A variety of attacks can be launched against WLAN networks. Both WPA and WPA2 devices offer protection to the network from a variety of network attacks when IEEE 802.1x, EAP types, and TKIP and AES are used. Table 12-3 shows a list of common attacks and the EAP enhancements that are used to protect against known attacks.
Attacks | Authentication: Open Encryption: Static WEP | Authentication: EAP-FAST, EAP-TLS, PEAP, or Cisco LEAP Encryption: Dynamic WEP | Authentication: EAP-FAST, EAP-TLS, PEAP, or Cisco LEAP Encryption: Cisco TKIP, WPA TKIP, AES |
Man-in-the-Middle Attack | Vulnerable | Vulnerable | Protected |
Authentication Spoofing | Vulnerable | Protected | Protected |
AirSnort Attack | Vulnerable | Vulnerable | Protected |
Replay Attack | Vulnerable | Vulnerable | Protected |
Brute-Force Attacks | Vulnerable | Protected[*] | Protected[*] |
Dictionary Attacks | Vulnerable | Protected[*] | Protected[*] |
[*] Strong password policy is required for Cisco LEAP.
Note
The information in Table 12-3 is taken from "Cisco Wireless LAN Security Overview" at http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_brochure09186a00801f7d0b.html.