Wireless Network Security Solutions

Wired Equivalent Privacy (WEP) and WEP2 - easy to crack [WEPCrack]
Media access control (MAC) addresses: configuring access points to permit only particular MAC addresses onto the network. Easy to implement, but fairly easy to defeat.
========================================================
Wi-fi Protected Access (WPA) - subset of 802.11i security standard. WPA combines TKIP and 802.1x for dynamic key encryption and mutual authentication

Temporal Key Integrity Protocol (TKIP) [ part of IEEE 802.11i] - provides per-packet key mixing, a message integrity check and a re-keying mechanism
IEEE 802.1X: This standard, supported by Windows XP, defines a framework for MAC-level authentication. Defines Extensible Authentication Protocol (EAP), which uses a central authentication server. Susceptible to session-hijacking and man-in-the-middle attacks.

Lightweight Extensible Authentication Protocol (LEAP) - developed by CISCO to mitigate vulnerabilities by utilizing dynamic WEP and sophisticated key management
Protected Extensible Authentication Protocol (PEAP) - developed by Microsoft, Cisco, and RSA to transport authentication data using encrypted SSL/TLS tunnels
EAP-TTLS (Extensible Authentication Protocol (EAP) - Tunneled Transport Layer Security)

VPNs: using a VPN to encrypt data on wireless networks. VPNs require a lot of management and client configuration.
Advanced Encryption Standard (AES) encryption [IEEE 802.11i]
"Key-hopping" technology that can change the encryption key as often as every few seconds.
Enhanced Security Network (ESN) - Extended Service Set with
- enhanced authentication mechanism for both STAs and APs based on 802.11x
- key management
- dynamic, association-specific cryptographic keys
- enhanced data encapsulation using AES
Wireless Protocol Analyzers / Wireless IDSs. They can:
- check for unknown MAC (Media Access Control) addresses and alert the network manager
- log attempts to gain unauthorized access to the network
- filter access attempts based on the type of network card
- conduct site survey of traffic usage
- find dead zones in the wireless network

Links to Wireless Security Solutions