Recently Asked Questions

please send me information on the topic wireless security for presentation.

You can get a lot of information from AirDefense white papers available at: http://www.airdefense.net/whitepapers/index.php For a general wireless security overview I recommend the following white paper: "What Hackers Know That You Don't" http://www.airdefense.net/whitepapers/hackers_request2.php In addition, several video clips on wireless security and vulnerabilities are available at: http://www.airdefense.net/education/video/index.php

Hi, is it true that enterprise WLAN controller systems sends "Probe Requests" out to identify "Rogue Access Points"? Because that is a statement of Trapeze but I couldn`t verify it with an Cisco WLC526. Regards

Ralf, Some WLAN infrastructure systems such as Cisco do try and connect to Access Points (APs) that they do not recognize as their own to determine if they are connected on the same wired network. In a typical scenario, the infrastructure AP/sensor will "convert" to a client and try and establish a wireless connection with the "suspicious" AP. Once a connection is established, a marker frame is sent over the air and checked to see if it can be traced over the wired network. If the frame loops back, a rogue AP (unauthorized AP connected to the enterprise's wired network) is flagged. These techniques are unreliable as they do not work in several rogue scenarios. If the "suspicious" AP uses encryption, the system will be unable to establish a wireless connection. Similarly, if the AP is on a separate wired network, the marker frame will not be traced. I hope this helps. Please feel free to contact me if you have further questions.

Regards,
Amit Sinha, Ph.D.
Chief Technology Officer
asinha@airdefense.net

What are soft APs?

While hardware APs have been the focus of security issues to-date, wireless-enabled laptops are easily configured to function as APs with commonly available freeware such as HostAP or software from PCTel. Known as “Soft APs,” these laptops are harder to detect than rogue APs. These Soft APs pose all the risks of any typical rogue AP by broadcasting an insecure connection to the enterprise network. However, Soft APs are harder to detect than rogue APs because the Soft AP can appear as an authorized station to all wired-side network scans.

How can AirDefense WEP Cloaking module help me?

Wired Equivalent Privacy (WEP) is the encryption protocol defined in the original IEEE 802.11 standard for Wireless Local Area Networks (WLANs). Several known vulnerabilities and attack tools have compromised WEP making it unsuitable for secure WLAN implementations, without additional layers of security. AirDefense’s patented WEP CloakingTM solution is designed to make WEP virtually invulnerable to known attacks and tools, providing a robust layer of protection for legacy WLANs. The solution does not require any hardware or software modifications to the legacy WLAN infrastructure and is designed to work seamlessly through the AirDefense Enterprise Wireless Intrusion Prevention System (WIPS). WEP Cloaking can save large enterprises substantial capital costs by avoiding costly upgrades to their WLAN infrastructure while ensuring peace of mind from security and compliance issues.

WEP Cloaking - Maximizing ROI from Legacy WLAN.pdf

Is there any public software to probe or testing the RF cover of any acces point?

Ricardo, Free tools such as Netstumbler will report the received signal strength (in dBm) of a Wi-Fi Access Point that is sending out beacons. You could use this to perform a manual walk around test with a laptop running Netstumbler and record the signal strength on a map of the area. If you are looking for professional tools, AirDefense Architect can work with CAD files and building materials to provide an accurate simulation based coverage heatmap. This will not require a manual site survey. http://www.airdefense.net/products/architect/index.php Regards, Amit Sinha, Ph.D. Chief Technology Officer asinha@airdefense.net