11ac Security

  • 1
  • Question
  • Updated 5 years ago
  • Answered
What security impacts should we be watching out for when deploying 11ac? When do you see GCMP starting to be needed or even supported by 11ac products? Will MU-MIMO affect packet capture and WIPS effectiveness?
Photo of Lisa Phifer

Lisa Phifer

  • 5 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Matthew Gast

Matthew Gast

  • 284 Posts
  • 63 Reply Likes
I don't see much needed in the way of security. From a security perspective, 802.11ac is not all that different from 802.11n. Both use AES for security in a proven way. If you're already using 802.11n, the first wave of 802.11ac will drop right in. If you're not already on 802.11n, you might need to first upgrade your network to CCMP -- sometimes referred to as "WPA2" after the Wi-Fi Alliance certification program.

I don't see GCMP being supported until it's needed, and the last round of discussions I had seemed to indicate that the chip vendors thought CCMP was going to last through the second wave.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Packet capture is certainly more tricky as you easily exceed the bus speed of USB2 and don't easily get the diversity in the adapter to see all the spatial streams. It is likely you're going to want a dedicated device with a decent antenna to properly 'get in on the action'.
Photo of Matthew Gast

Matthew Gast

  • 284 Posts
  • 63 Reply Likes
Beamforming definitely affects packet capture capabilities. Management frames like Beacons will be transmitted omnidirectionally, so you can still identify potential rogue APs with today's sensor layout techniques. If you're looking for attacks driven by clients, you will potentially need more sensors to be sure to catch beamformed transmissions.

(In practice, it seems like many rogues are 2.4 GHz cheapo devices, and you'll detect them fine with an existing WIPS.)
Photo of Craig Mathias

Craig Mathias

  • 63 Posts
  • 0 Reply Likes
I'm expecting to see a bunch of assurance/packet capture/etc. tools for .11ac shortly. Many of these (the ones I'd buy, anyway) will be USB 3.0, so no issues there...