“Risk management is the identification of threats and the implementation of measures aimed at reducing the likelihood of those threats occurring and minimizing any damage if they do”.
“Risk analysis and risk control form the basis of risk management where risk control is the application of suitable controls to gain a balance between security, usability, and cost” implementation of measures aimed at reducing the likelihood of those threats occurring and minimizing any damage if they do; Risk analysis and risk control form the basis of risk management where risk control is the application of suitable controls to gain a balance between security, usability, and cost. The objective of risk management is the implementation of appropriate risk mitigation, risk transfer and risk recovery measures to reduce business exposure by balancing countermeasure investment against risk. (Abdullah H, 2006) A risk is chances of threats in getting benefits from defects or weaknesses which are causes of losses and/or damages to assets or groups of assets, affecting an organization directly or indirectly. Risk analysis is an effective tool in WLAN threat management. With this, a good security policy can be derived and implemented to defend the WLAN against possible attacks.
On-going monitoring and periodic testing can then be used to verify that a deployed WLAN meets defined objectives. Vulnerabilities discovered in the process are then (re)analyzed to refine the policies and/or apply fixes (Goodwin, 2005) 1. War Driving War driving is the simplest and most frequently used attack on WLANs because of the simplicity and the small amount of knowledge needed. In order to perform this attack, you would need a laptop or PDA and a wireless network card or to increase your range you could attach an antenna. There are open source software tools as well that will display the SSID, signal strength, channel, and whether or not Wired Equivalent Privacy (WEP) is being used of any 802.11 WLAN.
The major risk involved with this attack is the fact that any novice user could accomplish it without prior training of any kind. This becomes such a large risk because the impact ranges from simple information leakage or bandwidth reduction to completely compromising an entire network.
