SlideShare a Scribd company logo

Wireless Networks Security in Jordan: A Field Study

IJNSA Journal
IJNSA Journal

International Journal of Network Security & Its Applications (IJNSA)

TechnologyBusiness
1 of 10
Download to read offline
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 DOI : 10.5121/ijnsa.2013.5403 43 Wireless Networks Security in Jordan: A Field Study Ahmad S. Mashhour1 &Zakaria Saleh2 1 IS Dept, University of Bahrain Mashhour_ahmad@yahoo.com 2 MIS Dept, Yarmouk University, Jordan Drzaatreh@aim.com ABSTRACT The potential of wireless communications, has resulted in a wide expand of wireless networks. However, the vulnerabilities and threats that wireless networks are subjectedto resulted in higher risk for unauthorized users to access the computer networks.This research evaluates the deployed Wireless Network in Jordan as well as the use of the security setting of the systems and equipment used. Caution will be taken to avoid network access as only existence of the network is sought. Wardriving involve the use of freeware tools such as NetStumbler, or Kismet, which was originally developed to be used for helping network administrators make their systems more secure. Thestudy is carried out through field evaluation of the Wireless Local Area Network (WLAN)in light of the use of Wardriving, and proposessome measures that can be taken to improve securityof the wireless network by the users. KEY WORDS Security, Wardriving, Wireless Local Area Network (WLAN), Wired Equivalent Privacy (WEP). 1. INTRODUCTION Wireless networks have evolved rapidly in the last few years due to the developments of new wireless standards and cost-effective wireless hardware. This has led to widespread adoption of the technology in home and small businesses. With the growth of wireless networking, security is the main weakness of the whole wireless system, which resulted in improper uses of network resources. The deployment of wireless networks can potentially make private networks subject to public use. As wireless access increases, security becomes an even more important issue. Wardriving is a common practice at which an individual equipped with electronic devices capable for wireless access, wanders in the streets with the aim to locate wireless networks for access to the Internet, either house-based or corporate-based wireless networks, map their existence, and hack them. It is using a laptop equipped with awireless LAN adapter or smart mobile phone, and randomly driving around looking for unsecured wireless LANs. This paper provides evidence through a study of how users configure and protect their wireless Internet access points (APs). Wireless networks require a Service Set Identifier (SSID),which represents the name of the wireless network, whichdistinguishes between the wireless networks and offers the ability for the users to identify and use them. If configured to auto-connect, is practical for a client adapter toconnect to an AP, orsimply click on the SSID of a selected AP (SSIDs can be found in the client’s list of available wireless networks under “Network and Sharing Center”). This research will evaluate the wireless networks in Jordan, and see if the networks are protected from such actions.
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 44 2. BACKGROUND Wireless networking is one of growing technologies being deployed today, from home networks to corporate level wireless networks. Businesses as well as general users are trying to take advantage of the benefits which wireless networking providessuch ascost effectiveness, flexibility and easy to use.Howeverthere has been an increasing demand for greater security in businesses.Most network threats come from the ignorance of users, the inactive attitudes of corporations, and the improper implementation of security features by wireless devices manufacturers[1]. The lack ofsufficient learning materials and or support for users’ wireless connections at home, as well as public places wireless access poses a critical threat to the systems as well as the information these systems host. Some researchers suggest that with the increased demand for wireless connections, comes a growing concern about the security and protectionthe wireless networks [2-5, 20].For more details about wireless network problems and solution see[6- 10, 25,26]. As communication technology advances, there is a good amount of Wi-Fi networks in populated areas in Jordan. Finding many of these networks does not take much efforts when using some of the tools that can be obtained from the Internet.To automate the searching for wireless access points, many software tools have been developed that allows for detecting Wireless Local Area Networks (WLANs). The Software is available for free on the Internet [11], (e.g. NetStumbler for Windows, SWScanner for Linux and KisMac for Macintosh). This softwarewasmainlydesigned and used to insure that a wireless network is set up properly and as it is intended for,or be used to locatepoor coverage within a WLAN, detect any networks interference, and discover any unapproved "rogue" access points in the company’s network. Regrettably, wireless networks are susceptible to attacks if not protected properly[11, 24].Therefore, this toolcan be used by hackers to obtain access to open or inadequately secured networks, in the commonly known"Wardriving" access.We believe that Wardriving is an activity that many can participate in with low cost and minimal technical expertise [22]. 3. SIGNIFICANCE OF THE STUDY AND RESEARCH OBJECTIVES Achieving a perfectly acceptable wireless network security performance has not been very easy. The significant of this research is that no other similar testing was conducted in Jordanto provide an evaluation of the wireless networks security in any Jordanian city. Conducting this research is essential because it tries to identifythe wireless network security issues that thesewidely deployed networks maybe facing. The findings of this research should be considered by network owners and the Wireless Internet Service Providers (WISP) to review the recommendations regarding the threats facing their networks, and then, decide the suitable security measures needed to be taken to reduce and/or possibly eliminate these threats. Because there are so many vulnerabilities associated with wireless networks, there are a lot of tools available to penetration testers for exploiting them. It is important for security professionals (including security auditors) to be familiar with the tools used to spoof MAC addresses, deauthenticateclients from the network, capture traffic, re-inject traffic, and crack Wired Equivalent Privacy (WEP) or the WLAN Protected Access (WPA). The proper use of these skills will help a security auditor perform an effective WLAN penetration test. It is essential for the system security teams running the wires networks in Jordan to have a complete understanding of the existing wireless network threats andhow these threats can be exploited, to determine the
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 45 appropriate defense techniques to prevent attacks or unauthorized access to their wireless networks. 3.1 Research Questions: The research answers questions about the security status of wireless networks in Jordan, and how to achieve acceptable wireless security performance. These questions are: i) Wireless networks are inherently insecure. Can this be actually true about Wireless networks in Jordan? ii) What are the current approaches used for protecting wireless network and preventing unauthorized users to access the network? iii) What is the level of threats facing the wireless networks in Jordan? 4. WARDRIVING OVERVIEW Wardriving is not a complex hack. A hacker can workthrough the wireless security issues, and wouldeasily understand most of them. Exploiting the wireless networks requires simply a moving vehicle, a portable device equipped with an 802.11 wireless LAN adapter (see figure 1). NetStumbler is the most favored utility among the entire available ones. In light of that, this research will mainly concentrate on the use of NetStumbler. In addition, nearly allWiFi enabled Windows devices can blindly scan for hotspots by running NetStumbler[23]. It is not always that someone has to do anything deliberately to connect to someone else's network. Some client adapters will hook up with any WAP (Wireless access points) that is non- WEP (Wired Equivalent Privacy), within range, given enough time to perform a DHCP (Dynamic Host Configuration Protocol)transaction. NetStumbler is Windows application that scans for wireless networks and generates the information about the network such as SSID, encryption status. In addition, NetStumblercan provide GPS coordinates[12, 23].However, in legitimate operation, NetStumbleris mainly assigned Rogue AP detection[13]. It only monitors theparts of data that the AP makes public. It has no means for reverse-engineering passwords, sniffing packets, or connecting to a network (protected or otherwise). Client adapters can be configured auto-connect to an AP once detected.TheStumbler program does not log any stations with SSIDs other than onessensed by the omnidirectional antenna.
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 46 Figure 1: Wardriving Diagram 4.1 Wireless Local Area Networks Security Issues The first launches implementations of wireless technology were very slow, offering only about 1 to 2 Mbps (Megabits per second) speeds for transmission and suffered from lack of reliability and week security, so it did not succeed well in the market[3,8,14].Information security professionals as well as researchers have declared WEP security algorithm to be inappropriate for securing wireless communication [4,12,15-16].WLAN depends on cryptographic methods to enable security. In this research, WEPand WLAN security mechanisms assumed to be providing the security as defined by IEEE 802.11 Standards [17]. WEP was the leading protocol developed for Wi-Fi to provide encryption mechanism that should enable privacy through the means of user’s authentication. However, it is a publically known fact that WEP was not able to secure the wireless networks. WPA was suggested by the Wi-Fi Alliance to replace WEP as a new cryptographic protocol. In addition, WLAN suffered from a number of security vulnerabilities, where the seriousness of them was acknowledgedvery late[18]. Using NetStumbler, the tool sends out Probe Requests with pseudo random data included in its request and listens for the response from the access point. The war-driving program then captures the response and then displays the details of the packet for the user’s information. The 802.11 header includes information about the network encryption status as well as the SSID. Therefore, this information can be collected by a war-driving program like NetStumbler(see figure 2). In certain ways, information systems breachshares similar concepts with fingerprints [19].Thus, for security and privacy reasons, all actual monitoring data was deleted from figure 2, and only the user interface is being displayed.
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 47 Figure 2: NetStumbleruser interface 5. TEST SETUP AND FINDINGS To answer the research question, a test was conducted to collect data about existing wireless networks in different Jordanian areas. The tests were simply conducted using a moving vehicle, a laptop equipped with an 802.11 wireless LAN adapter, using NetStumbler as a tool to its request and listens for the response from the access point. The driving was done in two major cities in Jordan; Amman and Irbid. During the test: 1) Thecontents the tested network was not examined or accessed.2) No attemptswere made to effectthe integrity of any system by altering, adding, modifying, or deleting anything on any network, and 3) No actual use the network's was made to connect to the Internet or surf the Web or anything similar activities. The process used to test the networks does not constitute "access" of the company's network (what we did constitutes to the State v. Allen case that took place in an Americancourt of law, which is frequently referred towhen there is a questionregarding an illegal networkaccess [18]. Table 1: Network vulnerability Type of Networks Number of Tested Networks Type Average Vulnerable Network 132 79.52% Protected Network 34 20.48% Total 166 100.00% The outcomes of this test reveal that there exist insecure wireless networks in people’s homes and in small, medium and large corporationsas well. Because of these insecure deployments, penetration test was conducted to determine the security status on some organizations’ wireless
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 48 network, as well as home users’ systems, to determine if companies and users have deployed their wireless network in a secure fashion. As for the first research question, the majority of the tested wireless networks (79.52%) are unsecured and the security of the networks needs to be further enhanced to protect those networks. The results of the evaluations are displayed in table 1 and figure 3. Figure 3: Network vulnerability As for the current approaches used for protecting wireless network and preventing unauthorized users to access the network, 68.67% of the networks are found to be using low level protection, and 11.45% are not applying any encryption (see table 2 and figure 4). Table 2: Level Of protection Type of Encryption Number of Tested Networks Type Average Low Level Protection 114 68.67% High Level Protection 33 19.88% No Encryption 19 11.45% Total 166 100.00% Vulnerable Network International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 48 network, as well as home users’ systems, to determine if companies and users have deployed their wireless network in a secure fashion. As for the first research question, the majority of the tested wireless networks (79.52%) are unsecured and the security of the networks needs to be further enhanced to protect those networks. The results of the evaluations are displayed in table 1 and figure 3. Figure 3: Network vulnerability As for the current approaches used for protecting wireless network and preventing unauthorized users to access the network, 68.67% of the networks are found to be using low level protection, and 11.45% are not applying any encryption (see table 2 and figure 4). Table 2: Level Of protection Type of Encryption Number of Tested Networks Type Average Low Level Protection 114 68.67% High Level Protection 33 19.88% No Encryption 19 11.45% Total 166 100.00% Vulnerable Network Protected Network Type of Networks Number of Tested Networks International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 48 network, as well as home users’ systems, to determine if companies and users have deployed their wireless network in a secure fashion. As for the first research question, the majority of the tested wireless networks (79.52%) are unsecured and the security of the networks needs to be further enhanced to protect those networks. The results of the evaluations are displayed in table 1 and figure 3. Figure 3: Network vulnerability As for the current approaches used for protecting wireless network and preventing unauthorized users to access the network, 68.67% of the networks are found to be using low level protection, and 11.45% are not applying any encryption (see table 2 and figure 4). Table 2: Level Of protection Type of Encryption Number of Tested Networks Type Average Low Level Protection 114 68.67% High Level Protection 33 19.88% No Encryption 19 11.45% Total 166 100.00% Number of Tested Networks
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 49 Figure 4: Level Of protection To improve the security of the wireless network, the SSID needs to be changed to a different name than the default. We have discovered that 92.17% of the networks are using default SSID (see table 3 and figure 5). As for the level of threats facing the wireless networks in Jordan, by default all client devices receive SSID broadcasts from all WAPs that are within range. Being able to receive the SSID, the SSID was broadcasted from all WAPs were tested, when attackers have developed sophisticated and effective techniques to exploit wireless systems. Table 3: SSID Configuration SSID Number of Tested Networks Type Average Default SSID 153 92.17% Changed SSID 13 7.83% Total 166 100.00% Figure 5: SSID Configuration Low Level Protection Type of Encryption Default SSID Type of Encryption International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 49 Figure 4: Level Of protection To improve the security of the wireless network, the SSID needs to be changed to a different name than the default. We have discovered that 92.17% of the networks are using default SSID (see table 3 and figure 5). As for the level of threats facing the wireless networks in Jordan, by default all client devices receive SSID broadcasts from all WAPs that are within range. Being able to receive the SSID, the SSID was broadcasted from all WAPs were tested, when attackers have developed sophisticated and effective techniques to exploit wireless systems. Table 3: SSID Configuration SSID Number of Tested Networks Type Average Default SSID 153 92.17% Changed SSID 13 7.83% Total 166 100.00% Figure 5: SSID Configuration High Level Protection No Encryption Type of Encryption Number of Tested Networks Default SSID Changed SSID Type of Encryption Number of Tested Networks International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 49 Figure 4: Level Of protection To improve the security of the wireless network, the SSID needs to be changed to a different name than the default. We have discovered that 92.17% of the networks are using default SSID (see table 3 and figure 5). As for the level of threats facing the wireless networks in Jordan, by default all client devices receive SSID broadcasts from all WAPs that are within range. Being able to receive the SSID, the SSID was broadcasted from all WAPs were tested, when attackers have developed sophisticated and effective techniques to exploit wireless systems. Table 3: SSID Configuration SSID Number of Tested Networks Type Average Default SSID 153 92.17% Changed SSID 13 7.83% Total 166 100.00% Figure 5: SSID Configuration Number of Tested Networks Number of Tested Networks
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 50 6. RECOMMENDATIONSFOR SECURING WIRLESS SYSTEMS With the growth of wireless communication and wireless networks, more advanced and effective techniques were implemented to exploit the wireless communication systems of all types. Using these tools allows an attacker to access the internal networks and client systems, and often it can be used to bypass the deployed security defenses system like intrusion detection systems.In light of that, there will be a need to have a periodic audit of the wireless networks, and to try and assess the wireless networks, evaluate the systems’ vulnerabilities, and analyze the security risks associated with it. In addition, there will be a need to continue monitoring the network to identify rogue WAPs and signal leakage. In addition, frequent inspection and adjustment of WAPs is recommended to minimize the damage that WAP physical security issues may cause. This will provide good information on the security of the wireless network. Using suitable assessment tools and techniques to identify and expose threats that wireless network may be faced with, and then use the proper defensive responses to protect wireless network resources. To protect wireless network from Wardriving and hackers in general, protecting measures must be well planned and thoroughly maintained and updated. In order to prevent the security issues reported in this study, when implementing the wireless network, a security evaluation and risk analysis must be conducted thoroughly. Once the network is fully implemented and operational, there will be a need to have a security policies specific to the use of the wireless network. In addition, a security audit will be essential to help identify and prevent the system’s vulnerabilities. By default all client devices receive SSID broadcasts from all WAPs that are within range. One of the recommend ways to ensuring that a system will not be exposed to wardrivers is to disable SSID broadcasting by the WAPs.Although tools such as Kismet can still discover a non- SSID broadcasting wireless network many would be intruders will however be disappointed by a lack of SSID broadcasts. Therefore, once the wireless devices are installed and set to go, there will be a need to change all the manufacturer default settings. These settings include administrator name and password, network ID and name, methods of authentication, broadcastingsetting, the default encryption methods and pre-shared keys, and the method used to connection to the network [21]. MAC Address filtering can also be applied to enhance security. MAC Address filtering can be implemented to improve authentication of the wireless enabled device. When using MAC Address filtering, a table is developed and a list of all permitted MAC Addresses can be entered into the table, where the default setting would be to deny access to all unlistedwireless systems. Access to the wireless network must be controlledusing access point authentication, and all traffic transmitted through the wireless networks should be first encrypted using one of the strong and advanced methods of encryption like WPA2. If a default encryption is Wired Equivalent Protection (WEP) then the default 40-bit key is used. WEP is broadly publicized for a number of weaknesses, one of which is the key size. Therefore there will be a need to use 128-bit encryption key to further strengthen the encryption. As a result,it will take significantly longer time for intruders to crack. To help reduce exposure, depending on the size of the network, the network can be subdivided into several and smaller subnets. This will not only enhance the security of the system, but will alsohelp delivergreater overall network performance as well as higher efficiency.We recommend for those organizations that exemplified system weakness to conduct a network readiness assessments to check for signal leakage from the internal wireless network to the publically
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 51 accessible areas, an also look for leakage from the publically accessible ad hoc wireless networks into their network. It seems that a good number of users are either not aware of the severe outcome of thepotential security breaches, they may believe that their wireless connections are protected. Corporations also underestimate the potential dangers. Therefore urgent action is needed in light of the recent high-profile security breaches.Most threats come from the ignorance of users, the inactive attitudes of corporations, and the improper implementation of security features by wireless devices manufacturers. 7. CONCLUSION The potential of wireless communications combined with high risk for unauthorized users to access the computer networks, dictated the need for higher measures to be taken for protectingsensitive information and insure the privacy of the user and protect theassets of the company. However, it seems that a good number of users are either not aware of the severe outcome of the potential security breaches, they may believe that their wireless connections are protected. This was a clear indication by leaving factory default settings in some network devices. Leavingthese network devices with the default setting will definitely permit other unauthorized users to gains access to the systems. In this research we evaluate the Wireless Network environment in Jordan in view of the use of the WLAN equipment and found that a high percent of WLAN are not secured, the research also provides some recommendations and best practices regarding the security of WLAN networks. REFERENCES [1] Loo, A. W. (2010), "Illusion of Wireless Security", Advances in Computers, Volume 79, 2010, Pages 119-167. [2] Bulbul, H. I., Batmaz, I., and Ozel, M. (2008). "Wireless network security: comparison of WEP (Wired Equivalent Privacy) mechanism, WPA (Wi-Fi Protected Access) and RSN (Robust Security Network) security protocols". First international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop(e-Forensics '08), ICST, Brussels, Belgium, Belgium, Article 9, 6 pages. [3] Miller, B., and Hamilton, B. (2002). "Issues in Wireless Security (WEP, WPA & 802.11i)". The 18th Annual Computer Security Applications Conference, 11 December 2002. [4] Welch, D. J., and Sayles, A. (2010). "A Survey of 802.11a Wireless Security Threats and Security Mechanisms",A Technical Report to the Army G6, Internet Technology and Secured Transactions (ICITST). [5] Zadig, Sean M., and Tejay, G. (2010). "Securing IS assets through hacker deterrence: A case study", In the proceedings of conference on Anti-Phishing Working Groups 2nd Annual eCrime Researchers Summit-eCrime, pp. 1-7, 2010. [6] Amouzegar, H., Jafar, M. T, and Hidaji, A. N. (2009). "A New SOA Security Model to Protect Against Web Competitive Intelligence Attacks by Software Agents". International Journal of Information Security and Privacy, pp. 18-28. [7] Balfanz, D., Durfee, G., Grinter, R. E., Smetters, D. K. and Stewart, P. (2004). "Network-in-a-Box: How to set up a secure wireless network in under a minute". In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 (SSYM'04), USENIX Association, Berkeley, CA, USA, pp. 15-15. [8] Ho, J. T., Dearman, D., Truong, K. N. (2010). "Improving Users’ Security Choices on Home Wireless Networks"ACM, Article 12, 12 pages. DOI=10.1145/1837110.1837126. [online]. Available: http://doi.acm.org/10.1145/1837110.1837126 [9] Hurley, C., Rogers, R., Thornton, F., and Connelly, D. (2007). WarDriving and Wireless Penetration Testing, Syngress Publishing.
International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 52 [10] Grinter, R. E., Edwards, W. K., Newman, Mark W., and Ducheneaut, N. (2005)."The work to make a home network work".Ninth conference on European Conference on Computer Supported Cooperative Work, p.469- 488, September 18-22, 2005, Paris, France. [11] Vladimirov, A., Gavrilenko, K. V., Mikhailovsky, A. (2004). Wifoo: The Secrets of Wireless Hacking. – Addison Wesley. [12] Borisov, N., Goldberg, I., and Wagner, D. (2008). "Security of the WEP Algorithm, UC Berkeley". [online]. Available: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html. [13] Fluhrer, S., Mantin, I., and Shamir, A. (2001). "Weaknesses in the key scheduling algorithm of RC4". Lecture Notes in Computer Science, vol. 2259, pp. 1-24. [online]. Available: http://www.crypto.com/papers/others/rc4 ksaproc.pdf. [14] Berghel, H. (2004). "Wireless Infidelity I: Wardriving", Communications of the ACM – CACM, Vol. 47, no. 9, pp.2. [15] Burell, J. (2002)." Wireless Local Area Networking: Security Assessment and Countermeasures: IEEE 802.11 Wireless Networks".[Online].[online]. Available:telecom.gmu.edu/publications/Jim-Burrell-December-2002.pdf. [16] Burell, J. (2002). "Wireless Local Area Networking: Security Assessment and Countermeasures: IEEE 802.11 Wireless Networks". [online]. Available: telecom.gmu.edu/publications/Jim-Burrell-December-2002.pdf. [17] IEEE Standards Association. Std 802.11, 1999, Edition (R2003), 2003. [online]. Available: http://standards.ieee.org/getieee802/download/802.11-1999.pdf. [18] Thomas, M. (2004). "Network Security First-Step".Cisco Press, Indiana, USA. ISBN: 1-58720-099-6. p315. [19] Cisco Networking Academy Program (2004). Fundamentals of Wireless LANs. Indianapolis, Indiana: Cisco Press. [20] Ryan, P. (2004). "War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics". Virginia Journal of Law & Technology vol. 9. No.(7). [21] TechDoc (2008). Securing Business against War Driving. [online]. Available:http://webupon.com/security/securing-business-against-war-driving. [22] Etter, A. (2002). "A Guide to Wardriving and Detecting Wardrivers". SANS Institute, document number GSEC Version: 1.4b. [23] Martin, J. (2005).The Art of casual WiFi hacking. [online]. Available:www.infosecwriter.com/pdf/WiFi%20hacking%20article.pdf. [24] Verizon (2010). Data Breach Investigations Report. "A study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service". [25] Taylor, A. S. and Swan, L., (2005). "Artful systems in the home". In Proceedings of the SIGCHI conference on Human factors in computing systems (CHI '05). ACM, New York, NY, USA, 641-650. DOI=10.1145/1054972.1055060 http://doi.acm.org/10.1145/1054972.1055060. [26] Office of the Privacy Commissioner of Canada, (2007, September 24). "Report of an Investigation into the Security, Collection and Retention of Personal Information, TJX Companies Inc./Winners Merchant International L.P". [Online]. Available: http://www.oipc.ab.ca/ims/client/upload/Investigation%20Report%20P2007_IR_0061. Pdf. AUTHORS BIO Dr. Ahmad Mashhourearned his PhD in Information Systems from University of London (LSE), UK, 1989. He is currently an associate professor at the University of Bahrain, Information System Dept. He also joined other universities in the middle East for some time including University of Qatar, and YarmoukUniversity of Jordan. His research interest includes Simulation modeling and Analysis, e- business and e-learning. Email Address: mashhour_ahmad@yahoo.com Dr. ZakariaSaleh is an AssociateProfessor at the MIS department, Yarnouk University. Before joining the Yarmouk University faculty team, Dr. Saleh was an engineer in the automotive industry, where he worked on the design and development of electronic control systems for Constructions and Agricultural Equipment, and he led the design and development of web based Fleet Management System, which was successfully launched by Case Corporation of the US in the year 2001.

Recommended

Co-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMPCo-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMPIJNSA Journal
 
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions inEvaluation of enhanced security solutions in
Evaluation of enhanced security solutions inIJNSA Journal
 
Enhanced security in spontaneous wireless ad hoc
Enhanced security in spontaneous wireless ad hocEnhanced security in spontaneous wireless ad hoc
Enhanced security in spontaneous wireless ad hoceSAT Publishing House
 
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...CSCJournals
 
A Modular Approach To Intrusion Detection in Homogenous Wireless Network
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkA Modular Approach To Intrusion Detection in Homogenous Wireless Network
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkIOSR Journals
 
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...IJNSA Journal
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...Lindsey Landolfi
 
IoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningIoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningCSCJournals
 

Recommended

Co-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMPCo-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMPIJNSA Journal
 
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions inEvaluation of enhanced security solutions in
Evaluation of enhanced security solutions inIJNSA Journal
 
Enhanced security in spontaneous wireless ad hoc
Enhanced security in spontaneous wireless ad hocEnhanced security in spontaneous wireless ad hoc
Enhanced security in spontaneous wireless ad hoceSAT Publishing House
 
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...CSCJournals
 
A Modular Approach To Intrusion Detection in Homogenous Wireless Network
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkA Modular Approach To Intrusion Detection in Homogenous Wireless Network
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkIOSR Journals
 
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...IJNSA Journal
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...Lindsey Landolfi
 
IoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningIoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningCSCJournals
 
Secure final
Secure finalSecure final
Secure finalVinoth Barithi
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possibleIJNSA Journal
 
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmA Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmEditor IJMTER
 
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET Journal
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis MPhil/MRes/BSc
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
 
Security Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A ReviewSecurity Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
 
7215nsa05
7215nsa057215nsa05
7215nsa05Shivanand Manjaragi
 
wireless communication security PPT, presentation
wireless communication security PPT, presentationwireless communication security PPT, presentation
wireless communication security PPT, presentationNitesh Dubey
 
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...IJCNCJournal
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2LinkedIn
 
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...ijcsa
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIJNSA Journal
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackRashi Dhagat
 
Modern Metrics on Computer Networking
Modern Metrics on Computer NetworkingModern Metrics on Computer Networking
Modern Metrics on Computer NetworkingDR.P.S.JAGADEESH KUMAR
 
L010517180
L010517180L010517180
L010517180IOSR Journals
 
Identifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities SurveyIdentifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities SurveyClayton Hatathlie
 
Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Securityijtsrd
 
A Survey of Security Approaches for Wireless Adhoc Networks
A Survey of Security Approaches for Wireless Adhoc NetworksA Survey of Security Approaches for Wireless Adhoc Networks
A Survey of Security Approaches for Wireless Adhoc NetworksInternational Journal for management Science and Technology - https://www.ijmst.com/
 
Wi-Fi Data Analysis based on Machine Learning
Wi-Fi Data Analysis based on Machine LearningWi-Fi Data Analysis based on Machine Learning
Wi-Fi Data Analysis based on Machine LearningAIRCC Publishing Corporation
 
Evaluation of Enhanced Security Solutions in 802.11-Based Networks
Evaluation of Enhanced Security Solutions in 802.11-Based NetworksEvaluation of Enhanced Security Solutions in 802.11-Based Networks
Evaluation of Enhanced Security Solutions in 802.11-Based NetworksIJNSA Journal
 

More Related Content

What's hot

Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possibleIJNSA Journal
 
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmA Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmEditor IJMTER
 
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET Journal
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis MPhil/MRes/BSc
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
 
Security Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A ReviewSecurity Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
 
wireless communication security PPT, presentation
wireless communication security PPT, presentationwireless communication security PPT, presentation
wireless communication security PPT, presentationNitesh Dubey
 
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...IJCNCJournal
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2LinkedIn
 
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...ijcsa
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIJNSA Journal
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackRashi Dhagat
 
Identifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities SurveyIdentifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities SurveyClayton Hatathlie
 
Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Securityijtsrd
 

What's hot (19)

Secure final
Secure finalSecure final
Secure final
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possible
 
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmA Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
 
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...
 
Security Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A ReviewSecurity Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A Review
 
7215nsa05
7215nsa057215nsa05
7215nsa05
 
wireless communication security PPT, presentation
wireless communication security PPT, presentationwireless communication security PPT, presentation
wireless communication security PPT, presentation
 
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
 
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Modern Metrics on Computer Networking
Modern Metrics on Computer NetworkingModern Metrics on Computer Networking
Modern Metrics on Computer Networking
 
L010517180
L010517180L010517180
L010517180
 
Identifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities SurveyIdentifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities Survey
 
Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Security
 

Similar to Wireless Networks Security in Jordan: A Field Study

Evaluation of Enhanced Security Solutions in 802.11-Based Networks
Evaluation of Enhanced Security Solutions in 802.11-Based NetworksEvaluation of Enhanced Security Solutions in 802.11-Based Networks
Evaluation of Enhanced Security Solutions in 802.11-Based NetworksIJNSA Journal
 
A Literature Review Of Security Threats To Wireless Networks
A Literature Review Of Security Threats To Wireless NetworksA Literature Review Of Security Threats To Wireless Networks
A Literature Review Of Security Threats To Wireless NetworksScott Bou
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IJNSA Journal
 
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSCOMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSIJNSA Journal
 
Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasureEdie II
 
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...IJNSA Journal
 
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...IJNSA Journal
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityIOSR Journals
 
A Literature Survey on Security Management Policies used in Wireless Domain
A Literature Survey on Security Management Policies used in Wireless DomainA Literature Survey on Security Management Policies used in Wireless Domain
A Literature Survey on Security Management Policies used in Wireless Domainijtsrd
 
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKSSECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKSIAEME Publication
 
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKSSECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKSIAEME Publication
 
Security Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh NetworkSecurity Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh Networkijtsrd
 
A review of privacy preserving techniques in wireless sensor network
A review of privacy preserving techniques in wireless sensor networkA review of privacy preserving techniques in wireless sensor network
A review of privacy preserving techniques in wireless sensor networkAlexander Decker
 
A review of privacy preserving techniques in wireless sensor network
A review of privacy preserving techniques in wireless sensor networkA review of privacy preserving techniques in wireless sensor network
A review of privacy preserving techniques in wireless sensor networkAlexander Decker
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...IRJET Journal
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 

Similar to Wireless Networks Security in Jordan: A Field Study (20)

A Survey of Security Approaches for Wireless Adhoc Networks
A Survey of Security Approaches for Wireless Adhoc NetworksA Survey of Security Approaches for Wireless Adhoc Networks
A Survey of Security Approaches for Wireless Adhoc Networks
 
Wi-Fi Data Analysis based on Machine Learning
Wi-Fi Data Analysis based on Machine LearningWi-Fi Data Analysis based on Machine Learning
Wi-Fi Data Analysis based on Machine Learning
 
Evaluation of Enhanced Security Solutions in 802.11-Based Networks
Evaluation of Enhanced Security Solutions in 802.11-Based NetworksEvaluation of Enhanced Security Solutions in 802.11-Based Networks
Evaluation of Enhanced Security Solutions in 802.11-Based Networks
 
A Literature Review Of Security Threats To Wireless Networks
A Literature Review Of Security Threats To Wireless NetworksA Literature Review Of Security Threats To Wireless Networks
A Literature Review Of Security Threats To Wireless Networks
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSCOMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
 
Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasure
 
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...
 
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...
TRUST VALUE ALGORITHM: A SECURE APPROACH AGAINST PACKET DROP ATTACK IN WIRELE...
 
1Table of Contents.docx
1Table of Contents.docx1Table of Contents.docx
1Table of Contents.docx
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless Security
 
A Literature Survey on Security Management Policies used in Wireless Domain
A Literature Survey on Security Management Policies used in Wireless DomainA Literature Survey on Security Management Policies used in Wireless Domain
A Literature Survey on Security Management Policies used in Wireless Domain
 
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKSSECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
 
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKSSECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
SECURITY CONCERNS IN WIRELESS SENSOR NETWORKS
 
Security Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh NetworkSecurity Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh Network
 
A review of privacy preserving techniques in wireless sensor network
A review of privacy preserving techniques in wireless sensor networkA review of privacy preserving techniques in wireless sensor network
A review of privacy preserving techniques in wireless sensor network
 
A review of privacy preserving techniques in wireless sensor network
A review of privacy preserving techniques in wireless sensor networkA review of privacy preserving techniques in wireless sensor network
A review of privacy preserving techniques in wireless sensor network
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
 
JCC_2015120915212763
JCC_2015120915212763JCC_2015120915212763
JCC_2015120915212763
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 

Recently uploaded

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

Wireless Networks Security in Jordan: A Field Study

  • 1. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 DOI : 10.5121/ijnsa.2013.5403 43 Wireless Networks Security in Jordan: A Field Study Ahmad S. Mashhour1 &Zakaria Saleh2 1 IS Dept, University of Bahrain Mashhour_ahmad@yahoo.com 2 MIS Dept, Yarmouk University, Jordan Drzaatreh@aim.com ABSTRACT The potential of wireless communications, has resulted in a wide expand of wireless networks. However, the vulnerabilities and threats that wireless networks are subjectedto resulted in higher risk for unauthorized users to access the computer networks.This research evaluates the deployed Wireless Network in Jordan as well as the use of the security setting of the systems and equipment used. Caution will be taken to avoid network access as only existence of the network is sought. Wardriving involve the use of freeware tools such as NetStumbler, or Kismet, which was originally developed to be used for helping network administrators make their systems more secure. Thestudy is carried out through field evaluation of the Wireless Local Area Network (WLAN)in light of the use of Wardriving, and proposessome measures that can be taken to improve securityof the wireless network by the users. KEY WORDS Security, Wardriving, Wireless Local Area Network (WLAN), Wired Equivalent Privacy (WEP). 1. INTRODUCTION Wireless networks have evolved rapidly in the last few years due to the developments of new wireless standards and cost-effective wireless hardware. This has led to widespread adoption of the technology in home and small businesses. With the growth of wireless networking, security is the main weakness of the whole wireless system, which resulted in improper uses of network resources. The deployment of wireless networks can potentially make private networks subject to public use. As wireless access increases, security becomes an even more important issue. Wardriving is a common practice at which an individual equipped with electronic devices capable for wireless access, wanders in the streets with the aim to locate wireless networks for access to the Internet, either house-based or corporate-based wireless networks, map their existence, and hack them. It is using a laptop equipped with awireless LAN adapter or smart mobile phone, and randomly driving around looking for unsecured wireless LANs. This paper provides evidence through a study of how users configure and protect their wireless Internet access points (APs). Wireless networks require a Service Set Identifier (SSID),which represents the name of the wireless network, whichdistinguishes between the wireless networks and offers the ability for the users to identify and use them. If configured to auto-connect, is practical for a client adapter toconnect to an AP, orsimply click on the SSID of a selected AP (SSIDs can be found in the client’s list of available wireless networks under “Network and Sharing Center”). This research will evaluate the wireless networks in Jordan, and see if the networks are protected from such actions.
  • 2. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 44 2. BACKGROUND Wireless networking is one of growing technologies being deployed today, from home networks to corporate level wireless networks. Businesses as well as general users are trying to take advantage of the benefits which wireless networking providessuch ascost effectiveness, flexibility and easy to use.Howeverthere has been an increasing demand for greater security in businesses.Most network threats come from the ignorance of users, the inactive attitudes of corporations, and the improper implementation of security features by wireless devices manufacturers[1]. The lack ofsufficient learning materials and or support for users’ wireless connections at home, as well as public places wireless access poses a critical threat to the systems as well as the information these systems host. Some researchers suggest that with the increased demand for wireless connections, comes a growing concern about the security and protectionthe wireless networks [2-5, 20].For more details about wireless network problems and solution see[6- 10, 25,26]. As communication technology advances, there is a good amount of Wi-Fi networks in populated areas in Jordan. Finding many of these networks does not take much efforts when using some of the tools that can be obtained from the Internet.To automate the searching for wireless access points, many software tools have been developed that allows for detecting Wireless Local Area Networks (WLANs). The Software is available for free on the Internet [11], (e.g. NetStumbler for Windows, SWScanner for Linux and KisMac for Macintosh). This softwarewasmainlydesigned and used to insure that a wireless network is set up properly and as it is intended for,or be used to locatepoor coverage within a WLAN, detect any networks interference, and discover any unapproved "rogue" access points in the company’s network. Regrettably, wireless networks are susceptible to attacks if not protected properly[11, 24].Therefore, this toolcan be used by hackers to obtain access to open or inadequately secured networks, in the commonly known"Wardriving" access.We believe that Wardriving is an activity that many can participate in with low cost and minimal technical expertise [22]. 3. SIGNIFICANCE OF THE STUDY AND RESEARCH OBJECTIVES Achieving a perfectly acceptable wireless network security performance has not been very easy. The significant of this research is that no other similar testing was conducted in Jordanto provide an evaluation of the wireless networks security in any Jordanian city. Conducting this research is essential because it tries to identifythe wireless network security issues that thesewidely deployed networks maybe facing. The findings of this research should be considered by network owners and the Wireless Internet Service Providers (WISP) to review the recommendations regarding the threats facing their networks, and then, decide the suitable security measures needed to be taken to reduce and/or possibly eliminate these threats. Because there are so many vulnerabilities associated with wireless networks, there are a lot of tools available to penetration testers for exploiting them. It is important for security professionals (including security auditors) to be familiar with the tools used to spoof MAC addresses, deauthenticateclients from the network, capture traffic, re-inject traffic, and crack Wired Equivalent Privacy (WEP) or the WLAN Protected Access (WPA). The proper use of these skills will help a security auditor perform an effective WLAN penetration test. It is essential for the system security teams running the wires networks in Jordan to have a complete understanding of the existing wireless network threats andhow these threats can be exploited, to determine the
  • 3. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 45 appropriate defense techniques to prevent attacks or unauthorized access to their wireless networks. 3.1 Research Questions: The research answers questions about the security status of wireless networks in Jordan, and how to achieve acceptable wireless security performance. These questions are: i) Wireless networks are inherently insecure. Can this be actually true about Wireless networks in Jordan? ii) What are the current approaches used for protecting wireless network and preventing unauthorized users to access the network? iii) What is the level of threats facing the wireless networks in Jordan? 4. WARDRIVING OVERVIEW Wardriving is not a complex hack. A hacker can workthrough the wireless security issues, and wouldeasily understand most of them. Exploiting the wireless networks requires simply a moving vehicle, a portable device equipped with an 802.11 wireless LAN adapter (see figure 1). NetStumbler is the most favored utility among the entire available ones. In light of that, this research will mainly concentrate on the use of NetStumbler. In addition, nearly allWiFi enabled Windows devices can blindly scan for hotspots by running NetStumbler[23]. It is not always that someone has to do anything deliberately to connect to someone else's network. Some client adapters will hook up with any WAP (Wireless access points) that is non- WEP (Wired Equivalent Privacy), within range, given enough time to perform a DHCP (Dynamic Host Configuration Protocol)transaction. NetStumbler is Windows application that scans for wireless networks and generates the information about the network such as SSID, encryption status. In addition, NetStumblercan provide GPS coordinates[12, 23].However, in legitimate operation, NetStumbleris mainly assigned Rogue AP detection[13]. It only monitors theparts of data that the AP makes public. It has no means for reverse-engineering passwords, sniffing packets, or connecting to a network (protected or otherwise). Client adapters can be configured auto-connect to an AP once detected.TheStumbler program does not log any stations with SSIDs other than onessensed by the omnidirectional antenna.
  • 4. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 46 Figure 1: Wardriving Diagram 4.1 Wireless Local Area Networks Security Issues The first launches implementations of wireless technology were very slow, offering only about 1 to 2 Mbps (Megabits per second) speeds for transmission and suffered from lack of reliability and week security, so it did not succeed well in the market[3,8,14].Information security professionals as well as researchers have declared WEP security algorithm to be inappropriate for securing wireless communication [4,12,15-16].WLAN depends on cryptographic methods to enable security. In this research, WEPand WLAN security mechanisms assumed to be providing the security as defined by IEEE 802.11 Standards [17]. WEP was the leading protocol developed for Wi-Fi to provide encryption mechanism that should enable privacy through the means of user’s authentication. However, it is a publically known fact that WEP was not able to secure the wireless networks. WPA was suggested by the Wi-Fi Alliance to replace WEP as a new cryptographic protocol. In addition, WLAN suffered from a number of security vulnerabilities, where the seriousness of them was acknowledgedvery late[18]. Using NetStumbler, the tool sends out Probe Requests with pseudo random data included in its request and listens for the response from the access point. The war-driving program then captures the response and then displays the details of the packet for the user’s information. The 802.11 header includes information about the network encryption status as well as the SSID. Therefore, this information can be collected by a war-driving program like NetStumbler(see figure 2). In certain ways, information systems breachshares similar concepts with fingerprints [19].Thus, for security and privacy reasons, all actual monitoring data was deleted from figure 2, and only the user interface is being displayed.
  • 5. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 47 Figure 2: NetStumbleruser interface 5. TEST SETUP AND FINDINGS To answer the research question, a test was conducted to collect data about existing wireless networks in different Jordanian areas. The tests were simply conducted using a moving vehicle, a laptop equipped with an 802.11 wireless LAN adapter, using NetStumbler as a tool to its request and listens for the response from the access point. The driving was done in two major cities in Jordan; Amman and Irbid. During the test: 1) Thecontents the tested network was not examined or accessed.2) No attemptswere made to effectthe integrity of any system by altering, adding, modifying, or deleting anything on any network, and 3) No actual use the network's was made to connect to the Internet or surf the Web or anything similar activities. The process used to test the networks does not constitute "access" of the company's network (what we did constitutes to the State v. Allen case that took place in an Americancourt of law, which is frequently referred towhen there is a questionregarding an illegal networkaccess [18]. Table 1: Network vulnerability Type of Networks Number of Tested Networks Type Average Vulnerable Network 132 79.52% Protected Network 34 20.48% Total 166 100.00% The outcomes of this test reveal that there exist insecure wireless networks in people’s homes and in small, medium and large corporationsas well. Because of these insecure deployments, penetration test was conducted to determine the security status on some organizations’ wireless
  • 6. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 48 network, as well as home users’ systems, to determine if companies and users have deployed their wireless network in a secure fashion. As for the first research question, the majority of the tested wireless networks (79.52%) are unsecured and the security of the networks needs to be further enhanced to protect those networks. The results of the evaluations are displayed in table 1 and figure 3. Figure 3: Network vulnerability As for the current approaches used for protecting wireless network and preventing unauthorized users to access the network, 68.67% of the networks are found to be using low level protection, and 11.45% are not applying any encryption (see table 2 and figure 4). Table 2: Level Of protection Type of Encryption Number of Tested Networks Type Average Low Level Protection 114 68.67% High Level Protection 33 19.88% No Encryption 19 11.45% Total 166 100.00% Vulnerable Network International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 48 network, as well as home users’ systems, to determine if companies and users have deployed their wireless network in a secure fashion. As for the first research question, the majority of the tested wireless networks (79.52%) are unsecured and the security of the networks needs to be further enhanced to protect those networks. The results of the evaluations are displayed in table 1 and figure 3. Figure 3: Network vulnerability As for the current approaches used for protecting wireless network and preventing unauthorized users to access the network, 68.67% of the networks are found to be using low level protection, and 11.45% are not applying any encryption (see table 2 and figure 4). Table 2: Level Of protection Type of Encryption Number of Tested Networks Type Average Low Level Protection 114 68.67% High Level Protection 33 19.88% No Encryption 19 11.45% Total 166 100.00% Vulnerable Network Protected Network Type of Networks Number of Tested Networks International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 48 network, as well as home users’ systems, to determine if companies and users have deployed their wireless network in a secure fashion. As for the first research question, the majority of the tested wireless networks (79.52%) are unsecured and the security of the networks needs to be further enhanced to protect those networks. The results of the evaluations are displayed in table 1 and figure 3. Figure 3: Network vulnerability As for the current approaches used for protecting wireless network and preventing unauthorized users to access the network, 68.67% of the networks are found to be using low level protection, and 11.45% are not applying any encryption (see table 2 and figure 4). Table 2: Level Of protection Type of Encryption Number of Tested Networks Type Average Low Level Protection 114 68.67% High Level Protection 33 19.88% No Encryption 19 11.45% Total 166 100.00% Number of Tested Networks
  • 7. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 49 Figure 4: Level Of protection To improve the security of the wireless network, the SSID needs to be changed to a different name than the default. We have discovered that 92.17% of the networks are using default SSID (see table 3 and figure 5). As for the level of threats facing the wireless networks in Jordan, by default all client devices receive SSID broadcasts from all WAPs that are within range. Being able to receive the SSID, the SSID was broadcasted from all WAPs were tested, when attackers have developed sophisticated and effective techniques to exploit wireless systems. Table 3: SSID Configuration SSID Number of Tested Networks Type Average Default SSID 153 92.17% Changed SSID 13 7.83% Total 166 100.00% Figure 5: SSID Configuration Low Level Protection Type of Encryption Default SSID Type of Encryption International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 49 Figure 4: Level Of protection To improve the security of the wireless network, the SSID needs to be changed to a different name than the default. We have discovered that 92.17% of the networks are using default SSID (see table 3 and figure 5). As for the level of threats facing the wireless networks in Jordan, by default all client devices receive SSID broadcasts from all WAPs that are within range. Being able to receive the SSID, the SSID was broadcasted from all WAPs were tested, when attackers have developed sophisticated and effective techniques to exploit wireless systems. Table 3: SSID Configuration SSID Number of Tested Networks Type Average Default SSID 153 92.17% Changed SSID 13 7.83% Total 166 100.00% Figure 5: SSID Configuration High Level Protection No Encryption Type of Encryption Number of Tested Networks Default SSID Changed SSID Type of Encryption Number of Tested Networks International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 49 Figure 4: Level Of protection To improve the security of the wireless network, the SSID needs to be changed to a different name than the default. We have discovered that 92.17% of the networks are using default SSID (see table 3 and figure 5). As for the level of threats facing the wireless networks in Jordan, by default all client devices receive SSID broadcasts from all WAPs that are within range. Being able to receive the SSID, the SSID was broadcasted from all WAPs were tested, when attackers have developed sophisticated and effective techniques to exploit wireless systems. Table 3: SSID Configuration SSID Number of Tested Networks Type Average Default SSID 153 92.17% Changed SSID 13 7.83% Total 166 100.00% Figure 5: SSID Configuration Number of Tested Networks Number of Tested Networks
  • 8. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 50 6. RECOMMENDATIONSFOR SECURING WIRLESS SYSTEMS With the growth of wireless communication and wireless networks, more advanced and effective techniques were implemented to exploit the wireless communication systems of all types. Using these tools allows an attacker to access the internal networks and client systems, and often it can be used to bypass the deployed security defenses system like intrusion detection systems.In light of that, there will be a need to have a periodic audit of the wireless networks, and to try and assess the wireless networks, evaluate the systems’ vulnerabilities, and analyze the security risks associated with it. In addition, there will be a need to continue monitoring the network to identify rogue WAPs and signal leakage. In addition, frequent inspection and adjustment of WAPs is recommended to minimize the damage that WAP physical security issues may cause. This will provide good information on the security of the wireless network. Using suitable assessment tools and techniques to identify and expose threats that wireless network may be faced with, and then use the proper defensive responses to protect wireless network resources. To protect wireless network from Wardriving and hackers in general, protecting measures must be well planned and thoroughly maintained and updated. In order to prevent the security issues reported in this study, when implementing the wireless network, a security evaluation and risk analysis must be conducted thoroughly. Once the network is fully implemented and operational, there will be a need to have a security policies specific to the use of the wireless network. In addition, a security audit will be essential to help identify and prevent the system’s vulnerabilities. By default all client devices receive SSID broadcasts from all WAPs that are within range. One of the recommend ways to ensuring that a system will not be exposed to wardrivers is to disable SSID broadcasting by the WAPs.Although tools such as Kismet can still discover a non- SSID broadcasting wireless network many would be intruders will however be disappointed by a lack of SSID broadcasts. Therefore, once the wireless devices are installed and set to go, there will be a need to change all the manufacturer default settings. These settings include administrator name and password, network ID and name, methods of authentication, broadcastingsetting, the default encryption methods and pre-shared keys, and the method used to connection to the network [21]. MAC Address filtering can also be applied to enhance security. MAC Address filtering can be implemented to improve authentication of the wireless enabled device. When using MAC Address filtering, a table is developed and a list of all permitted MAC Addresses can be entered into the table, where the default setting would be to deny access to all unlistedwireless systems. Access to the wireless network must be controlledusing access point authentication, and all traffic transmitted through the wireless networks should be first encrypted using one of the strong and advanced methods of encryption like WPA2. If a default encryption is Wired Equivalent Protection (WEP) then the default 40-bit key is used. WEP is broadly publicized for a number of weaknesses, one of which is the key size. Therefore there will be a need to use 128-bit encryption key to further strengthen the encryption. As a result,it will take significantly longer time for intruders to crack. To help reduce exposure, depending on the size of the network, the network can be subdivided into several and smaller subnets. This will not only enhance the security of the system, but will alsohelp delivergreater overall network performance as well as higher efficiency.We recommend for those organizations that exemplified system weakness to conduct a network readiness assessments to check for signal leakage from the internal wireless network to the publically
  • 9. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 51 accessible areas, an also look for leakage from the publically accessible ad hoc wireless networks into their network. It seems that a good number of users are either not aware of the severe outcome of thepotential security breaches, they may believe that their wireless connections are protected. Corporations also underestimate the potential dangers. Therefore urgent action is needed in light of the recent high-profile security breaches.Most threats come from the ignorance of users, the inactive attitudes of corporations, and the improper implementation of security features by wireless devices manufacturers. 7. CONCLUSION The potential of wireless communications combined with high risk for unauthorized users to access the computer networks, dictated the need for higher measures to be taken for protectingsensitive information and insure the privacy of the user and protect theassets of the company. However, it seems that a good number of users are either not aware of the severe outcome of the potential security breaches, they may believe that their wireless connections are protected. This was a clear indication by leaving factory default settings in some network devices. Leavingthese network devices with the default setting will definitely permit other unauthorized users to gains access to the systems. In this research we evaluate the Wireless Network environment in Jordan in view of the use of the WLAN equipment and found that a high percent of WLAN are not secured, the research also provides some recommendations and best practices regarding the security of WLAN networks. REFERENCES [1] Loo, A. W. (2010), "Illusion of Wireless Security", Advances in Computers, Volume 79, 2010, Pages 119-167. [2] Bulbul, H. I., Batmaz, I., and Ozel, M. (2008). "Wireless network security: comparison of WEP (Wired Equivalent Privacy) mechanism, WPA (Wi-Fi Protected Access) and RSN (Robust Security Network) security protocols". First international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop(e-Forensics '08), ICST, Brussels, Belgium, Belgium, Article 9, 6 pages. [3] Miller, B., and Hamilton, B. (2002). "Issues in Wireless Security (WEP, WPA & 802.11i)". The 18th Annual Computer Security Applications Conference, 11 December 2002. [4] Welch, D. J., and Sayles, A. (2010). "A Survey of 802.11a Wireless Security Threats and Security Mechanisms",A Technical Report to the Army G6, Internet Technology and Secured Transactions (ICITST). [5] Zadig, Sean M., and Tejay, G. (2010). "Securing IS assets through hacker deterrence: A case study", In the proceedings of conference on Anti-Phishing Working Groups 2nd Annual eCrime Researchers Summit-eCrime, pp. 1-7, 2010. [6] Amouzegar, H., Jafar, M. T, and Hidaji, A. N. (2009). "A New SOA Security Model to Protect Against Web Competitive Intelligence Attacks by Software Agents". International Journal of Information Security and Privacy, pp. 18-28. [7] Balfanz, D., Durfee, G., Grinter, R. E., Smetters, D. K. and Stewart, P. (2004). "Network-in-a-Box: How to set up a secure wireless network in under a minute". In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 (SSYM'04), USENIX Association, Berkeley, CA, USA, pp. 15-15. [8] Ho, J. T., Dearman, D., Truong, K. N. (2010). "Improving Users’ Security Choices on Home Wireless Networks"ACM, Article 12, 12 pages. DOI=10.1145/1837110.1837126. [online]. Available: http://doi.acm.org/10.1145/1837110.1837126 [9] Hurley, C., Rogers, R., Thornton, F., and Connelly, D. (2007). WarDriving and Wireless Penetration Testing, Syngress Publishing.
  • 10. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013 52 [10] Grinter, R. E., Edwards, W. K., Newman, Mark W., and Ducheneaut, N. (2005)."The work to make a home network work".Ninth conference on European Conference on Computer Supported Cooperative Work, p.469- 488, September 18-22, 2005, Paris, France. [11] Vladimirov, A., Gavrilenko, K. V., Mikhailovsky, A. (2004). Wifoo: The Secrets of Wireless Hacking. – Addison Wesley. [12] Borisov, N., Goldberg, I., and Wagner, D. (2008). "Security of the WEP Algorithm, UC Berkeley". [online]. Available: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html. [13] Fluhrer, S., Mantin, I., and Shamir, A. (2001). "Weaknesses in the key scheduling algorithm of RC4". Lecture Notes in Computer Science, vol. 2259, pp. 1-24. [online]. Available: http://www.crypto.com/papers/others/rc4 ksaproc.pdf. [14] Berghel, H. (2004). "Wireless Infidelity I: Wardriving", Communications of the ACM – CACM, Vol. 47, no. 9, pp.2. [15] Burell, J. (2002)." Wireless Local Area Networking: Security Assessment and Countermeasures: IEEE 802.11 Wireless Networks".[Online].[online]. Available:telecom.gmu.edu/publications/Jim-Burrell-December-2002.pdf. [16] Burell, J. (2002). "Wireless Local Area Networking: Security Assessment and Countermeasures: IEEE 802.11 Wireless Networks". [online]. Available: telecom.gmu.edu/publications/Jim-Burrell-December-2002.pdf. [17] IEEE Standards Association. Std 802.11, 1999, Edition (R2003), 2003. [online]. Available: http://standards.ieee.org/getieee802/download/802.11-1999.pdf. [18] Thomas, M. (2004). "Network Security First-Step".Cisco Press, Indiana, USA. ISBN: 1-58720-099-6. p315. [19] Cisco Networking Academy Program (2004). Fundamentals of Wireless LANs. Indianapolis, Indiana: Cisco Press. [20] Ryan, P. (2004). "War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics". Virginia Journal of Law & Technology vol. 9. No.(7). [21] TechDoc (2008). Securing Business against War Driving. [online]. Available:http://webupon.com/security/securing-business-against-war-driving. [22] Etter, A. (2002). "A Guide to Wardriving and Detecting Wardrivers". SANS Institute, document number GSEC Version: 1.4b. [23] Martin, J. (2005).The Art of casual WiFi hacking. [online]. Available:www.infosecwriter.com/pdf/WiFi%20hacking%20article.pdf. [24] Verizon (2010). Data Breach Investigations Report. "A study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service". [25] Taylor, A. S. and Swan, L., (2005). "Artful systems in the home". In Proceedings of the SIGCHI conference on Human factors in computing systems (CHI '05). ACM, New York, NY, USA, 641-650. DOI=10.1145/1054972.1055060 http://doi.acm.org/10.1145/1054972.1055060. [26] Office of the Privacy Commissioner of Canada, (2007, September 24). "Report of an Investigation into the Security, Collection and Retention of Personal Information, TJX Companies Inc./Winners Merchant International L.P". [Online]. Available: http://www.oipc.ab.ca/ims/client/upload/Investigation%20Report%20P2007_IR_0061. Pdf. AUTHORS BIO Dr. Ahmad Mashhourearned his PhD in Information Systems from University of London (LSE), UK, 1989. He is currently an associate professor at the University of Bahrain, Information System Dept. He also joined other universities in the middle East for some time including University of Qatar, and YarmoukUniversity of Jordan. His research interest includes Simulation modeling and Analysis, e- business and e-learning. Email Address: mashhour_ahmad@yahoo.com Dr. ZakariaSaleh is an AssociateProfessor at the MIS department, Yarnouk University. Before joining the Yarmouk University faculty team, Dr. Saleh was an engineer in the automotive industry, where he worked on the design and development of electronic control systems for Constructions and Agricultural Equipment, and he led the design and development of web based Fleet Management System, which was successfully launched by Case Corporation of the US in the year 2001.