Countermeasures

MAC Filtering add device MACs to the router MAC table.
WEP - Wired Equivalency Privacy. Old and vulnerable, but still better than nothing.
WPAv1 - Wi-Fi Protected Access. Designed to replace WEP, WPAv1 requires no new hardware and provides Temporary Key Integrity Protocol (TKIP) and Advanced Encryption Stantard Counter Mode Cypher Block Chainging Message authentication Code (AES-CCMP) encryption methods.
WPAv2 - The AES_CCMP algorithm is a required feature. Works with the Extensible Authentication Protocol (EAP) and the Wireless Intrusion Detection system (WIDS)
Smart Hardware and Software Tokens - Combined with server software, hardware or software use rapid generation of new encrytion code. Very secure.
RF Shielding - Mainly for government and its contractors, films and paints that reduce wireless broadcast emination.
Mobile Devices - Need to be secured. Use a mutual authentication method such as WPA2.
Network Encryption - Requires a server integrated with access points and clients capable of supporting the network encryption. This is expensive with products from Cisco, Microsoft, Funk Software from several hundred to several thousand dollars. Authentication may use the Lightweight Directory Access Control (LDAP), RADIUS or others.
RADIUS - Remote Authentication Dial in User Service uses Authentication, Authorization, and Accounting (AAA) protocol.
Free version here

Main Menu

The Threats

Accidental Association - When anyone attaches to a wireless access point not his own, this is an accidental association. Unfortunately it may link two corporated networks, providing unwanted access to sensitive data.
Malicious Association - The hacker makes her wireless network card look like a legitimate access point. These attacks at Layer 2, the layer 3 network authentication and virtual private networks are no barrier.
Ad-hoc Networks - Peer to peer connections (no access point) are unprotected. Encryption can provide security.
Non-traditional Networks - Bluetooth devices are not secure from hacking and should be considered a security risk.
MAC Spoofing - Using network sniffing software to obtain the MAC (Media Access Control) addresses and software to use that MAC address thwarts the MAC filtering security measure.
Man-in-the-Middle Attacks - This attack draws connections to a computer setup as a soft access point. Attacker then connects to actual access point and begins traffic sniffing.
Denial of Service - DoS attacks involve overwhelming an access point with fake messages and handshake responses.
Network Injection - Attacker uses access points with spanning tree non-filtered traffic and sends networks configuration commands to bring the network down.
Caffe Latte Attack - Sends a barrage of encrypted Address Resolution Protocol (ARP) requests to obtain Wired Equivalency Privacey (WEP) shared key in under ten minutes.

Copyright 2005-2010 Computer Wizard - the freeware expert

With the Wizard Computer Problems Disappear Get Wizard's Setup - $5 Get Wizard's Game DVD 100 games $65