Wireless Network Security

From Computing and Software Wiki

Wi-Fi Security - ...threats have become an eminent problem...⁸

Wireless network security threats have become an eminent problem as the use of the Internet continues to grow⁸. Network issues and the security measures for small wireless networks are extremely important to protect against the threats posed by attackers, viruses, and fraud.

Wireless networks are great because they allow users to connect anywhere within range. However, this benefit is also what makes them vulnerable to attackers who do not need to be physically connected to the network to gain access. Since attackers can gain access to wireless networks, they can use a technique called packet sniffing, which can grant access to everything that is sent and received over the network⁸.

Common Network Security Threats

Wireless networks are not nearly as secure as wired networks. Some of the more common threats are included here, but it should be noted that threats come and go and new ones could be introduced at any time. The following examples should be used as a general introduction.

Accidental Association

Accidental association refers to unauthorized access to company wireless networks. When a user’s computer searches for a wireless network, in most cases, it will connect to the network with the best signal strength. If the strongest network happens to be a neighbouring connection that is unsecure, the user may accidentally gain access to a foreign network. In this case, if the network is monitored by a potential attacker, the user, who unknowingly connected to the network, may be open to attack.

Malicious Association

A malicious association occurs when a wireless device is induced to connect with a malicious laptop². These types of laptops are known as soft APs and are created when an attacker runs some software that makes their wireless network card look like a legitimate access point². Once access has been acquired, the attacker can steal passwords, launch attacks, or plant viruses within the network which can cause severe downtown or data theft.

Ad-hoc Networks

Ad-hoc networks are defined as peer-to-peer networks between wireless computers that do not have an access point between them, meaning there is actually no Internet connection. Attackers usually set up these networks and make them appear like actual Internet connections with a name such as Free Wi-Fi. When users connect to the ad-hoc network, they are exposing their computers to attack from a waiting attacker⁴.

Non-traditional Networks

Non-traditional networks dealing with devices other than computers, such as handheld PDAs, or wireless printers and copiers, present security issues of their own. These devices pose a threat to the wireless network since the security of them can be easily overlooked by IT personnel who have narrowly focussed on laptops and access points².

MAC Spoofing

MAC spoofing occurs when an attacker is able to listen in on network traffic and identify the MAC address of a computer with network privileges². Stealing the MAC address of a computer can be very helpful to an attacker. Every network interface card (NIC), which provides a connection to a router and thus to the Internet, contains a unique MAC address. In some cases, MAC address filtering will be enabled within a network. When this is the case, only certain addresses will be allowed on the network. A number of programs exist that have network sniffing capabilities allowing an attacker to determine and steal a MAC address². Stealing an address and using it (MAC spoofing), allows attackers to break into some secure networks, gaining access to potentially valuable information.

Man-in-the-middle Attacks

A man-in-the-middle attack is very similar to malicious association. An attacker entices devices to log into a computer which is set up as a soft AP⁴. Once this is done, the attacker connects to a real access point through another NIC offering a steady flow of traffic through the hacking computer to the Internet. This presents a major security issue because the user may be transferring private information while the attacker is sniffing the data⁴.

Denial of Service

Denial of service attacks are active attacks that are meant to cause disruption of network services. Typical attacks occur when an attacker floods the network by saturating the wireless frequency bands with noise¹. An attack of this nature will usually slow down network traffic, and in some cases, cause the network to crash. Therefore, legitimate network users may be unable to connect to and use the network.

Cafe Latte Attack

The café latte attack proves that an attacker can retrieve a Wired Equivalency Privacy (WEP) encryption key without having to be in range of the wireless network. In the past, an attacker was required to be in range of a wireless network in order to sniff the traffic to obtain the encryption key⁶. With the café latte attack, it is possible to achieve this using a technique called AP-less WEP Cracking⁶. The attacker uses various behavioural characteristics of the Windows Wireless stack along with known flaws in WEP to obtain the encryption key⁶.

Wireless Network Protection Methods

Wireless network protection is an extremely important issue to consider in any wireless network. The follow are some common protection techniques.

MAC ID filtering

Many wireless routers provide the ability to enable some sort of MAC address filtering. This technique permits only specified MAC addresses with a connection to the network. As a security method, this is a helpful technique in that it allows network administrators to control which devices can use the network. Using this technique alone however, will not provide complete security since MAC addresses can be spoofed.

Static IP Addressing

One of the features of using Dynamic Host Configuration Protocol (DHCP) in network configuration is that it allows devices to be added to a network with minimal or no manual configuration². If this is activated, each device is automatically assigned an IP address, usually in the form 192.168.1.n where n is an integer starting from one. With static IP addressing, each address is set by hand and can be chosen from the available addresses on the network router. This technique makes it more difficult for a casual or unsophisticated intruder to log onto the network².

WEP

Wired Equivalency Privacy (WEP) was the original encryption standard for wireless and was intended to make wireless networks as secure as wired networks⁷. This is not the case however, as many flaws were quickly discovered and exploited⁷. Nonetheless, this encryption still provides some form of network security and if used, should be combined with other forms of protection. Adding an encryption layer is a very important step to securing a wireless network.

WPA/WPA2

Wi-Fi Protected Access (WPA) is an early security standard that was developed by the Wi-Fi Alliance to replace WEP¹¹. It is simply another method of encryption for wireless connections that was developed to provide improvements to WEP through firmware updates and thus did not require new network hardware to be deployed¹¹. WPA2 is designated as the final 802.11i standard from the Wi-Fi Alliance with its inclusion of the AES-CCMP encryption algorithm¹¹.

802.1X

802.1X is an IEEE standard for port-based network access control and provides authentication to devices attached to a local area network port. It acts as a control layer for networks which will permit or prohibit specific network traffic during certain situations¹⁰.

LEAP

Lightweight Extensible Authentication Protocol (LEAP) is based on the 802.1X standard and helps minimize the original security flaws of 802.1X by using WEP and a sophisticated key management system⁹. LEAP allows devices to re-authenticate frequently; each time acquiring a new WEP key⁹. The idea here is that the WEP keys will not live long enough to be hacked by an attacker.

PEAP

Protected Extensible Authentication Protocol (PEAP) is another type of network security layer. This protocol allows for a secure transport of data, passwords, and encryption keys with the need of a certificate server⁹. PEAP authenticates clients into a network using server-side public key certificates and provides very good security⁹.

RADIUS

Remote Authentication Dial In User Service (RADIUS), is a protocol used for remote network access and provides excellent protection against attackers³. RADIUS works by having a server within the company network act as a gatekeeper by verifying users through a username and password previously determined by the user³. RADIUS is a good security technique often used in wireless networks by improving the WEP encryption key standard³.

Smart cards and USB tokens

This is a very high form of network security. The hardware card or token uses its internal identity code combined with a user entered PIN to create a powerful algorithm, providing a very secure way to conduct wireless transmissions². One downfall to this method is its expensive nature.

Five Steps for Securing a Wireless Network

Securing a wireless network can be achieved through a variety of methods. Some of these methods include complex programs and require expensive IT support⁷. There are, however, a number of common, easy-to-implement techniques that can be implemented in order to achieve an acceptable level of security within a wireless network. Most of the protection methods previously mentioned are open to attack when used on an individual basis. The following five simple techniques can help secure a wireless network and prevent unwanted access to a wireless network⁵:

Change the router’s default administrator password
Change the default SSID and disable SSID broadcast
Change the IP address setting
Use some form of encryption
Use the MAC address filter technique

References

[1] Cali, F, M Conti, and E Gregori. "Dynamic IEEE 802.11: Design, Modeling and Performance Evaluation." IEEE Journal on Selected Areas in Communications, 2000: 1774-1786.

[2] Curran, Kevin, and Elaine Smyth. "Security Issues with Wi-Fi Networks." Encyclopedia of Internet Technologies and Applications, 2008: 498-504.

[3] Hill, Joshua. An Analysis of the RADIUS Authentication Protocol. San Luis Obispo: InfoGard Laboratories, 2001.

[4] Ilyas, Mohammad, and Syed Ahson. Handbook of Wireless Local Area Networks. Boca Raton: CRC Press, 2005.

[5] Malik, Bobby. "5 Steps to Home Wireless Security". January 25, 2006. (accessed March 30, 2008).

[6] Phifer, Lisa. "The Caffe Latte Attack: How It Works and How to Block It". December 12, 2007. (accessed March 26, 2008).

[7] Potter, Bruce. "Fixing wireless security." Network Security, 2004: 4-5.

[8] Rogoski, Richard. "Security Can Deter Wireless Hackers." Triangle Business Journal, 2002: 2.

[9] Sankar, Krishna, Sri Sundaralingam, Darrin Miller, and Andrew Balinsky. "EAP Authentication Protocols for WLANs." Cisco Press, 2004: 1-10.

[10] Snyder, Joel. "What is 802.1x?" Network World, 2002: 1-2.

[11] Wi-Fi Alliance. "Simple Wireless Network for Home and Small Office". March 29, 2008. (accessed March 29, 2008).

External Links

"Introduction to Wireless Network Security"

"Beginners Guides: Securing A Wireless Network"

"Wireless Network Security For The Home"

--Zychk 22:22, 13 April 2008 (EDT)