Wireless Network Security

From Computing and Software Wiki

(Difference between revisions)

Revision as of 02:47, 8 April 2008

Wi-Fi Security

A wireless network refers to any type of computer network that utilizes wireless technology. Furthermore, a wireless local area network, or WLAN, is a network that uses radio waves instead of wires to transmit data back and forth between computers on the same network [Curran 2008]. In terms of security, WLANs are in many ways inferior to wired networks. Since wireless networks are broadcast on open radio channels, much like CB, walkie-talkie, or other short wave radio, the risk for data theft and network intrusion is greatly increased [Curran 2008].

Wireless network security threats have become an eminent problem as the use of the Internet continues to grow [Rogoski 2002]. Network issues and the security measures for home and business wireless networks are extremely important to the management of an eBusiness. Businesses are becoming more reliant on e-commerce systems as core elements of their business [Rogoski 2002]. Although certain eBusinesses rely more on e-commerce systems than others, it is essential that they are protected from the threats posed by attackers, viruses, and fraud.

Wireless networks are great because they allow employees to connect from anywhere in the office. However, this benefit is also what makes them vulnerable to attackers who do not need to be physically connected to the network to gain access. Attackers can gain access to wireless networks from outside of the business, and with a technique called packet sniffing, they can have access to everything that is sent and received over the network [Rogoski 2002].

Poor security measures for an eBusiness can result in attackers obtaining sensitive business data such as catalogues, price lists, and especially valuable proprietary information. Another important reason why wireless network security is extremely important to an eBusiness is the loss of customer confidence if personal information is stolen. Customers tend to be less willing to perform business transactions over the internet if their personal information is not secured [Rogoski 2002].

Common Network Security Threats

As mentioned above, wireless networks are not nearly as secure as wired networks. There are many threats that affect wireless networks and some of the more common ones will be discussed in detail.

Accidental Association

Accidental association refers to unauthorized access to company wireless networks. When a user’s computer searches for a wireless network, in most cases, it will connect to the network with the best signal strength. If the strongest network happens to be a neighbouring connection that is unsecure, the user may accidentally gain access to a foreign network. In this case, if the network is monitored by a potential attacker, the user, who unknowingly connected to the network, may be open to attack.

Malicious Association

A malicious association occurs when a wireless device is induced to connect with a malicious laptop [Curran 2008]. These types of laptops are known as soft APs and are created when an attacker runs some software that makes their wireless network card look like a legitimate access point [Curran 2008]. Once access has been acquired, the attacker can steal passwords, launch attacks, or plant viruses within the network which can cause severe downtown or data theft.

Ad-hoc Networks

Ad-hoc networks are defined as peer-to-peer networks between wireless computers that do not have an access point between them, meaning there is actually no Internet connection. Attackers usually set up these networks and make them appear like actual Internet connections with a name such as Free Wi-Fi. When users connect to the ad-hoc network, they are exposing their computers to attack from a waiting attacker [Ilyas 2005].

Non-traditional Networks

Non-traditional networks dealing with devices other than computers, such as handheld PDAs, or wireless printers and copiers, present security of their own. These devices pose a threat to the wireless network since the security of them can be easily overlooked by IT personnel who have narrowly focussed on laptops and access points [Curran 2008].

MAC Spoofing

MAC spoofing occurs when an attacker is able to listen in on network traffic and identify the MAC address of a computer with network privileges [Curran 2008]. Stealing the MAC address of a computer can be very helpful to an attacker. Every network interface card (NIC), which provides a connection to a router and thus to the Internet, contains a unique MAC address. In some cases, MAC address filtering, as described in Section 3.1, will be enabled within a network. When this is the case, only certain addresses will be allowed on the network. A number of programs exist that have network sniffing capabilities allowing an attacker to determine and steal a MAC address [Curran 2008]. Stealing an address and using it (MAC spoofing), allows attackers to break into some secure networks, gaining access to potentially valuable information.

Man-in-the-middle Attacks

A man-in-the-middle attack is very similar to malicious association as mentioned in Section 2.2. An attacker entices devices to log into a computer which is set up as a soft AP [Ilyas 2005]. Once this is done, the attacker connects to a real access point through another NIC offering a steady flow of traffic through the hacking computer to the Internet. This presents a major security issue because the user may be transferring private information while the attacker is sniffing the data [Ilyas 2005].

Denial of Service

Denial of service attacks are active attacks that are meant to cause disruption of network services. Typical attacks occur when an attacker floods the network by saturating the wireless frequency bands with noise [Cali 2000]. An attack of this nature will usually slow down network traffic, and in some cases, cause the network to crash. Therefore, legitimate network users may be unable to connect to and use the network. This type of attack may not be preventable unless the default Service Set Identifier (SSID) is changed or SSID broadcast is disabled (as described in Section 4).

Café Latte Attack

The café latte attack proves that an attacker can retrieve a Wired Equivalency Privacy (WEP) encryption key without having to be in range of the wireless network. In the past, an attacker was required to be in range of a wireless network in order to sniff the traffic to obtain the encryption key [Phifer 2007]. With the café latte attack, it is possible to achieve this using a technique called AP-less WEP Cracking [Phifer 2007]. The attacker uses various behavioural characteristics of the Windows Wireless stack along with known flaws in WEP to obtain the encryption key [Phifer 2007].

Wireless Network Protection Methods

Wireless network protection is an extremely important issue to consider in any wireless network. There are many technologies available to protect wireless networks; however, no single technique provides definite security. Some of the more common protection methods will now be discussed in detail.

MAC ID filtering

Many wireless routers provide the ability to enable some sort of MAC address filtering. This technique permits only specified MAC addresses with a connection to the network. As a security method, this is a helpful technique in that it allows network administrators to control which devices can use the network. Using this technique alone however, will not provide complete security since MAC addresses can be spoofed, as seen in Section 2.5.

Static IP Addressing

One of the features of using Dynamic Host Configuration Protocol (DHCP) in network configuration is that it allows devices to be added to a network with minimal or no manual configuration [Curran 2008]. If this is activated, each device is automatically assigned an IP address, usually in the form 192.168.1.n where n is an integer starting from one. With static IP addressing, each address is set by hand and can be chosen from the available addresses on the network router. This technique makes it more difficult for a casual or unsophisticated intruder to log onto the network [Curran 2008].

WEP

Wired Equivalency Privacy (WEP) was the original encryption standard for wireless and was intended to make wireless networks as secure as wired networks [Potter 2004]. This is not the case however, as many flaws were quickly discovered and exploited [Potter 2004]. Nonetheless, this encryption still provides some form of network security and if used, should be combined with other forms of protection. Adding an encryption layer is a very important step to securing a wireless network.

WPA/WPA2

Wi-Fi Protected Access (WPA) is an early security standard that was developed by the Wi-Fi Alliance to replace WEP [Wi-Fi Alliance 2008]. It is simply another method of encryption for wireless connections that was developed to provide improvements to WEP through firmware updates and thus did not require new network hardware to be deployed [Wi-Fi Alliance 2008]. WPA2 is designated as the final 802.11i standard from the Wi-Fi Alliance with its inclusion of the AES-CCMP encryption algorithm [Wi-Fi Alliance 2008].

802.1X

802.1X is an IEEE standard for port-based network access control and provides authentication to devices attached to a local area network port. It acts as a control layer for networks which will permit or prohibit specific network traffic during certain situations [Snyder 2002].

LEAP

Lightweight Extensible Authentication Protocol (LEAP) is based on the 802.1X standard and helps minimize the original security flaws of 802.1X by using WEP and a sophisticated key management system [Sankar 2004]. LEAP allows devices to re-authenticate frequently; each time acquiring a new WEP key [Sankar 2004]. The idea here is that the WEP keys will not live long enough to be hacked by an attacker.

PEAP

Protected Extensible Authentication Protocol (PEAP) is another type of network security layer. This protocol allows for a secure transport of data, passwords, and encryption keys with the need of a certificate server [Sankar 2004]. PEAP authenticates clients into a network using server-side public key certificates and provides very good security [Sankar 2004]. It was developed by Cisco, Microsoft, and RSA Security.

RADIUS

Remote Authentication Dial In User Service (RADIUS), is a protocol used for remote network access and provides excellent protection against attackers [Hill 2001]. RADIUS works by having a server within the company network act as a gatekeeper by verifying users through a username and password previously determined by the user [Hill 2001]. RADIUS is a good security technique often used in wireless networks by improving the WEP encryption key standard [Hill 2001].

Smart cards and USB tokens

This is a very high form of network security. The hardware card or token uses its internal identity code combined with a user entered PIN to create a powerful algorithm, providing a very secure way to conduct wireless transmissions [Curran 2008]. One downfall to this method is its expensive nature.

Five Steps for Securing a Wireless Network

As seen in the previous section, securing a wireless network can be achieved through a variety of methods. Some of these methods include complex programs and require expensive IT support [Potter 2004]. There are, however, a number of common, easy-to-implement techniques that can be implemented in order to achieve an acceptable level of security within a wireless network. Most of the protection methods that were introduced in Section 3 are open to attack when used on an individual basis. The following five simple techniques can help secure a wireless network and prevent unwanted access to a wireless network:

Change the router’s default administrator password
Change the default SSID and disable SSID broadcast
Change the IP address setting
Use some form of encryption
Use the MAC address filter technique

References

[1] Cali, F, M Conti, and E Gregori. "Dynamic IEEE 802.11: Design, Modeling and Performance Evaluation." IEEE Journal on Selected Areas in Communications, 2000: 1774-1786.

[2] Curran, Kevin, and Elaine Smyth. "Security Issues with Wi-Fi Networks." Encyclopedia of Internet Technologies and Applications, 2008: 498-504.

[3] Hill, Joshua. An Analysis of the RADIUS Authentication Protocol. San Luis Obispo: InfoGard Laboratories, 2001.

[4] Ilyas, Mohammad, and Syed Ahson. Handbook of Wireless Local Area Networks. Boca Raton: CRC Press, 2005.

[5] Phifer, Lisa. "The Caffe Latte Attack: How It Works and How to Block It". December 12, 2007. (accessed March 26, 2008).

[6] Potter, Bruce. "Fixing wireless security." Network Security, 2004: 4-5.

[7] Rogoski, Richard. "Security Can Deter Wireless Hackers." Triangle Business Journal, 2002: 2.

[8] Sankar, Krishna, Sri Sundaralingam, Darrin Miller, and Andrew Balinsky. "EAP Authentication Protocols for WLANs." Cisco Press, 2004: 1-10.

[9] Snyder, Joel. "What is 802.1x?" Network World, 2002: 1-2.

[10] Wi-Fi Alliance. "Simple Wireless Network for Home and Small Office". March 29, 2008. (accessed March 29, 2008).

--Zychk 22:20, 7 April 2008 (EDT)

@@ Line 77: / Line 77: @@
 == See Also ==
-[[Bluetooth_Security|Bluetooth Security]]<BR>
 [[Information_security_awareness|Information Security Awareness]]<BR>
 [[Peer_To_Peer_Network_Security|Peer To Peer Network Security]]<BR>