Various malicious hacks — including DoS attacks — can be carried out against your WLAN. This includes forcing APs to reveal their SSIDs during the process of being disassociated from the network and rejoining. In addition, hackers can literally jam the RF signal of an AP — especially in 802.11b and 802.11g systems — and force the wireless clients to re-associate to a rogue AP masquerading as the victim AP.

Hackers can create man-in-the-middle attacks by maliciously using such tools as ESSID-jack and monkey-jack and can flood your network with thousands of packets per second by using the raw packet-generation tools Nping or NetScanTools Pro — enough to bring the network to its knees. Even more so than with wired networks, this type of DoS attack is very difficult to prevent on WLANs.

You can carry out several attacks against your WLAN. The associated countermeasures help protect your network from these vulnerabilities as well as from the malicious attacks previously mentioned. When testing your WLAN security, look out for the following weaknesses:

  • Unencrypted wireless traffic

  • Weak WEP and WPA pre-shared keys

  • Crackable Wi-Fi Protected Setup (WPS) PINs

  • Unauthorized APs

  • Easily circumvented MAC address controls

  • Wireless equipment that’s physically accessible

  • Default configuration settings

A good starting point for testing is to attempt to attach to your WLAN as an outsider and run a general vulnerability assessment tool, such as LanGuard or QualysGuard. This test enables you to see what others can see on your network, including information on the OS version, open ports on your AP, and even network shares on wireless clients.