Department Of Computer Science

Computer System Security Assignment

Group members ID

1. Eyerusalem Emibale UU78887R

2. Lidya Nakachew UU78984R
3. Sami Remedan UU81044R
4. Roman Deribe UU80447R

Submitted to: instructor Feleke

Submitted date: March 08, 2023
Basic Concepts of Wireless LAN Security

Wireless security is the prevention of unauthorized access or damage to computers or data

through the use of wireless networks, such as Wi-Fi networks. The term may also refer to the
protection of the wireless network itself from adversaries attempting to compromise the
network's confidentiality, integrity, or availability. Wi-Fi security, which includes Wired
Equivalent Privacy (WEP) and Wi-Fi Protected Access, is the most common type
(WPA).WEP is an old IEEE 802.11 standard that dates back to 1997.It is a notoriously
insecure security standard: the password it employs is frequently crackable in a matter of
minutes using a basic laptop computer and widely available software tools. WPA, a quick
alternative at the time to improve security over WEP, replaced WEP in 2003.

WPA2 is the current standard; however, some hardware does not support WPA2 without a
firmware upgrade or replacement.WPA2 employs an encryption device that encrypts the
network with a 256-bit key, which improves security over WEP. Enterprises frequently
enforce security by using a certificate-based system to authenticate the connecting device, in
accordance with IEEE 802.11X.

WLAN cyber security threats can lead to data theft. To prevent against this risk, security
teams put mechanisms in place to stop attempts to read communications being transmitted or
received over the wireless medium and collect sensitive information, such as personal
information, login credentials or business data.

Types of security threats

WLAN threats and vulnerabilities: WLAN cyber security threats can lead to data loss, malware
infections, DDoS attacks and other detrimental scenarios. Teams should be aware of many WLAN
threats and vulnerabilities, including the following:

What are the common wireless network security out there?

The 7 most common wireless network threats are:

1. Configuration Problems: Misconfigurations, incomplete configurations.

2. Denial of Service: Sending large amounts of traffic (or viruses) over the network
with the intent of hijacking resources or introducing backdoors.
 3. Passive Capturing: Eavesdropping within range of an access point to capture
sensitive information.
4. Rogue (or Unauthorized/Ad-Hoc) Access Points: Fool devices into connecting
with a false access point. 
5. Evil Twin Attacks: Impersonating legit access points with a stronger signal to
entice authorized users to sign on. 
6. Hacking of Lost or Stolen Wireless Devices: Bypassing the password to gain
access.
7. Freeloading: Piggybacking on a connection or intercepting file sharing.

Piggybacking

Most wireless routers and wireless access points (WAPs) have a broadcast range of 150–300
feet indoors and as far as 1,000 feet outdoors. Any user within this range can connect to an
unsecured Wi-Fi network. More savvy users can even drive around neighbourhoods with a
computer and a powerful antenna in search of unsecured wireless networks. This is a type of
piggybacking called war driving.
The problem is that when unauthorized people piggyback on your internet connection, they
can use it to conduct illegal activities, monitor and capture your web traffic, or steal your
personal files.

Cracking attack

This Wi-Fi attack, which is launched using either simplistic (brute force) or complex
methods, exploits the security weaknesses of a wireless network to infiltrate it. Such
vulnerabilities are commonly caused by poor configuration or weak or flawed security
protocols.
Evil twin attack

In this type of Wi-Fi attack, cybercriminals set up their own system that impersonates a
legitimate WAP. However, they use a stronger broadcast signal than the legitimate one to
dupe unsuspecting users into connecting to their system.
Once a user is connected to the fake system, the cybercriminal can easily read any data (e.g.,
credit card numbers, login credentials, personal information) that the user sends over the
internet.

Wireless sniffing

There are plenty of WAPs that are not secure and do not encrypt the traffic they carry. When
you connect to these, any data that you send over is out in the open for malicious actors to
obtain using sniffing tools. This puts your sensitive communications or transactions at risk.

When you connect your device to an unsecured wireless network without disabling file
sharing, malicious actors can access your device’s files and folders.

WLAN Security Issue

 Authentication :-

- Open – No Authentication Issue – Anyone can be authenticated

- Shared – Use WEP Key to encrypt AP Challenge Issue – Easy to determine
WEP Key
- Assumed Authentication Methods - SSID, MAC Address Issue – SSID –
Association, never intended for security Issue – MAC – Sent in clear, very
easily spoofed

 Data Privacy

- Wired Equivalency Privacy Based on RC4 Algorithm (good algorithm)

Weak Implementation (Weak IV, IV sent in clear, common WEP key
- Issues (Based on WEP implementation) - Weak IV – FMS Paper, July 2001
Key Derivation via monitoring - AirSnort Key Derivation via bit flipping –
UC Berkley, Feb. 2001 IV & WEP Key Replay Attack - DoS, knowing IV &
WEP No Key Management – Lends to invasion WiFi Interoperability
Certification – 40 bit only.
Software tool for conducting wireless LAN security threat

There are 5 wireless LAN security protocols currently available:

1. Mac Filtering
2. Wired Equivalent Privacy (WEP)
3. Wi-Fi Protected Access (WPA)
4. Wi-Fi Protected Access 2 (WPA 2)
5. Wi-Fi Protected Access 3 (WPA 3)
1. Mac Filtering
 Allows to block traffic coming from certain known machines or devices. The router
uses the MAC address of a computer or device on the network to identify it and block
or permit the access.
2. WEP (Wired Equivalent Privacy)

WEP (Wired Equivalent Privacy) is the oldest and most common Wi-Fi security protocol. It
was the privacy component established in the IEEE 802.11, a set of technical standards that
aimed to provide a wireless local area network (WLAN) with a comparable level of security
to a wired local area network (LAN).

The Wi-Fi Alliance ratified WEP as a security standard in 1999. Once touted to offer the
same security benefits as a wired connection, WEP has been plagued over the years by many
security flaws. And as computing power has increased, these vulnerabilities have worsened.
Despite efforts to improve WEP, it’s still vulnerable to security breaches. The Wi-Fi Alliance
officially retired WEP in 2004.

3. WPA (Wi-Fi Protected Access)

WPA (Wi-Fi Protected Access) is a wireless security protocol released in 2003 to address the
growing vulnerabilities of its predecessor, WEP. The WPA Wi-Fi protocol is more secure
than WEP, because it uses a 256-bit key for encryption, which is a major upgrade from the
64-bit and 128-bit keys used by the WEP system.

WPA also uses the Temporal Key Integrity Protocol (TKIP), which dynamically generates a
new key for each packet, or unit of data. TKIP is much more secure than the fixed-key
system used by WEP.
 4. WPA2

WPA2 (Wi-Fi Protected Access 2) is the second generation of the Wi-Fi Protected Access
wireless security protocol. Like its predecessor, WPA2 was designed to secure and protect
Wi-Fi networks. WPA2 ensures that data sent or received over your wireless network is
encrypted, and only people with your network password have access to it.

A benefit of the WPA2 system was that it introduced the Advanced Encryption System
(AES) to replace the more vulnerable TKIP system used in the original WPA protocol. Used
by the US government to protect classified data, AES provides strong encryption.

Unfortunately, like it’s predecessor, WPA2-enabled access points (usually routers) are vulnerable to
attacks through WEP. To eliminate this attack vector, disable WEP and, if possible, make sure your
router’s firmware doesn’t rely on WEP.

Pros and Cons of each security protocol, ordered from best to worst

 WPA2
 Pros:
- Addresses many security flaws of its predecessors
- Uses the strongest encryption method: AES
- Required by the Wi-Fi Alliance for use on all Wi-Fi certified products
- 256-bit key for encryption
 Cons:
- Still contains some security vulnerabilities
- Requires the most processing power
 WPA
 Pros:
- Addresses security vulnerabilities of the original wireless security standard, WEP
- TKIP encryption method is better than the fixed-key encryption used by WEP
- 256-bit key for encryption
 Cons:
- When rolled out onto WEP devices, TKIP can be exploited
- Similar security vulnerabilities to WEP
  WEP
 Pros:
- Better than no security protocol — though not by much
 Cons:
- Riddled with security vulnerabilities
- Only 64-bit and 128-bit keys for encryption
- Fixed-key encryption
- Hard to configure

5. WPA3

WPA3 (Wi-Fi Protected Access 3) is the newest wireless security protocol designed to
encrypt data using a frequent and automatic encryption type called Perfect Forward Secrecy.
It’s more secure than its predecessor, WPA2, but it hasn’t been widely adopted yet. Not all
hardware supports WPA3 automatically, and using this protocol often requires costly
upgrades.

Prevention method of wireless LAN Security

Firewalls, VPNs, and antivirus software all help protect it from the many threats these
devices face as they connect to the Internet. Tools such as Cisco Security Agent consolidate
endpoint security functions such as firewall intrusion prevention, spyware and adware
protection, and more in a single agent.

There are some simple steps we can take to protect our wireless network and router:

 Avoid using the default password

It’s easy for a hacker to find out the manufacturer’s default password for your
wireless router — and then use that password to access your wireless network. So it’s
wise to change the administrator password for your wireless router. When you’re
deciding on your new password, try to pick a complex series of numbers and
letters — and try to avoid using a password that can be guessed easily.
 Don’t let your wireless device announce its presence
Switch off SSID (Service Set Identifier) broadcasting to prevent your wireless device
announcing its presence to the world.
  Change your device’s SSID name
Again, it’s easy for a hacker to find out the manufacturer’s default SSID name for
your device and then use that to locate your wireless network. Change the default
SSID name of your device and try to avoid using a name that can be guessed easily.
 Encrypt your data
In your connection settings, make sure you enable encryption. If your device supports
WPA encryption, use that if not, use WEP encryption.
 Protect against malware and Internet attacks
make sure you install a rigorous anti-malware product on all of your computers and
other devices. In order to keep your anti-malware protection up to date, select the
automatic update option within the product.
 Deploy mutual authentication between the client and the network.
 Use VPNs or WEP combined with MAC address control lists to secure business-
specific devices.
 Use identity networking in combination with VLANs to restrict access to
network resources.
 Ensure management ports are secured.
 Deploy lightweight access points as they do not store security information locally
 Physically hide or secure access points to prevent tampering.
 Monitor the exterior building and site for suspicious activity.
 Secure the wired network against wireless threats:
 Deploy and enable wireless IPSs to prevent rogue access points and other
wireless threats even if you do not have a WLAN.
 Permanently remove any rogue devices using location tracking.
 Defend against external threats:
 Equip mobile devices with similar security services as the company network
(firewalls, VPNs, antivirus software, etc.).
 Ensure mobile device security policy compliance with Cisco NAC.
 Enlist employees in safeguarding the network through education.
Security service of WLAN
- These services where provided by IEEE which are:
1. Authentication: - take care of denying the access for the stations who don’t
authenticate with Access points.
 2. Confidentiality: - makes sure to prevent unauthorized entry into the WLAN
network.
3. Integrity: - makes sure that messages in the transit are not altered.
- There are two authentication types defined in WLAN system (IEEE 802.11). They are
open system authentication and shared key authentication. In open system
authentication stations are allowed to join the WLAN network without any identity
verification. It does use any cryptography or encryption algorithm. The other type
shared key authentication uses RC4 cryptographic algorithm as explained below.
RC4 WLAN security algorithm

- Following messages are exchanged between Station (STA or Client) and Access
Point in shared key authentication.
-  Authentication Request: From STA to AP
-  Challenge: AP generates random number and send it to STA.
-  Response: STA using cryptographic key which is shared with AP encrypts this
challenge and send it to the AP.
-  Confirm Success: AP decrypts the result sent by the STA and allows access of the
WLAN network provided the decrypted value matches with the random challenge
transmitted initially.

Wireless LAN configuration modes

Wi-Fi supports three connection modes:

 Basic Service Set BSS (Infrastructure mode)

 Ad-hoc mode
 Extended Service Set ESS (Direct mode)

BSS (Infrastructure mode)

Infrastructure mode is the most common and it is the mode used in home/business and
public Wi-Fi networks. It requires a Wireless Access point. On home networks this is
usually provided by a Wireless router.

The Access point forms the Wireless network, and all nodes or clients connect to the access
point. The access point, and network is identified by a SSID or service set identifier.
SSID’s are assigned by a network administrator and are usually given easy to remember and
descriptive names.

Wireless access points usually broadcast this SSID so that connecting clients can connect to

the correct network.

Depending on how it is configured a WAP (Wireless access points) may broadcast multiple

SSIDs.

BSSIDs

A Wi-Fi access point also has a basic service set ID (BSSIDs) which is used to identify the
access point and its clients on a network.

The BSSID is the MAC address of the access point.

WIFI Channels

A Wi-Fi access point is also configured to use a pre-set Wireless channel. Commonly used
channels are 1,6,11.
If you are responsible for setting up your home Wi-Fi access point /router then you would set
up the access point to use a channel that isn’t being used by another access point in your
location.

This is especially important if you live in a crowded location with lots of neighbours.

It is important to note that Wi-Fi channels do not correspond to number of devices that can
be connected to the access point.

Each channel corresponds to a frequency that the Wi-Fi devices work on, so if your access
point is set to use channel 11, then all devices that try to connect to it must also communicate
on channel 11.

The number of actual devices that can connect on a given channel is limited by the software
on the router and by bandwidth.

Devices on a channel share the channel in a similar fashion to clients on Ethernet networks.

That is each device takes turns sending and receiving data on the channel. (Time slot
multiplexing).

Therefore the more clients that are connected the slower each client runs.

Many Wi-Fi Access points will self-adapt.

Wi-Fi Bands-Dual Band

Most home networks (802.11b or 802.11g) and devices use the 2.4GHz frequency
band while the newer networks (802.11n) use the 5GHz frequency band.

Most new 802.11n devices support both bands and are known as dual band.

Because of the limited support of the 5GHz band by devices this band is generally quite
clear.
It also has more channels available.

The 5GHz band is faster than the 2GHz band but has a shorter range and doesn’t penetrate
walls very well

Ad Hoc Networks

Conventional infrastructure mode relies on a access point through which all nodes on the

wireless network communicate.

In addition a node can only be connected to one access point at a time.

With an Ad Hoc network nodes can communicate with each other without an access point.

Ad Hoc Wi-Fi networks will become very important as mesh networking evolves.

Extended Service Set

An extended service set (ESS) is a wireless network, created by multiple access points, which
appears to users as a single, seamless network, such as a network covering a home or office
that is too large for reliable coverage by a single access point. It is a set of one or more
infrastructure basic service sets on a common logical network segment (i.e. same IP subnet
and VLAN). Key to the concept is that the participating basic service sets appear as a single
network to the logical link control layer. Thus, from the perspective of the logical link control
layer, stations within an ESS may communicate with one another, and mobile stations may
move transparently from one participating basic service set to another (within the same
ESS). Extended service sets make possible distribution services such as centralized
authentication. From the perspective of the link layer, all stations within an ESS are all on the
same link, and transfer from one BSS to another is transparent to logical link control.

Fig. (a) Ad-Hoc mode (IBSS), (b) Infrastructure mode BSS, (c) Infrastructure mode ESS. 

Wi-Fi standards and speeds

Here’s a Wi-Fi standards chart of each 802.11 standards type based on its designation:

Name Speed Frequency Notes

Rather confusingly, the 802.11a standard doesn’t

predate the 802.11b standard. Instead, it was supposed
to support wireless communication in the 5 GHz band.
802.11a 6 to 54 Mbps 5 GHz
Not compatible with b or g networks. This is one of
the oldest standards, but still in use by many devices
today.

Adopted in 1999, 802.11b became the first mainstream

WiFi standard, delivering a maximum real-world
802.11b 1 to 11 Mbps 2.4 GHz throughput of around 6 Mbps. Compatible with g
networks. Really, g was made to be backwards
compatible with b to support more devices.

802.11d is an amendment to WiFi standards for

operation in additional regulatory domains. D isn’t
really a network type of its own. It includes additional
802.11d N/A N/A information like access point information and other
information specified by different country’s
regulations. Usually, this is combined with other
networks like 802.11ad.

The 802.11g standard offers a maximum throughput of

54 Mbps, and full backward compatibility with
802.11g 6 to 54 Mbps 2.4 GHz 802.11b. The most popular network type. Its
combination of speed and backwards compatibility
makes it a good match for today’s networks.

Retroactively labelled as Wi-Fi 4, this is the first Wi-

Fi standard that can be used in the 2.4 GHz or 5 GHz
frequency bands. 100 Mbps is common, though speeds
802.11n 72 to 600 Mbps 2.4 and 5 GHz
of up to 600 Mbps is possible under perfect
conditions. It does this by using multiple frequencies
at once and joining that speed together.

802.11ac 433 to 6933 Mbps 5 GHz This standard provides multi-station throughput of at
least 1.1 Gbps and single-link throughput of at least
 0.5 Gbps on the 5 GHz band.

2.4, 5 and 6 The latest publicly available WiFi standard is 300

802.11ax 600 to 9608 Mbps
GHz percent more efficient overall than 802.11ac.

802.11mc is the third maintenance/revision group for

802.11mc N/A N/A the IEEE 802.11 WLAN standards, and it incorporates
features like WiFi RTT.

The second rule is a combination of numbers means the router support different network
types. So when networks like 802.11 ac, 801.11 ad, and 802.11 abg are listed, it means that
each of those types is supported by that router.

Latest WIFI Standards

- Over time, different classifications of WiFi networks were given different naming conventions.
Rather than “802.11b”, it’s just “WiFi 1.” Much like how mobile phone companies refer to 3G and
5G as different network speeds even though the term is almost always just a marketing tool. This
classification is supposed to help make it easier for consumers to understand — instead of
understanding a whole alphabet soup, users can just look for “WiFi 1” or “WiFi 6” as what they
need.

WiFi Standard Networks

WiFi 1 802.11b

WiFi 2 802.11a

WiFi 3 802.11g

WiFi 4 802.11n

WiFi 5 802.11ac

WiFi 6 802.11ax

What is WIFI 6?
As you can see, the latest Wi-Fi standard is Wi-Fi 6 (or 802.11 ax). The standard support the
already widespread 2.4 and 5 GHz bands, and it also uses the 6 GHz band for increased
throughput-per-area in high-density scenarios.

Additional performance gains are unlocked by features such as orthogonal frequency-division

multiple access (OFDMA), higher-order modulation, and Multi-User Multiple-Input
Multiple-Output (MU-MIMO), each of which deserves its own in-depth article.

The maximum link rate of WiFi 6 is between 600 and 9608 Mbps, depending on how many
channels are utilized. Considering that the average internet speed in the US is just 42 Mbps,
it’s safe to say that WiFi 6 is plenty fast for most people.

As the latest WiFi standard, WiFi 6 also supports the WPA3 security protocol. This protocol
replaces the pre-shared key (PSK) exchange with Simultaneous Authentication of Equals
(SAE) exchange to address security issues posed by weak passwords.

This means that it will be easier to have devices join a public WiFi network while still
keeping private information private. As more people connect in coffee shops, libraries,
churches, and schools, keeping bank connections and other secure communications from
prying eyes will be essential.

There are more information leaks and data being sold online, so these enhanced encryption
techniques will make it safer to be out on public WiFi systems.

WiFi 6 was adopted in 2019, and there are already many routers on the market that support
the standard. Best of all, the same routers are compatible with other current WiFi standards,
so they work even with devices that don’t take advantage of WiFi 6.

WIFI 6 vs. WIFI 6E

Many newly released routers are marketed as WiFi 6E-compatible, so what does it mean?
Well, WiFi 6E is an extension to the WiFi 6 standard that adds support for the 6 GHz band.

The 6 GHz band actually extends from 5.925 GHz to 7.125 GHz, so it has a very wide
frequency range of 1,200 MHz, much more than the 2.4 and 5 GHz bands.
Because the 6 GHz band is so wide, it can offer a lot of bandwidth to support our current and
future connectivity needs. Its width and novelty make the 6 GHz band fairly resistant to
signal interference caused by other WiFi devices, so it’s great for use in dense urban
environments.

Just keep in mind that it’s not enough to own a WiFi 6E-compatible router to use the 6 GHz
band—your devices (smartphones, laptops, and so on) also need to be 6E-compatible.

Devices that are not 6E-compatible work without any issues with WiFi 6E routers, but they
can’t take full advantage of all the features and bands supported by them.

Wi-Fi Direct: - Wi-Fi direct allows you to connect two Wi-Fi equipped devices together
without requiring an access point.

Essentially it works the same ways as Bluetooth but is much faster and is designed to be used
for the same type of applications.

Wireless Network Installation

Wireless network installation is very easy and just requires a Wireless access point (WAP).

On small home/office networks this in generally provided by the home router but can also be
provided by other devices like a dedicated WAP and electrical socket etc.

However for the initial installation it is recommend to only setup with no security and no
encryption and test it with a single device before adding other security measures

How to Secure a Wi-Fi Network

It is common for many home networks and business networks to only allow their own
authorized devices to use their wireless network. This is achieved by securing the network.

There are three common techniques available, which can be used either independently of
each other, or together.  They are:

 Broadcast SSID prevention
  Mac Address Restrictions

Broadcast SSID

Every Network has an identity or name known as the SSID (service set identifier).

They normally broadcast this ID so any wireless devices in the area know they are there.

The client device will see a list of networks listed by name, and he can select the network
from the list or enter the name in the network connection dialogue.

If the client device didn’t know the network name then it couldn’t connect.

You can prevent your wireless network from broadcasting the name by turning off
Broadcast SSID.

The problem with turning off broadcast SSID is that anyone who wants to configure a
wireless device to connect to your network will need to know the name in advance.

If, as in a typical home network, you only have a fixed number of client computers then you
can set this up yourself.

If you are setting up a wireless network for a small business, hotel/guest house etc then you
will need to have a way of letting new users easily find out the network name and you will
also need to have a procedure for changing the name periodically.

You should note that although the SSID is not being broadcast it can easily be found by
professional/knowledgeable eavesdroppers using specialist equipment.

Mac Address Restrictions

This is a very powerful security feature that limits access to your wireless network to
particular devices. Every device connected to a wireless network has a MAC (Media Access
Control) address. The address is in effect the address of the network adapter (wireless or
Ethernet), and is assigned by the adapter manufacturer, and is unique.
To configure this you need to configure each wireless access point to only allow
communication from a specified addresses. To setup Mac Address filtering/restrictions you
need to:

1. Find the MAC address of each device (computer/laptop).

2. Enter these addresses in the list of allowed addresses on the Wireless access
point/router. If you have multiple access points then each needs to be configured.

Because of the need to find each MAC address for each device then this technique is
unsuitable for environments were the client machines that connect to your Wireless Network
change i.e. hotel, public network etc.

If you do have a static network of machines then this is recommended.

You should also bear in mind that the MAC address is on the network adapter, and so if your
wireless USB adapter breaks, and you replace it with a new one, then this will have its
own MAC address, and you will need to reconfigure your Access points.

You should also note that the MAC address can be spoofed by a professional/knowledgeable
eavesdroppers using specialist equipment.

Commands to Manage WLAN network

1. Ping: - "Ping" is one of the most basic yet useful network commands to utilize in the
command prompt application. It tells you whether your computer can reach some
destination IP address or domain name, and if it can, how long it takes data to travel
there and back again. The command works by sending out multiple data packets and
seeing how many of them return. If some of them don't return, it'll tell you ("lost").
Packet loss leads to poor performance in games and streaming, and this is a nifty way
to test. By default, it sends 4 packets, each one waiting 4 seconds before timing out.
2. Tracert :- "Tracert" stands for Trace Route. And much like "ping," it sends out a data
packet as a way to troubleshoot any network issues you might have, but it instead
tracks the route of the packet as it hops from server to server. The command outputs a
 line-by-line summary of each hop, including the latency between you and that
particular hop and the IP address of that hop (plus domain name if available).
3. Pathping :- "Pathping" is similar to "tracert," except it's more informative and takes a
lot longer to execute. After sending out packets from you to a given destination, it
analyses the route taken and computes packet loss on a per-hop basis.
4. Ipconfig :- "Ipconfig" often comes up as the most-used networking command on
Windows. Not only is it useful for the information it provides, but you can combine it
with a couple of switches to execute certain tasks.
5. Getmac: - Every device that's compliant with IEEE 802 standards has a unique MAC
address (Media Access Control). The manufacturer assigns MAC addresses and stores
them in the device's hardware. Some people use MAC addresses to limit which
devices can connect to the network.
6. Iwconfig :- iwconfig is similar to ifconfig, but is dedicated to wireless networking
interfaces. It is used to set the parameters of the network interface which are specific
to the wireless operation (eg. frequency, SSID). iwconfig may also be used to display
those parameters, and the wireless statistics (extracted from /proc/net/wireless). It
works in tandem with iwlist, which generates lists of available wireless networks.