2. Outline
Introduction to wireless security
Examining wireless LAN vulnerabilities
Understanding WLAN security models
Securing wireless transmission using VPN
Wireless security policies
2
3. Introduction to wireless security
A wireless network is any type of computer network that
uses wireless data connections for connecting network nodes.
Wireless networks operate using radio frequency
technology, a frequency within the electromagnetic spectrum
associated with radio wave propagation
Concerns for wireless security are similar to those found in a
wired environment
Security requirements are the same:
• Confidentiality, integrity, availability, authenticity,
accountability
• Most significant source of risk is the underlying
communications medium
3
4. Examining wireless LAN vulnerabilities
Over the last twelve years, 802.11 Wireless LAN’s have
matured and really reshaped the network landscape.
802.11n is now rapidly replacing Ethernet as the method of
network access.
The rapid increasement of mobile devices has led to a
tremendous need for wireless local area networks (WLAN),
deployed in various types of locations, including homes,
educational institutions, airports, business offices,
government buildings, military facilities, coffee shops, book
stores and many other venues.
4
5. Cont..
However, the increased development of Wireless LAN has
increased the potential threats to the home user, small
businesses and the corporate world.
Unlike a wired network, a WLAN uses radio frequency
transmission as the medium for communication.
This necessarily exposes layer 1 and layer 2 to whoever can
listen into the RF ranges on the network. Wireless insecurity
has been a critical issue since Wired Equivalent Privacy
(WEP), an IEEE standard security algorithm for wireless
networks, was compromised.
5
6. WLAN VULNERABILITIES
Wireless LANs have gained much more popularity than
wired networks because of their flexibility, cost-effectiveness
and ease of installation.
However, the increasing deployment of WLANs presents
the hacker or cracker with more opportunities. Unlike wired
networks, WLANs transmit data through the air using radio
frequency transmission or infrared.
Current wireless technology in use enables an attacker to
monitor a wireless network and in the worst case may affect
the integrity of the data.
6
7. WLANs are susceptible to various vulnerabilities due to their
inherent characteristics and the technologies they rely on. Some
common WLAN vulnerabilities include:
Unauthorized Access: WLANs are susceptible to unauthorized
access if proper security measures such as strong encryption and
authentication protocols are not implemented. Attackers can
intercept wireless signals and gain access to the network,
potentially compromising sensitive data.
Weak Encryption: Weak encryption methods such as WEP
(Wired Equivalent Privacy) are vulnerable to various attacks,
including packet sniffing and brute force attacks. It's essential to
use strong encryption protocols like WPA2 (Wi-Fi Protected
Access 2) or WPA3 to mitigate this vulnerability.
7
8. Denial of Service (DoS) Attacks: WLANs are susceptible to
DoS attacks, where attackers flood the network with an
excessive amount of traffic, causing it to become unavailable
to legitimate users. This can disrupt operations and lead to
service outages.
Man-in-the-Middle (MitM) Attacks: MitM attacks involve
intercepting and possibly altering communication between
two parties without their knowledge. In WLANs, attackers
can position themselves between the client and the access
point, intercepting and manipulating data transmitted
between them
WPS Vulnerabilities: Wi-Fi Protected Setup (WPS) is
designed to simplify the process of connecting devices to a
wireless network. However, some implementations of WPS
have been found to contain vulnerabilities that can be
exploited by attackers to gain access to the network.
8
9. Cont..
SSID Spoofing: Attackers can set up fake wireless access
points with the same Service Set Identifier (SSID) as
legitimate networks to trick users into connecting to them.
Once connected, attackers can eavesdrop on network traffic
or launch further attacks.
9
10. Understanding WLAN security models
Wireless Local Area Network (WLAN) security models are
frameworks designed to protect wireless networks from
various threats and vulnerabilities.
Understanding these models is essential for implementing
effective security measures. Here are the key WLAN security
models:
-WEP (Wired Equivalent Privacy):
-WPA (Wi-Fi Protected Access):
-WPA2 (Wi-Fi Protected Access 2):
-WPA3 (Wi-Fi Protected Access 3):
10
11. WEP (Wired Equivalent Privacy)
WEP (Wired Equivalent Privacy) is one of the earliest
security protocols developed for wireless networks,
specifically Wireless Local Area Networks (WLANs).
However, WEP has several significant vulnerabilities that
render it ineffective as a secure encryption method. Here are
some key points about WEP:
Encryption: WEP encrypts data transmitted over the
wireless network using a shared key mechanism. It uses the
RC4 encryption algorithm with a 40-bit or 104-bit key size.
RC4 (Rivest Cipher 4) is a stream cipher designed by Ron
Rivest in 1987. It's one of the most widely used stream
ciphers due to its simplicity and speed.
11
12. Encryption Procedure RC4
1.The user inputs a plain text file and a secret key.
2.The encryption engine then generates the keystream by using KSA
and PRGAAlgorithm.
3.This keystream is now XOR with the plain text, this XORing is done
byte by byte to produce the encrypted text.
4.The encrypted text is then sent to the intended receiver, the intended
receiver will then decrypted the text and after decryption, the receiver
will get the original plain text.
12
14. Cont..
Weak keys:
It allows an attacker to discover the default key being
used by the Access Point and client stations
This enables an attacker to decrypt all messages being
sent over the encrypted channel.
IV (initialization vector) reuse and small size:
There are 224 different IVs
On a busy network, the IV will surely be reused, if the
default key has not been changed and the original
message can be retrieved relatively easily.
14
15. Cont..
Security Flaws: WEP's security flaws became well-known
soon after its introduction. Researchers demonstrated that
WEP could be cracked within minutes using freely available
tools.
Replacement: Due to its vulnerabilities, WEP has been
largely deprecated and replaced by more secure encryption
protocols such as WPA (Wi-Fi Protected Access) and WPA2.
15
16. WPA (Wi-Fi Protected Access)
New technique in 2002
Replacement of security flaws of WEP
Improved data encryption
Strong user authentication
Because of many attacks related to static key, WPA minimize
shared secret key in accordance with the frame transmission
Use the RC4 algorithm in a proper way and provide fast
transfer of the data before someone can decrypt the data.
While more secure than WEP, WPA is still susceptible to
certain attacks.
16
17. WPA2 (Wi-Fi Protected Access 2)
Based on the IEEE 802.i standard
2 versions: Personal & Enterprise
The primary enhancement over WPA is the use of the AES
(Advanced Encryption Standard) algorithm
The encryption in WPA2 is done by utilizing either AES or
TKIP
The Personal mode uses a PSK (Pre-shared key) & does not
require a separate authentication of users
The enterprise mode requires the users to be separately
authenticated by using the EAP protocol
17
18. Cont..
WPA2 has immunity against many types of hacker
attacks
Man-in-the middle
Replay
Key collision
Weak keys
Packet forging
Dictionary attacks
18
19. How to defend when using WPA
Passphrases – the only way to crack WPA is to sniff the
password PMK associated with the handshake authentication
process, and if this password is extremely complicated it will
be almost impossible to crack
Passphrase Complexity – select a random passphrase that is
not made up of dictionary words. Select a complex
passphrase of a minimum of 20 characters in length and
change it at regular intervals
Change router default user name and password
19
20. Cont..
Change the internal IP subnet if possible
Change default name and hide broadcasting of the SSID
(Service Set Identifier)
None of the attack methods are faster or effective when a
larger passphrase is used.
Restrict access to your wireless network by filtering access
based on the MAC (Media Access Code) addresses
Use Encryption
20
21. Securing wireless transmission using VPN
Virtual private network (VPN) is a network that uses a
public telecommunication infrastructure, to provide remote
offices or individual users with secure access to their
organization's network.
The VPN follows a client and server approach.
For connections to an open network such as a Wi-Fi hotspot
and those commonly provided by hotels, Starbucks,
McDonalds and so on,
a virtual private network (VPN) can be a good security
solution to deliver consistent protection over any internet
connection and provide end-to-end security on wireless
devices.
21
22. Cont..
The VPN clients and VPN servers are used in three different
scenarios
1. Support remote access to an intranet.
2. Support connections between multiple intranets within the
same organization.
3. Join networks between two organizations, forming an
extranet.
22
23. Wireless security policies ?
Wireless devices and networks enable un-tethered
communications to mobile users.
Improperly installed, configured or managed wireless
technology presents a significant risk to the confidentiality of
information.
Wireless network security refers to the protection of wireless
network hardware, software, and the information contained
in them from threats caused by the inherent vulnerabilities in
the technology and its implementation.
This policy is to ensure that the deployment of wireless
networking is controlled and managed in a centralized way to
provide functionality and optimum levels of service whilst
maintaining network security.
23