WIRELESS

paper describes the

COMMUNICATION
V.MANIKANDAN1, R.RAVICHANDRAN2 fundamental problem of wireless
vetrimani57@yahoo.com1,maniravi.0
9@gmail.com2 network by giving its related research
DEPARTMENT OF INFORMATION TECHNOLOGY background including the concept and
SRI MANAKULA VINAYAGAR ENGINEERING
COLLEGE, features of
MADAGADIPET, PUDUCHERRY-605017.

network.Some of this network

ABSTRACT technical challenges poses are also
present based on which the paper
In the future the computing points out some of the key research
environment can be expected based issues for networking technology that
on the recent progress and are expected to promote the
advancement in computing and development and accelerate the
communication technologies.Next commercial application of wireless
generation of wireless network network.Special attention is paid on
security with include both prestigious network layer and advanced schemes.
infrastructure wireless network.“The
collection of wireless nodes that can
dynamically from a network to
exchange information without using
any pre-existing fixed network
infrastructure. The special features of
wireless network bring these
technologies great opportunites
together with severe challenges.This
INTRODUCTION:
 Wireless Wireless networks serve as the
technologies, in the simplest sense, transport mechanism between devices
enable one or more devices to and among devices and the traditional
communicate without physical wired networks (enterprise networks
connections—without requiring and the Internet).
network or peripheral cabling. WIRELESS LANS
Wireless technologies use radio WLANs allow greater
frequency transmissions as the means flexibility and portability than do
for transmitting data, whereas wired traditional wired local area networks
technologies use cables. Wireless (LAN). Unlike a traditional LAN,
technologies range from complex which requires a wire to connect a
systems, such as Wireless Local Area user’s computer to the network, a
Networks (WLAN) and cell phones to WLAN connects computers and other
simple devices such as wireless components to the network using an
headphones, microphones, and other access point device. An access point
devices that do not process or store communicates with devices equipped
information. They also include with wireless network adaptors; it
infrared (IR) devices such as remote connects to a wired Ethernet LAN via
controls, some cordless computer an RJ-45 port. Access point devices
keyboards and mice, and wireless hi- typically have coverage areas of up to
fi stereo headsets, all of which require 300 feet (approximately 100 meters).
a direct line of sight between the This coverage area is called a cell or
transmitter and the receiver to close range. Users move freely within the
the link. A brief overview of wireless cell with their laptop or other network
networks and security issues is device. Access point cells can be
presented in this section. linked together to allow users to even
WIRELESS NETWORKS:
“roam” within a building or between Nonrepudiation—The origin or the
buildings. receipt of a specific message must be
WIRELESS SECURITY verifiable by a third party.
THREATS AND RISK Accountability—The actions of an
MITIGATION: entity must be traceable uniquely to
An Introduction to Computer that entity.
Security generically classifies security
threats in nine categories ranging
WIELESS LANS:
from errors and omissions to threats
This section provides a detailed
to personal privacy. All of these
overview of 802.11 WLAN
represent potential threats in wireless
technology. The section includes
networks as well. However, the more
introductory material on the history of
immediate concerns for wireless
802.11 and provides other technical
communications are device theft,
information, including 802.11
denial of service, malicious hackers,
frequency ranges and data rates,
malicious code, theft of service, and
network topologies, transmission
industrial and foreign espionage.
Many Systems states that information
must be protected from unauthorized,
unanticipated, or unintentional
modification. Security requirements
include the following:
Authenticity—A third party must be
able to verify that the content of a
message has not been changed in
transit.
 ranges, and applications. for some of the recommendations for
enhanced security. The IEEE 802.11
specification identified several
services to provide a secure operating
environment. The security services
are provided largely by the Wired
Equivalent Privacy (WEP) protocol to
protect link-level data during wireless
transmission between clients and
access points. WEP does not provide
end-to-end security, but only for the
wireless portion of the connection as
shown in Figure 3-5.

It examines the security threats and

vulnerabilities associated with
WLANs and offers various means for
reducing risks and securing WLAN
environments.

SECURITY OF 802.11 SECURITY REQUIREMENTS

WIRELESS LANS: AND THREATS:
This section discusses the built- The 802.11 WLAN—or WiFi
in security features of 802.11. It —industries are burgeoning and
provides an overview of the inherent currently has significant momentum.
security features to better illustrate its All indications suggest that in the
limitations and provide a motivation coming years numerous organizations
will deploy 802.11 WLAN does not modify its
technology. Many organizations— content (i.e.,
including retail stores, hospitals, eavesdropping). Passive
airports, and business enterprises— attacks can be either
plan to capitalize on the benefits of eavesdropping or traffic
“going wireless.” However, although analysis (sometimes
there has been tremendous growth and called traffic flow
success, everything relative to 802.11 analysis). These two
WLANs has not been positive. There passive attacks are
have been numerous published reports described below.
and papers describing attacks on  Active Attack—An
802.11 wireless networks that expose attack whereby an
organizations to security risks. This unauthorized party
subsection will briefly cover the risks makes modifications to a
to security i.e., attacks on message, data stream, or
confidentiality, integrity, and network file. It is possible to
availability. detect this type of attack
Network security attacks are but it may not be
typically divided into passive and preventable. Active
active attacks. These two broad attacks may take the
classes are then subdivided into other form of one of four
types of attacks. All are defined types (or combination
below. thereof): masquerading,
 Passive Attack—An replay, message
attack in which an modification, and
unauthorized party gains denial-of-service (DoS).
access to an asset and
 These attacks are networks. Because organizations
defined below. frequently implement wireless and
LOSS OF CONFIDENTIALITY: wired communications without
Confidentiality is the property adequate cryptographic protection of
with which information is not made data, integrity can be difficult to
available or disclosed to unauthorized achieve. A hacker, for example, can
individuals, entities, or processes. A compromise data integrity by deleting
wireless network analyzer tool or or modifying the data in an e-mail
sniffer, is particularly easy for two from an account on the wireless
reasons: system.
1) frequently confidentiality LOSS OF NETWORK
features of WLAN AVAILABILITY:
technology are not even A denial of network availability
enabled, involves some form of DoS attack,
2) Because of the numerous such as jamming. Jamming occurs
vulnerabilities in the 802.11 when a malicious user deliberately
technology security, as emanates a signal from a wireless
discussed above, determined device in order to overwhelm
adversaries can compromise legitimate wireless signals. Jamming
the system. may also be inadvertently caused by
Wireless packet analyzers, such cordless phone or microwave oven
as AirSnort and WEPcrack, are tools emissions. Jamming results in a
that are readily available on the breakdown in communications
Internet today. because legitimate wireless signals
LOSS OF INTEGRITY: are unable to communicate on the
Data integrity issues in wireless network.
networks are similar to those in wired RISK MITIGATION:
 Government agencies can personnel identification, and external
mitigate risks to their WLANs by boundary protection. As with facilities
applying countermeasures to address housing wired networks, facilities
specific threats and vulnerabilities. supporting wireless networks need
Management countermeasures physical access controls.
combined with operational and TECHNICAL
technical countermeasures can be COUNTERMEASURES:
effective in reducing the risks Technical countermeasures
associated with WLANs. involve the use of hardware and
MANAGEMENT software solutions to help secure the
COUNTERMEASURES: wireless environment.20 Software
Management countermeasures countermeasures include proper AP
for securing wireless networks begin configurations (i.e., the operational
with a comprehensive security policy. and security settings on an AP),
A security policy, and compliance software patches and upgrades,
therewith, is the foundation on which authentication, intrusion detection
other countermeasures— the systems (IDS), and encryption.
operational and technical—are Hardware solutions include smart
rationalized and implemented. cards, VPNs, public key infrastructure
OPERATIONAL (PKI), and biometrics. It should be
COUNTERMEASURES: noted that hardware solutions, which
Physical security is the most generally have software components,
fundamental step for ensuring that are listed simply as hardware
only authorized users have access to solutions.
wireless computer equipment.
Physical security combines such SOFTWARE SOLUTIONS:
measures as access controls,
 Technical countermeasures which inherently contain security
involving software include properly vulnerabilities. The administrator
configuring access points, regularly password is a prime example. On
updating software, implementing some APs, the factory default
authentication and IDS solutions, configuration does not require a
performing security audits, and password (i.e., the password field is
adopting effective encryption. These blank). Unauthorized users can easily
are described in the paragraphs below. gain access to the device if there is no
ACCESS POINT password protection. Administrators
CONFIGURATION: should change default settings to
Network administrators need to reflect the agency’s security policy,
configure APs in accordance with which should include the requirement
established security policies and for strong (i.e., an alphanumeric and
requirements. Properly configuring special character string at least eight
administrative passwords, encryption characters in length) administrative
settings, reset function, automatic passwords. If the security requirement
network connection function, Ethernet is sufficiently high, an agency should
MAC Access Control Lists (ACL), consider using an automated
shared keys, and Simple Network password generator. An alternative to
Management Protocol (SNMP) agents password authentication is two-factor
will help eliminate many of the authentication.
vulnerabilities inherent in a vendor’s ESTABLISHING PROPER
software default configuration. ENCRYPTION SETTINGS:
UPDATING DEFAULT Encryption settings should be
PASSWORDS: set for the strongest encryption
Each WLAN device comes available in the product, depending on
with its own default settings, some of the security requirements of the
agency. Typically, APs have only a
few encryption settings available:
none, 40-bit shared key, and 104-bit
shared key (with 104-bit shared key
being the strongest). Encryption as
used in WEP, simple stream cipher
generation, and exclusive-OR
processing does not pose an additional
burden on the computer processors
performing the function.
CONTROLLING THE RESET
FUNCTION:
The reset function poses a
particular problem because it allows
an individual to negate any security
settings that administrators have
configured in the AP. It does this by
returning the AP to its default factory
settings. The default settings generally
do not require an administrative
password, for example, and may
disable encryption. An individual can
reset the configuration to the default
settings simply by inserting a pointed
object such as a pen into the reset hole
and pressing. If a malicious user gains
physical access to the device, that
individual can exploit the reset feature
and cancel out any security settings
on the device.
CHANGING THE SSID:
The SSID of the AP must be
changed from the factory default. The
default values of SSID used by many
802.11 wireless LAN vendors have
been published and are well-known to
would-be adversaries. The default
values should be changed (always a
good security practice) to prevent
easy access. Although an equipped
adversary can capture this identity
parameter over the wireless interface,
it should be changed to prevent
unsophisticated adversary attempts to
connect to the wireless network.
CHANGING DEFAULT
CRYPTOGRAPHIC KEYS:
The manufacturer may provide
one or more keys to enable shared-
key authentication between the device
trying to gain access to the network
and the AP. Using a default shared-
key setting forms a security
vulnerability because many vendors
use identical shared keys in their other but are on different networks, a
factory settings. DoS can result from radio interference
between the two APs. Agencies that
incur radio interference need to
USING SNMP: determine if one or more nearby
Some wireless APs use SNMP AP(s) are using the same channel or a
agents, which allow network channel within five channels of their
management software tools to own and then choose a channel that is
monitor the status of wireless APs and in a different range. For example,
clients. The first two versions of channels 1, 6, and 11 can be used
SNMP, SNMPv1 and SMPv2 support simultaneously by APs that are close
only trivial authentication based on to each other without mutual
plain-text community strings and, as a interference. Agencies must perform a
result, are fundamentally insecure. site survey to discover any sources of
SNMPv3, which includes radio interference. The site survey
mechanisms to provide strong should result in a report that proposes
security are highly recommended. If AP locations, determines coverage
SNMP is not required on the network, areas, and assigns radio channels to
the agency should simply disable each AP.
SNMP altogether. SOFTWARE PATCHES AND
CHANGING DEFAULT UPGRADES:
CHANNEL: Vendors generally try to correct
One other consideration that is known software (and hardware)
not directly exploitable is the default security vulnerabilities when they
channel. Vendors commonly use have been identified. These
default channels in their APs. If two corrections come in the form of
or more APs are located near each security patches and upgrades.
Network administrators need to usernames and passwords for
regularly check with the vendor to see authentication, it is important to have
whether security patches and policies specifying minimum
upgrades are available and apply them password length, required password
as needed. Also, many vendors have characters, and password expiration.
“security alert” e-mail lists to advise Smart cards, biometrics, and PKI have
customers of new security their own individual requirements and
vulnerabilities and attacks. will be addressed in greater detail
Administrators should sign up for later in this document.
these critical alerts. Lastly, PERSONAL FIREWALLS:
administrators can check with the Resources on public wireless
NIST ICAT25 vulnerability database networks have a higher risk of attack
for a listing of all known since they generally do not have the
vulnerabilities in the software or same degree of protection as internal
hardware being implemented. For resources. Personal firewalls offer
specific guidance on implementing some protection against certain
security patches, attacks. Personal firewalls are
AUTHENTICATION: software-based solutions that reside
In general, effective on a client's machine and are either
authentication solutions are a reliable client-managed or centrally managed.
way of permitting only authorized INTRUSION DETECTION
users to access a network. SYSTEM (IDS):
Authentication solutions include the An intrusion detection system
use of usernames and passwords; (IDS) is an effective tool for
smart cards, biometrics, or PKI; or a determining whether unauthorized
combination of solutions (e.g., smart users are attempting to access, have
cards with PKI). When relying on already accessed, or have
compromised the network. IDS for sure it remains secure. It is important
WLANs can be host-based, network- for agencies to perform regular audits
based, or hybrid, the hybrid using wireless network analyzers and
combining features of host- and other tools. An analyzer, again,
network-based IDS. sometimes called a “sniffer,” is an
ENCRYPTION: effective tool to conduct security
As mentioned earlier, APs auditing and troubleshoot wireless
(Access Point )generally have only network issues. Security
three encryption settings available: administrators or security auditors can
none, 40-bit shared key, and 104-bit use network analyzers, to determine if
setting. The setting of none represents wireless products are transmitting
the most serious risk since correctly and on the correct channels.
unencrypted data traversing the Administrators should periodically
network can easily be intercepted, check within the office building space
read, and altered. A 40-bit shared key (and campus) for rogue APs and
will encrypt the network against other unauthorized access.
communications data, but there is still Agencies may also consider using an
a risk of compromise. In general, 104- independent third party to conduct the
bit encryption is more secure than 40- security audits.
bit encryption because of the Guideline on Network Security
significant difference in the size of the Testing. It is worth noting that
cryptographic keyspace. agencies should take a holistic
SECURITY ASSESSMENTS: approach to the assessment process. It
Security assessments, or audits, is important to ensure that the
are an essential tool for checking the wireless portion of the network is
security posture of a WLAN and for secure, but it is also important for the
determining corrective action to make wired portion to be secure.
 stored on the cards themselves and
generally require the user only to
remember a PIN number. Smart cards
HARDWARE SOLUTIONS: are also portable; consequently users
Hardware countermeasures for can securely access their networks
mitigating WLAN risks include from various locations. As with an
implementing smart cards, VPNs, authentication software solution, these
PKI, biometrics, and other hardware tamper-resistant devices may be
solutions. integrated into a WLAN solution to
Smart Cards: enhance the security of the system.
Smart cards may add another Again, users should be careful to fully
level of protection, although they also understand the security provided by
add another layer of complexity. the smart card solution.
Agencies can use smart cards in VIRTUAL PRIVATE
conjunction with username or NETWORKS:
password or by themselves. They can VPN technology is a rapidly
use smart cards in two-factor growing technology that provides
authentication (see above). Agencies secure data transmission across public
can also combine smart cards with network infrastructures. VPNs have in
biometrics. recent years allowed corporations to
In wireless networks, smart harness the power of the Internet for
cards provide the added feature of remote access. Today, VPNs are
authentication. Smart cards are typically used in three different
beneficial in environments requiring scenarios: for remote user access, for
authentication beyond simple LAN-to-LAN (site-to-site)
username and password. User connectivity, and for extranets.
certificate and other information are
 PKI provides the framework
and services for the generation,
production, distribution, control, and
accounting of public key certificates.
It provides applications with secure
encryption and authentication of
network transactions as well as data
integrity and nonrepudiation, using
public key certificates to do so.
WLANs can integrate PKI for
Most VPNs in use today make
authentication and secure network
use of the IPsec protocol suite. IPsec,
transactions. Third-party
developed by the Internet Engineering
manufacturers, for instance, provide
Task Force (IETF), is a framework of
wireless PKI, handsets, and smart
open standards for ensuring private
cards that integrate with WLANs.
communications over IP networks. It
BIOMETRICS:
provides the following types of robust
Biometric devices include
protection:
fingerprint/palm-print scanners,
 Confidentiality
optical scanners (including retina and
 Integrity
iris scanners), facial recognition
 Data origin
scanners, and voice recognition
authentication
scanners. Biometrics provide an
 Traffic analysis
added layer of protection when used
protection.
either alone or along with another
PUBLIC KEY
security solution. For example, for
INFRASTRUCTURE (PKI):
agencies needing higher levels of
security, biometrics can be integrated
with wireless smart cards or wireless the future but will require new
laptops or other wireless devices and hardware and protocol changes. TGi
used in lieu of username and currently has design requirements to
password to access the wireless address many of the known problems
network. with WEP including the prevention of
EMERGING SECURITY forgeries and detection of replay
STANDARDS AND attacks.
TECHNOLOGIES: The second initiative for
Like the security industry, improving WLAN security is the
standards organizations have TGi’s short-term solution—WiFi
responded to the flurry over Protected Access (WPA)—to address
insecurities in 802.11 WLANs. the problems of WEP.
Activity is occurring in the Internet
Engineering Task Force (IETF) and CONCLUSION:
the IEEE. The IEEE is currently This paper describes the
working on three separate initiatives fundamental issues and analysis key
for improving WLAN security. The research problems of wireless
first involves the IEEE 802.11 Task network.Firstly the background
Group i (TGi) which has proposed information of wireless network are
significant modifications to the introduced including the network
existing IEEE 802.11 standard as a concept and other areas.Thus the main
long-term solution for security. The challenges of network are discussed
TGi is defining additional ciphers that leads to analysis of software &
based on the newly released hardware solutions.Finally emering
Advanced Encryption Standard network standards &technology issue
(AES). The AES-based solution will of network are described in
provide a highly robust solution for detail.These issues are necessary to
fulfill the requirements of wide
commercial development of wireless
network security.

REFERENCES:
1. NIST Special Publication 46, Security for
Telecommuting and Broadband
Communications,
National Institute for Standards and
Technology.
2. Norton, P., and Stockman, M. Peter
Norton’s Network Security Fundamentals.
2000.
3. Wack, J., Cutler, K., and Pole, J. NIST
Special Publication 41, Guidelines on
Firewalls and
Firewall Policy, January 2002.
4. Gast, M. 802.11 Wireless Networks: The
Definitive Guide Creating and
Administering Wireless
Networks, O’Reilley Publishing, April 2002.