The Weakness of Wireless Networks

Andysah Putra Utama Siahaan

Faculty of Computer, University of North Sumatra, Medan

e-mail : andysahputrautamasiahaan@yahoo.com

ABSTRACT

Security issues are very important in computer networks, especially in wireless networks. The presence of
many vendors of wireless products serving a variety of products at affordable prices contributes to drive
widespread the use of wireless technology. Wireless technology is not only suitable for use in office or
business users but home users can also use this technology to make the connectivity easier. This paper is
intended to provide information on threats and the easy way to secure wireless network. As we know, the
wireless technology is relatively more vulnerable to security problems.

Keywords

Wireless, Network, Threat, Computer, Security

1. INTRODUCTION

As the name implies, wireless technology uses radio waves as a means of data transmission. Security
process will become more difficult because we cannot see which radio waves are used for data
transmission. The weakness of wireless networks can generally be divided into two types, such as the
weakness on the configuration and the weakness on the type of encryption used. One of the examples of the
causes of weakness in the configuration is because at this time to build a wireless network quite easy [1]. It
means when people do the defence easily, it can be attacked easily too. Many vendors provide features that
allow users or admins to maintain the configuration easily. So we often found in wireless networks that
they are still using the default built-vendor wireless configuration. The admin who configurates the wireless
network is still using the default settings from the vendors such as SSID, IP address, remote management,
DHCP, and the frequency without any encryption and even the password for the wireless administration is
still the standard factory default [2].

2. SECURITY HOLE

Many the users of wireless connections don’t realize the danger which is available when they are connected
to wireless access point (WAP) such as WLAN signals can be infiltrated by hackers. Some of these threats
can be a threat in wireless networks, such as:

2.1 Sniffing To Eavesdrop

To eavesdrop is to secretly listen to private communications. Eavesdropping is a passive attack which

affects confidentiality of information. Network eavesdropping involves reading packets which are not
addressed to us. Eavesdropping is usually used with other, active, attacks. Regular insecure internet
protocols are usually not protected against eavesdropping attacks because they transmit information
unencrypted. Sensitive information transmitted in clear text, such as usernames and passwords, is
especially vulnerable to eavesdropping attacks. The best defence against eavesdropping/sniffing is the use
of secure network protocols which use encryption to protect confidentiality. Examples of such protocols
include Secure Shell (SSH), Secure Sockets Layer/Transport Layer Security, and Encapsulating Security
Payload (ESP, part of the IP Security Architecture - IPSEC).
2.2 Distributed Denial of Service Attack

A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a
single target, thereby causing denial of service for users of the targeted system. The flood of incoming
messages to the target system essentially forces it to shut down, thereby denying service to the system to
legitimate users [3]. In a typical DDoS attack, a hacker (or, if we prefer, cracker) begins by exploiting a
vulnerability in one computer system and making it the DDoS master. It is from the master system that the
intruder identifies and communicates with other systems that can be compromised. The intruder loads
cracking tools available on the Internet on multiple -- sometimes thousands of -- compromised systems.
With a single command, the intruder instructs the controlled machines to launch one of many flood attacks
against a specified target. The inundation of packets to the target causes a denial of service.

While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims
in a DDoS attack -- the final target and as well the systems controlled by the intruder. Although the owners
of co-opted computers are typically unaware that their computers have been compromised, they are
nevertheless likely to suffer degradation of service and malfunction. Both owners and users of targeted sites
are affected by a denial of service. A computer under the control of an intruder is known as a zombie or
bot. A group of co-opted computers is known as a botnet or a zombie army. Both Kaspersky Labs and
Symantec have identified botnets -- not spam, viruses, or worms -- as the biggest threat to Internet security.

2.3 Man-in-the-middle Attack

Internet connections can be attacked in various ways. A general type of attack is called ―Man-in–the-
middle‖. The idea behind this attack is to get in between the sender and the recipient, access the traffic,
modify it and forward it to the recipient. The term ―Man-in-the-middle‖ have been used in the context of
computer security since at least 1994, Some different variants of this kind of attack exist, but a general
definition of a man-in-the-middle attack may be described as a ― Computer security breach in which a
malicious user intercepts — and possibly alters — data traveling along a network".

Figure 1: Intercepted communication

Figure 2: Man-in-the-middle attack

2.4 Hidden SSID

Many administrators conceal the wireless network SSID with the intention that only those who know the
SSID can connect to their networks This is not true, because the hidden SSID is not perfectly unseen. At
certain times or in particular when the client connects to or disconnects from a wireless network, the client
itself keeps sending the SSID in encrypted plain text. If we want to eavesdrop, we can easily discover the
information we want. Some tools that can be used to get the SSOD which is hidden are kismet (kisMAC),
ssid_jack (airjack), aircrack and much more.

Figure 3 - Kismet Testing

3. SECURING THE WIRELESS NETWORKS

An unsecured wireless network is an open invitation to hackers to walk right in to our computer and steal
personal information, upload malware onto our computer, and otherwise terrorize us [4].

3.1 Changing Administrator Password and Username

After we've taken the wifi router out of the box and started the setup process, we will be asked to sign on to
a specific Web page and are required to enter information such as our network address and account
information. In theory, this Wifi setup page is protected with a login screen (username and password).

Though the username and password are intended to allow only us to get access to the Wifi setup and the
personal information we have entered, the fact remains that the logins provided are usually given to
everyone with the same model router, and because most people never change them, they remain an easy
target for hackers and identity thieves. In fact, there are sites that list the default usernames and passwords
for wireless routers, making a hackers job even easier.

Change the username and password for the Wifi setup immediately after the first login. And if we are going
to spend the time changing our password, make sure it is difficult to guess. Name, birth date, anniversary
date, child's name, spouse's name, or pet's name are going to be among the hacker's first guesses. And
because many hackers use a technique called 'dictionary hacking,' (running a program that tries common
English words as passwords) we should make sure that our password isn't just a common English word, but
rather is a combination of letters and numbers.
3.2 Upgrading the Wifi Encryption

If the information sent back and forth over Wifi network isn't adequately encrypted, a hacker can easily tap
into the network and monitor the activity. When we type personal or financial information into a Web site,
that hacker can then steal that information and use it to steal our identity. The old encryption standard
Wired Equivalent Privacy (WEP) can be hacked within 30 seconds, no matter the complexity of the
passphrase we use to protect it. Unfortunately, millions of Wifi users are still using WEP encryption
technology to encrypt their information, despite the availability of the vastly superior WPA2 encryption
standard.

Despite the superior encryption protection that WPA2 provides, most Wifi home users have failed to
upgrade their protection because they were unaware of the problem, or simply felt overwhelmed by the
technical prospects of upgrading. As a result, many continue to use WEP encryption, which is now so
simple to hack that it is widely regarded as little better than no encryption at all.

The solution, of course, is to upgrade the Wifi encryption to WPA2. But before adding WPA2 protection,
we will have to complete a few steps in order to update the computer. The first step is to download and
install Microsoft's WPA2 hotfix for Windows XP. We will also likely need to update the wireless card
driver. These updates, if needed, will be listed in Microsoft's Windows Update page under the subheading
"Hardware Optional".

3.3 Changing the Default System ID

When we got our Linksys or D-Link router home from the store and set it up, it came with a default system
ID called the SSID (Service Set Identifier) or ESSID (Extended Service Set Identifier). This ID is also
commonly referred to as the name of our Wifi setup.

Usually, manufacturers assign identical SSID sets to their devices, and 80 percent of Wifi home users leave
their system on the default setting. So that means that 80 percent of homes have Wifi systems titled,
"Default" or "LinkSys" or whatever our provider sets as the default name.The problem with these default
settings is that they serve as strong signals to hackers who have been known to just cruise neighborhoods
looking for Wifi networks with default names to hack into. Though knowing the SSID does not allow
anyone to break into our network, it usually indicates that the person hasn't taken any steps to protect their
network, thus these networks are the most common targets.

Change the default SSID immediately when we configure our LAN. This may not completely offer any
protection as to who gains access to our network, but configuring our SSID to something personal, e.g.
"The Smith House Wifi Network", will differentiate us from other unprotected networks, and discourage
hackers from targeting us. As an added bonus, having a Wifi network with a unique name also means that
neither we or our family will make the mistake of connecting through a neighbor's Wifi network, and thus
exposing our computers through their unprotected setup.

3.4 MAC Address Filtering

If we've had an unsecured Wifi setup in our home in the past, we can be fairly certain that at least one of
our neighbors is mooching off our Wifi to connect to the Internet. While everyone loves a friendly
neighbor, providing an easy resource for others to steal Internet access is morally and legally questionable,
but even scarier is the harm those moochers can do to our computer. In order to check who has been using
our network, we'll need to check the MAC address. Every wifi gadget is assigned a unique code that
identifies it called the "physical address" or "MAC address." Our wifi system automatically records the
MAC addresses of all devices that connect to them. But busting our Internet-stealing neighbors isn't all that
MAC addresses are good for, they can actually be a great help in securing our WLAN.
We are not sure who or what is accessing and endangering our wifi network, and once we find out that
someone or something is mooching off our network, we want to stop them. But how?

Checking the MAC address long for our wifi network will give us a quick view of all the devices accessing
our network. Anything that isn't ours, we will want to keep out. To do this, we will need to manually key in
the MAC addresses of our home equipment. This way, the network will allow connections only from these
devices, so our mooching neighbors will be out of luck. Caution: This feature is not as powerful as it may
seem. While it will stop our average neighborhood moocher or amateur hacker, professional hackers use
advanced software programs to fake MAC addresses.

3.5 Stop Broadcasting the Network

By now we've renamed the wifi so that hackers won't see the default name as they sweep for unprotected
wifi setups. But wouldn't it be even better if hackers and curious neighbors didn't know we had a wifi setup
at all? Usually, the access point or router is programmed to broadcast the network name (SSID) over the air
at regular intervals. While broadcasting is essential for businesses and mobile hotspots to let people find the
network, it isn't needed at home, so eliminate it.

Why broadcast to the world that we have a wireless connection? We already know it; why do strangers
need to know? For most personal uses, we are better off without this feature, because it increases the
likelihood of an unwelcome neighbor or hacker trying to log in to our home network. The broadcast works
like an invitation to the hackers who're searching for just that opportunity.

Most wifi access points allow the SSID broadcast feature to be disabled by the network administrator. If we
are using a router, we have to set the SSID hidden or disable the SSID broadcasting. Otherwise, we will
need to check the mane352ual for our hardware for specific instructions on how to disable broadcasting for
our router.

3.6 Automatically Join to Open SSID

Most computers provide a wifi setting that will configure the computer to automatically connect to any
open wifi network without notifying us. While this setting isn't the default, many individuals select the
setting because it makes connecting faster when we are traveling, or connecting at a friend's house. Even
more common, is to have selected 'connect automatically' to networks that we regularly connect to. Again,
this makes sense, as most people do not want to have to manually type in the name of their wireless
network and the password each time they want to sign in at home. Unfortunately, both wifi setups can
cause major security problems.

If we connect to every available wifi network automatically, we will inevitably end up connecting to
dummy wifi networks designed specifically to catch unsuspecting users and hack their computers.
Similarly, if we automatically connect to the regular wifi networks (meaning we don't manually type in the
network name and password every time) then we may be setting theself up for a security breach. That is
because 80 percent of wifi users have not changed the name of their wireless connection. Therefore, it is
very easy for a hacker to create a dummy network entitled "Linksys" or "Default", then sit back and watch
80 percent of computers automatically connect to the network since it has a 'trusted' name.

Never select the 'connect to available wifi networks automatically' setup option under the Network
Connections window. If we don't want to have to manually type in the name and password to the wifi
connection each time we sign in (the safest option), at least make sure that we have named the wifi
connection something unique, and that we eliminate all generic titled networks from our 'preferred
networks' list. That way, we won't get automatically connected to dummy wifi networks setup by hackers
and given the names, "Default" or "Linksys".
3.7 Using A Built-in Firewall

The IT security needs to use a layered approach. While no single layer of the security is enough to
withstand every attack, adding layers to the security will help ensure that spyware and malware are kept
out. Two important security layers are the router firewall and the individual PC's firewall.

Routers come with built-in firewall capability. However, since there is an option to disable them, they can
often be accidentally turned off by someone toggling options.

Ensure that the router's firewall is enabled, along with related built in security featured which block
anonymous internet requests or pings. This extra step will help hide the network's presence to the internet,
and thus help protect the network. After all, it's harder for hackers to infiltrate what they can't find.

3.8 Positioning of the Router or Access Point

Wifi signals don't know where the house ends and where the neighbor's begins. This wifi signal leakage
gives hackers and neighbors the opportunity to find the wireless network and attempt to access it.

While a small amount of overflow outdoors is not a problem, it is important to keep this leakage to a
minimum. This is important because the further the signal reaches into the neighborhood, the easier it is for
others to detect and exploit.

If we haven't yet installed the wireless home network, make sure to position the router or access point in the
center of the home rather than near windows or doors. If we live in an apartment, consider that a wifi
network is restricted in part based upon the materials that it must pass through, the more walls, doors, and
metal the signal passes through, the weaker it is. So if the goal is to reduce leakage, we might consider
mounting the wifi in a closet in order to reduce signal strength.

3.9 Turning Off the Network

Most of us know that it is impractical to constantly turn devices on and off. Having a wifi connection is in
large part a device of convenience, and having to turn it off every time we aren't using it, eliminates much
of that convenience. Unfortunately, a wifi connection is vulnerable when it is on; therefore shutting off the
wireless signal when not in use would be a huge boon to its security.

There is an inherent tension between convenience and security in deciding whether to turn off a wireless
access point between connections.

Just as we take extra home security measures when taking a vacation, like asking the neighbors to pick up
the mail and leaving a light on, so also should we take extra wifi security measures when the network will
not be in use for expended periods of time. Shutting down the network is a basic but effective security
measure that can protect the network when we are not around to protect it, and hackers may take the
opportunity to mount their attack.

3.10 Putting the Improvements to the Test

Now that we've made all these changes to the wifi setup, it would be nice to know that we are secure.
Unfortunately, the only surefire test for how secure we are is to wait to see if we get hacked. Trial by fire is
no way to test the security, however, so thankfully there is a program to help audit the wifi security.
There is no way for the average home wifi user to know if the changes they made to upgrade their wireless
security will really prove successful in keeping them safe.

The Netstumbler utility, by Marius Milner will both determine the network's vulnerabilities and
unauthorized access points. In addition to these security concerns, the downloadable program will also
reveal the sources of network interference and weak signal strength, so that we can improve the strength of
the wifi signal. Netstumbler is free for download, although the author asks that those who find the tool
helpful make a donation to support the creation of future utilities.

Part of the problem of unsecured wireless networks can be traced back to the manufacturers. Most retail
WiFi products are shipped with all security options turned off by default. Since they work fine out of the
box, many users may not feel a need to look more into the setup options. However, all such devices come
with pretty good instructions and there is no excuse for not reading the product manual. An unencrypted
wireless network is not just a security risk to the owner of the network, but potentially to everyone else on
the Internet. Once someone has anonymous access to a wireless network, they can do whatever they want
on the Web with total anonymity. Do ourself and our fellow Net citizens a favor and take the steps to
secure our network.

7. CONCLUSION

This article should serve as a basic primer on how to secure wireless networks from the wide array of
threats that face it, but it is important to keep in mind that no single article can cover completely every
security measure which can be used to strengthen wifi system.
Consequently, we have left off from this list a wide variety of other valid security measures such as;
limiting intra-network file sharing, changing the default IP address of our wireless router, assigning a static
IP address to each of our PC's, disabling the DMZ and Remote Management features, along with a host of
indirectly related but nonetheless necessary measures such as installing a PC firewall, anti-virus software,
anti-malware software, patch updates and so on.
Despite these intentional omissions, following the 10 steps outlined in this article will take the average
user a long way along the path of wireless security and ensure that we and our family are able to enjoy the
convenience of our wifi system without compromising our PC's security.

REFERENCES

[1] Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specification, IEEE Std. 802.11, 1997.
Charlie Russel and Craig Zacker, Lunderstanding Windows Server 2008 R2 , 2nd ed., Redmond, Washington
98052-6399, 2010.
[2] V. Paxson, S. Floyd, Why We Don’t Know How to Simulate The Internet, Proceedings of the 1997 Winter
Simulation Conference, Atlanta, GA (1997).
[3] C.P.S.T. Ltd., TCP SYN Flooding Attack and the Firewall-1 SYNDefender (October 1996).
[4] R. T. Morris, A Weakness in the 4.2BSD UNIX TCP/IP Software, Computing Science Technical Report 117,
AT&T Laboratories (1985).