Issue link: https://resources.mouser.com/i/1541351
| 48 Class of Attack First Line of Defense Second Line of Defense Defense Mechanisms Deployed 1. Passive Link & network layer encryptions and traffic flow security Security-enabled applications NAT translation, Telnet, virtual private network 2. Active Defend the enclave boundaries Defend the computing environment Firewalls, routers 3. Insider Physical & personal safety Authenticated access controls, audit Passwords, smart card readers, audit & security logs 4. Close-In Physical & personal security Technical surveillance countermeasures Security cameras, biometric scanners, keypad smart locks 5. Distribution Trusted software development & distribution Run-time integrity controls Apply all the latest updates to operating systems, applications, anti-virus signatures, spyware signatures Table 2: Layered defense examples for a wireless network (Source: NASA; recreated by Mouser Electronics) 1 As a result, information technology (IT) organizations have made substantial efforts to prevent unauthorized access by enhancing the security of active wireless devices and systems, especially during provisioning. These organizations use a variety of wireless intrusion prevention systems (WIPS) or wireless intrusion detection systems (WIDS) to monitor and defend against unauthorized wireless hacking for enterprises, industrial, and government networks (Table 2). A basic aspect of wireless security is encrypting one-way or two-way communications. Not all encryption methods are created equally, and wireless sniffers can capture wireless signals and decode them if the encryption method used isn't adequately robust. This is why every newer generation of Wi-Fi uses a more advanced encryption method to increase the challenge and resources needed to crack the wireless communications encryption. Some networks also use restrictions on devices, such as Media Access Control (MAC) address filtering and other approaches, to prevent unauthorized access to a network. There are various methods to defeat this approach, some of which use the credentials of authorized network devices obtained via MAC spoofing, "cafe latte" attacks, man-in-the-middle attacks, or other wireless network spoofing methods. Some wireless networks are protected physically by using RF shielding to prevent unauthorized devices or any devices outside of a controlled area from receiving adequate signal reception. With physical access to a wireless device, which could be anything from a laptop to an IoT sensor, it is often possible to hack the device and obtain credentials adequate to launch an attack. This is why many chip manufacturers of IoT devices are now including on-chip security measures that raise the difficulty of accessing memory and operating the device outside of intended parameters. Security is also an area where counterfeit chips have become an issue, with many chip makers and device manufacturers investing heavily in methods to prevent counterfeit chips from being built into new designs. Some of these methods include dedicated provisioning services that aren't accessible without protected hardware features.