WIRELESS LAN SECURITY

Presentation By Yash Karanke–, B.C.A 3rd Sem.

What is Wireless Network?

A wireless local area network (WLAN) links two or more devices over a short distance using a wireless distribution method, usually providing a connection through an access point (AP) for Internet access , allowing users to move around within a local coverage area, and still remain connected to the network.

About Wireless LAN Security

Wireless security is the prevention of unauthorized access or damage to computers using wireless networks

The most common types of wireless security are Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA).

Wired Equivalent Privacy (WEP)

WEP is a notoriously weak security standard. The password it uses can often be

cracked in a few minutes with a basic laptop computer and widely available software tools. 

Wi-Fi Protected Access (WPA)

 WPA was a quick alternative to improve security over WEP.

 Wi-Fi Protected Access (WPA) took over WEP in the year 2003 .

The current standard is WPA2. WPA2 uses an encryption device which encrypts the

network with a 256 bit key.

Modes of unauthorized access

There are many ways to get unauthorized access of the Wireless Internet. Such as…

Non-traditional networks Man-in-the-middle attacks (MITM) Caffe Latte attack Ad hoc networks Malicious association Etc…

Non-traditional networks

Non-traditional networks such as personal network Bluetooth devices are not safe from cracking and should be regarded as a security risk.

 Even barcode readers, handheld PDAs, and wireless printers and copiers should be secured. 

These non-traditional networks can be easily overlooked by IT personnel who have narrowly focused on laptops and access points.

Man-in-the-middle attacks (MITM)

The man-in-the-middle attack (often know as MITM, MitM, MIM, MiM, MITMA) in  cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

Diagram Of MITMA

Caffe Latte attack

The Cafe Latte attack allows you to obtain a WEP key from a client system. 

Briefly, this is done by capturing an ARP packet from the client, manipulating it and then send it back to the client.

Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network layer addresses.

Caffe Latte attack

Ad hoc networks

Ad hoc networks are defined as peer-to-peer(P2P) networks between wireless computers that do not have an access point in between them. 

While these types of networks usually have little protection, encryption methods can be used to provide security.

Malicious association

“Malicious associations” are when wireless devices can be actively made by attackers to connect to a company network through their cracking laptop.

These types of laptops are known as “soft APs”(Software Access Point) and are created when a cyber criminal runs some software that makes his/her wireless network card look like a legitimate access point

Once the thief has gained access, he/she can steal passwords, launch attacks on the wired network, or plant Trojans!

Security Measures

Hide SSID MAC ID filtering Static IP addressing Regular WEP WPAv1 LEAP WPAv2 Smart cards, USB tokens, and software tokens RF shielding

Hide SSID A simple but ineffective method to

attempt to secure a wireless network is to hide the SSID . This provides very little protection against anything but the most casual intrusion efforts.

SSID = Service Set Identifier

MAC ID filtering

One of the simplest techniques is to only allow access from known, pre-approved MAC addresses. Most wireless access points contain some type of MAC ID filtering. However, an attacker can simply sniff the MAC address of an authorized client and spoof this addresses.

A (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. 

Ex: Of MAC ID e.g.01-23-45-67-89-ab   or   01:23:45:67:89:ab 

Static IP addressing

Typical wireless access points provide IP addresses to clients via DHCP. Requiring clients to set their own addresses makes it more difficult for a casual or unsophisticated intruder to log onto the network, but provides little protection against a sophisticated attacker.

DHCP = Dynamic Host Configuration Protocol

The Dynamic Host Configuration Protocol (DHCP) is a network protocol used to configure devices that area connected to a network so they can communicate on that network using the Internet Protocol (IP).

WPA – Wi-Fi Protected Access

There are two versions of WPA i.e WPAv1 and WPAv2. The Wi-Fi Protected Access (WPA and WPA2) security protocols were

later created to address the problems with WEP. If a weak password, such as a dictionary word or short character string is used, WPA and WPA2 can be cracked.

WPA2 has been found to have at least one security vulnerability, nicknamed Hole196. The vulnerability uses the WPA2 Group Temporal Key (GTK), which is a shared key among all users of the same BSSID, to launch attacks on other users of the same BSSID.

BSS is uniquely identified by a basic service set identification

LEAP This stands for the Lightweight Extensible Authentication

Protocol. This protocol helps minimize the original security flaws by using WEP and a sophisticated key management system. 

LEAP is not safe against crackers. THC-LeapCracker can be used to break Cisco’s version of LEAP and be used against computers connected to an access point in the form of a dictionary attack.

Smart cards, USB tokens, and software tokens

This is a very strong form of security. When combined with some server software, the hardware or software card or token will use its internal identity code combined with a user entered PIN to create a powerful algorithm that will very frequently generate a new encryption code. The server will be time synced to the card or token. This is a very secure way to conduct wireless transmissions. 

 Companies in this area make USB tokens, software tokens, and smart cards.

Currently the safest security measures are the smart cards / USB tokens. However, these are expensive. 

 The next safest methods are WPA2 or WPA with a RADIUS server

RF shielding It’s practical in some cases to apply specialized wall paint and window film to a room or building

to significantly attenuate wireless signals, which keeps the signals from propagating outside a facility. 

 This can significantly improve wireless security because it’s difficult for hackers to receive the signals beyond the controlled area of an enterprise, such as within parking lots.

Despite security measures as encryption, hackers may still be able to crack them. This is done using several techniques and tools.

End-to-end encryption

One can argue that both layer 2 and layer 3 encryption methods are not good enough for protecting valuable data like passwords and personal emails.

Those technologies add encryption only to parts of the communication path, still allowing people to spy on the traffic if they have gained access to the wired network somehow

 The solution may be encryption and authorization in the application layer, using technologies like SSL, SSH, GnuPG ,  PGP and similar.

The disadvantage with the end-to-end method is, it may fail to cover all traffic.

THANK YOU!