WIRELESS SECURITY

&
FUTURE OF WIRELESS

By
ASHWINI AVABHRAT
(01)
SHWETA DESHPANDE
(10)
WIRELESS SECURITY
 INTRODUCTION

Wireless communications offer organizations and users

many benefits such as portability and flexibility, increased
productivity, and lower installation costs.

Perhaps the most significant source of risks in wireless

networks is that the technology’s underlying
communications medium, the airwave, is open to
intruders, making it the logical equivalent of an Ethernet
port in the parking lot.

The loss of confidentiality and integrity and the threat of

denial of service (DoS) attacks are risks typically
associated with wireless communications.

Many organizations poorly administer their wireless

technologies.
Eg :- deploying equipment with “factory default” settings,
failing to control or inventory access points, not
implementing the security capabilities provided, and not
developing or employing a security architecture suitable to
the wireless environment (e.g., one with firewalls between
wired and systems, blocking of unneeded services/ports,
use of strong cryptography).

Most of the risks can be mitigated. However, mitigating

these risks requires considerable tradeoffs between
technical solutions and costs.

The more immediate concerns for wireless communications

are device theft, denial of service, malicious hackers,
malicious code, theft of service, and industrial and foreign
espionage.

Theft is likely to occur with wireless devices because of

Authorized and unauthorized users of the system may
commit fraud and theft. Authorized users are more
likely to carry out such acts since they know what
resources a system has andas well as the system’s
security flaws.

Malicious hackers (crackers) are individuals who break

into a system without authorization, usually for
personal gain or to do harm. Malicious hackers are
generally individuals from outside of an agency or
organization (although users within an agency or
organization can be a threat as well). Such hackers may
gain access to the wireless network access point by
eavesdropping on wireless device communications.

Theft of service occurs when an unauthorized user gains

access to the network and consumes network resources

Industrial and foreign espionage involves gathering

proprietary data from corporations or intelligence
information from governments through eavesdropping.
 Security requirements include the following:

Authenticity : A third party must be able to verify that

the content of a message has not been changed in
transit.

Nonrepudiation : The origin or the receipt of a specific

message must be verifiable by a third party.

Accountability : The actions of an entity must be

traceable uniquely to that entity.
Types of unauthorized access to
company networks :-
Accidental Association

Malicious Association

Ad-Hoc Networks

Non-Traditional Networks

Identity Theft (MAC Spoofing)

Man-In-The-Middle Attacks

Denial of Service

Network Injection
Threats in WLAN
Maintaining a secure wireless network and
associated devices requires significant effort,
resources, and vigilance and involves the following
steps:
Maintaining a full understanding of the topology of the
wireless network.

Labeling and keeping inventories of the fielded wireless

and handheld devices.

Creating backups of data frequently.

Performing periodic security testing and assessment of the

wireless network and applying patches and security
enhancements.

Performing ongoing, randomly timed security audits to

monitor and track wireless and handheld devices.

Monitoring the wireless industry for changes to standards

Specific threats and vulnerabilities to wireless
networks and handheld devices include the
following:
All the vulnerabilities that exist in a conventional wired
network apply to wireless technologies.

Malicious entities may gain unauthorized access to an

agency’s computer network through wireless connections,
bypassing any firewall protections.

Sensitive information that is not encrypted or that is poorly

encrypted and that is transmitted between two wireless
devices may be intercepted and disclosed.

DoS attacks may be directed at wireless connections or

devices.

Malicious entities may steal the identity of legitimate users

and masquerade as them on internal or external corporate
networks.
Sensitive data may be corrupted during improper
synchronization.

Malicious entities may be able to violate the privacy of

legitimate users and be able to track their movements.

Viruses or other malicious code may corrupt data on a

wireless device and subsequently be introduced to a wired
network connection.

Malicious entities through wireless connections, connect to

organizations for the purposes of launching attacks and
concealing their activities.

Interlopers, from inside or out, may be able to gain

connectivity to network management controls and thereby
disable or disrupt operations.
Malicious entities may use third-party, untrusted wireless
network services to gain access to an agency’s or other
organization’s network resources.

Internal attacks may be possible via ad hoc transmissions.

Malicious entities may deploy unauthorized equipment

(e.g., client devices and access points) to surreptitiously
gain access to sensitive information.

Handheld devices are easily stolen and can reveal sensitive

information.

Data may be extracted without detection from improperly

configured devices.

Viruses or other malicious code may corrupt data on a

wireless device and be subsequently introduced to a wired
set up that many users simply plug it in and start
using the network without giving much thought to
security.

These are some tips for securing the wireless

network.
Change the default administrative password

Don't broadcast your SSID and Change the default SSID

Enable WPA encryption instead of WEP

Remember that WEP is better than nothing 

Use MAC filtering for access control

Reduce your WLAN transmitter power

• Disable remote administration

• Use strong encryption

• Secure your wireless router or access point

administration interface 

• Turn off the WAP when not in use

• Isolate the wireless network from the rest of the

LAN

• Control the wireless signal

• Transmit on a different frequency

FUTURE OF WIRELESS
 INTRODUCTION
Until recently wireless local loops have been used only
where the cost or difficulty of installing wire is
prohibitive.

Modern CDMA equipment makes wireless local loops

practical in developing countries, in rural areas, and
sometimes even for extra lines where wired service is
already provided.

The third generation of personal wireless systems will

feature higher maximum data rates , greater capacity
for voice calls, and the ability to work with a wide range
of cell sizes and types. It may also be somewhat more
standardized than the second generation.

Both CDMA and TDMA systems appear likely to be part

Terrestrial microwave systems at 28GHz are beginning to
be used to deliver television, internet and telephone
services to individual residences. They will probably
supplant an older one-way microwave system.

Many people are expecting that the digitization of

practically all communication systems will lead to a
gradual convergence of systems, but it is doubtful
whether this will actually happen in the near future.

Safety and esthetic concerns could slow the development

of wireless technology.

The future of wireless seems assured, particularly in the

areas of voice and low-speed data. Truly high-speed data
may have to wait for some time for the fourth generation
of wireless.
Many of us firmly believe that wireless technology is to
computing what the PC was to computing back in the
80’s, nothing short of a revolution. On the other hand,
just like many other emerging technologies before it, this
one is not without its share of challenges.

On one side, we have the visionaries, the evangelizers,

preaching the benefits of mobile data access and,
specifically, wireless connectivity. There are more than a
few early adopters, who have successfully mobilized
business applications and are reaping the benefits.

On the other hand there are a few who are not so sure the
promised return on investment is really there, or remain
yet to be convinced that the technology is ready for their
specific enterprise requirements.

One of the problems with the whole wireless and mobility

story is that in many cases technology objectives have
overtaken business objectives.
As a result, wireless and mobility projects have been
implemented without solid planning, business cases,
proper cost/benefit analysis and obviously without
executive management buying into or fully supporting
the project.

Many still think wireless and mobility is about devices

and networks rather than systems integration.

Without executive management support, projects are

soon abandoned or, worse yet, crash and burn, with the
associated casualties and personal embarrassment
making big news.

This situation has hampered the implementation of

wireless and mobility solutions in areas that could have
substantial benefits for corporations, institutions or the
public at large.