The Threat-Victim Table: A security prioritisation framework for diverse WLAN network topographies

At present there is no common means for establishing the security performance of wireless local area networks (WLANs) against threats. Furthermore, there has been little investigation into whether security performance is reliant on network topography. Consequently this paper advocates that for a range of WLAN infrastructure topographies (home, enterprise & open-access) there can be significant diversity in terms of resources, equipment, users and most importantly security, which can in turn influence attack detection performance. In order to demonstrate these detection differences, a novel framework for evaluating network security performance (the Threat-Victim Table) is developed. This framework is applied to a range of WLAN topographies using an open source (Kismet) Wireless Intrusion Detection System. Three Kismet components are utilised; client, server and drone, to represent typical IDS deployment configurations for these topographies. Analysis of the security capability of Kismet is derived as an example of this framework, for qualifying network security performance against security threats and also to assess the priority level of these vulnerabilities.