Wireless Security Implications of 802.11n

Wireless Security Implications of 802.11n

By CWNP On 12/08/2009 - 6 Comments

I am sure that all of us have bumped into IEEE 802.11n at some point in time – it is the latest sensation in the 802.11 family of standards. It enhances the operative range of Wi-Fi devices and enables wire-speeds. It is no surprise that most (probably all) of the wireless LAN (WLAN) equipment vendors have announced support for 802.11n. Each vendor seems to be claiming that they have the “most conducive” architecture to avail the performance benefits of 802.11n. In this article, as usual, I would like to get your attention to another important aspect of an 802.11n deployment – security. While it doesn’t explicitly introduce new security features, 802.11n does introduce certain unique challenges to your enterprise wireless LAN (WLAN) security.  Here’s how:


-          Faster attacks: Attacks can be launched at .11n speeds. For example, using an 802.11n unauthorized connection (e.g., via a Rogue AP or an ad hoc connection to your authorized client), an attacker can download data at several hundred Mbps speed. However, it is not the speed which throws the main challenge to a WIPS – it is in fact the underlying 802.11n technology used which provides the actual challenge. 802.11n supports several enhancements to achieve high throughput – e.g., 40 Mhz transmissions, multi-stream communication, frame aggregation. Unfortunately, these enhancements are not understood by legacy devices and hence, legacy WIPS cannot detect such communication. The good news is that some WIPS vendors do support 802.11n WIPS. An 802.11n WIPS sensor can decode such an unauthorized 802.11n communication and mitigate the corresponding threats.


-          Long range attacks: 802.11n provides range benefits to your enterprise users, but, hold on. Can’t the same be exploited by an attacker to increase attack range? Unfortunately, the answer turns out to be ‘yes’. 802.11n enables an attacker to launch Wi-Fi attacks (e.g., Rogue APs, client side threats, Denial of service (Dos) attacks) from distances that are farther than possible with legacy a/b/g wireless devices. An 802.11n WIPS deployed in your enterprise can detect such attacks as long as one of the end-points of the attack (i.e., the attacker or devices in your WLAN) is within its range. As far as wireless blocking or prevention is concerned, your mileage may vary based on the actual technique used by your WIPS. For example, if a WIPS sensor is relying on “deauthentication packets”, it may suffer some loss in efficiency if the prevention packets cannot “reach” the distant attacker device. 


-          802.11n specific attacks: As with any new standard, 802.11n also brings its own set of security issues. A series of DoS attacks have been identified with earlier drafts of 802.11n (IEEE Doc Review of 802.11n A-MPDU DoS Issues). At a high level, they are related to the Block Acknowledgement/A-MPDU aspects of 802.11n (See here for a good summarization of A-MPDU operation). Even if the later drafts/standard has plugged some of these holes, the question still remains as to what other .11n specific attacks are possible. For example, can 802.11n implementations be vulnerable to Fuzzing attacks? As 802.11n standards based devices permeate the market, the focus on breaking 802.11n will only increase.


The bottom line: With improved range and throughput, 802.11n brings high-speed risks as well. Let me know your views on taming this beast in your enterprise. Thanks,Gopi 




Tagged with: gopi

Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.

0 Responses to Wireless Security Implications of 802.11n

Subscribe by Email
There are no comments yet.
<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

Read More