Beruflich Dokumente
Kultur Dokumente
Name:
Institution:
WIRELESS NETWORK SECURITY 2
Table of Contents
Introduction................................................................................................................ 3
Wireless local area network:................................................................................ 3
Network access point:.......................................................................................... 3
Service set identifier:........................................................................................... 3
Wireless Security Protocols...................................................................................... 4
Open system authentication:...............................................................................4
Shared key authentication:.................................................................................. 4
Ad-hoc mode:....................................................................................................... 4
Infrastructure mode:............................................................................................ 5
Wired equivalent privacy protocol...........................................................................5
Wi-fi protected access and wi-fi protected access 2................................................5
Network Security threats and risks..........................................................................7
"Parking lot" attack:............................................................................................. 7
Shared key authentication flaw:...........................................................................7
Service set identifier flaw:.................................................................................... 8
The attack on temporal key integrity protocol (TKIP):..........................................8
The vulnerability of wired equivalent privacy protocol............................................9
Other forms of attack to wireless networks.............................................................9
DoS:................................................................................................................... 10
DDoS:................................................................................................................. 10
Man in the middle:............................................................................................. 10
Social engineering:............................................................................................. 11
Virus:.................................................................................................................. 11
Worms:............................................................................................................... 11
Buffer overflow:.................................................................................................. 12
Packet sniffing:................................................................................................... 12
FTP bounce:........................................................................................................ 12
Smurf:................................................................................................................ 13
Best Practice Recommendation................................................................................ 13
Conclusion................................................................................................................ 13
References................................................................................................................ 14
Introduction
WIRELESS NETWORK SECURITY 3
Mobile devices and wireless technology are getting sophisticated each day. With this
wireless accessibility is being rolled out highly in offices and general public environments which
include homes and public institutions as well as refreshment areas such as hotels and restaurants.
This paper reviews the security threats and risks that are associated with wireless networks and
outlines some of the best practices for designing and implementing wireless networks in
corporate organizations and home setups. Finally, a set of security techniques is provided for
end-users browsing through the Internet using public wireless networks. Wireless Network
access technology is being increasingly adopted in both the offices and public institutions, as
well as by the Internet users in their private homes. This section begins by first outlining some of
Wireless local area network: WLAN is a network that employs the use of high-frequency radio
waves instead of wires to establish a communication link between two or more network-enabled
systems or devices.
Network access point: A wireless network access point (AP) is a hardware device that facilitates
connection to a wireless network; for wireless communication devices, like PDAs and, mobile
computers. Usually, an AP connects to a system of wired network and provides a switch for
information communication between wireless and wired network devices (Karygiannis &
Owens, 2012).
Service set identifier: A Service Set Identifier (SSID) is a network identification that is known
to be configurable, and it allows wireless users to communicate with a proper access point. If a
proper configuration is established, only clients with correct SSID can communicate with the
WIRELESS NETWORK SECURITY 4
network access points within the system. In effect, SSID acts as a universal password that is
request that contains a station ID and a primary authentication response that contains success or
failure data; when successful authentication as been established, both stations are deemed
mutually verified. It can be used together with WEP (Wired Equivalent Privacy) protocol to
assist in providing better communication security. However, it is imperative to establish that the
verification management frames are sent in the form of clear text during the verification process.
WEP is only used to support data encryption once the user is verified (authenticated). Any user
can send its station ID in an effort to link with the AP. In result, no authentication is achieved
Shared key authentication: A Shared Key Authentication is known as a standard challenge and
response tool that uses the WEP and a shared secret key to help in providing verification. Once
the challenge text is encrypted with WEP using the established shared secret key, the
authenticating client is expected to return the encrypted challenge text back to the original access
point for further analysis. Authentication is deemed successful when the access point decrypts
Ad-hoc mode: Ad-hoc mode is one of the networking topologies that is provided in the 802.11
standards. It comprises not less than two wireless stations where there is no access point
associated in their communication process. Ad-hoc mode WLANs are usually less costly to run
WIRELESS NETWORK SECURITY 5
since no APs are required for their communication. However, this type of topology cannot
expand to be used in larger networks, and it also lacks certain security attributes such as MAC
Infrastructure mode: Infrastructure mode is another type of networking topology in the 802.11
standards, in addition to ad-hoc mode. It contains some wireless stations and network access
points. These access points are usually connected to a larger wired network system. This network
topology can expand to form large-scale networks with random coverage and sophistication
found in the IEEE 802.11 standard WEP is intended to establish confidentiality over a wireless
network by helping with the encryption of the information transmitted over the network. A key-
scheduling defect has, however, been discovered in WEP, so it is currently considered as insecure
because a WEP key can be easily cracked in just a few minutes when a proper automated tool is
set up correctly. Therefore, the system administrators should avoid using WEP unless there is no
other option.
Wi-Fi Protected Access (WPA) is a wireless network security standard that is intended to
address and correct the known security issues in WEP. WPA provides network users with a
higher level of assurance that their information will remain protected under any circumstance by
using Temporal Key Integrity Protocol (TKIP) for data or file encryption. Currently, 802.1 x
authentications have been included in this protocol to aid in the improvement of user
WIRELESS NETWORK SECURITY 6
authentication. Based on IEEE 802.11i, Wi-Fi Protected Access 2 (WPA2), is a new wireless
network security protocol where only the authorized users can gain access to a wireless device.
WAP2 has features that support stronger cryptography for instance; Advanced Encryption
Authentication Protocol, replay attack protection, key management and, data integrity (Shin et al.
2016). However, there have been claims that a new threat and vulnerability was discovered on
WPA2 protocol, named Hole 196. By exploiting a potential vulnerability, an internally verified
Wi-Fi user can manage to decrypt private data of other users and inject malignant traffic into the
wireless network. After investigations, such attack cannot be able to recover, crack or break any
WPA2 encryption algorithm (AES or TKIP). Attackers can only disguise themselves as AP and
initiate a man-in-the-middle attack when clients link with them. Furthermore, such attack cannot
allowed in access points, then the wireless clients are not authorized to communicate with one
another when they are attaching to the same access point. In this established connection, an
attacker is unable to launch a man-in-the-middle attack to other wireless users (Bulbul et al.
2014). TKIP was devised to be used together with the WPA while the stronger algorithm AES
was devised to be used together with WPA2. Some devices may permit WPA to work with AES,
and some others may allow WPA2 to work with the TKIP. However, since November 2008,
vulnerability in TKIP was revealed where an attacker might be able to decrypt several small
packets and plant arbitrary data into the wireless network. Thus, TKIP encryption is considered
to no longer contain a secure implementation. A new release should consider using an extremely
strong key combination of WPA2 with AES encryption standard (Bulbul et al. 2014).
The cost-effective nature of wireless network systems makes them more attractive to
users. However, the availability of less expensive equipment also readily gives the network
attackers the tools to initiate attacks on the network. The design flaws in the security protocols of
the 802.11 standards also contribute to the rise in some potential attacks, both in the passive and
active form. These attacks make it easy for the intruders to eavesdrop on the system activities, or
interfere with the normal functionality of the network and the normal wireless transmissions.
"Parking lot" attack: Access points transmit radio signals in an orbicular design, and the
signals almost continuously extend past the physical confines of the area they are supposed to
cover. The network Signals can be intercepted outside the buildings, better still through the floors
in multi-storey buildings. As a result, cyber criminals can initiate a "parking lot" attack, where
they pull of f a hack while they are situated in the organizations parking lot and try to gain
access to internal hosts through the wireless network. If a network is attacked, the attacker is said
to have pulled off a high level of penetration into the system. They are said to be through the
firewall, and therefore they will have the same level of network access rights just like the trusted
employees within the organization. A hacker may also trick a legitimate wireless client into
establishing a connection to the hacker's network system by placing an unauthorized access point
with a very strong and active signal in proximity to the wireless users. The objective is to capture
end-user authentication keys and passwords or other sensitive data such as the usernames when
Shared key authentication flaw: A Shared key authentication can easily be interfered with
through a passive attack where the attacker eavesdrops on both the challenge and the response
that occurs between the access point and the authenticating client system. Such an attack is
always possible because of the ability of an attacker to capture both the challenge known as the
WIRELESS NETWORK SECURITY 8
plaintext and, the response referred to as the ciphertext, in the system data and files. WEP applies
the use of the RC4 stream cipher as its encryption algorithm. This stream cipher works by
generating a keystream, that is, series of pseudo-random bits, in accordance with the shared
secret key, together with an initialization vector (IV); the attackers then XORes the key-stream
against the plaintext for them to be able to produce the ciphertext. A major attribute of a stream
cipher is that if both the plaintext and the ciphertext are of a known sequence, then the keystream
can be recovered by a simple XORing process of the plaintext and the ciphertext collectively, in
this case, the challenge and the response. The key stream that is recovered can then be utilized by
the hackers to encrypt any succeeding challenge text that is generated by the network access
point to produce a correct authentication response by XORing the two values collectively. As a
result, the hackers can be verified to the access point (Bulbul et al. 2014).
Service set identifier flaw: Network Access points come with pre-installed SSIDs. If the default
SSID is not updated, it will comparatively attract more attacks from hackers since the pre-
installed SSIds have units that are regarded as poorly configured devices. Besides, SSIDs are
installed in management frames that will be broadcasted in clear text regardless of the fact that
conducting an analysis of the captured network traffic from the air, an attacker can obtain the
network SSID and performs further attacks that might be very successful.
The attack on temporal key integrity protocol (TKIP): The TKIP attack employs a technique
that is similar to the WEP attack that is, trying to decode each byte at a time by using a multiple
replay system and making an observation of the response over the air. By using this technique,
hackers have the capability to decode small packets like ARP frames in a timeframe that is as
low as 15 minutes. In case Quality of Service (QoS) is enabled in the network, hackers can be
WIRELESS NETWORK SECURITY 9
able to further inject up to 15 random frames for each decrypted packet. Potential attacks include
DNS manipulation, ARP poisoning, and denial of services. This is still a serious attack that poses
potential risks to all TKIP implementations on both WPA and WPA2 network despite the fact that
it is neither regarded as a major recovery attack nor does it result to compromise of TKIP keys or
Data transmitted within a wireless LAN with WEP disabled (which is the default setting
for most products) becomes susceptible to eavesdropping and data alteration attacks. However,
even when WEP is turned on, the confidentiality and integrity of the wireless traffic remain at
risk because several flaws in WEP have been exposed, which seriously threaten its claims to
Passive attacks to decrypt traffic based on known plaintext and chosen ciphertext attacks;
Passive attacks to decrypt traffic based on statistical analysis on ciphertexts;
Active attacks to embed new traffic from unauthorized mobile stations;
Active attacks to alter data; or
Active attacks to try and decrypt traffic, based on duping the access point into redirecting
DoS: The DOS (denial of service) attack floods the network host with the stream of sham data
which makes it process the designed data. The DoS attacks can be launched against the network
computers and the other network devices as well. The DoS attack is a security threat which
means that the larger attacks are taking place. Then the DoS attack constitutes the network attack
where the hijacker's gain access to system login credentials via communication from the user
WIRELESS NETWORK SECURITY 10
who is already authenticated to the resource. When the users' computers are cut out by a DoS
attack, then the attacker has access to the resource before the user gains access. The attackers can
stop the user from gaining access or, make changes to the data then send it to the unsuspecting
user.
DDoS: The distributed denial of service is that type that occurs when multiple systems are used
to flood the bandwidth of the system servers or just one server. The principal goal of this type of
attack is to saturate a system resource to the extent that it is not available a longer time for its
rightful use. It is used as a disguise to hide several malicious attacks which attempt to hijack
sensitive or private information or other types of data. A specialized software known as DDS can
be used in an attempt to block the traffic that contains a genuine content besides the bad intention
Man in the middle: The man in the middle attack takes place when the attacker keeps a logical
communicating parties are always not aware that they are not communicating directly. Instead,
they always think they are directly communicating with one another. However, the information is
intercepted by a man in the middle who then forwards it to the intended recipient. This attack is
known to be very harmful to organizations. Most of the organizations tend to adopt measures
such as strong authentication policies as well as strong password standard as well as the current
protocols, including IPSec or L2TP that have the tunnel authentications endpoints.
Social engineering: This form of attack does not rely on the technology or protocols to succeed.
Instead, it relies on the human behavior. Users always trust each other. Therefore, this is where
this type of an attack starts. It may include false website domains that request the login
WIRELESS NETWORK SECURITY 11
information from the unsuspecting web users. This type of an attack can also be called phishing
attacks especially when it occurs via the emails. A social engineering attack can be prevented by
just advising the network users not to give out their login credentials in the prompt that they do
not trust or rather which they have no idea of the source (Pierson & DeHaan, 2015).
Virus: The computer virus is a program which is coded primarily with the purpose of infecting
the computers within the networks. Once injected in the computer, it can copy itself to the files
without user knowledge. These viruses were first experienced in the 1980s. Mostly they are
aimed at specific files, however, due to the growing technology people have managed to develop
viruses that can change after they infect the computers in an attempt to hide from the antivirus
program software. There are over 76,000 known computer viruses, and the computer users can
eradicate them by updating their antivirus software to match the type of virus within their servers
and the computers. Viruses if left within the systems, can slow don operation of the entire
network as well as corrupt all the files it comes across within the system.
Worms: The worms are somehow similar to the viruses only that they do not affect the system
files. They are more advanced in that, once they affect one computer within the network, they
can spread to other computers by auto-replicating and sending itself to other computers They are
said to cause network problems such as network resource usage and bandwidth issues. The most
common worms such as Sobig and Mydoom worms are said to have affected thousands of
servers and computers in the past. The system administrators can stop the spread of the worms by
ensuring that the security patches within the servers and clients are kept up to date.
Buffer overflow: The buffer overflow is a type of attack that is created anomaly by a rogue
programmer when writing codes to the buffer file intentionally to overwrite the buffer memory
WIRELESS NETWORK SECURITY 12
files and the nearby memories. A buffer overflow may cause memory errors and erratic system
behavior and finally, a crash or breach of the entire system security. The system administrators
are advised to use products such as ProPolice and Stackguard to help prevent buffer overflow
Packet sniffing: When an attacker wants to pull off a packet sniffing attack, they can employ the
use of a protocol analyzer to instigate their attack on the system. Packet sniffing is the process in
which a hacker collects the data sample using a software or hardware device that allows for data
analysis at a packet level. The hacker may be able to see the IP addresses, any unencrypted
passwords, the system sensitive data and MAC addresses. After attackers discover vulnerability,
the attacker will initiate an active attack. The best way of preventing this attack is to block
anything except the system administrator from installing a system analyzer within the network.
Most of these packet analyzers can help in identifying the presence of any other packet analyzer
present within the system unless a hacker uses computer software to make the assault hidden.
FTP bounce: An FTP bounce attack is a legacy attack that can never work properly on FTP
software. It always uses the system port command to request access to a victim machine
indirectly. Once in port, an attacker can obtain the information they needed or else interrupt
network communication.
Smurf: The smurf attack is the type of attack that exploits the common network tool such as
ping. To prevent this kind of assault, the administrators just have to install the most current
security patches. These patches are always up to date, and they tend to avoid any network host to
ping the own broadcast addresses. It will stop the smurf attack (Han et al. 2014).
The system managers must ensure that they adopt all the necessary policies that will help
with the user account control. The user accounts must be monitored to ensure they are used to in
the way that will not affect the system. The best use control policies must be clearly stated to
avoid any unauthorized use of the system resources. Thirdly, the system administrators must
ensure that not all users have elevated privileges that will allow them access to sensitive data in
the system. Limiting privileges to system administrators will help in controlling the download
contents which is always a source of problems in the system. Finally, a periodic security audit
Conclusion
It is quite good to ensure that the network security is always reviewed for any threat.
Having the knowledge of the types of threats and the ways to go about solving them is the start
of establishing a secure organization system. The types of threats are however getting
sophisticated each day due to the dynamic nature of technology. However, countermeasures have
also not lagged behind, and that is why there is way to prevent system attacks. It is up to the
network managers within the organization to ensure that they have the latest defense software to
REFERENCES
Bulbul, H. I., Batmaz, I., & Ozel, M. (2014, January). Wireless network security: Comparison of
WEP (wired equivalent privacy) mechanism, WPA (wi-fi protected access) and RSN
WIRELESS NETWORK SECURITY 14
and multimedia and workshop (p. 9). ICST (Institute for Computer Sciences, Social-
Chuang, C. M., Tung, C., Lee, H. L., & Huang, K. S. (2016). U.S. Patent No. 9,363,675.
Han, G., Jiang, J., Shu, L., Niu, J., & Chao, H. C. (2014). Management and applications of trust
80(3), 602-617.
Irving, P. A., Oscar, P. J., & Ofem, P. O. (2016). Research on Wireless Network Security
Karygiannis, T., & Owens, L. (2012). Wireless network security. NIST special publication, 800,
48.
Ochang, P. A., Irving, P. J., & Ofem, P. O. (2016). Research on Wireless Network Security
Pierson, G., & DeHaan, J. (2015). U.S. Patent No. 9,203,837. Washington, DC: U.S. Patent and
Trademark Office.
Ramachandran, M., & Chang, V. (2014, December). Recommendations and best practices for
Shin, M., Ma, J., Mishra, A., & Arbaugh, W. A. (2016). Wireless network security and
Xiao, Y., Chen, H., Yang, S., Lin, Y. B., & Du, D. Z. (2013). Wireless network security.