Security and Authentication

• Current, 802.11 radios do not have either

• Security

  • All the normal security issues and more.
  • Vendor defaults to open.
  • The current “security” (WEP), is badly implemented
    • Want to crack WEP? AirSnort - airsnort.shmoo.com
    • WEP key discovery is passive.
    • Only authorizes the clients to the AP. Does not authorize the AP to the clients. No mutual authorization.
  • Attackers don't have to be physically connected.
    • So long as they can hear the AP and the AP can hear them.

Notes: