“Malicious associations” are when wireless devices can be actively made by attackers to connect to a company network through their laptop instead of a company access point (AP). These types of laptops are known as “soft APs” and are created when a cyber criminal runs some software that makes his/her wireless network card look like a legitimate access point. Once the thief has gained access, he/she can steal passwords, launch attacks on the wired network, or plant trojans . Since wireless networks operate at the Layer 2 level, Layer 3 protections such as network authentication and virtual private networks (VPNs) offer no barrier. Wireless authentications do help with some protection but are still vulnerable to hacking. The idea behind this type of attack may not be to break into a VPN or other security measures. Most likely the criminal is just trying to take over the client at the Layer 2 level.
Penetration test and vulnerability assessment tools such as AirMagnet's Handheld Analyzer and Internet Security Systems' Wireless Scanner should also be used on a regular basis. WLAN traffic can be captured and analyzed for suspicious behavior. For example, excessive deassociate (disconnect) frames, repeated EAP handshaking or WEP errors suggest attack. Stations or APs in open-system mode or without WEP can be flagged as policy violations. Pen testers can probe APs and gateways to see whether Telnet, SNMP or other ports are open to WLAN attack. Tools can also create baseline reports against which to compare future results, so that changes can be investigated and new problems remedied.
Because wireless networks do not require a wire between a computer and the internet connection, it is possible for attackers who are within range to hijack or intercept an unprotected connection. A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online. Some individuals who participate in or take advantage of wardriving have malicious intent and could use this information to hijack your home wireless network or intercept the connection between your computer and a particular hotspot.