Running Head: WIRELESS NETWORK SECURITY 1

Wireless Network Security

Name:

Institution:
 WIRELESS NETWORK SECURITY 2

Table of Contents
Introduction................................................................................................................ 3
Wireless local area network:................................................................................ 3
Network access point:.......................................................................................... 3
Service set identifier:........................................................................................... 3
Wireless Security Protocols...................................................................................... 4
Open system authentication:...............................................................................4
Shared key authentication:.................................................................................. 4
Ad-hoc mode:....................................................................................................... 4
Infrastructure mode:............................................................................................ 5
Wired equivalent privacy protocol...........................................................................5
Wi-fi protected access and wi-fi protected access 2................................................5
Network Security threats and risks..........................................................................7
"Parking lot" attack:............................................................................................. 7
Shared key authentication flaw:...........................................................................7
Service set identifier flaw:.................................................................................... 8
The attack on temporal key integrity protocol (TKIP):..........................................8
The vulnerability of wired equivalent privacy protocol............................................9
Other forms of attack to wireless networks.............................................................9
DoS:................................................................................................................... 10
DDoS:................................................................................................................. 10
Man in the middle:............................................................................................. 10
Social engineering:............................................................................................. 11
Virus:.................................................................................................................. 11
Worms:............................................................................................................... 11
Buffer overflow:.................................................................................................. 12
Packet sniffing:................................................................................................... 12
FTP bounce:........................................................................................................ 12
Smurf:................................................................................................................ 13
Best Practice Recommendation................................................................................ 13
Conclusion................................................................................................................ 13
References................................................................................................................ 14

Introduction
 WIRELESS NETWORK SECURITY 3

Mobile devices and wireless technology are getting sophisticated each day. With this

continual sophistication in technology, coupled with increasing price or performance advantages,

wireless accessibility is being rolled out highly in offices and general public environments which

include homes and public institutions as well as refreshment areas such as hotels and restaurants.

This paper reviews the security threats and risks that are associated with wireless networks and

outlines some of the best practices for designing and implementing wireless networks in

corporate organizations and home setups. Finally, a set of security techniques is provided for

end-users browsing through the Internet using public wireless networks. Wireless Network

access technology is being increasingly adopted in both the offices and public institutions, as

well as by the Internet users in their private homes. This section begins by first outlining some of

the basic technology components of wireless network technology systems.

Wireless local area network: WLAN is a network that employs the use of high-frequency radio

waves instead of wires to establish a communication link between two or more network-enabled

systems or devices.

Network access point: A wireless network access point (AP) is a hardware device that facilitates

connection to a wireless network; for wireless communication devices, like PDAs and, mobile

computers. Usually, an AP connects to a system of wired network and provides a switch for

information communication between wireless and wired network devices (Karygiannis &

Owens, 2012).

Service set identifier: A Service Set Identifier (SSID) is a network identification that is known

to be configurable, and it allows wireless users to communicate with a proper access point. If a

proper configuration is established, only clients with correct SSID can communicate with the
 WIRELESS NETWORK SECURITY 4

network access points within the system. In effect, SSID acts as a universal password that is

shared between access points and the clients.

Wireless Security Protocols

Open system authentication: Open System Authentication is known to be the default

authentication protocol for the 802.11 standards. It comprises of a simplistic authentication

request that contains a station ID and a primary authentication response that contains success or

failure data; when successful authentication as been established, both stations are deemed

mutually verified. It can be used together with WEP (Wired Equivalent Privacy) protocol to

assist in providing better communication security. However, it is imperative to establish that the

verification management frames are sent in the form of clear text during the verification process.

WEP is only used to support data encryption once the user is verified (authenticated). Any user

can send its station ID in an effort to link with the AP. In result, no authentication is achieved

(Karygiannis & Owens, 2012).

Shared key authentication: A Shared Key Authentication is known as a standard challenge and

response tool that uses the WEP and a shared secret key to help in providing verification. Once

the challenge text is encrypted with WEP using the established shared secret key, the

authenticating client is expected to return the encrypted challenge text back to the original access

point for further analysis. Authentication is deemed successful when the access point decrypts

the given challenge text.

Ad-hoc mode: Ad-hoc mode is one of the networking topologies that is provided in the 802.11

standards. It comprises not less than two wireless stations where there is no access point

associated in their communication process. Ad-hoc mode WLANs are usually less costly to run
 WIRELESS NETWORK SECURITY 5

since no APs are required for their communication. However, this type of topology cannot

expand to be used in larger networks, and it also lacks certain security attributes such as MAC

filtering and access control.

Infrastructure mode: Infrastructure mode is another type of networking topology in the 802.11

standards, in addition to ad-hoc mode. It contains some wireless stations and network access

points. These access points are usually connected to a larger wired network system. This network

topology can expand to form large-scale networks with random coverage and sophistication

(Xiao et al. 2013).

Wired equivalent privacy protocol

A Wired Equivalent Privacy (WEP) Protocol is a fundamental security feature that is

found in the IEEE 802.11 standard WEP is intended to establish confidentiality over a wireless

network by helping with the encryption of the information transmitted over the network. A key-

scheduling defect has, however, been discovered in WEP, so it is currently considered as insecure

because a WEP key can be easily cracked in just a few minutes when a proper automated tool is

set up correctly. Therefore, the system administrators should avoid using WEP unless there is no

other option.

Wi-fi protected access and wi-fi protected access 2

Wi-Fi Protected Access (WPA) is a wireless network security standard that is intended to

address and correct the known security issues in WEP. WPA provides network users with a

higher level of assurance that their information will remain protected under any circumstance by

using Temporal Key Integrity Protocol (TKIP) for data or file encryption. Currently, 802.1 x

authentications have been included in this protocol to aid in the improvement of user
 WIRELESS NETWORK SECURITY 6

authentication. Based on IEEE 802.11i, Wi-Fi Protected Access 2 (WPA2), is a new wireless

network security protocol where only the authorized users can gain access to a wireless device.

WAP2 has features that support stronger cryptography for instance; Advanced Encryption

Standard or AES, or stronger authentication control for instance; EAP or Extensible

Authentication Protocol, replay attack protection, key management and, data integrity (Shin et al.

2016). However, there have been claims that a new threat and vulnerability was discovered on

WPA2 protocol, named Hole 196. By exploiting a potential vulnerability, an internally verified

Wi-Fi user can manage to decrypt private data of other users and inject malignant traffic into the

wireless network. After investigations, such attack cannot be able to recover, crack or break any

WPA2 encryption algorithm (AES or TKIP). Attackers can only disguise themselves as AP and

initiate a man-in-the-middle attack when clients link with them. Furthermore, such attack cannot

be succeeded in case there is a properly configured environment. If a client isolation feature is

allowed in access points, then the wireless clients are not authorized to communicate with one

another when they are attaching to the same access point. In this established connection, an

attacker is unable to launch a man-in-the-middle attack to other wireless users (Bulbul et al.

2014). TKIP was devised to be used together with the WPA while the stronger algorithm AES

was devised to be used together with WPA2. Some devices may permit WPA to work with AES,

and some others may allow WPA2 to work with the TKIP. However, since November 2008,

vulnerability in TKIP was revealed where an attacker might be able to decrypt several small

packets and plant arbitrary data into the wireless network. Thus, TKIP encryption is considered

to no longer contain a secure implementation. A new release should consider using an extremely

strong key combination of WPA2 with AES encryption standard (Bulbul et al. 2014).

Network Security threats and risks

 WIRELESS NETWORK SECURITY 7

The cost-effective nature of wireless network systems makes them more attractive to

users. However, the availability of less expensive equipment also readily gives the network

attackers the tools to initiate attacks on the network. The design flaws in the security protocols of

the 802.11 standards also contribute to the rise in some potential attacks, both in the passive and

active form. These attacks make it easy for the intruders to eavesdrop on the system activities, or

interfere with the normal functionality of the network and the normal wireless transmissions.

"Parking lot" attack: Access points transmit radio signals in an orbicular design, and the

signals almost continuously extend past the physical confines of the area they are supposed to

cover. The network Signals can be intercepted outside the buildings, better still through the floors

in multi-storey buildings. As a result, cyber criminals can initiate a "parking lot" attack, where

they pull of f a hack while they are situated in the organizations parking lot and try to gain

access to internal hosts through the wireless network. If a network is attacked, the attacker is said

to have pulled off a high level of penetration into the system. They are said to be through the

firewall, and therefore they will have the same level of network access rights just like the trusted

employees within the organization. A hacker may also trick a legitimate wireless client into

establishing a connection to the hacker's network system by placing an unauthorized access point

with a very strong and active signal in proximity to the wireless users. The objective is to capture

end-user authentication keys and passwords or other sensitive data such as the usernames when

users attempt to log on these rogue servers (Ochang et al. 2016).

Shared key authentication flaw: A Shared key authentication can easily be interfered with

through a passive attack where the attacker eavesdrops on both the challenge and the response

that occurs between the access point and the authenticating client system. Such an attack is

always possible because of the ability of an attacker to capture both the challenge known as the
 WIRELESS NETWORK SECURITY 8

plaintext and, the response referred to as the ciphertext, in the system data and files. WEP applies

the use of the RC4 stream cipher as its encryption algorithm. This stream cipher works by

generating a keystream, that is, series of pseudo-random bits, in accordance with the shared

secret key, together with an initialization vector (IV); the attackers then XORes the key-stream

against the plaintext for them to be able to produce the ciphertext. A major attribute of a stream

cipher is that if both the plaintext and the ciphertext are of a known sequence, then the keystream

can be recovered by a simple XORing process of the plaintext and the ciphertext collectively, in

this case, the challenge and the response. The key stream that is recovered can then be utilized by

the hackers to encrypt any succeeding challenge text that is generated by the network access

point to produce a correct authentication response by XORing the two values collectively. As a

result, the hackers can be verified to the access point (Bulbul et al. 2014).

Service set identifier flaw: Network Access points come with pre-installed SSIDs. If the default

SSID is not updated, it will comparatively attract more attacks from hackers since the pre-

installed SSIds have units that are regarded as poorly configured devices. Besides, SSIDs are

installed in management frames that will be broadcasted in clear text regardless of the fact that

access point is configured to incapacitate SSID broadcasting or enabled encryption. By

conducting an analysis of the captured network traffic from the air, an attacker can obtain the

network SSID and performs further attacks that might be very successful.

The attack on temporal key integrity protocol (TKIP): The TKIP attack employs a technique

that is similar to the WEP attack that is, trying to decode each byte at a time by using a multiple

replay system and making an observation of the response over the air. By using this technique,

hackers have the capability to decode small packets like ARP frames in a timeframe that is as

low as 15 minutes. In case Quality of Service (QoS) is enabled in the network, hackers can be
 WIRELESS NETWORK SECURITY 9

able to further inject up to 15 random frames for each decrypted packet. Potential attacks include

DNS manipulation, ARP poisoning, and denial of services. This is still a serious attack that poses

potential risks to all TKIP implementations on both WPA and WPA2 network despite the fact that

it is neither regarded as a major recovery attack nor does it result to compromise of TKIP keys or

decryption of all subsequent frames (Irving et al. 2016).

The vulnerability of wired equivalent privacy protocol

Data transmitted within a wireless LAN with WEP disabled (which is the default setting

for most products) becomes susceptible to eavesdropping and data alteration attacks. However,

even when WEP is turned on, the confidentiality and integrity of the wireless traffic remain at

risk because several flaws in WEP have been exposed, which seriously threaten its claims to

security. In particular, these types of attacks on WEP are possible;

Passive attacks to decrypt traffic based on known plaintext and chosen ciphertext attacks;
Passive attacks to decrypt traffic based on statistical analysis on ciphertexts;
Active attacks to embed new traffic from unauthorized mobile stations;
Active attacks to alter data; or
Active attacks to try and decrypt traffic, based on duping the access point into redirecting

wireless traffic to an attackers machine.

Other forms of attack to wireless networks

DoS: The DOS (denial of service) attack floods the network host with the stream of sham data

which makes it process the designed data. The DoS attacks can be launched against the network

computers and the other network devices as well. The DoS attack is a security threat which

means that the larger attacks are taking place. Then the DoS attack constitutes the network attack

where the hijacker's gain access to system login credentials via communication from the user
WIRELESS NETWORK SECURITY 10

who is already authenticated to the resource. When the users' computers are cut out by a DoS

attack, then the attacker has access to the resource before the user gains access. The attackers can

stop the user from gaining access or, make changes to the data then send it to the unsuspecting

user.

DDoS: The distributed denial of service is that type that occurs when multiple systems are used

to flood the bandwidth of the system servers or just one server. The principal goal of this type of

attack is to saturate a system resource to the extent that it is not available a longer time for its

rightful use. It is used as a disguise to hide several malicious attacks which attempt to hijack

sensitive or private information or other types of data. A specialized software known as DDS can

be used in an attempt to block the traffic that contains a genuine content besides the bad intention

(Pierson & DeHaan, 2015).

Man in the middle: The man in the middle attack takes place when the attacker keeps a logical

connection or equipment between two communicating network parties. These two

communicating parties are always not aware that they are not communicating directly. Instead,

they always think they are directly communicating with one another. However, the information is

intercepted by a man in the middle who then forwards it to the intended recipient. This attack is

known to be very harmful to organizations. Most of the organizations tend to adopt measures

such as strong authentication policies as well as strong password standard as well as the current

protocols, including IPSec or L2TP that have the tunnel authentications endpoints.

Social engineering: This form of attack does not rely on the technology or protocols to succeed.

Instead, it relies on the human behavior. Users always trust each other. Therefore, this is where

this type of an attack starts. It may include false website domains that request the login
WIRELESS NETWORK SECURITY 11

information from the unsuspecting web users. This type of an attack can also be called phishing

attacks especially when it occurs via the emails. A social engineering attack can be prevented by

just advising the network users not to give out their login credentials in the prompt that they do

not trust or rather which they have no idea of the source (Pierson & DeHaan, 2015).

Virus: The computer virus is a program which is coded primarily with the purpose of infecting

the computers within the networks. Once injected in the computer, it can copy itself to the files

without user knowledge. These viruses were first experienced in the 1980s. Mostly they are

aimed at specific files, however, due to the growing technology people have managed to develop

viruses that can change after they infect the computers in an attempt to hide from the antivirus

program software. There are over 76,000 known computer viruses, and the computer users can

eradicate them by updating their antivirus software to match the type of virus within their servers

and the computers. Viruses if left within the systems, can slow don operation of the entire

network as well as corrupt all the files it comes across within the system.

Worms: The worms are somehow similar to the viruses only that they do not affect the system

files. They are more advanced in that, once they affect one computer within the network, they

can spread to other computers by auto-replicating and sending itself to other computers They are

said to cause network problems such as network resource usage and bandwidth issues. The most

common worms such as Sobig and Mydoom worms are said to have affected thousands of

servers and computers in the past. The system administrators can stop the spread of the worms by

ensuring that the security patches within the servers and clients are kept up to date.

Buffer overflow: The buffer overflow is a type of attack that is created anomaly by a rogue

programmer when writing codes to the buffer file intentionally to overwrite the buffer memory
WIRELESS NETWORK SECURITY 12

files and the nearby memories. A buffer overflow may cause memory errors and erratic system

behavior and finally, a crash or breach of the entire system security. The system administrators

are advised to use products such as ProPolice and Stackguard to help prevent buffer overflow

assault from succeeding (Chuang et al. 2016).

Packet sniffing: When an attacker wants to pull off a packet sniffing attack, they can employ the

use of a protocol analyzer to instigate their attack on the system. Packet sniffing is the process in

which a hacker collects the data sample using a software or hardware device that allows for data

analysis at a packet level. The hacker may be able to see the IP addresses, any unencrypted

passwords, the system sensitive data and MAC addresses. After attackers discover vulnerability,

the attacker will initiate an active attack. The best way of preventing this attack is to block

anything except the system administrator from installing a system analyzer within the network.

Most of these packet analyzers can help in identifying the presence of any other packet analyzer

present within the system unless a hacker uses computer software to make the assault hidden.

FTP bounce: An FTP bounce attack is a legacy attack that can never work properly on FTP

software. It always uses the system port command to request access to a victim machine

indirectly. Once in port, an attacker can obtain the information they needed or else interrupt

network communication.

Smurf: The smurf attack is the type of attack that exploits the common network tool such as

ping. To prevent this kind of assault, the administrators just have to install the most current

security patches. These patches are always up to date, and they tend to avoid any network host to

ping the own broadcast addresses. It will stop the smurf attack (Han et al. 2014).

Best Practice Recommendation

WIRELESS NETWORK SECURITY 13

The system managers must ensure that they adopt all the necessary policies that will help

with the user account control. The user accounts must be monitored to ensure they are used to in

the way that will not affect the system. The best use control policies must be clearly stated to

avoid any unauthorized use of the system resources. Thirdly, the system administrators must

ensure that not all users have elevated privileges that will allow them access to sensitive data in

the system. Limiting privileges to system administrators will help in controlling the download

contents which is always a source of problems in the system. Finally, a periodic security audit

and security assessment should be conducted (Ramachandran & Chang, 2014).

Conclusion

It is quite good to ensure that the network security is always reviewed for any threat.

Having the knowledge of the types of threats and the ways to go about solving them is the start

of establishing a secure organization system. The types of threats are however getting

sophisticated each day due to the dynamic nature of technology. However, countermeasures have

also not lagged behind, and that is why there is way to prevent system attacks. It is up to the

network managers within the organization to ensure that they have the latest defense software to

keep their system safe.

REFERENCES

Bulbul, H. I., Batmaz, I., & Ozel, M. (2014, January). Wireless network security: Comparison of

WEP (wired equivalent privacy) mechanism, WPA (wi-fi protected access) and RSN
WIRELESS NETWORK SECURITY 14

(robust security network) security protocols. In Proceedings of the 1st international

conference on Forensic applications and techniques in telecommunications, information,

and multimedia and workshop (p. 9). ICST (Institute for Computer Sciences, Social-

Informatics and Telecommunications Engineering).

Chuang, C. M., Tung, C., Lee, H. L., & Huang, K. S. (2016). U.S. Patent No. 9,363,675.

Washington, DC: U.S. Patent and Trademark Office.

Han, G., Jiang, J., Shu, L., Niu, J., & Chao, H. C. (2014). Management and applications of trust

in Wireless Sensor Networks: A survey. Journal of Computer and System Sciences,

80(3), 602-617.

Irving, P. A., Oscar, P. J., & Ofem, P. O. (2016). Research on Wireless Network Security

Awareness of Average Users.

Karygiannis, T., & Owens, L. (2012). Wireless network security. NIST special publication, 800,

48.

Ochang, P. A., Irving, P. J., & Ofem, P. O. (2016). Research on Wireless Network Security

Awareness of Average Users.

Pierson, G., & DeHaan, J. (2015). U.S. Patent No. 9,203,837. Washington, DC: U.S. Patent and

Trademark Office.

Ramachandran, M., & Chang, V. (2014, December). Recommendations and best practices for

cloud enterprise security. In Cloud Computing Technology and Science (CloudCom),

2014 IEEE 6th International Conference on (pp. 983-988). IEEE.

WIRELESS NETWORK SECURITY 15

Shin, M., Ma, J., Mishra, A., & Arbaugh, W. A. (2016). Wireless network security and

interworking. Proceedings of the IEEE, 94(2), 455-466.

Xiao, Y., Chen, H., Yang, S., Lin, Y. B., & Du, D. Z. (2013). Wireless network security.