A Good Security Policy Goes a Long Way to Protect Against Wi-Fi DoS
Mobile
SHARE
Facebook X Pinterest WhatsApp

A Good Security Policy Goes a Long Way to Protect Against Wi-Fi DoS

Written By
Carol Ellison
Carol Ellison
May 14, 2004
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Question: When is a Wi-Fi vulnerability not a vulnerability?

Answer: When the vulnerability plays into defenses against attacks.

That may be the case with an advisory issued this week by AusCERT, Australias national computer emergency response team.

The advisory described how a protocol characteristic of wireless networks can be exploited to stage a denial-of-service (DoS) attack.

For a moment when the news hit on Thursday, it looked like déjà vu all over again. It seems like only yesterday that, with great relief, we said “goodbye” to the vulnerabilities of Wired Equivalent Privacy security in the original 802.11 spec and “hello” to the strong encryption and enterprise authentication in Wi-Fi Protected Access (WPA), the mechanism that replaced it. Finally, we had the wired equivalent security that WEP promised but never delivered.

Now, here comes the AusCERT advisory and something new for WLAN administrators to worry about?

Its cause for caution. But if youre already enforcing good security policies, dont lose too much sleep just yet. On the scale of attacks that merit insomnia, this one is on the low side.

There are two major classes of network attacks—passive and active. A DoS attacker must be actively involved in the attack so it naturally falls into the active category. On the Internet the attackers presence is hard to detect due to the international and anonymous nature of the Net. But in the Wi-Fi world, where a radio signal is involved, its relatively easy if you have the right equipment.

The nature of the beast, when it goes wireless, is that its trackable and its effect is limited—confined to 802.11b devices within its range.

An attack of short enough duration to avoid detection is not likely to cause serious disruption. That means less disruption, fewer kicks and a potential jail sentence for the attacker.

Enforcing strong security policies across the WLAN will minimize this and other vulnerabilities.

That should go without saying, shouldnt it? But as news reports testify, every time a reporter goes on a war-driving expedition to identify WLAN vulnerabilities, there are network managers that havent got religion.

There are still companies that havent deployed WLAN intrusion detection, havent graduated to WPA and havent even enabled WEP.

Oh when will they ever learn…

/zimages/3/28571.gifCheck outeWEEKs Mobile & Wireless Centerat http://wireless.eweek.com for the latest news, reviews and analysis.

Carol Ellison
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information