Sample Term Paper on Wireless Network Security

Introduction

With the introduction of wireless networks commonly known as WIFI, most homes are nowadays using the technology more. However, in the recent years, several organizations have also successfully implemented the use of this technology even when in some cases the lack proper authorization. In fact, nowadays it is so hard to find an organization that does not have computers with WIFI capability. However, just like their wired counterparts, these networks are also vulnerable to several security vulnerabilities. There is only one exception, the Denial of Service (DOS), which has no solution so far. However, there is a theoretical solution of combining the precautions to prevent this from affecting your Local Area Network. This will help but may not provide all the solution as a whole.

This paper identifies the existence of security threats affecting the wireless networks, and the security services required to be maintained at all times and then the measures to take to counter the attack in each layer.

Let us begin by outlining some of the wireless technologies that are in use today.

  1. Wireless Area Local Network

A wireless area local network (WLAN) is a set of connections that utilizes high frequency waves instead of wires to communicate between the connected devices. Those devices must be network enabled.

  1. Access Point

The cordless access point (AP) is a gadget that makes it possible for devices to communicate wirelessly. Those devices may be computers or PDAs, which are allowed to connect to the wireless network through an access point. Furthermore, the access point connects to the main network and then offers a link for data transfer and communication between wired and wireless devices.

  1. Service Set Identifier

The SSID is a kind of configuration that makes it possible for wireless devices to communicate through an appropriate access point. If configured correctly, only those clients with the only set configuration are able to communicate through a certain access point. In short, an SSID acts like a password that is shared by all clients and the access point (Schauwers, 2005).

  1. Open System Authentication

This refers to the default verification protocol used by the 802.11 set. Normally, it is made up of a simple single authentication request containing the ID of the station and the authentication response that contains either the success or the failure data. Both locations are considered jointly authentic if the stations are able to authenticate successfully.

This authentication can be used with Wired Equivalent Privacy code to provide a better security in communication. However, it is important that you note that during the process of authentication, the management frames are sent in clear texts. WEP is only used to encrypt data once the process of authentication is complete so that it can provide security to the data of the client that has been authenticated and associated with that particular network.

  1. Shared Key Authentication

This is a challenge and response mechanism, which involve the WEP and the shared key that is unique to provide the authentication. On successful encryption of the troubling issue text with WEP utilizing the common unique key, the authenticating client brings back the encrypted test text that it received so that it can be verified. Its only when the access point decrypts the same challenge text that authentication succeeds.

  1. Ad-Hoc Mode

The Mode is a kind of the topology that is provided by the 802.11 practices. The mode complies of two or more cordless locations where no contact point is concerned in their correspondence. It’s due to the reason that they does not involve any access point that makes this type of network cheap to run and maintain. However, these networks are only used by small networks since they lack some key features, which are essential in security like MAC sorting and contact control.

  1. Infrastructure Mode

This is also another network in the 802.11 set. Like the Ad-Moc, it has a number of cordless locations but this topology involves the access points. These access points usually network with a larger energetic network. A network like this one has all the features to form a high scale network with so many complexities and covering an arbitrary area.

  1. Wired Equivalent Privacy Protocol

Wired Equivalent Privacy (WEP) Protocol is only but a security feature in the International Electrical and Electronic Engineering (IEEE) 802.11 standard. It was meant to provide security over the wireless communication by encrypting data that is sent over the networks involved. However, a critical fault has been revealed in this protocol: the key-scheduling flaw. This has made it easy for some automated tools to crack the key in just few minutes. It has been found to be so unsecure in this manner, that it ought not to be utilized except when there is no other method available.

  1. Wi-Fi Protected Access And Wi-Fi Protected Access 2

The WPA is a protocol that is meant to address some of the security issues that were discovered in the WEP encryption. This protocol gives an assurance to the security of the data sent through the networks by using the Temporal Key Integrity Protocol (TKIP) to encrypt the data. This has been backed up by the introduction of the 802.1x authentication which has been brought about to improve the security of encryption.

The WPA2 is focused on the International Electrical and Electronic Engineering (IEEE) 802.11i. It is a new security that promises a stronger encryption that is Advanced Encryption Standard or AES, a stronger authentication control, Extensible Authentication Protocol or EAP, a stronger key management, ability to replay protection from the attack and management of data with integrity. It only allows authorized users to connect to the network with a wireless device (Stallings, 1999). In 2010, there was a lain of a serious vulnerability on this protection that was sure to give the internal authenticated Wi-Fi user the window to access private data of others and even inject malicious traffic into the wireless shared network. However, this was refuted because such an attack cannot break, crack, or recover any of the keys that are used in this protocol (AES or TKIP). Moreover, the fact that the wireless devices are sharing the same access points does not mean that the wireless devices that are attached to the networks are able to communicate with each other when that is attached. This is because in a well-configured network, the client isolation feature is always enabled in the access points that make a client to work as if he/she is alone in the network.

Initially TKIP was designed so that it can be used with WPA and AES was designed to be used with WPA2. However, some devices can permit WPA to operate with AES and WPA@ to work with TKIP. However, TKIP was discovered to contain a vulnerability where an attacker can decrypt small packets of data and insert random data into the system. This has made TKIP to be less secure and thus WPA2 and AES are considered the more secure combination.

Wireless Networking Security

A large number of vulnerabilities exist in the home wireless LAN connection system, otherwise known as a small office or home office. The enterprise system of connection has not been spared too. Both of these LAN systems are subjected to the same level of attack and error it is the low cost of deployment that make the users attracted to the wireless networks. However, this easy availability of cheap equipment to connect to the wireless networks has given hackers an opportunity to launch attacks on the networks. The way 802.11 were designed also gives several flaws that a hacker can use to attack the system in both passive and active attacks.

Below is some kind of attacks that the wireless system is prone to be attacked by hackers who uses these flaws and vulnerabilities as a back window to launch their attack.

  1. “Parking Lot” Attack

It is imperative to note down that the access points emit radio waves, which in most cases extend beyond the geographical area that they were designed to cover. The signals can be received far beyond a room or the building or in different floors in a multi-flour building. As a result, hackers can position themselves in a “parking lot” that is, an area close to the access point, and try to access the host through the wireless network. If they successfully attack the network, then they access all the information as any other trusted worker in that organization. Up to that level, their goal has been achieved. They are now past the firewall. The hacker may also lure the clients into signing into their unauthorized networks, which they mount closer to the client so that it appears to have stronger networks, and hence they manage to steal the client’s passwords and any other sensitive data of interest whenever they try to sign into their false server networks (Pardoe, 2005).

  1. Shared Key Authentication Flaw

A shared key authentication can be easily attacked by what appears to be eavesdropping on the challenge and the challenge in the process of authentication between the access point and the client who is authenticating. That attack has been possible because the hacker can get hold of the plaintext (challenge) and the cipher text (the response). Let us take the case as used in WEP: WEP uses RC4 stream cipher as the algorithm in its encryption. A stream cipher generates a key stream, that is, a sequence of randomly generated pseudo-random bits that are founded on the key that is shared, together with an initializing vector (IV). This key stream is then matched against the plaintext to come up with the cypher text. The vulnerability here is that if the plaintext and the cypher text are known, then they can be matched using some automated tools to come up with the key stream that was used (Kaeo, 1999). A hacker to encrypt any further challenge text that will be generated by the access point to produce the valid authentication can then use this key stream. This makes the hacker to be authenticated to the access point just like anybody with a legitimate key.

  1. Service Set Identifier Flaw

All the new access points come preinstalled with a default SSIDs. These need to be changed. If not, the network is more prone to attacks since these SSIDs are poorly configured. This is likely to attract more attacks from the attackers. In addition to this, the SSIDs are embedded in management flames, meaning that the flames will be broadcasted in plain text regardless of the fact that they may be configured to enable encryption or to disable SSID broadcast. The attacker simply conducts an analysis on the network traffic from the air and hence easily obtains the network SSID that enables him/her to make further attacks (Knipp, 2002).

  1. The Vulnerability of Wired Equivalent Privacy Protocol

WEP protocol of encryption is the default setting for most devices. Data passing through the wireless LAN when this protection is disabled is subjected to eavesdropping of the plaintext and the cypher text, and for even more attacks on data modification (Hang, 2010). However, it has been found out that even when the WEP protocol is enabled, the integrity of the information and the confidentiality is still at risk of being compromised. This is because of a number of flaws in the WEP protocol, some of which include:

  1. The passive attacks, which is an attack aimed at decrypting the plaintext and the cipher text.
  2. Attempt to decrypt traffic based on the statistical analysis of the cipher texts.
  • An active attack aimed at injecting new traffic from unauthorized stations.
  1. An active attack aimed at modifying data.
  2. Actively attacking the access point so that traffic is decrypted so that it redirects wireless traffic into the attacker’s machine
  3. Attack on Temporal Key Integrity Protocol (Tkip)

In the TKIP attack, a mechanism similar to that used in WEP attack is used. Here, the attacker tries to decode one bit at a time. The attacker uses multiple replays and observes the response over the air. An attacker can use this method to decode small packets of data. If Quality of Service (QOS) is enabled in the network, an attacker can perform more other attacks, injecting up to 15 arbitrary frames in every decrypted packet. An attacker is able to do ARP poisoning, DNS manipulation and even denial of service in a successful attack. Although this attack is not the key recovery type, which does not lead to decryption of subsequent frames, it still poses a greater challenge to implementing the WPA and WPA2 networks.

What Can Be Done

  1. Define A Wireless Security Policy

The company that has adopted the wireless networking should also develop a strong wireless security policy to define the usage and the type of information that can be transmitted through the wireless network. The operation guidelines and the policy of usage should be clearly outlined to avoid data leaking to the hackers.

  1. Keep Track of Development for Wi-Fi Standards

It is always advisable to keep track of the developments in the wireless networks to always be in the latest technology. For instance, since 802.11 were introduced into the market, several updates have been made to improve on the data rates, security and signal strength. Inasmuch that the stronger network protection like WPA or WPA2 is advised on, it should not entirely be relied on since new flaws may be discovered too late when the confidential data have been compromised (Lockhart,2004).

  1. Perform Site Surveys

The radio frequency (RF) has a nature of covering a large are, sometimes outside the intended site. They cannot be generally contained in a specific location. The excessive coverage of the signals can open way to many attacks to the organization sensitive data. Due to the parking lot attack on the network, it is important for the site survey to be taken to understand the coverage requirements of the wireless network. This is also important because the organization can determine the appropriate technology to apply, the obstacles to avoid or eliminate the coverage patterns that they should use and the amount of capacity needed.

  1. Apply a Defense-In-Depth Approach

This is achieved by employing a multiple layer of security, minimizing the risk of any intruder managing to capture data, if the hacker navigates through one layer of security; the other layers are likely to prevent the attack. This is achieved through

  1. Separating Wireless Networks from the Wired Networks

A malicious user can be able to uncover internal information, such as the Ethernet MAC address in the wired networks, hence exploiting the clients of the network. This is made worse when the traffic of the wired networks enter the wireless networks since an attacker can attack even the computers on the wireless networks. It is recommended to deploy firewalls to separate the two.

  1. Segment the Access Point’s Coverage Areas

The wireless network is limited to less transmission capacity. Therefore, an attacker is likely to launch a Denial of Service (DOS) attack to bring down the network. Segmenting the access point’s coverage areas can balance the load connected to the network hence offsetting the effect of the DOS attack (Laet, 2005).

  1. Avoid Excessive Coverage of Wireless Networks

It is convenient to place the access points at a strategic place so that excessive coverage can be avoided by the wireless network hence minimizing the possibility of any attack. This place is determined during the site surveys. In addition to this, it is also advisable to adjust the radio frequency (RF) power transmission or to use the directional antennas to control the propagation of the frequencies hence controlling the coverage of the wireless network.

  1. Disable Direct Client-To-Client “Ad-Hoc Mode” Transmissions

In Ad-Hoc mode, client’s stations are connected to each other and therefore no access point is required. In this mode, an attacker can gain access to a client station so easily if the client station is not properly configured. This should be avoided.

  1. Limit Client-To-Client Communication Through The Access Point

In wireless networks, information travels through the access points. If the clients can be controlled from communicating through the access points, then malicious users can be put away from gaining access to the vulnerable stations.

Conclusion

Wireless networking can provide many opportunities, which can increase productivity. However, it can also subject the organizations’ confidential data into a risk. Although it is practically impossible to eliminate all the risks, it is possible to achieve a reasonable level of network security. This paper has discussed the threats associated and how one can minimize the attacks in the wireless networks. It needs a combination of appropriate counter measures and responsibility to effectively minimize the wireless network insecurity.

 

 

 

 

 

 

 

 

 

 

 

References

Huang, S. C.-H., MacCallum, D., & Du, D. (2010). Network security. New York: Springer.

International Conference on Cryptology and Network Security, &Desmedt, Y. (2005). Cryptology and network security: 4th international conference, CANS 2005, Xiamen, China, December 14-16, 2005 : proceedings. Berlin: Springer.

Kaeo, M. (1999). Designing network security. Indianapolis, IN: Cisco Press.

Knipp, E., &Danielyan, E. (2002). Managing Cisco network security. Rockland, MA: Syngress.

Laet, G. D., &Schauwers, G. (2005). Network security fundamentals. Indianapolis, Ind: Cisco.

Lockhart, A. (2004). Network security hacks. Sebastopol, CA: O’Reilly.

Pardoe, T. D., & Snyder, G. F. (2005). Network security. Clifton Park, NY: Thomson/Delmar Learning.

Scambray, J., McClure, S., & Kurtz, G. (2001). Hacking exposed: Network security secrets & solutions. Berkeley [Calif.: Osborne/McGraw-Hill.

Stallings, W. (2000). Network security essentials: Applications and standards. Upper Saddle River, NJ: Prentice Hall.

Stallings, W., & Stallings, W. (1999). Cryptography and network security: Principles and practice. Upper Saddle River, N.J: Prentice Hall.