As we all know, compared to the wired networks, the 802.11 technology is quite insecure because of the open medium that can travel outside the confined spaces of our homes and offices. Wireless networks are everywhere these days and with that comes the responsibility of securing them because of the higher security risks. Though many security improvements have been made since the inception of the 802.11 wireless standard, there are still many risks that require attention and probably help from third party application to find and secure them.
In my experience, the first risk that pops in mind is the Rouge Devices. During many of my wireless audits, I have come across wireless APs brought in by employees and connected to corporate networks for their own convenience without understanding or knowing the consequence of their deeds. The employees either don’t understand or utterly neglect the security risks this could cause. As these devices are not secured, an intruder can use these open devices as a backdoor entry to the corporate network(s). The safe resolve for this risk is to configure 802.1X port based security on the switch ports. If you currently don’t have the 802.1X security deployed for some reason then it is highly recommended that you either deploy a Wireless Intrusion Detection Systems (WIDS) or Wireless Intrusion Prevention System (WIPS).
2nd risk is the Denial of Service (DOS) attacks which can be both intentional and unintentional. Intentional ones are deliberate attempts to cause network disruption, for example someone using a RF Jammer device or a RF signal Generator or more commonly spoofing the management frames (disassociation or de-authentication frames). Unintentional DOS attacks commonly occur at layer 1 and are caused by RF interference of some sort such as Microwaves, medical equipment, Bluetooth devices etc. The resolve for this is to use a Spectrum Analyzer to help detect the sources of interference. A WIDS solution can also easily detect DOS attacks.
3rd one is the Eavesdropping which pertains to overhearing an RF signal. 802.11 beacons (Management Frames) are continuously advertised by access points, any eavesdropper with a 802.11 radio card can listen in and find information about the WLAN as the information is in cleartext. you can easily find a lot of free tools on the net for scanning a WLAN. The best method to counter this risk is to use encryption such as CCMP/AES which I believe is now mandatory.
4th one is Wireless Hijacking (also known as Evil Twin attack). In this an intruder imitates an access point with the same SSID but a different channel. The intruder can then send spoofed management frames (disassociation or de-authentication frames) thus driving users to roam to the imitated AP (evil Twin) or they can use RF jammers to do the same. Unaware users are connected to the Evil Twin and the intruder now has access to all the WLAN and can perform attacks like WiFi Phishing attack or man-in-the- middle-attack.
Other issues:
Open SSID
Malicious Hotspots, Use your own phone as a hotspot
Still using HTTP, switch to HTTPS
Keep your Security software up-to-date