Previous Page Next Page

Mitigating WLAN Attacks

A variety of attacks can be launched against WLAN networks. Both WPA and WPA2 devices offer protection to the network from a variety of network attacks when IEEE 802.1x, EAP types, and TKIP and AES are used. Table 12-3 shows a list of common attacks and the EAP enhancements that are used to protect against known attacks.

Table 12-3. WLAN Attack Mitigation
AttacksAuthentication: Open Encryption: Static WEPAuthentication: EAP-FAST, EAP-TLS, PEAP, or Cisco LEAP Encryption: Dynamic WEPAuthentication: EAP-FAST, EAP-TLS, PEAP, or Cisco LEAP Encryption: Cisco TKIP, WPA TKIP, AES
Man-in-the-Middle AttackVulnerableVulnerableProtected
Authentication SpoofingVulnerableProtectedProtected
AirSnort AttackVulnerableVulnerableProtected
Replay AttackVulnerableVulnerableProtected
Brute-Force AttacksVulnerableProtected[*]Protected[*]
Dictionary AttacksVulnerableProtected[*]Protected[*]


[*] Strong password policy is required for Cisco LEAP.

Note

The information in Table 12-3 is taken from "Cisco Wireless LAN Security Overview" at http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_brochure09186a00801f7d0b.html.


Previous Page Next Page