Wireless security

Wireless security is the prevention of unauthorized access or damage to computers

using wireless networks. The most common types of wireless security are Wired Equivalent
Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is a notoriously weak security
standard. The password it uses can often be cracked in a few minutes with a basic laptop
computer and widely available software tools

Need for Wireless security

1.Because wireless signals often propagate beyond physical barriers, the risk of someone
attempting to break in using the wireless infrastructure is higher compared to someone gaining
physical access to a wired port.
2.Wireless traffic is easily recorded. Passive eavesdroppers can gather proprietary information,
logins, passwords, intranet server addresses, and valid network and station addresses.
3.Intruders can steal Internet bandwidth, transmit spam, or use your network as a springboard
to attack others.

Wireless attacks and its types

Wireless attacks have become a very common security issue when it comes to
networks. This is because such attacks can really get a lot of information that is being sent
across a network and use it to commit some crimes in other networks. Every wireless network is
very vulnerable to such kinds of attacks and it is therefore very important that all the necessary
security measures are taken so as to prevent the mess that can be caused by such attacks.
These attacks are normally carried out to target information that is being shared through the
networks. It is therefore very important to know of such attacks so that one is in a position to
identify it in case it happens. Some of the common network attacks have been outlined below.

1.Rogue access points

A Rogue Access Point is an Access Point that has either been installed on a secure
company network without explicit planning, permission or authorization from network
administrator or has been installed by a hacker to conduct a man-in-the-middle attack.
If the hacker is able to find the SSID (Service Set Identifier) in use by the network and
the rogue AP has enough strength, it is easy for them to perform a man-in-the-middle
attack and the wireless users will have no way of knowing that they are connecting to a
Rogue Access Point.

The rogue access points are normally installed by employees who need additional
freedom to move about at work. These types of rogue access points can be very
dangerous since most users are not aware of all the security issues associated with
wireless devices.

1
This can be combated by having some network access controls in place or occasionally have
some walks around one's building and see if one can come across access points that one have
no idea of. One can use some special tools that one can obtain from the internet that will enable
one to see all that is happening in one's wireless network.

2.Jamming/Interference
Blocking of wireless channel due to interference ,noise or collision at the receiver side. Wireless
interference basically means disruption of one's network. Jamming is a type of Denial of
Service (DoS) attack targeted to wireless networks. Jamming happens when RF
frequencies interfere with the operation of the wireless network. Normally jamming is
not malicious and is caused by the presence of other wireless devices that operate in
the same frequency as the wireless network. Hackers can perform Denial of Service
(DoS) jamming attacks by analyzing the spectrum used by wireless networks and then
transmitting a powerful signal to interfere with communication on the discovered

frequencies.

One can also consider boosting the power of existing access points so that if a different device
is causing the interference, then it will be overpowered. One can also try using different
frequencies. If the bad guys are creating interference by selecting a narrow band of frequencies
to take one's signals down, one can channel one's signals to operate at different frequencies.
One can also decide to hunt down where the offending signal is coming from so as to get it out
of the network and allow one's network traffic to communicate normally.

3.Evil twin
An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate, set up to
eavesdrop onwireless communications. The evil twin is the wireless LAN equivalent of the
phishing scam. This type of attack may be used to steal the passwords of unsuspecting users,
either by monitoring their connections or by phishing.
A wireless evil twin mainly comes into play when criminals are trying to create rogue access
points so as to gain access to the network or access to information that is being put through a
network. Coming up with an evil twin is very simple since all one need to do is purchase a
wireless access point, plug it into the network and configure it as exactly as the existing
network. This is possible in open access points that do not have any passwords associated with
them.

2
One way through which one can protect one's self from an evil twin is through encryption of
one's data. Through this, people who have set up the evil twin cannot read one's information
even if they capture it.

4.War driving
War Driving is defined as the act of searching for Wi-Fi wireless networks by a person in
a moving vehicle, using a portable computer or PDA. The term War Driving is derived
from the 1980s phone hacking method known as war dialing. War dialing involves
dialing all the phone numbers in a given sequence to search for modems. The War
Driving gained popularity in 2001, because that time wireless network scanning tools
became widely available.
5.Bluejacking

Blue jacking is a kind of illegal activity that is similar to hacking where one can be able to send
unsolicited messages to another device via Bluetooth. This is considered spam for Bluetooth
and one might end up seeing some pop-up messages on one's screen. Bluejacking is possible
where a Bluetooth network is present and it is limited to a distance of ten metres which is the
distance a Bluetooth device can send a file to another device. It rarely depends on antennae.
Bluejacking works on the basis that it takes advantage of what is convenient for us on our
mobile devices and the convenience is being able to communicate and send things back and
forth between devices. With this, one can easily send messages to other bluetooth devices
since no authentication is required. Some third party software can also be used to carry out
Bluejacking.

6.Bluesnarfing
Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection.
Bluetooth is a high-speed but very short-range wireless technology for exchanging data
between desktop and mobile computers, personal digital assistants (PDAs), and other devices.
7.War chalking
War chalking is another method that was used so as to determine where one could get a
wireless access signal. In this case, if an individual detected a wireless access point, he or she
would make a drawing on the wall indicating that a wireless access point has been found.
However, this is not currently used.

8.IV attack
An IV attack is also known as an Initialization Vector attack. This is a kind of wireless network
attack that can be quite a threat to one's network. This is because it causes some modification
on the Initialization Vector of a wireless packet that is encrypted during transmission. After such
an attack, the attacker can obtain much information about the plaintext of a single packet and
generate another encryption key which he or she can use to decrypt other packets using the
same Initialization Vector. With that kind of decryption key, attackers can use it to come up with
a decryption table which they and use to decrypt every packet being sent across the network.

9.Packet sniffing
3
Packet capturing and sniffing is a very big challenge when it comes to wireless networks. In this
case, an individual is in a position of capturing a packet that one are sending across a network
and see the kind of information that one are sending to a particular individual. Packet sniffing is
possible due to the fact that most of the information that we send is clear and does not have any
encryptions in it. This makes it very easy for an individual to read its contents. With capturing of
information being sent across a network very easy, it becomes incredibly easy to hear or see
everything that is going through the network.

To be successful in packet sniffing, one has to ensure that one's network card is silent. This
means that one need to make sure that one's card is not sending information to the network if
the network is busy.

In this case, it therefore becomes very important that one take all the necessary measures to
ensure that data that one is sending across a network is encrypted. One can decide to use
WPA2 or WPA to encrypt one's data. With such encryption types, it becomes very difficult for
packet sniffers to obtain the decryption keys and read the information in the packets.

10.Near field communication

Near field communication is a kind of wireless communication between devices like smart
phones where people are able to send information to near filed communication compatible
devices without the need to bring the devices in contact. This allows one device to collect
information from another device that is in close range.

11.Replay attacks

Replay attacks are some form of network attacks where an individual spies on information being
sent between a sender and a receiver. The individual can also spy on conversations between
the two people. Once the individual has spied on the information, he or she can intercept it and
retransmit it again thus leading to some delay in the data transmission. In such kind of an
attack, a network attacker can use this kind of information to fool around with the computer so
as to gain access to it without detection. In addition, an attacker is in a position to get
information such as an encryption key which he or she can later use in the replay attack to
prove his identity and authentication.
12.WEP/WPA attacks
WEP attacks are very common wireless network security problems that normally result due to
the general weakness of the WEP encryption methods and systems. This is considered a very
poor way to encrypt one's data and in some other cases, one's access point may not allow for
the use of WEP as a method of encryption. If one see a legacy wireless access point that is
encrypted with WEP, one should try as much as possible not to trust it owing to the fact that it is
a very weak way of encryption. Access points encrypted with such methods become very
vulnerable to WEP attacks from the bad guys who want to acquire access to a particular access
point.

4
13.WPS attacks
WPS attacks are some other wireless network attacks that can be very dangerous. With the
major flaws present in the protection of wireless networks an individual with a WPS password
guessing tool is in a position to launch such an attack on a particular network. With the
password guessing tool, an attacker is in a position to retrieve the wireless network passwords
and use the password to gain access to data and information that is on one's network. To avoid
being a victim of such an attack, it is very important to make sure that one's WPS protocols are
strong so as to prevent an individual from retrieving one's password information.

Wireless security challenges:

 Transmit data over Open airways

 Easily stolen
 Shared public infrastructure very difficult to control

Security services:

These are the services that enhance security in wireless networks.

1.Authentication

2.Access control

3.Data Confidentiality

4.Data Integrity

5.Non repudiation
5
CIA Triad:

Confidentiality, Integrity, Availability: The three components of the CIA Triad

CIA refers to Confidentiality, Integrity and Availability. Confidentiality of information, integrity of

information and availability of information. Many security measures are designed to protect one or
more facets of the CIA triad. I shall be exploring some of them in this post.

Confidentiality

When we talk about confidentiality of information, we are talking about protecting the information
from disclosure to unauthorized parties.

Information has value, especially in today’s world. Bank account statements, personal information,
credit card numbers, trade secrets, government documents. Everyone has information they wish to
keep a secret. Protecting such information is a very major part of information security.

A very key component of protecting information confidentiality would be encryption. Encryption

ensures that only the right people (people who knows the key) can read the information. Encryption
is VERY widespread in today’s environment and can be found in almost every major protocol in use.
A very prominent example will be SSL/TLS, a security protocol for communications over the internet
that has been used in conjunction with a large number of internet protocols to ensure security.

Other ways to ensure information confidentiality include enforcing file permissions and access
control list to restrict access to sensitive information.

This is an excellent question on that covers how to keep important information confidential. Similar
questions can be found .
Integrity

Integrity of information refers to protecting information from being modified by unauthorized parties.

Information only has value if it is correct. Information that has been tampered with could prove costly.
For example, if you were sending an online money transfer for $100, but the information was
tampered in such a way that you actually sent $10,000, it could prove to be very costly for you.

As with data confidentiality, cryptography plays a very major role in ensuring data integrity.
Commonly used methods to protect data integrity includes hashing the data you receive and
comparing it with the hash of the original message. However, this means that the hash of the original
data must be provided to you in a secure fashion. More convenient methods would be to
use existing schemes such as GPG to digitally sign the data.

6
Availability

Availability of information refers to ensuring that authorized parties are able to access the information
when needed.

Information only has value if the right people can access it at the right times. Denying access to
information has become a very common attack nowadays. Almost every week you can find news
about high profile websites being taken down by DDoS attacks. The primary aim of DDoS attacks is
to deny users of the website access to the resources of the website. Such downtime can be very
costly. Other factors that could lead to lack of availability to important information may include
accidents such as power outages or natural disasters such as floods.

How does one ensure data availability? Backup is key. Regularly doing off-site backups can limit the
damage caused by damage to hard drives or natural disasters. For information services that is highly
critical, redundancy might be appropriate. Having a off-site location ready to restore services in case
anything happens to your primary data centers will heavily reduce the downtime in case of anything
happens.

Security measures
There are a range of wireless security measures, of varying effectiveness and practicality.
1.SSID hiding
A simple but ineffective method to attempt to secure a wireless network is to hide
the SSID (Service Set Identifier). This provides very little protection against anything but the
most casual intrusion efforts.
2.MAC ID filtering
One of the simplest techniques is to MAC ID Filtering from known, pre-approved MAC
addresses. Most wireless access points contain some type of MAC ID filtering. However, an
attacker can simply sniff the MAC address of an authorized client.
3.Static IP addressing
Typical wireless access points provide IP address to clients via DHCP. Requiring clients to set
their own addresses makes it more difficult for a casual or unsophisticated intruder to log onto
the network, but provides little protection against a sophisticated attacker.

7
Suggestions/Tips/Best practices for Wireless Security:
1. Implement a set of policies on wireless network security. Review those policies regularly
to ensure security control when new risks are identified.
2. The placing of access point locations is important. Make sure when installing the access
points, try to avoid outward facing walls or windows and install the access points closer
to the buildings’ centre.
3. Scanning and detecting for rogue access points on the corporate network regularly is a
must. Tools like NetStumbler can be used to scan and search for any unauthorized
access points.
4. Strong passwords should be used.
5. Educate users to be aware of the security risks when using their laptops to connect via
ad-hoc mode especially in public places.
6. Securing Wireless LAN with VPN Solution
7. Authentication and Authorization via RADIUS server.
8. Disabling SSID broadcast.
9. WEP encryption should always be enabled with at least 128-bit or higher.
10. Access Control via MAC Addresses and IP Addresses
11. Securing wireless clients with personal firewalls such as BlackIce or ZoneAlarm
12. It is always a good practice to audit, test, and measures security policies you have
established to check for any vulnerability or any improvements required.
13. Run vulnerability scans on your corporate wireless network regularly for any
vulnerability.
14. Account Auditing and Logging - it is good practice to audit user accounts against the
current list of employees within the organization to ensure that accounts of terminated
employee are revoked.