Professional Documents
Culture Documents
WLAN Security
WLAN Security
WLAN Security
Group members ID
WPA2 is the current standard; however, some hardware does not support WPA2 without a
firmware upgrade or replacement.WPA2 employs an encryption device that encrypts the
network with a 256-bit key, which improves security over WEP. Enterprises frequently
enforce security by using a certificate-based system to authenticate the connecting device, in
accordance with IEEE 802.11X.
WLAN cyber security threats can lead to data theft. To prevent against this risk, security
teams put mechanisms in place to stop attempts to read communications being transmitted or
received over the wireless medium and collect sensitive information, such as personal
information, login credentials or business data.
WLAN threats and vulnerabilities: WLAN cyber security threats can lead to data loss, malware
infections, DDoS attacks and other detrimental scenarios. Teams should be aware of many WLAN
threats and vulnerabilities, including the following:
Piggybacking
Most wireless routers and wireless access points (WAPs) have a broadcast range of 150–300
feet indoors and as far as 1,000 feet outdoors. Any user within this range can connect to an
unsecured Wi-Fi network. More savvy users can even drive around neighbourhoods with a
computer and a powerful antenna in search of unsecured wireless networks. This is a type of
piggybacking called war driving.
The problem is that when unauthorized people piggyback on your internet connection, they
can use it to conduct illegal activities, monitor and capture your web traffic, or steal your
personal files.
Cracking attack
This Wi-Fi attack, which is launched using either simplistic (brute force) or complex
methods, exploits the security weaknesses of a wireless network to infiltrate it. Such
vulnerabilities are commonly caused by poor configuration or weak or flawed security
protocols.
Evil twin attack
In this type of Wi-Fi attack, cybercriminals set up their own system that impersonates a
legitimate WAP. However, they use a stronger broadcast signal than the legitimate one to
dupe unsuspecting users into connecting to their system.
Once a user is connected to the fake system, the cybercriminal can easily read any data (e.g.,
credit card numbers, login credentials, personal information) that the user sends over the
internet.
Wireless sniffing
There are plenty of WAPs that are not secure and do not encrypt the traffic they carry. When
you connect to these, any data that you send over is out in the open for malicious actors to
obtain using sniffing tools. This puts your sensitive communications or transactions at risk.
When you connect your device to an unsecured wireless network without disabling file
sharing, malicious actors can access your device’s files and folders.
Authentication :-
Data Privacy
1. Mac Filtering
2. Wired Equivalent Privacy (WEP)
3. Wi-Fi Protected Access (WPA)
4. Wi-Fi Protected Access 2 (WPA 2)
5. Wi-Fi Protected Access 3 (WPA 3)
1. Mac Filtering
Allows to block traffic coming from certain known machines or devices. The router
uses the MAC address of a computer or device on the network to identify it and block
or permit the access.
2. WEP (Wired Equivalent Privacy)
WEP (Wired Equivalent Privacy) is the oldest and most common Wi-Fi security protocol. It
was the privacy component established in the IEEE 802.11, a set of technical standards that
aimed to provide a wireless local area network (WLAN) with a comparable level of security
to a wired local area network (LAN).
The Wi-Fi Alliance ratified WEP as a security standard in 1999. Once touted to offer the
same security benefits as a wired connection, WEP has been plagued over the years by many
security flaws. And as computing power has increased, these vulnerabilities have worsened.
Despite efforts to improve WEP, it’s still vulnerable to security breaches. The Wi-Fi Alliance
officially retired WEP in 2004.
WPA (Wi-Fi Protected Access) is a wireless security protocol released in 2003 to address the
growing vulnerabilities of its predecessor, WEP. The WPA Wi-Fi protocol is more secure
than WEP, because it uses a 256-bit key for encryption, which is a major upgrade from the
64-bit and 128-bit keys used by the WEP system.
WPA also uses the Temporal Key Integrity Protocol (TKIP), which dynamically generates a
new key for each packet, or unit of data. TKIP is much more secure than the fixed-key
system used by WEP.
4. WPA2
WPA2 (Wi-Fi Protected Access 2) is the second generation of the Wi-Fi Protected Access
wireless security protocol. Like its predecessor, WPA2 was designed to secure and protect
Wi-Fi networks. WPA2 ensures that data sent or received over your wireless network is
encrypted, and only people with your network password have access to it.
A benefit of the WPA2 system was that it introduced the Advanced Encryption System
(AES) to replace the more vulnerable TKIP system used in the original WPA protocol. Used
by the US government to protect classified data, AES provides strong encryption.
Unfortunately, like it’s predecessor, WPA2-enabled access points (usually routers) are vulnerable to
attacks through WEP. To eliminate this attack vector, disable WEP and, if possible, make sure your
router’s firmware doesn’t rely on WEP.
Pros and Cons of each security protocol, ordered from best to worst
WPA2
Pros:
- Addresses many security flaws of its predecessors
- Uses the strongest encryption method: AES
- Required by the Wi-Fi Alliance for use on all Wi-Fi certified products
- 256-bit key for encryption
Cons:
- Still contains some security vulnerabilities
- Requires the most processing power
WPA
Pros:
- Addresses security vulnerabilities of the original wireless security standard, WEP
- TKIP encryption method is better than the fixed-key encryption used by WEP
- 256-bit key for encryption
Cons:
- When rolled out onto WEP devices, TKIP can be exploited
- Similar security vulnerabilities to WEP
WEP
Pros:
- Better than no security protocol — though not by much
Cons:
- Riddled with security vulnerabilities
- Only 64-bit and 128-bit keys for encryption
- Fixed-key encryption
- Hard to configure
5. WPA3
WPA3 (Wi-Fi Protected Access 3) is the newest wireless security protocol designed to
encrypt data using a frequent and automatic encryption type called Perfect Forward Secrecy.
It’s more secure than its predecessor, WPA2, but it hasn’t been widely adopted yet. Not all
hardware supports WPA3 automatically, and using this protocol often requires costly
upgrades.
Firewalls, VPNs, and antivirus software all help protect it from the many threats these
devices face as they connect to the Internet. Tools such as Cisco Security Agent consolidate
endpoint security functions such as firewall intrusion prevention, spyware and adware
protection, and more in a single agent.
There are some simple steps we can take to protect our wireless network and router:
- Following messages are exchanged between Station (STA or Client) and Access
Point in shared key authentication.
- Authentication Request: From STA to AP
- Challenge: AP generates random number and send it to STA.
- Response: STA using cryptographic key which is shared with AP encrypts this
challenge and send it to the AP.
- Confirm Success: AP decrypts the result sent by the STA and allows access of the
WLAN network provided the decrypted value matches with the random challenge
transmitted initially.
Infrastructure mode is the most common and it is the mode used in home/business and
public Wi-Fi networks. It requires a Wireless Access point. On home networks this is
usually provided by a Wireless router.
The Access point forms the Wireless network, and all nodes or clients connect to the access
point. The access point, and network is identified by a SSID or service set identifier.
SSID’s are assigned by a network administrator and are usually given easy to remember and
descriptive names.
BSSIDs
A Wi-Fi access point also has a basic service set ID (BSSIDs) which is used to identify the
access point and its clients on a network.
WIFI Channels
A Wi-Fi access point is also configured to use a pre-set Wireless channel. Commonly used
channels are 1,6,11.
If you are responsible for setting up your home Wi-Fi access point /router then you would set
up the access point to use a channel that isn’t being used by another access point in your
location.
This is especially important if you live in a crowded location with lots of neighbours.
It is important to note that Wi-Fi channels do not correspond to number of devices that can
be connected to the access point.
Each channel corresponds to a frequency that the Wi-Fi devices work on, so if your access
point is set to use channel 11, then all devices that try to connect to it must also communicate
on channel 11.
The number of actual devices that can connect on a given channel is limited by the software
on the router and by bandwidth.
Devices on a channel share the channel in a similar fashion to clients on Ethernet networks.
That is each device takes turns sending and receiving data on the channel. (Time slot
multiplexing).
Therefore the more clients that are connected the slower each client runs.
Most home networks (802.11b or 802.11g) and devices use the 2.4GHz frequency
band while the newer networks (802.11n) use the 5GHz frequency band.
Most new 802.11n devices support both bands and are known as dual band.
Because of the limited support of the 5GHz band by devices this band is generally quite
clear.
It also has more channels available.
The 5GHz band is faster than the 2GHz band but has a shorter range and doesn’t penetrate
walls very well
Ad Hoc Networks
With an Ad Hoc network nodes can communicate with each other without an access point.
An extended service set (ESS) is a wireless network, created by multiple access points, which
appears to users as a single, seamless network, such as a network covering a home or office
that is too large for reliable coverage by a single access point. It is a set of one or more
infrastructure basic service sets on a common logical network segment (i.e. same IP subnet
and VLAN). Key to the concept is that the participating basic service sets appear as a single
network to the logical link control layer. Thus, from the perspective of the logical link control
layer, stations within an ESS may communicate with one another, and mobile stations may
move transparently from one participating basic service set to another (within the same
ESS). Extended service sets make possible distribution services such as centralized
authentication. From the perspective of the link layer, all stations within an ESS are all on the
same link, and transfer from one BSS to another is transparent to logical link control.
Fig. (a) Ad-Hoc mode (IBSS), (b) Infrastructure mode BSS, (c) Infrastructure mode ESS.
802.11ac 433 to 6933 Mbps 5 GHz This standard provides multi-station throughput of at
least 1.1 Gbps and single-link throughput of at least
0.5 Gbps on the 5 GHz band.
The second rule is a combination of numbers means the router support different network
types. So when networks like 802.11 ac, 801.11 ad, and 802.11 abg are listed, it means that
each of those types is supported by that router.
- Over time, different classifications of WiFi networks were given different naming conventions.
Rather than “802.11b”, it’s just “WiFi 1.” Much like how mobile phone companies refer to 3G and
5G as different network speeds even though the term is almost always just a marketing tool. This
classification is supposed to help make it easier for consumers to understand — instead of
understanding a whole alphabet soup, users can just look for “WiFi 1” or “WiFi 6” as what they
need.
WiFi 1 802.11b
WiFi 2 802.11a
WiFi 3 802.11g
WiFi 4 802.11n
WiFi 5 802.11ac
WiFi 6 802.11ax
What is WIFI 6?
As you can see, the latest Wi-Fi standard is Wi-Fi 6 (or 802.11 ax). The standard support the
already widespread 2.4 and 5 GHz bands, and it also uses the 6 GHz band for increased
throughput-per-area in high-density scenarios.
The maximum link rate of WiFi 6 is between 600 and 9608 Mbps, depending on how many
channels are utilized. Considering that the average internet speed in the US is just 42 Mbps,
it’s safe to say that WiFi 6 is plenty fast for most people.
As the latest WiFi standard, WiFi 6 also supports the WPA3 security protocol. This protocol
replaces the pre-shared key (PSK) exchange with Simultaneous Authentication of Equals
(SAE) exchange to address security issues posed by weak passwords.
This means that it will be easier to have devices join a public WiFi network while still
keeping private information private. As more people connect in coffee shops, libraries,
churches, and schools, keeping bank connections and other secure communications from
prying eyes will be essential.
There are more information leaks and data being sold online, so these enhanced encryption
techniques will make it safer to be out on public WiFi systems.
WiFi 6 was adopted in 2019, and there are already many routers on the market that support
the standard. Best of all, the same routers are compatible with other current WiFi standards,
so they work even with devices that don’t take advantage of WiFi 6.
Many newly released routers are marketed as WiFi 6E-compatible, so what does it mean?
Well, WiFi 6E is an extension to the WiFi 6 standard that adds support for the 6 GHz band.
The 6 GHz band actually extends from 5.925 GHz to 7.125 GHz, so it has a very wide
frequency range of 1,200 MHz, much more than the 2.4 and 5 GHz bands.
Because the 6 GHz band is so wide, it can offer a lot of bandwidth to support our current and
future connectivity needs. Its width and novelty make the 6 GHz band fairly resistant to
signal interference caused by other WiFi devices, so it’s great for use in dense urban
environments.
Just keep in mind that it’s not enough to own a WiFi 6E-compatible router to use the 6 GHz
band—your devices (smartphones, laptops, and so on) also need to be 6E-compatible.
Devices that are not 6E-compatible work without any issues with WiFi 6E routers, but they
can’t take full advantage of all the features and bands supported by them.
Wi-Fi Direct: - Wi-Fi direct allows you to connect two Wi-Fi equipped devices together
without requiring an access point.
Essentially it works the same ways as Bluetooth but is much faster and is designed to be used
for the same type of applications.
Wireless network installation is very easy and just requires a Wireless access point (WAP).
On small home/office networks this in generally provided by the home router but can also be
provided by other devices like a dedicated WAP and electrical socket etc.
However for the initial installation it is recommend to only setup with no security and no
encryption and test it with a single device before adding other security measures
It is common for many home networks and business networks to only allow their own
authorized devices to use their wireless network. This is achieved by securing the network.
There are three common techniques available, which can be used either independently of
each other, or together. They are:
Broadcast SSID prevention
Mac Address Restrictions
Broadcast SSID
They normally broadcast this ID so any wireless devices in the area know they are there.
The client device will see a list of networks listed by name, and he can select the network
from the list or enter the name in the network connection dialogue.
If the client device didn’t know the network name then it couldn’t connect.
You can prevent your wireless network from broadcasting the name by turning off
Broadcast SSID.
The problem with turning off broadcast SSID is that anyone who wants to configure a
wireless device to connect to your network will need to know the name in advance.
If, as in a typical home network, you only have a fixed number of client computers then you
can set this up yourself.
If you are setting up a wireless network for a small business, hotel/guest house etc then you
will need to have a way of letting new users easily find out the network name and you will
also need to have a procedure for changing the name periodically.
You should note that although the SSID is not being broadcast it can easily be found by
professional/knowledgeable eavesdroppers using specialist equipment.
This is a very powerful security feature that limits access to your wireless network to
particular devices. Every device connected to a wireless network has a MAC (Media Access
Control) address. The address is in effect the address of the network adapter (wireless or
Ethernet), and is assigned by the adapter manufacturer, and is unique.
To configure this you need to configure each wireless access point to only allow
communication from a specified addresses. To setup Mac Address filtering/restrictions you
need to:
Because of the need to find each MAC address for each device then this technique is
unsuitable for environments were the client machines that connect to your Wireless Network
change i.e. hotel, public network etc.
You should also bear in mind that the MAC address is on the network adapter, and so if your
wireless USB adapter breaks, and you replace it with a new one, then this will have its
own MAC address, and you will need to reconfigure your Access points.
You should also note that the MAC address can be spoofed by a professional/knowledgeable
eavesdroppers using specialist equipment.
1. Ping: - "Ping" is one of the most basic yet useful network commands to utilize in the
command prompt application. It tells you whether your computer can reach some
destination IP address or domain name, and if it can, how long it takes data to travel
there and back again. The command works by sending out multiple data packets and
seeing how many of them return. If some of them don't return, it'll tell you ("lost").
Packet loss leads to poor performance in games and streaming, and this is a nifty way
to test. By default, it sends 4 packets, each one waiting 4 seconds before timing out.
2. Tracert :- "Tracert" stands for Trace Route. And much like "ping," it sends out a data
packet as a way to troubleshoot any network issues you might have, but it instead
tracks the route of the packet as it hops from server to server. The command outputs a
line-by-line summary of each hop, including the latency between you and that
particular hop and the IP address of that hop (plus domain name if available).
3. Pathping :- "Pathping" is similar to "tracert," except it's more informative and takes a
lot longer to execute. After sending out packets from you to a given destination, it
analyses the route taken and computes packet loss on a per-hop basis.
4. Ipconfig :- "Ipconfig" often comes up as the most-used networking command on
Windows. Not only is it useful for the information it provides, but you can combine it
with a couple of switches to execute certain tasks.
5. Getmac: - Every device that's compliant with IEEE 802 standards has a unique MAC
address (Media Access Control). The manufacturer assigns MAC addresses and stores
them in the device's hardware. Some people use MAC addresses to limit which
devices can connect to the network.
6. Iwconfig :- iwconfig is similar to ifconfig, but is dedicated to wireless networking
interfaces. It is used to set the parameters of the network interface which are specific
to the wireless operation (eg. frequency, SSID). iwconfig may also be used to display
those parameters, and the wireless statistics (extracted from /proc/net/wireless). It
works in tandem with iwlist, which generates lists of available wireless networks.