Lec 7: Wireless Security

Introduction

• Wireless security is the prevention of unauthorized access or damage to computers using wireless networks.
• Wireless networks are very common, both for organizations and individuals. Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits.
  
• The risks to users of wireless technology have increased as the service has become more popular. There were relatively few dangers when wireless technology was first introduced.

There is a types of WLAN standards

802.11

• The Institute of Electrical and Electronics Engineers (IEEE) created the first WLAN standard in the 1997.
• Called it 802.11 after the name of the group formed to oversee its development. Unfortunately, 802.11 only supported a maximum network bandwidth of 2 Mbps - too slow for most applications.
• This reason, ordinary 802.11 wireless products are no longer manufactured.

802.11b

• IEEE expanded on the original 802.11 standard in July 1999, creating the 802.11b specification. 802.11b supports bandwidth up to 11 Mbps, comparable to traditional Ethernet.
• 802.11b uses the same unregulated radio signaling frequency (2.4 GHz) as the original 802.11 standard. Vendors often prefer using these frequencies to lower their production costs. Being unregulated, 802.11b gear can incur interference from microwave ovens, cordless phones, and other appliances using the same 2.4 GHz range. However, by installing 802.11b gear a reasonable distance from other appliances, interference can easily be avoided.
• Pros of 802.11b - lowest cost; signal range is good and not easily obstructed.
• Cons of 802.11b - slowest maximum speed; home appliances may interfere on the unregulated frequency band.

802.11a

• 802.11a supports bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz.
• This higher frequency compared to 802.11b shortens the range of 802.11a networks. The higher frequency also means 802.11a signals have more difficulty penetrating walls and other obstructions.
• 802.11a and 802.11b utilize different frequencies, the two technologies are incompatible with each other. Some vendors offer hybrid 802.11a/b network gear, but these products merely implement the two standards side by side (each connected devices must use one or the other).
• Pros of 802.11a - fast maximum speed; regulated frequencies prevent signal interference from other devices.
• Cons of 802.11a - highest cost; shorter range signal that is more easily obstructed.
  
  

802.11n

• The newest IEEE standard in the Wi-Fi category is 802.11n. It was designed to improve on 802.11g in the amount of bandwidth supported by utilizing multiple wireless signals and antennas (called MIMO technology) instead of one.
• When this standard is finalized, 802.11n connections should support data rates of over 100 Mbps. 802.11n also offers somewhat better range over earlier Wi-Fi standards due to its increased signal intensity. 802.11n equipment will be backward compatible with 802.11g gear.
• Pros of 802.11n - fastest maximum speed and best signal range; more resistant to signal interference from outside sources
• Cons of 802.11n - standard is not yet finalized; costs more than 802.11g; the use of multiple signals may greatly interfere with nearby 802.11b/g based networks.
  
  
  

  Accidental association

  • Unauthorized access to company wireless and wired networks can come from a number of different methods and intents.
    
  • One of these methods is referred to as “accidental association”. When a user turns on a computer and it latches on to a wireless access point from a neighboring company’s overlapping network, the user may not even know that this has occurred.
    
  • It is a security breach in that proprietary company information is exposed and now there could exist a link from one company to the other.
    
  • This is especially true if the laptop is also hooked to a wired network.
  
  

  Malicious association

  • “Malicious associations” are when wireless devices can be actively made by crackers to connect to a company network through their cracking laptop instead of a company access point (AP).
  • Once the cracker has gained access, he/she can steal passwords, launch attacks on the wired network, or plant trojans.
  • Wireless 802.1x authentications do help with protection but are still vulnerable to cracking.
    
  • The idea behind this type of attack may not be to break into a VPN or other security measures. Most likely the cracker is just trying to take over the client at the Layer 2 level.

  Ad-hoc networks

  • etworks can pose a security threat. Ad-hoc networks are defined as peer-to-peer networks between wireless computers that do not have an access point in between them.
    
  • Types of networks usually have little protection, encryption methods can be used to provide security.

  Non-traditional networks

  • Non-traditional networks such as personal network Bluetooth devices are not safe from cracking and should be regarded as a security risk.
  • Barcode readers, handheld PDAs, and wireless printers and copiers should be secured. These non-traditional networks can be easily overlooked by IT personnel who have narrowly focused on laptops and access points.

  Identity theft (MAC spoofing)

  • Identity theft (or MAC spoofing) occurs when a cracker is able to listen in on network traffic and identify the MAC address of a computer with network privileges.
    
  • Most wireless systems allow some kind of MAC filtering to only allow authorized computers with specific MAC IDs to gain access and utilize the network.
  • Combine these programs with other software that allow a computer to pretend it has any MAC address that the cracker desires, and the cracker can easily get around that hurdle.
  • MAC filtering is only effective for small residential(SOHO)networks, since it only provides protection when the wireless device is "off the air".
    
  • Any 802.11 device "on the air" freely transmits it unencrypted MAC address in it's 802.11 headers, and it requires no special equipment or software to detect it.
    
  • Anyone with an 802.11 receiver (laptop and wireless adapter) and a freeware wireless packet analyzer can obtain the MAC address of any transmitting 802.11 within range.
    
  • In an organizational environment, where most wireless devices are "on the air" throughout the active working shift, MAC filtering only provides a false sense of security since it only prevents "causal" or unintended connections to the organizational infrastructure and does nothing to prevent a directed attack.

Man-in-the-middle attacks

• A man-in-the-middle attacker entices computers to log into a computer which is set up as a soft AP (Access Point).
  
• The hacker connects to a real access point through another wireless card offering a steady flow of traffic through the transparent hacking computer to the real network. The hacker can then sniff the traffic.
  
• One type of man-in-the-middle attack relies on security faults in challenge and handshake protocols to execute a “de-authentication attack”. This attack forces AP-connected computers to drop their connections and reconnect with the cracker’s soft AP.
• Man-in-the-middle attacks are enhanced by software such as LANjack and AirJack, which automate multiple steps of the process.

Denial of service

• A Denial-of-Service attack (DoS) occurs when an attacker continually bombards a targeted AP (Access Point) or network with bogus requests, premature successful connection messages, failure messages other commands.
  
• These cause legitimate users to not be able to get on the network and may even cause the network to crash.
  
• These attacks rely on the abuse of protocols such as the Extensible Authentication Protocol (EAP).

• The DoS attack in itself does little to expose organizational data to a malicious attacker, since the interruption of the network prevents the flow of data and actually indirectly protects data by preventing it from being transmitted.
  
• The usual reason for performing a DoS attack is to observe the recovery of the wireless network, during which all of the initial handshake codes are re-transmitted by all devices, providing an opportunity for the malicious attacker to record these codes and use various "cracking" tools to analyze security weaknesses and exploit them to gain unauthorized access to the system.

Network injection

• In a network injection attack, a cracker can make use of access points that are exposed to non-filtered network traffic, specifically broadcasting network traffic.
  
• The cracker injects bogus networking re-configuration commands that affect routers, switches, and intelligent hubs. A whole network can be brought down in this manner and require rebooting or even reprogramming of all intelligent networking devices.