Wired Equivalent Privacy (WEP) and WEP2 - easy to crack [WEPCrack]
Media access control (MAC) addresses: configuring access points to permit only particular MAC addresses onto the network. Easy to implement, but fairly easy to defeat.
Wi-fi Protected Access (WPA) - subset of 802.11i security standard. WPA combines TKIP and 802.1x for dynamic key encryption and mutual authentication
Temporal Key Integrity Protocol (TKIP) [ part of IEEE 802.11i] - provides per-packet key mixing, a message integrity check and a re-keying mechanism
IEEE 802.1X: This standard, supported by Windows XP, defines a framework for MAC-level authentication. Defines Extensible Authentication Protocol (EAP), which uses a central authentication server. Susceptible to session-hijacking and man-in-the-middle attacks.
Lightweight Extensible Authentication Protocol (LEAP) - developed by CISCO to mitigate vulnerabilities by utilizing dynamic WEP and sophisticated key management
Protected Extensible Authentication Protocol (PEAP) - developed by Microsoft, Cisco, and RSA to transport authentication data using encrypted SSL/TLS tunnels
EAP-TTLS (Extensible Authentication Protocol (EAP) - Tunneled Transport Layer Security)
VPNs: using a VPN to encrypt data on wireless networks. VPNs require a lot of management and client configuration.
Advanced Encryption Standard (AES) encryption [IEEE 802.11i]
"Key-hopping" technology that can change the encryption key as often as every few seconds.
Enhanced Security Network (ESN) - Extended Service Set with
enhanced authentication mechanism for both STAs and APs based on 802.11x
key management
dynamic, association-specific cryptographic keys
enhanced data encapsulation using AES
Wireless Protocol Analyzers / Wireless IDSs. They can:
check for unknown MAC (Media Access Control) addresses and alert the network manager
log attempts to gain unauthorized access to the network
filter access attempts based on the type of network card