The module for this lesson is still under development. Please contact us if you have any questions.

 

General Wi-Fi


1. Read Background
2. How can i avoid wireless attack
3. Lab Assignment
4. Complete Security Checklist

Summary:

Wireless local area network (WLAN), sometimes called Wi-Fi (Wireless Fidelity), has experienced phenomenal growth in recent years.Wi-Fi uses the IEEE 802.11 standard and can transmit data at a relatively fast speed over a distance of up to 375 feet (115 meters).However, Wi-Fi possesses a variety of vulnerabilities, including eavesdropping, data theft, malware injection, illegal data storage, denial of service, and network impersonation.

Description:

A WLAN can connect laptop computers, desktop computers, printers, an Internet connection, audio and video systems, among other devices without using any cables. Such a network requires an access point (AP) (or router). An AP has two basic functions. First, it serves as the “base station” for the WLAN. That is, all of the wireless devices that have a wireless network interface card (NIC) transmit directly to the AP. The AP in turn redirects the signal to other wireless devices. Second, an AP acts as a bridge between the wireless and wired networks, which allows communication between devices on the wireless network,and the wired network and the Internet. Wireless networks for home use typically combine the features of an AP, firewall and router in a single hardware device. Formally, these devices are wireless gateways, but vendors refer to them as wireless broadband routers or wireless routers.

Risk: How can it happen ?

Attacks on wireless networks is typically a three-step process: discovering the wireless network, connecting to the network, and launching the attack.

Discovery: A wireless network can be discovered because at regular intervals (typically, every 100 microseconds), its AP sends a signal to announce its presence and to provide the necessary information for devices that wish to establish a connection to the network or to maintain an existing connection. This process is known as beaconing. The process whereby devices listen for this beacon is known as scanning. Once a wireless device receives a beacon, it can attempt to connect to the network. However, because there is no way to limit who can receive the signal, unauthorized devices can also pick up the beaconing signal. Wireless location mapping or war driving, is the process of finding a beacon from a WLAN and recording information about it.

Connection: Once an attacker has identified the location of a WLAN, the next step is to connect to it. If the WLAN was not configured with the proper security protection, connection to it is trivial. If a wireless device such as a laptop computer is to connect to the WLAN, that device needs to knowthe Service Set Identifier (SSID) of the WLAN. The SSID serves as the network name and can be any alphanumeric string from 2 to 32 characters. If the wireless device sends the correct SSID to the AP, it can then be connected to the network.Although, Wireless Equivalent Privacy (WEP)has been widely used for authentication and encryptionof data on a WLAN, it has been proven to be vulnerable to attack.

    Attack: After an attacker has discovered and connected to a WLAN, there are a variety of attacks than can be launched. These attacks include the following:

  • Eavesdropping– The medium of communication on a WLAN is the air.Thus, with the proper software, attackers can view the contents of this information from hundreds of feet away, even if they are not connected to the wireless network. This information could include passwords, credit card numbers or other private information.
  • Stealing data — Once an attacker connects to a network, that attacker would be treated as a trusted user and would have access to the shared folders and files ofother users on the network. The attacker could steal those files, including files that may contain sensitive information of users.
  • Injecting Malware – Typically an attacker who gains access to a WLAN enters behind the network’s firewall and could inject malware onto a computer, such as worms or viruses.
  • Storing Illegal Content– As a trusted user on the network, the attacker could store illegal or harmful content onto network devices. The attacker could set up storage space on a user’s computer to download and store childhood pornography, pirated software, illegal videos, stolen credit cards, and other data—  all without the user’s knowledge.
  • Launching Denial of Service Attacks– WLAN denial of service attacks are designed to deny wireless devices access to the AP. There are several ways in which this could be done. The attacker who gains access to the network could: (1) start to download a very large file from the Internet, such as a video file, and thereby absorbing the network’s bandwidth— preventing other users from accessing the network; (2) use a packet generator to generate fake packets to flood the wireless network with traffic so that legitimate users cannot access the network; (3) send fraudulent disassociation frames— a communication from a wireless device that indicates the device wishes to end the wireless connection— pretending that there are from the AP, and cause any number of users to disassociate from the AP.
  • Impersonating a Legitimate Network–  an attacker could impersonate a network by creating a look-alike network to lure unsuspecting users to connect to the attacker’s network. The attacker could do this without using an AP by setting up an ad hoc or peer-to-peer network that connects wireless devices directly to another wireless device. The attacker would give ad hoc network misleading names, such as Free Wireless Network or Free Airport Network. Once the user establishes a connection, the attacker might be able to directly inject malware into the user’s machine or steal data.

Example of Occurrence:

Georgia man pleads guilty to hacking into Japanese drug maker’s U.S. computer network(Tuesday, August 16, 2011) — A 37-year-old Georgia man pleaded guilty yesterday in Newark to hacking the computer system of a Japanese pharmaceutical company’s U.S. subsidiary and crippling the business for days after his friend and former supervisor lost his job with the drug-maker… The FBI’s Cyber Crimes Task Force were able to determine the attack originated from a computer connected to a wireless network in the McDonald’s where Cornish had used his credit card minutes before the attack occurred
http://www.nj.com/business/index.ssf/2011/08/georgia_man_pleads_guilty_to_h.html

How can I avoid wireless attacks?

Defending a WLAN against wireless attacks involves two separate procedures. The first is to secure the WLAN(Ciampa, 2010)(McClure, Scambray, & Kurtz, 2009). The second is to use a public WLAN in the most secure manner possible.

Securing the WLAN:  The steps needed in securing a WLAN include the following:

  • Configuring the Network Settings– Several network settings can be used to enhance security. They include network address translation (NAT), wireless virtual local area networks (VLANs), setting up a demilitarized zone (DMZ), and port forwarding. NAT hides IP addresses of the WLAN devices from attackers. VLANs are usually used to segment users or network equipment in logical groupings. A DMZ is a separate network that resides outside the secure network perimeter. It is isolated from the secure network because the machines that comprise it— Web servers, e-mail servers, etc.— tend to be more vulnerable to attack. Port forwarding is a more secure alternative to DMZ.  While DMZ tends to open all the ports on a machine, port forwarding only opens up the ports that are needed.
  • Limiting users–  The objective of this step is to restrict the users who can access the WLAN. This can be accomplished in a variety of ways.  Two of these are: (1)MAC address filtering could be used by configuring the AP to specify the MAC addresses for the devices that are allowed access to the network; (2) through proper configuration ofthe Dynamic Host Configuration Protocol (DHCP) that the AP uses to lease IP addresses to the devices that need to connect to the WLAN;  for example, the AP could restrict the IP address range or limit the maximum number of users/devices that could simultaneously reside on the network. However, MAC address filtering and DHCP configuration have their limitations.
  • Turning on Wi-Fi Protected Access 2 (WPA2)– the personal security model is the standard for encrypting data and authenticating users on a WLAN. It is designed for small WLANs consisting of a maximum of ten users. The personal security model is divided into two parts, WPA and the updated WPA2. WPA2 offers better security than WPA, and supports APs and devices that were manufactured after its release in 2004. Other devices must use the older standard WPA.
  • Configuring the Network Settings– Several network settings can be used to enhance security. They include network address translation (NAT), wireless virtual local area networks (VLANs), setting up a demilitarized zone (DMZ), and port forwarding. NAT hides IP addresses of the WLAN devices from attackers. VLANs are usually used to segment users or network equipment in logical groupings. A DMZ is a separate network that resides outside the secure network perimeter. It is isolated from the secure network because the machines that comprise it— Web servers, e-mail servers, etc.—tend to be more vulnerable to attack. Port forwarding is a more secure alternative to DMZ.  While DMZ tends to open all the ports on a machine, port forwarding only opens up the ports that are needed.

Using a Public Wireless Network Securely: Public wireless networks are usually less securethan other WLANs because they tend to be permissive by nature; i.e., they make it easy for users to connect. Two common ways to make the experience of connecting to a public network more secure are the following:

  • Turn on a Personal Firewall – The purpose of a firewall is to prevent malicious packets from entering the network. A personal software firewall runs as a program on user’s computer. It operates according to a rule base, and takes one of the following three actions when it receives a packet: (a) allow – let the packet through, (b) block – prevent the packet from passing through the network, and (c) prompt – prompts the user as to what action to take with the packet.
  • Virtual Private Networks (VPNs)– A VPN uses anunsecured public network as if it were secure private network. It does so using encryption and cryptographic keys to encrypt its communication.

    Lab Assignment:

    Lock Down a Wireless Router(or Access Point) [This exercise is a slight modification from (Ciampa, 2010) Project 5-3, pp 185.]: The first step to securing a wireless router is to lock it down by changing some of the default settings. In this project, you perform the steps to securing a wireless router. (The steps in the project are based on the popular Linksys wireless router series WRT54G and WRT54G2. Other wireless routers have similar capabilities.)

      1. On a computer that is connected to the wireless network, open your Web browser and enter 192.168.1.1, which is the default IP address for the wireless router

      2. A login screen will appear. Enter admin as the default password and click OK.

      3. Click Administration

      4. If necessary, click Management

      5. Enter a strong password for the wireless router under Router Password: and then reenter it under Re-enter to confirm:.

      6. Under Access Server:, check HTTPS. The HTTPS option will encrypt the transmissions when configuring the wireless router so that an attacker cannot view them.

      7. If a desktop computer that has a wired connection to the wireless router (instead of a wireless laptop) will be used to configure the wireless router, under Wireless Access Web: check Disable. If a wireless laptop will be used to configure the wireless router, this setting should be Enable.

      8. Under Remote Management: set this to Disable if necessary. This will prevent an attacker from accessing the wireless router through the Internet

      9. Under UPnP:, change this to Disable if necessary.

      10. Click Save Settings

      11. Click Wireless

      12. Under Wireless Network Name: enter and SSID that does not identify you or your specific location.

      13. Click Save Settings

      14. Close the Web browser

      15. Now test the settings. If you set Wireless Access Web: to Disable in Step 7 above, you will use a desktop computer that has a wired connection; if you set it to Enable, you can use a wireless computer. Open your Web browser and enter https://192.168.1.1 or the IP address of the wireless router (note that this is https and http).

      16. When the login screen appears, enter your password and click OK.

      17. Close the Web browser

      18. If you set Wireless Access Web: to Disable, you can also test that wireless devices cannot access the wireless router. From a laptop computer that is connected to the wireless network, open a Web browser and https://192.168.1.1. You should receive an error message that you cannot access the settings.

      19. Close all windows

    Security Checklist:

    Security checklist

    Vulnerability

    Wi-Fi Vulnerability

    Course

    Networking

    Answer the following questions to determine if yourWi-Fi is vulnerable to attack.

    Yes/No – describe

    1. Is the wireless router lock down?

    2. Are there restrictions as to who can access the wireless network?

    3. Is Wi-Fi Protected Access 2 turned on?

    4. Are network settings modified to enhance security?

    5. Is your firewall activated when using a public WLAN?

    6. Are you using a Virtual Private Network when you are accessing a public WLAN?

    If you answered no to any of the above questions, then the WLAN you are using is vulnerable to attack.


    References &Further Reading :

    Ciampa, M. (2010). Security Awareness: Applying Practical Security in Your World (3rd ed., pp. 149-189). Boston, MA: Course Technology, Cengage Learning. McClure, S., Scambray, J., & Kurtz, G. (2009).

    Hacking Exposed: Network Security Secrets and Solutions (6th ed.). New York: McGraw-Hill Osborne Media.

  •  
    Copyright © Towson University