Professional Documents
Culture Documents
Wireless Threats & Vulnerabilities
Wireless Threats & Vulnerabilities
Vulnerabilities
Acoros, Elaiza Marie
Borja, Ren Norvyn
Burias, Angelo
Dahan, Heson
Joaquin, Jerald
Laurente, Kyle Miguel
Molera, Cheska Denise
Pedregosa, John Edward
It have become an integral part of how we conduct our businesses. They ease
many processes and help us get rid of the clutter caused by hundreds of wires.
Wireless is freedom.
It's about being unleashed from the
telephone cord and having the ability
to be virtually anywhere when you
want to be.
Martin Cooper
The World with
Wireless Technology
Wireless technologies offer convenient solutions to our needs. They are practical and fast,
moreover they set us free of the clutter caused by wires and cables. On the other hand, it is no
secret that wireless networks are more vulnerable to attacks and intruders.
Wireless Threats & Vulnerabilities
Wireless networks are particularly
vulnerable to attacks because it is difficult
to prevent physical access to them.
Common Incident
This sort of device can be maliciously
installed if the attacker has direct access
to the wired network, but more often
than not, they are added by staff that are
not aware of the implications.
Prevention
Periodic scanning, continuous
monitoring, and immediate alerting,
Types of Wireless Attacks
Peer-to-Peer Attacks
Devices that are connected to the same access points
can be vulnerable to attacks from other devices
connected to that access point.
Possible Risk or Harm
Common Incident
Prevention
Prevention
EAVESDROPPING One can use a personal firewall, keep
Also known as sniffing or snooping attack, the antivirus software updated, and use
is where information are being stolen and
Possible Risk or Harm a virtual private network or VPN. Having
are transmitted over a network by a It takes advantage of unsecured strong passwords, changing them
computer, smartphone, or another network communications to have frequently, and using data encryption.
connected device. access to the data because it is Common Incident
being sent or received by its user The passwords for public networks are
readily available, so an eavesdropper can
simply log in and using a free software,
monitor network activity and steal log-in
credentials along with any data that other
users transmit over the network.
Types of Wireless Attacks
EAVESDROPPING TYPES
Possible Risk or Harm Loss of Physical Storage Media, disclosure or modification of stored data, destruction of stored
data, and disclosure of data in transit.
Marriott learned during the investigation that there had been unauthorized access to the
Starwood network since 2014. Marriott recently discovered that an unauthorized party had
copied and encrypted information and took steps towards removing it. On November 19, 2018,
Marriott was able to decrypt the information and determined that the contents were from the
Starwood guest reservation database.
Prevention Use upper- and lowercase letters, special characters, and numbers. Never use only numbers.
Such passwords can be cracked quickly.
Common Incident
Broad-based phishing campaigns recognizes
AUTHENTICATION ATTACKS that threat agents have to gain access to only a
This is where the attacker scrapes a frame few accounts or one admin account to
exchange between a client authenticating compromise the organization.
with the network, and then they simply run
an offline dictionary attack.
Prevention
Choose your password wisely
While you might be tired of hearing it, having a strong password is one of the most important steps in
keeping your information safe. There are many types of password attacks, from brute-force attacks to
Possible Risk or Harm dictionary attack, so we advise being more creative and staying away from “Password1234”.
Depending on the strength of the password, it
could be just a matter of time before they crack
the password and gain access. Stay away from public Wi-Fi networks when logging into important accounts
Whilst using public Wi-Fi, you are more susceptible to Man-in-the-Middle attacks. Hackers can easily
position themselves between your device and the connection/service, putting your accounts at risk.
Types of Wireless Attacks
MAC SPOOFING
A technique for temporarily changing the MAC
01 address of a device to bypass access blocks at the
network identifier level (MAC filtering).
Possible Risk or Harm The possible risks are the BMC which are the components of IPMI that is a
collection of tools usually found in servers that allows system admins to
manage system from remote locations.
Common Incident According to Eclysium researchers, a BMC code was found that was
responsible for processing and applying firmware updates does not perform
cryptographic signature verification on the provided firmware image before
accepting the update and committing it to non-volatile storage. This allows the
attacker to load modified code onto the BMC that could provide malicious
firmware update, reboot the system, compromise data, bypass any operating
controls and a lot more.
Prevention Restrict IPMI to trusted internal networks and to manage VLANs with strong
networks controls. Monitor any trusted network for abnormal activity.
Types of Wireless Attacks
DENIAL OF SERVICE
Buffer Overflow Attacks
A type of attack meant to shut down a machine
The concept is to send more traffic to a
Flooding Services
or network, making it inaccessible to its intended It occurs when the system receives too much
users. DoS attacks accomplish this by flooding network address than the programmers
traffic for the server to buffer, causing them to
the target with traffic, or sending it information have built the system to handle.
slow down and eventually stop.
that triggers a crash. In both instances, the DoS
attack deprives legitimate users.
Types of Wireless Attacks
Possible Risk or Harm The possible risk of this matter is that the attackers can collect sensitive
information/data from its affected target and its connections(family, friends, etc.)
that they can be used in illegal way or use it to block mail their target.
Prevention Prevent to log any accounts in an public WI-FI especially when it say
“Unsecure”. Even if it has a familiar name. And use 2-factor-authentication for all
of your sensitive accounts.
SOCIAL ENGINEERING
Traditional hacking aims to compromise the security settings of the IT systems and applications. In contrast
“Social Engineering” attempts to exploit the users by claiming to be employees vendors, or support personnel
to try to manipulate the workers, they use trust and emotions to deceive the victims into giving them
information that compromises data security.
Overall Solutions
Overall Solutions
Intrusion Detection
Intrusion detection and prevention software, also found in wired and wireless networks,
provides your network with the software intelligence to immediately identify and halt
attacks, threats, worms, viruses and more.
Content Filtering
Content filtering is just as important as the first two solutions in all network environments
because it helps protect you from internal activity. Filtering and monitoring software
prevents your employees from accessing content via the Internet that could potentially be
harmful to your operations.
Overall Solutions
Authentication
Authentication and identification methods protect the secure data on your network. In addition to
password protection, solutions such as key fobs and biometric authentication ensure that only those
with proper authority to access your secure data can do so, keeping your wireless network safe.
Overall Solutions
Data Encryption
Today’s business climate relies upon collecting, analyzing and (more importantly) sharing vital
information about your business and its customers. Data Encryption can be used to secure the
wireless networks, Virtual Private Networks and Secure Socket Layers your data is shared on.
Thank you.
Wireless Threats & Vulnerabilities
References
• Frankenfield, J. (2021, June 22). What is an eavesdropping attack? Investopedia. Retrieved October 2, 2021, from
https://www.investopedia.com/terms/e/eavesdropping-attack.asp.
• WiFi, C. T. (2017, June 13). Types of wireless attacks. Medium. Retrieved October 2, 2021, from https://blog.ct-networks.io/types-of-wireless-
attacks-9b6ecc3317b9.
• Cimpanu, C. (2018, September 6). Vulnerabilities found in the remote management interface of Supermicro servers. ZDNet. Retrieved October 2,
2021, from https://www.zdnet.com/article/vulnerabilities-found-in-the-remote-management-interface-of-supermicro-servers/.
• Alert (TA13-207A). Cybersecurity and Infrastructure Security Agency CISA. (n.d.). Retrieved October 2, 2021, from https://us-
cert.cisa.gov/ncas/alerts/TA13-207A.
• Types of wireless network attacks. Logsign. (n.d.). Retrieved October 2, 2021, from https://www.logsign.com/blog/types-of-wireless-network-
attacks/.
• Wikipedia contributors. (2021, October 1). Wireless. In Wikipedia, The Free Encyclopedia. Retrieved 11:42, October 2, 2021, from
https://en.wikipedia.org/w/index.php?title=Wireless&oldid=1047525038
• Swinhoe, M. H. and D. (2021, July 16). The 15 biggest data breaches of the 21st Century. CSO Online. Retrieved October 3, 2021, from
https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html.
• 5 identity attacks that exploit your broken authentication. (n.d.). Retrieved October 3, 2021, from
https://www.okta.com/sites/default/files/pdf/Whitepaper-5-Identity-Attacks-that-Exploit-Your-Broken-Authentication_updated2020.pdf.
• What is a denial-of-service (DOS) attack? | cloudflare. (n.d.). Retrieved October 3, 2021, from
https://www.cloudflare.com/learning/ddos/glossary/denial-of-service/.
• 5 wireless security solutions to ease your mind. Marco. (n.d.). Retrieved October 3, 2021, from https://www.marconet.com/blog/5-wireless-
security-solutions-to-ease-your-mind.