- Deauth attacks
- No way to prevent this attack
- Switch to 802.11w
- Uses protected management frames
- Detects and protects against deauth attacks
- Both the client and the AP need to support this standard
- Hidden Networks
- This is security by obscurity.
- This is not really protecting you
- MAC filtering
- Since MAC addresses can be changed easily, this is not a good security solution
- Use WPAmWPA2 Enterprise instead
- Captive portals
- Suggest to not use captive portals as they are not secure
- Use WPA/WPA2 enterprise instead with each user having a unique password
- WEP
- Do not use WEP as they are not secure
- WPS
- Do not use WPS as they are not secure
- If they still want to use it
- enable PBC (push button authentication)
- Rate limit and lock after 3 failed attempts
- WAP/WPA2
- Use long passwords (at least 25 digits long)
- Use lower case letters, upper case letters, numbers, and special charaters
- Evil Twin Attacks
- Train employees as this is a social engineering attack.
- Never enter your password in a web page
- Used against WPA/WP2 and captive portals