For Secure WiFi, Focus on Addressing Building Block Vulnerabilities …
… and Don’t Sweat Chasing Hacking Tool Signatures!
You feel pretty good and more secure when you receive that daily signature update from your anti-virus software. I feel the same and why not – anti-virus technology is fundamentally rooted in signature analysis. But don’t make the mistake of applying the same metric to wireless intrusion prevention system (WIPS). Wireless security fundamentally works differently from anti-virus software.
Stated simply, the mission of your WIPS should be to automatically detect and block every wireless connection which is not in the interest of security. Once that it achieved, you will be protected from all kinds of wireless hacking tools. To that effect robust detection and blocking of rogue APs, connections of enterprise clients to neighborhood APs, ad hoc connections and misconfigured devices is what will primarily determine security posture of your WIPS, and not the number of signatures loaded in it.
Talking of signatures, it is important to note that all wireless hacking tools do not have distinct signatures. And in the case of those which have some signatures, these signatures are often fickle. That is, on the one hand they are either easily modifiable to evade detection. On the other hand, many are not distinctive enough and hence will generate false alarms even during normal wireless network operation.
The bottom line: A signature based approach to wireless security is doomed to failure – it creates a false sense of security and will have you chasing your tail around trying to remediate false positives. Rather the strength of your WIPS primarily lies in how well it detects and blocks insecure wireless connections.