Details on this report are available here.

This is intended to give an overview of wireless security. We recommend reviewing security conditions/needs onsite with a professional advisor and monitor as needs or demands change. Here are some of the key areas:

RF [Radio Frequency] - Expect RF jammers, white noise interference jammers, and even natural RFI [Radio Frequency Interference] causes.

Encryption - Eliminate WEP (too few keys which are saved in the NIC [Network Interface Card] and discovered easily).

Use different encryption keys such as TKIP [Temporal Key Integrity Protocol] which has per-packet key (hashing), IV [Initialization Vector] sequencing, rapid re-keying, MIC [Message Integrity Check] sequencing.

Authentication - Use EAPOL [Extensible Authentication Protocol Over LAN] which evolved from PPP [Point-to-Point Protocol] or new versions such as:

PEAP [Protected EAP] uses digital certificates on the server and password or certificate on the client.

EAP-TLS [Transport Layer Security] uses digital certificates on both client and server.

EAP-TTLS [Tunneled Transport Layer Security] - uses certificate on the server and a certificate, token, or password on the client.

Note: In the literature, the client (user/STAtion) is sometimes referred to as supplicant and the AP [Access Point] as the authenticator.

VLANs [Virtual Local Area Networks] implement different VLAN access levels based on different client SSID [Service Set IDentifiers].

Detect and isolate device origin and authenticity - prevent forgeries.

Detect replays by changing packet sequence numbers (report out-of-sequence packets as attack) use MIC [Message Integrity Check] (sequence numbers) to eliminate Bit-Flipping/Replay attacks. The MIC is based on Seed value (initial starting value), Destination MAC [Media Access Control] NIC-[Network Interface Card] 32-bit address, Source MAC, and payload. Any change to these will change MIC value and be included in the WEP encrypted data payload.

Utilize PSPF [Public Secure Packet Forwarding] to block client-to-client attacks called inter-client communications.

Use larger encryption keys - such as 128 bit packets.

Select improved key management techniques.

Eliminate per-packet key - don’t misuse encryption.

Encrypt SA [Source Addresses] and DA [Destination Addresses].

Use one large cryptographic key for both confidentiality and integrity.

Interoperate with proposed QoS [Quality of Service] enhancements (IEEE 802.11 TGe).

Develop procedures for keeping up-to-date on trends in wireless security.

NOTE: These are only some of the concepts regarding wireless security. It is recommended that professional assistance be on retainer.