 Wireless Security"
1982:
1957:
1537:"Fitting the WLAN Security pieces together"
1216:Funk Software Steel Belted RADIUS (Odyssey)
1100:
345:. Most wireless systems allow some kind of
305:
193:without the knowledge of the intruding user
48:confidentiality, integrity, or availability
1948:
1598:
1407:
1267:Remote Authentication Dial In User Service
1662:
1290:might cause slowness and other problems.
252:
2528:How to Secure Your Wireless Home Network
2423:"Offene Netzwerke auch fĂźr Deutschland!"
1649:Browning, Dennis; Kessler, Gary (2009).
931:
265:
95:
50:of the network. The most common type is
18:
2491:. Upper Saddle River, New Jersey. 2015
2438:Wi-Foo: The Secrets of Wireless Hacking
2258:
1847:
1845:
1706:
609:Typical wireless access points provide
604:
198:
2539:
2399:"The Beginnings and History of RADIUS"
2044:. John Wiley & Sons. p. 295.
808:, and IKEcrack for IPsec-connections.
529:A wireless intrusion prevention system
469:Wireless intrusion prevention concepts
2139:
2041:Hacking Wireless Networks For Dummies
1960:Hacking Wireless Networks for Dummies
1277:
1020:
912:Solutions include a newer system for
767:
589:One of the simplest techniques is to
487:Wireless Intrusion Prevention Systems
432:
87:Wireless Intrusion Prevention Systems
2111:Joshua Bardwell; Devin Akin (2005).
1842:
1516:"Wireless Security Primer (Part II)"
1469:
1383:Wireless intrusion prevention system
1207:Cisco Secure Access Control Software
945:encryption and authorization in the
558:
541:Wireless Intrusion Prevention System
535:Wireless Intrusion Prevention System
408:
384:
91:Wireless Intrusion Detection Systems
2347:Briere, Danny; Hurley, Pat (2005).
976:
652:The Wired Equivalent Privacy (WEP)
584:
13:
2376:. O'Reilly Media. pp. 15â16.
1851:
1754:Ramachandran, Vivek (2009-09-18).
1388:Wireless Public Key Infrastructure
1309:to the local network to outsiders.
1149:Protecting against ad hoc networks
841:Extensible Authentication Protocol
804:for PPTP; and ike-scan, IKEProbe,
620:
551:published wireless guidelines for
399:Extensible Authentication Protocol
289:
14:
2563:
2495:
1651:"Bluetooth Hacking: A Case Study"
1152:Connecting to rogue access points
1126:
171:Modern operating systems such as
2487:Boyle, Randall, Panko, Raymond.
1518:. windowsecurity.com. 2003-04-23
1353:List of router firmware projects
1197:enterprise authentication server
1113:
125:Some organizations that have no
2415:
2365:
2340:
2318:
2297:
2277:
2252:
2231:
2206:
2192:
2163:
2133:
2104:
2080:
2058:
2031:
2006:
1976:
1934:
1916:
1898:
1889:
1864:
1819:
1801:
1722:
1700:
1679:
1642:
1615:
1221:Internet Authentication Service
1170:Implementing network encryption
1087:
1070:
846:
818:Temporal Key Integrity Protocol
2259:Etienne, Stefan (2019-02-22).
1928:New York State Society of CPAs
1813:PCI Security Standards Council
1687:"SMAC 2.0 MAC Address Changer"
1592:
1571:
1550:
1529:
1463:
1439:
1242:Intel PROSet/Wireless Software
780:may be added alongside. Also,
641:
566:
142:", or capture and record, the
100:Security settings panel for a
1:
1827:"PCI DSS Wireless Guidelines"
1401:
1395:Exploits of wireless networks
831:The WPA-improvement over the
713:standard and is eligible for
326:Identity theft (MAC spoofing)
133:
2239:"Secure Technology Alliance"
2216:. 2019-01-28. Archived from
2214:"WPA2 Hole196 Vulnerability"
2068:. TechNet. 11 September 2009
1874:. lirent.net. Archived from
1786:. 2009-04-24. Archived from
1626:. about tech. Archived from
772:In addition to WPAv1, TKIP,
244:Modes of unauthorized access
7:
2489:Corporate Computer Security
1358:Network encryption cracking
1326:
758:Auditor Security Collection
185:Internet Connection Sharing
76:Many laptop computers have
16:Aspect of wireless networks
10:
2568:
1581:. InfoSecurity. 2010-02-17
1423:10.1109/IEEESTD.1997.85951
1284:wireless community network
1259:
1130:
1040:
989:
949:, using technologies like
908:Restricted access networks
885:
858:
815:
682:
645:
624:
570:
532:
492:For commercial providers,
229:Machine-to-machine context
202:
2547:Computer network security
2372:Jonathan Hassell (2003).
2351:. John Wiley & Sons.
2113:CWNA Official Study Guide
1852:Ou, George (March 2005).
1539:. pcworld.com. 2008-10-30
1338:Electromagnetic shielding
1255:
1080:Denial of service defense
361:Man-in-the-middle attacks
2397:John Vollbrecht (2006).
2171:"Wi-Fi Protected Access"
1664:10.15394/jdfsl.2009.1058
1101:Validating the handshake
985:
936:One can argue that both
924:built in, thus becoming
744:WPA Enterprise provides
678:
648:Wired Equivalent Privacy
391:Denial-of-service attack
306:Non-traditional networks
280:virtual private networks
56:Wired Equivalent Privacy
42:networks, which include
2513:considered for deletion
1225:Meetinghouse Data EAGIS
1142:with 802.1X interface.
1036:
811:
2483:. ITFFROC. 2010-04-18.
2013:Nate Anderson (2009).
826:
691:Wi-Fi Protected Access
685:Wi-Fi Protected Access
253:Accidental association
127:wireless access points
105:
60:Wi-Fi Protected Access
32:
1303:end-to-end encryption
1204:Aradial RADIUS Server
932:End-to-end encryption
729:to replace WEP. The
699:randomly chosen words
673:Payment Card Industry
571:Further information:
266:Malicious association
99:
27:, that can implement
22:
2404:. Interlink Networks
2307:. kismetwireless.net
1872:"What is a WEP key?"
1756:"Caffe Latte Attack"
605:Static IP addressing
199:The threat situation
2552:Wireless networking
1910:informationweek.com
1689:. klcconsulting.com
1447:"Definition of WEP"
631:IEEE 802.1X is the
341:of a computer with
211:rogue access points
2115:(Third ed.).
1760:www.slideshare.net
1622:Bradely Mitchell.
1378:Tempest (codename)
1278:Open access points
1021:Additions to WPAv2
768:Additions to WPAv1
599:spoof this address
433:Caffe Latte attack
343:network privileges
235:machine to machine
106:
33:
2519:Wireless security
2305:"What is Kismet?"
2092:Microsoft TechNet
1983:Robert McMillan.
1711:. wi-fiplanet.com
1373:Stealth wallpaper
947:application layer
926:wireless gateways
876:dictionary attack
709:amendment to the
591:only allow access
559:Security measures
409:Network injection
385:Denial of service
367:man-in-the-middle
205:Computer security
181:Microsoft Windows
54:, which includes
36:Wireless security
29:wireless security
2559:
2516:
2484:
2482:
2431:
2430:
2419:
2413:
2412:
2410:
2409:
2403:
2394:
2388:
2387:
2369:
2363:
2362:
2344:
2338:
2337:
2335:
2334:
2322:
2316:
2315:
2313:
2312:
2301:
2295:
2294:
2292:
2291:
2281:
2275:
2274:
2272:
2271:
2256:
2250:
2249:
2247:
2245:
2235:
2229:
2228:
2226:
2225:
2210:
2204:
2203:
2196:
2190:
2189:
2187:
2186:
2177:. Archived from
2167:
2161:
2160:
2158:
2157:
2148:. Archived from
2137:
2131:
2130:
2108:
2102:
2101:
2099:
2098:
2084:
2078:
2077:
2075:
2073:
2062:
2056:
2055:
2035:
2029:
2028:
2026:
2025:
2010:
2004:
2003:
2001:
2000:
1991:. Archived from
1980:
1974:
1973:
1955:
1946:
1945:
1938:
1932:
1931:
1920:
1914:
1913:
1902:
1896:
1893:
1887:
1886:
1884:
1883:
1868:
1862:
1861:
1849:
1840:
1839:
1837:
1836:
1831:
1823:
1817:
1816:
1805:
1799:
1798:
1796:
1795:
1776:
1770:
1769:
1767:
1766:
1751:
1745:
1744:
1742:
1741:
1732:. Archived from
1726:
1720:
1719:
1717:
1716:
1704:
1698:
1697:
1695:
1694:
1683:
1677:
1676:
1666:
1646:
1640:
1639:
1637:
1635:
1619:
1613:
1612:
1610:
1608:
1599:Margaret Rouse.
1596:
1590:
1589:
1587:
1586:
1575:
1569:
1568:
1566:
1565:
1554:
1548:
1547:
1545:
1544:
1533:
1527:
1526:
1524:
1523:
1512:
1506:
1505:
1503:
1502:
1492:
1486:
1485:
1483:
1482:
1467:
1461:
1460:
1458:
1457:
1443:
1437:
1436:
1411:
1397:
1251:(open1X)-project
1239:Cisco ACU-client
977:802.11i security
585:MAC ID filtering
573:Network cloaking
218:network security
2567:
2566:
2562:
2561:
2560:
2558:
2557:
2556:
2537:
2536:
2501:
2498:
2480:
2476:
2434:
2427:netzpolitik.org
2421:
2420:
2416:
2407:
2405:
2401:
2395:
2391:
2384:
2370:
2366:
2359:
2345:
2341:
2332:
2330:
2323:
2319:
2310:
2308:
2303:
2302:
2298:
2289:
2287:
2283:
2282:
2278:
2269:
2267:
2257:
2253:
2243:
2241:
2237:
2236:
2232:
2223:
2221:
2212:
2211:
2207:
2198:
2197:
2193:
2184:
2182:
2181:on May 21, 2007
2169:
2168:
2164:
2155:
2153:
2138:
2134:
2127:
2119:. p. 435.
2109:
2105:
2096:
2094:
2086:
2085:
2081:
2071:
2069:
2064:
2063:
2059:
2052:
2036:
2032:
2023:
2021:
2011:
2007:
1998:
1996:
1981:
1977:
1970:
1956:
1949:
1940:
1939:
1935:
1922:
1921:
1917:
1904:
1903:
1899:
1894:
1890:
1881:
1879:
1870:
1869:
1865:
1850:
1843:
1834:
1832:
1829:
1825:
1824:
1820:
1807:
1806:
1802:
1793:
1791:
1778:
1777:
1773:
1764:
1762:
1752:
1748:
1739:
1737:
1728:
1727:
1723:
1714:
1712:
1705:
1701:
1692:
1690:
1685:
1684:
1680:
1647:
1643:
1633:
1631:
1630:on 8 April 2015
1620:
1616:
1606:
1604:
1597:
1593:
1584:
1582:
1577:
1576:
1572:
1563:
1561:
1556:
1555:
1551:
1542:
1540:
1535:
1534:
1530:
1521:
1519:
1514:
1513:
1509:
1500:
1498:
1494:
1493:
1489:
1480:
1478:
1468:
1464:
1455:
1453:
1445:
1444:
1440:
1433:
1413:
1412:
1408:
1404:
1393:
1363:Mobile security
1329:
1280:
1269:(RADIUS) is an
1264:
1258:
1172:
1135:
1133:Mobile security
1129:
1116:
1103:
1090:
1082:
1073:
1057:
1045:
1039:
1023:
994:
988:
979:
934:
910:
890:
863:
849:
829:
820:
814:
770:
687:
681:
650:
644:
629:
623:
621:802.11 security
613:to clients via
607:
587:
575:
569:
561:
537:
531:
471:
435:
411:
387:
363:
328:
316:barcode readers
308:
292:
290:Ad hoc networks
268:
255:
246:
240:
231:
222:Countermeasures
207:
201:
136:
25:wireless router
17:
12:
11:
5:
2565:
2555:
2554:
2549:
2535:
2534:
2525:
2497:
2496:External links
2494:
2493:
2492:
2485:
2474:
2472:978-3838372266
2461:
2459:978-0321136206
2448:
2446:978-0321202178
2433:
2432:
2414:
2389:
2383:978-0596003227
2382:
2364:
2358:978-0764595837
2357:
2339:
2317:
2296:
2276:
2251:
2230:
2205:
2191:
2175:Wi-Fi Alliance
2162:
2132:
2126:978-0072255386
2125:
2103:
2079:
2057:
2051:978-1118084922
2050:
2030:
2005:
1975:
1969:978-0764597305
1968:
1947:
1933:
1915:
1897:
1888:
1863:
1841:
1818:
1800:
1771:
1746:
1721:
1699:
1678:
1641:
1614:
1591:
1570:
1549:
1528:
1507:
1487:
1462:
1438:
1432:978-0738130446
1431:
1405:
1403:
1400:
1399:
1398:
1391:
1385:
1380:
1375:
1370:
1365:
1360:
1355:
1350:
1345:
1340:
1335:
1328:
1325:
1320:
1319:
1316:
1313:
1310:
1306:
1299:
1279:
1276:
1260:Main article:
1257:
1254:
1253:
1252:
1246:
1245:Odyssey client
1243:
1240:
1237:
1230:
1229:
1226:
1223:
1217:
1214:
1208:
1205:
1171:
1168:
1157:
1156:
1153:
1150:
1131:Main article:
1128:
1127:Mobile devices
1125:
1115:
1112:
1102:
1099:
1089:
1086:
1081:
1078:
1072:
1069:
1060:Security token
1056:
1053:
1041:Main article:
1038:
1035:
1022:
1019:
990:Main article:
987:
984:
978:
975:
933:
930:
914:authentication
909:
906:
886:Main article:
859:Main article:
848:
845:
828:
825:
816:Main article:
813:
810:
769:
766:
703:pre-shared key
683:Main article:
680:
677:
667:, yet in 2007
646:Main article:
643:
640:
636:authentication
625:Main article:
622:
619:
606:
603:
586:
583:
568:
565:
560:
557:
533:Main article:
530:
527:
518:
517:
505:
498:captive portal
490:
470:
467:
434:
431:
410:
407:
386:
383:
375:script kiddies
362:
359:
331:Identity theft
327:
324:
307:
304:
291:
288:
267:
264:
254:
251:
245:
242:
230:
227:
203:Main article:
200:
197:
189:"piggybacking"
135:
132:
78:wireless cards
52:Wi-Fi security
44:Wi-Fi networks
15:
9:
6:
4:
3:
2:
2564:
2553:
2550:
2548:
2545:
2544:
2542:
2533:
2529:
2526:
2524:
2520:
2514:
2510:
2509:
2505:
2500:
2499:
2490:
2486:
2479:
2475:
2473:
2469:
2465:
2462:
2460:
2456:
2452:
2449:
2447:
2443:
2439:
2436:
2435:
2429:. 2006-09-15.
2428:
2424:
2418:
2400:
2393:
2385:
2379:
2375:
2368:
2360:
2354:
2350:
2343:
2328:
2321:
2306:
2300:
2286:
2280:
2266:
2262:
2255:
2240:
2234:
2220:on 2015-11-13
2219:
2215:
2209:
2201:
2195:
2180:
2176:
2172:
2166:
2152:on 2012-07-07
2151:
2147:
2143:
2136:
2128:
2122:
2118:
2114:
2107:
2093:
2089:
2083:
2067:
2061:
2053:
2047:
2043:
2042:
2034:
2020:
2016:
2009:
1995:on 2009-01-16
1994:
1990:
1986:
1979:
1971:
1965:
1961:
1954:
1952:
1943:
1942:"PCI DSS 1.2"
1937:
1929:
1925:
1919:
1911:
1907:
1901:
1892:
1878:on 2008-04-17
1877:
1873:
1867:
1859:
1855:
1848:
1846:
1828:
1822:
1814:
1810:
1804:
1790:on 2009-04-24
1789:
1785:
1781:
1775:
1761:
1757:
1750:
1736:on 2015-05-11
1735:
1731:
1725:
1710:
1707:Lisa Phifer.
1703:
1688:
1682:
1674:
1670:
1665:
1660:
1656:
1652:
1645:
1629:
1625:
1618:
1602:
1595:
1580:
1574:
1559:
1553:
1538:
1532:
1517:
1511:
1497:
1491:
1477:
1473:
1466:
1452:
1448:
1442:
1434:
1428:
1424:
1420:
1416:
1410:
1406:
1396:
1392:
1389:
1386:
1384:
1381:
1379:
1376:
1374:
1371:
1369:
1366:
1364:
1361:
1359:
1356:
1354:
1351:
1349:
1346:
1344:
1341:
1339:
1336:
1334:
1331:
1330:
1324:
1317:
1314:
1311:
1307:
1304:
1300:
1296:
1295:
1294:
1291:
1287:
1285:
1275:
1272:
1268:
1263:
1250:
1247:
1244:
1241:
1238:
1235:
1234:
1233:
1227:
1224:
1222:
1218:
1215:
1213:(open-source)
1212:
1209:
1206:
1203:
1202:
1201:
1198:
1193:
1191:
1186:
1182:
1178:
1167:
1163:
1161:
1154:
1151:
1148:
1147:
1146:
1143:
1141:
1138:handsets and
1134:
1124:
1120:
1114:Rate limiting
1111:
1107:
1098:
1094:
1085:
1077:
1068:
1065:
1061:
1052:
1050:
1044:
1034:
1032:
1028:
1018:
1016:
1012:
1007:
1004:
1002:
998:
993:
983:
974:
970:
966:
965:and similar.
964:
960:
956:
952:
948:
943:
939:
929:
927:
923:
919:
915:
905:
902:
898:
896:
889:
884:
883:
879:
877:
873:
868:
862:
857:
856:
852:
844:
842:
838:
834:
824:
819:
809:
807:
803:
799:
795:
791:
787:
783:
779:
775:
765:
761:
759:
755:
751:
747:
742:
740:
736:
732:
728:
724:
718:
716:
712:
708:
704:
700:
696:
692:
686:
676:
674:
670:
666:
661:
659:
655:
649:
639:
637:
634:
633:IEEE Standard
628:
618:
616:
612:
602:
600:
596:
592:
582:
580:
574:
564:
556:
554:
550:
546:
542:
536:
526:
524:
523:ISO/IEC 15408
515:
511:
506:
503:
499:
495:
491:
488:
484:
480:
479:access points
476:
475:
474:
466:
462:
460:
455:
452:
448:
444:
440:
430:
428:
424:
420:
416:
415:Spanning Tree
406:
402:
400:
396:
392:
382:
380:
376:
372:
368:
358:
354:
352:
348:
347:MAC filtering
344:
340:
336:
332:
323:
321:
317:
313:
303:
299:
296:
287:
285:
281:
277:
273:
263:
259:
250:
241:
238:
236:
226:
223:
219:
214:
212:
206:
196:
194:
190:
186:
182:
178:
174:
169:
167:
164:
160:
156:
152:
147:
145:
141:
131:
128:
123:
121:
117:
112:
103:
98:
94:
92:
88:
83:
79:
74:
72:
67:
65:
61:
57:
53:
49:
45:
41:
37:
30:
26:
21:
2506:
2488:
2463:
2450:
2437:
2426:
2417:
2406:. Retrieved
2392:
2373:
2367:
2348:
2342:
2331:. Retrieved
2320:
2309:. Retrieved
2299:
2288:. Retrieved
2279:
2268:. Retrieved
2264:
2254:
2242:. Retrieved
2233:
2222:. Retrieved
2218:the original
2208:
2194:
2183:. Retrieved
2179:the original
2165:
2154:. Retrieved
2150:the original
2146:TechRepublic
2135:
2112:
2106:
2095:. Retrieved
2082:
2070:. Retrieved
2060:
2040:
2033:
2022:. Retrieved
2019:Ars Technica
2008:
1997:. Retrieved
1993:the original
1978:
1959:
1936:
1927:
1918:
1909:
1900:
1891:
1880:. Retrieved
1876:the original
1866:
1857:
1833:. Retrieved
1821:
1812:
1803:
1792:. Retrieved
1788:the original
1783:
1774:
1763:. Retrieved
1759:
1749:
1738:. Retrieved
1734:the original
1724:
1713:. Retrieved
1702:
1691:. Retrieved
1681:
1654:
1644:
1632:. Retrieved
1628:the original
1617:
1605:. Retrieved
1603:. TechTarget
1601:"Encryption"
1594:
1583:. Retrieved
1573:
1562:. Retrieved
1552:
1541:. Retrieved
1531:
1520:. Retrieved
1510:
1499:. Retrieved
1490:
1479:. Retrieved
1475:
1465:
1454:. Retrieved
1450:
1441:
1414:
1409:
1321:
1292:
1288:
1281:
1266:
1265:
1236:AEGIS-client
1231:
1194:
1173:
1164:
1160:Wireless IPS
1158:
1144:
1136:
1121:
1117:
1108:
1104:
1095:
1091:
1088:Black holing
1083:
1074:
1071:RF shielding
1058:
1051:government.
1046:
1024:
1008:
1005:
995:
992:IEEE 802.11i
980:
971:
967:
935:
911:
900:
899:
895:RSA Security
891:
881:
880:
864:
854:
853:
850:
847:EAP-versions
830:
821:
771:
762:
743:
719:
707:IEEE 802.11i
688:
662:
651:
630:
611:IP addresses
608:
588:
576:
562:
545:Wireless LAN
538:
519:
514:Back Orifice
472:
463:
456:
436:
417:â (802.1D),
412:
403:
395:Access Point
388:
371:Access Point
364:
355:
335:MAC spoofing
329:
309:
300:
293:
269:
260:
256:
247:
239:
232:
215:
208:
170:
148:
137:
124:
107:
75:
68:
51:
35:
34:
28:
2329:. IOS Press
2140:George Ou.
2117:McGraw-Hill
1784:toorcon.org
1333:Aircrack-ng
1249:Xsupplicant
1064:Smart cards
754:aircrack-ng
727:IEEE 802.11
642:Regular WEP
627:IEEE 802.1X
567:SSID hiding
483:MAC address
339:MAC address
318:, handheld
159:PCMCIA Card
64:certificate
23:An example
2541:Categories
2408:2009-04-15
2333:2010-03-11
2311:2008-02-06
2290:2008-10-09
2270:2021-06-03
2224:2013-05-05
2185:2008-02-06
2156:2008-10-02
2097:2008-10-02
2024:2010-06-05
1999:2008-11-06
1882:2008-03-11
1835:2009-07-16
1794:2023-01-12
1765:2023-01-12
1740:2008-03-21
1715:2008-03-21
1693:2008-03-17
1585:2010-03-22
1564:2014-08-04
1543:2008-10-30
1522:2008-04-27
1501:2008-10-09
1481:2021-06-04
1470:LinkedIn.
1456:2021-06-04
1402:References
1219:Microsoft
1211:freeRADIUS
901:Other EAPs
806:ipsectrace
715:FIPS 140-2
695:passphrase
654:encryption
134:Background
111:encryption
89:(WIPS) or
58:(WEP) and
2511:is being
2466:(2010) â
2453:(2003) â
2440:(2004) â
2265:The Verge
1673:1558-7223
1190:hot spots
669:T.J. Maxx
510:backdoors
312:Bluetooth
2504:template
2244:23 April
1476:Lifewire
1417:. 1997.
1327:See also
1001:AES-CCMP
802:Ettercap
739:AES-CCMP
735:firmware
701:) makes
697:(e.g. 5
494:hotspots
379:Hotspots
351:sniffing
272:software
155:Centrino
40:wireless
31:features
2532:wikiHow
1179:, ADS,
1049:Chinese
942:layer 3
938:layer 2
922:routers
916:, IEEE
723:802.11i
553:PCI DSS
459:Windows
443:network
401:(EAP).
276:trojans
151:hotspot
144:traffic
116:Windows
104:router
82:Hackers
2523:Curlie
2517:
2508:Curlie
2470:
2457:
2444:
2380:
2355:
2123:
2072:26 May
2048:
1966:
1671:
1634:26 May
1607:26 May
1429:
1390:(WPKI)
1343:Kismet
1262:RADIUS
1256:RADIUS
1177:RADIUS
1029:and a
918:802.1X
867:802.1X
746:RADIUS
711:802.11
425:, and
295:Ad hoc
166:dongle
102:DD-WRT
2502:âšThe
2481:(PDF)
2402:(PDF)
1858:ZDNet
1830:(PDF)
1451:PCMAG
1348:KRACK
1183:, or
1140:PDA's
1015:BSSID
1011:BSSID
986:WPAv2
959:GnuPG
872:Cisco
794:IPsec
679:WPAv1
512:like
179:, or
177:macOS
173:Linux
140:sniff
120:Linux
118:- or
2468:ISBN
2455:ISBN
2442:ISBN
2378:ISBN
2353:ISBN
2246:2021
2121:ISBN
2074:2015
2046:ISBN
1964:ISBN
1669:ISSN
1636:2015
1609:2015
1427:ISBN
1185:LDAP
1037:WAPI
1031:WIDS
997:WPA2
940:and
882:PEAP
855:LEAP
837:LANs
833:IEEE
812:TKIP
796:and
790:L2TP
786:PPTP
776:and
774:WIDS
731:TKIP
689:The
658:WPA2
615:DHCP
579:SSID
447:SSID
427:HSRP
419:OSPF
333:(or
320:PDAs
71:WPA3
2530:at
2521:at
1989:IDG
1659:doi
1419:doi
1181:NDS
1027:EAP
963:PGP
955:SSH
951:SSL
827:EAP
798:SSH
782:VPN
778:EAP
750:PSK
665:FBI
595:MAC
502:VPN
451:ARP
439:WEP
423:RIP
377:.
284:VPN
163:USB
161:or
2543::
2515:.âş
2425:.
2263:.
2173:.
2144:.
2090:.
2017:.
1987:.
1962:.
1950:^
1926:.
1908:.
1856:.
1844:^
1811:.
1782:.
1758:.
1667:.
1657:.
1653:.
1474:.
1449:.
1425:.
1033:.
961:,
957:,
953:,
928:.
897:.
792:,
788:,
601:.
539:A
525:.
485:.
421:,
389:A
365:A
213:.
175:,
2411:.
2386:.
2361:.
2336:.
2314:.
2293:.
2273:.
2248:.
2227:.
2202:.
2188:.
2159:.
2129:.
2100:.
2076:.
2054:.
2027:.
2002:.
1972:.
1944:.
1930:.
1912:.
1885:.
1860:.
1838:.
1815:.
1797:.
1768:.
1743:.
1718:.
1696:.
1675:.
1661::
1638:.
1611:.
1588:.
1567:.
1546:.
1525:.
1504:.
1484:.
1459:.
1435:.
1421::
504:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.