Now that you have learned the tools and techniques of the potential adversary, it is time to follow through with the second part of Sun Tzu's strategy as described in the introduction to the last chapter. This understanding will help you close the gaps in understanding your Wireless Local Area Network (WLAN) adversary and enable the strategy of "know the enemy and know yourself" as advocated by Sun Tzu. The purpose of this chapter is to teach you the tools and techniques necessary to protect your network against cyberadversaries.

10.1 Mitigating Static WEP Risks with TKIP

The Temporal Key Integrity Protocol (TKIP) is a replacement for Wired Equivalent Privacy (WEP) in the 802.11i specification for wireless network security. WEP is a flawed security protocol that is part of the 802.11 standard. TKIP includes several features that will eliminate the risks present in the current version of WEP. A hashed Initialization Vector (IV) is added to the WEP key. This becomes the session key used to encrypt traffic and to help protect against sniffing exploits that can allow attackers to eavesdrop connections and impersonate legitimate stations. TKIP has also added the ability to generate dynamic keys to help protect against brute force key-cracking attacks, which are sometimes used against static keys found in WEP. The integrity of packets is guaranteed through the use of a Message Integrity Check (MIC) [1], also known as "Michael," that helps protect against key-cracking attacks, which are based on replay and packet injection techniques. WiFi...