Appendix G

Associate Program Material Appendix GWireless LAN Vulnerabilities MatrixComplete the following matrix by filling in the blank boxes in the table.Security testimonial Brief description Vulnerabilities Prevention (if any) macintosh address filtering Only allows access to a device if its macintosh address matches that of a pre-approved list on the router. MAC Spoofing Dont rely on MAC filtering alone. Open system authentication (SSID beaconing) Disables SSID from being broadcast so wireless networks are harder to detect. A spectrum analyser bath still be used to find the network name. Create a more complex SSID and password settings in your APWEPStands for Wired Equivalency Privacy. customs 64 minute of arc or 128 bit encryption. (including 24-bit IV) In larger networks, IVs prat be duplicated and cause collisions, which are easy to detect by outside influences Use WPA2 with AES or similar instead on larger, enterprise deployments.Of the six categories of attackers, the one I wou ld most want to break into my network would be hackers, as they prove to penetrate your network and expose vulnerabilities, then inform you of them. This is opposed to a cracker, which will do the same thing, only steal the data and attempt to cheat on it. A script kiddie is very dangerous, as they are generally under-experienced hackers and crackers who use someone elses codes and almost always have malicious intent.Between MAC filtering, WEP, and authentication, I believe that WEP is the most secure of the three. MAC filtering can be easily overcome by MAC spoofing, and is not part of the 802.11 standard. Authentication is approximately weaker than WEP, as someone could capture the cleartext challenge phrase and the encrypted response frame and gain access to the network. WEP is the strongest of the 3, but is still weak due to IV collisions which can be monitored and the hacker can recover the security key during those collisions.In fact, hackers can even cause massive IV colli sions to speed up the process. It should be storied this is really only an issue on larger wireless networks as there are approximately 16 million IVs that can be handed out. But in an enterprise application, 16 million can happen in a matter of hours or days.