Specifications
OmniAccess Reference: AOS-W System Reference
306 Part 031652-00 May 2005
Network discovery is a normal part of 802.11, and allows client devices to
discover APs and also to learn about available services provided by APs. While
network discovery itself does not necessarily lead to security problems, it is
the first step that an attacker needs to accomplish before moving on to more
serious intrusion attempts.
z Denial of service (DoS) attack
DoS attacks are designed to prevent or inhibit legitimate users from accessing
the network. This includes blocking network access completely, degrading
network service, and increasing processing load on clients and network
equipment.
z Surveillance
Surveillance allows an attacker to monitor and capture data from a wireless
network. The primary means of overcoming the risk of surveillance is the use
of encryption – either link-layer encryption such as WEP or TKIP, or
network-layer encryption such as IPSec.
z Impersonation
Impersonation attacks in a wireless network typically involve an attacker taking
on the address of a valid client or AP and trying to obtain access or services
typically reserved for those valid clients or APs. Because wireless devices are
not at the end of a physical cable, it can be difficult to detect such an attack
taking place. In a worst-case scenario, an impersonating AP could fool a client
into connecting with it, and then obtain that client’s authentication credentials.
z Client Intrusion
Client intrusion attacks attempt to exploit vulnerabilities in client devices to
gain access to a network resource. Often the attacks involve a combination of
DoS and impersonation.
z Network Intrusion
A network intrusion attack implies that an attacker is able to gain full access to
enterprise network resources.
The following sections explain configuration of the Wireless LAN intrusion
detection and prevention of Alcatel AOS-W.