The University Of Lahore Computer Networks Sir Waseem Iqbal Submitted by: Muhammad Zia Shahid ******************************** Term Paper Wireless LAN Security Risks and Solutions
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 1/18
The University Of Lahore
Computer Networks
Sir Waseem IqbalSubmitted by:
Muhammad Zia Shahid
********************************
Term Paper
Wireless LAN Security Risks and Solutions
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 2/18
Topics:
Introduction of wireless LAN Security
Security Black points
Security Hacks Method
Protection Methods
Final Result
Abstract:
Current Wireless LAN Security Risks and Solution are written down in this paper. This paper will also
provide an overview of the major Security risks, threats and vulnerabilities with WLAN systems.Protection methods will also help us to prevent the WLAN.
Term Paper Feature: What is a WLAN Security...?
Importance of WLAN Security
Discuss Security Problems and Risks
Hacks Techniques and Available software in black market
How to Protect the WLAN System
Volunteer born Findings
Introduction of wireless LAN Security
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 3/18
Wireless networks based on IEEE802.11 standard have experienced excellent growth. This has
happened mainly due to the timely release of the IEEE 802.11 standard[1], the cost of the hardware, and high data rate (11 Mbps for IEEE
802.11b and 54 Mbps for IEEE 802.11a) .Many organizations are findingthat WLANs (Wireless Local Area Networks) are anessentialConnectedto traditional wired LANs, needed to satisfy
Requirements for mobility, relocation, ad hoc networking, and coverage
of locations hard to wire.Applications areas for WLANs can be classified in the followingCategoriesLAN extension, cross-building interconnect, nomadic
Access and ad hoc wireless networks. WLANs are being largely used inEducation, healthcare, financial industries, and various public places such
as airline lounges, coffee shops, and libraries. Although the technologyhas been standardized for many years, providing the wireless network
security has become a critical area of concern. Due to the broadcastof the wireless communication, it becomes easy for an attacker to
hack wireless communication or to disturb the normal operation of thenetwork by injecting additional traffic .[2]
Furthermore, an interestingway has been registered in technology-oriented high
Densepopulated independent, nonprofessional,computer amateurs install aWLAN AccessPoint and allow everyone to access it for free.[3]
IEEE 802.11 specifies an optional encryption capability called Wired Equivalent Privacy( WEP ). The purpose is to establish security to wired networks. WEP incorporates the
RC4 algorithm from RSA Data Security. This algorithm encrypts over-the-air transmissions.
The lack of cables makes WLANs easy to install for system
administrators and, at the same time, offer mobility
and flexibility for the users. This kind of portability at areasonable price, without a noticeable drop in bandwidth,has been mainly responsible for WLAN¶s widespread usage
in the home environment.[4]
WLAN ArchitectureAn IEEE 802.11 WLAN is a group of stations (wireless nodes) locatedwithin a limited physical area. The IEEE 802.11 architecture consists of
several components that interact to provide a WLAN that supportsstation mobility. The basic building block of IEEE 802.11 LAN is the
basic service set(BSS), which consists of some number of stations executing the same
MAC protocol and competing for access to the same, shared wirelessmedium. The association between a station and a BSS is dynamic. When
getting out of the range, a station may disassociate to the current BSS,and it may associate later to another BSS. The component that
interconnects BSSs is the distribution system (DS). The DS can be aswitch, a wired network, or a wireless network. A BSS connects to a DS
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 4/18
through an Access Point (AP). An AP functions like a bridge, movingdata between its BSS and the DS. A set of BSSs and the DS form an
extended service set (ESS) network. Stations within an ESS maycommunicate and mobile stations may move from a BSS to another. The
EES appears as a single logical LAN at the logical link control (LLC)level. The integration of IEEE802.11 architecture with a traditional
wired 802.x LAN is accomplished through a portal.
Security Black points
� Traffic Analysis.
� Passive Eavesdropping.
� Active Eavesdropping.
� Unauthorized Access.
� Man-in-the-middle
� Session High-Jacking
� Denial of service (DoS)
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 5/18
Traffic Analysis
� Traffic analysis allows the attacker to obtain three forms of information.
� The attacker preliminary identify that there is activity on the
network.
�
The identification and Physical location of the Wireless AccessPoint (AP).
� The type of protocol being used during the transmission.
Passive Eavesdropping
� Passive Eavesdropping allows the attacker to obtain two forms of
information.
�
The attacker can read the data transmitted in the session.
� The attacker can read the information i.e source, destination, size,
number and time of transmission.
Active Eavesdropping
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 6/18
Active Eavesdropping allows the attacker inject the data into the
communication to decipher the payload.
Active Eavesdropping can take into two forms.
The attacker can modify the packet.
The attacker can inject complete packet into the data.
The WEP by using CRC only check the integrity of the data into the
packet. Unauthorized Access
Due to physical properties of the WLAN, the attacker will always have
access to the Wireless components of the network.
If attacker becomes successful to get unauthorized access to the network
by using brute force attack, man in the middle and denial of service attack,
attacker can enjoy the whole network services.
Man-in-the-MiddleThe man-in-the-middle,bucket-brigade attack, or sometimes Janus attack, is a form of
active eavesdropping in which the attacker makes independent connections with the
victims and relays messages between them, making them believe that they are talking
directly to each other over a private connection, when in fact the entire conversation is
controlled by the attacker. The attacker must be able to intercept all messages going
between the two victims and inject new ones, which is straightforward in many
circumstances (for example, an attacker within reception range of an unencrypted Wi-
Fi wireless access point, can insert himself as a man-in-the-middle).
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 7/18
Session Hi-Jacking
In computer science, session hijacking is the exploitation of a valid computer
session²sometimes also called a session key ²to gain unauthorized access to
information or services in a computer system. In particular, it is used to refer to
the theft of a magic cookie used to authenticate a user to a remote server. It has
particular relevance to web developers, as the HTTP cookies used to maintain a
session on many web sites can be easily stolen by an attacker using an
intermediary computer or with access to the saved cookies on the victim's
computer (see HTTP cookie theft).
[5]
Security Hacks Method
� NetStumbler
� K ismet
� Wellenreiter
� THC-R UT
� Ethereal
� AirSnort
� HostAP
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 8/18
� WEPWedgie
� AirSnarf
� SMAC
� Aircrack
� Aircrack-ng
� WepAttack
� WEPCrack.
� coWPAtty
NetStumbler
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using802.11b, 802.11a and 802.11g
[6]
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 9/18
K ismet
Kismet is an 802.11 wireless network detector, sniffer, and intrusion
detection system. Kismet will work with any wireless card which
supports raw monitoring mode, and can sniff 802.11b, 802.11a, 802.11g,
and 802.11n traffic (devices and drivers permitting).
[7]
Wellenreiter
Wellenreiter was developed to analyze wrongly configured networks. This is simple and
Possible transparently and without interfering the network. The collected information helps toOptimize the environment.[8]
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 10/18
THC-R UT
RUT (aReyoUThere, pronouced as 'root') is your first knife on foreign
network. It gathers informations from local and remote networks.[9]
Ethereal
Ethereal is a network packet analyzer. A network packet analyzer will try to capture
network packets and tries to display that packet data as detailed as possible.[10]
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 11/18
AirSnort
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates
by passively monitoring transmissions, computing the encryption key when enough
packets have been gathered.[11]
AirSnarf
AirSnarf is a simple rogue wireless access point setup utility designed to demonstrate how
a rogue AP can steal usernames and passwords from public wireless hotspots. AirSnarf
was developed and released to demonstrate an inherent vulnerability of public 802.11b
hotspots--snaring usernames and passwords by confusing users with DNS and HTTP
redirects from a competing AP.[12]
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 12/18
Aircrack
Aircrack is a set of tools for auditing wireless networks:
yairodump: 802.11 packet capture program
yaireplay: 802.11 packet injection program
yaircrack: static WEP and WPA-PSK key cracker
yairdecap: decrypts WEP/WPA capture files[13]
WEPCrack
WEPCrack is an open source tool for breaking 802.11 WEP secret keys. This tool is is animplementation of the attack described by Fluhrer, Mantin, and Shamir in the
paper "Weaknesses in the Key Scheduling Algorithm of RC4"[14]
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 13/18
Protection Methods
Changing Administrator Passwords and UsernamesAfter you've taken your wifi router out of the box and started the setup process, you will be asked to
sign on to a specific Web page and are required to enter information such as your network address andaccount information. In theory, this Wifi setup page is protected with a login screen (username and
password).
The Problem: Though the username and password are intended to allow only you to get access to your Wifi setup and the personal information you have entered, the fact remains that the logins provided are
usually given to everyone with the same model router, and because most people never change them,they remain an easy target for hackers and identity thieves. In fact, there are sites that list the default
usernames and passwords for wireless routers, making a hackers job even easier.
The Solution: Change the username and password for your Wifi setup immediately after the first login.
And if you are going to spend the time changing your password, make sure it is difficult to guess.Your name, birth date, anniversary date, child's name, spouse's name, or pet's name are going to be
among the hacker's first guesses. And because many hackers use a technique called 'dictionaryhacking,' (running a program that tries common English words as passwords) you should make sure
that your password isn't just a common English word, but rather is a combination of letters andnumbers.
Upgrading your Wifi Encryption
If the information sent back and forth over your Wifi network isn't adequately encrypted, a hacker can
easily tap into the network and monitor your activity. When you type personal or financial information
into a Web site, that hacker can then steal that information and use it to steal your identity.The oldencryption standard Wired Equivalent Privacy (WEP) can be hacked within 30 seconds, no matter the
complexity of the passphrase you use to protect it. Unfortunately, millions of Wifi users are still usingWEP encryption technology to encrypt their information, despite the availability of the vastly superior
WPA2 encryption standard.
The Problem: Despite the superior encryption protection that WPA2 provides, most Wifi home usershave failed to upgrade their protection because they were unaware of the problem, or simply felt
overwhelmed by the technical prospects of upgrading. As a result, many continue to use WEPencryption, which is now so simple to hack that it is widely regarded as little better than no encryptionat all.
The Solution: The solution, of course, is to upgrade your Wifi encryption to WPA2. But before you can
add WPA2 protection, you will have to complete a few steps in order to update your computer. Thefirst step is to download and install Microsoft's WPA2 hotfix for Windows XP. You will also likely
need to update your wireless card driver. These updates, if needed, will be listed in Microsoft'sWindows U pdate page under the subheading "Hardware Optional".
Now that your computer and wireless card are up to date, you will need to log into your router's
administration page through your web browser (this is the page you signed into in order to setuptheWifi router the first time you opened it up, the specific URL can be found in your router's
instruction manual.) Once signed in, change the security settings to "WPA2 Personal" and select the
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 14/18
algorithm "TK IP+AES". Finally, enter your password into the "Shared K ey" field and save your changes.
Changing the Default System ID
When you got your Linksys or D-Link router home from the store and set it up, it came with a defaultsystem ID called the SSID (Service Set Identifier) or ESSID (Extended Service Set Identifier). This ID
is also commonly referred to as the name of your Wifi setup.
The Problem: Usually, manufacturers assign identical SSID sets to their devices, and 80 percent of Wifihome users leave their system on the default setting. So that means that 80 percent of homes have Wifi
systems titled, "Default" or "LinkSys" or whatever your provider sets as the default name.
The problem with these default settings is that they serve as strong signals to hackers who have beenknown to just cruise neighborhoods looking for Wifi networks with default names to hack into.
Though knowing the SSID does not allow anyone to break into your network, it usually indicates thatthe person hasn't taken any steps to protect their network, thus these networks are the most common
targets.
The Solution: Change the default SSID immediately when you configure your LAN. This may not
completely offer any protection as to who gains access to your network, but configuring your SSID tosomething personal, e.g. "The Smith House Wifi Network", will differentiate you from other
unprotected networks, and discourage hackers from targeting you. As an added bonus, having a Wifinetwork with a unique name also means that neither you or your family will make the mistake of
connecting through a neighbor's Wifi network, and thus exposing your computers through their unprotected setup.
MAC Address Filtering
If you've had an unsecured Wifi setup in your home in the past, you can be fairly certain that at least
one of your neighbors is mooching off your Wifi to connect to the Internet. While everyone loves a
friendly neighbor, providing an easy resource for others to steal Internet access is morally and legallyquestionable, but even scarier is the harm those moochers can do to your computer.
In order to check who has been using your network, you'll need to check the MAC address. Every wifigadget is assigned a unique code that identifies it called the "physical address" or "MAC address."
Your wifi system automatically records the MAC addresses of all devices that connect to them. But busting your Internet-stealing neighbors isn't all that MAC addresses are good for, they can actually be
a great help in securing your WLAN.
The Problem: You are not sure who or what is accessing and endangering your wifi network, and onceyou find out that someone or something is mooching off your network, you want to stop them. But
how?
The Solution: Checking the MAC address long for your wifi network will give you a quick view of allthe devices accessing your network. Anything that isn't yours, you will want to keep out. To do this,
you will need to manually key in the MAC addresses of your home equipment. This way, the network
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 15/18
will allow connections only from these devices, so your mooching neighbors will be out of luck.Caution: This feature is not as powerful as it may seem. While it will stop your average neighborhood
moocher or amateur hacker, professional hackers use advanced software programs to fake MACaddresses.
Stop Publicly Broadcasting your Network
By now you've renamed your wifi so that hackers won't see the default name as they sweep for unprotected wifi setups. But wouldn't it be even better if hackers and curious neighbors didn't know
you had a wifi setup at all? Usually, your access point or router is programmed to broadcast thenetwork name (SSID) over the air at regular intervals. While broadcasting is essential for businesses
and mobile hotspots to let people find the network, it isn't needed at home, so eliminate it.
The Problem:Why broadcast to the world that you have a wireless connection? You already know it;why do strangers need to know? For most personal uses, you are better off without this feature,
because it increases the likelihood of an unwelcome neighbor or hacker trying to log in to your homenetwork. The broadcast works like an invitation to the hackers who're searching for just that
opportunity.
The Solution: Most wifi access points allow the SSID broadcast feature to be disabled by the network
administrator. If you are using a Linksys router, instructions to disable your SSID broadcast are here,and for those of you using D-Link, your instructions are here (See Figure 1.6 on page 4). Otherwise,
you will need to check the manual for your hardware for specific instructions on how to disable broadcasting for your router.
Auto-Connect to Open Wifi Networks?
Most computers provide a wifi setting that will configure your computer to automatically connect toany open wifi network without notifying you. While this setting isn't the default, many individuals
select the setting because it makes connecting faster when you are traveling, or connecting at a friend'shouse. Even more common, is to have selected 'connect automatically' to networks that you regularly
connect to. Again, this makes sense, as most people do not want to have to manually type in the nameof their wireless network and the password each time they want to sign in at home. Unfortunately, both
wifi setups can cause major security problems.
The Problem: If you connect to every available wifi network automatically, you will inevitably end up
connecting to dummy wifi networks designed specifically to catch unsuspecting users and hack their computers.
Similarly, if you automatically connect to your regular wifi networks (meaning you don't manually
type in your network name and password every time) then you may be setting yourself up for asecurity breach. That is because 80 percent of wifi users have not changed the name of their wireless
connection. Therefore, it is very easy for a hacker to create a dummy network entitled "Linksys" or "Default", then sit back and watch 80 percent of computers automatically connect to the network since
it has a 'trusted' name.
The Solution: Never select the 'connect to available wifi networks automatically' setup option under your Network Connections window. If you don't want to have to manually type in the name and
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 16/18
password to your wifi connection each t ime you sign in (the safest option), at least make sure that youhave named your wifi connection something unique, and that you eliminate all generic titled networks
from your 'preferred networks' list. That way, you won't get automatically connected to dummy wifinetworks setup by hackers and given the names, "Default" or "Linksys".
You've got a built-in firewall, so use it
Your IT security needs to use a layered approach. While no single layer of your security is enough to
withstand every attack, adding layers to your security will help ensure that spyware and malware arekept out. Two important security layers are the router firewall and your individual PC's firewall.
The Problem: Routers come with built-in firewall capability. However, since there is an option to
disable them, they can often be accidentally turned off by someone toggling options.
The Solution: Ensure that your router's firewall is enabled, along with related built in security featuredwhich block anonymous internet requests or pings. This extra step will help hide your network's
presence to the internet, and thus help protect your network. After all, it's harder for hackers toinfiltrate what they can't find.
Positioning of the Router or Access Point
Wifi signals don't know where your house ends and where your neighbor's begins. This wifi signal
leakage gives hackers and neighbors the opportunity to find your wireless network and attempt toaccess it.
The Problem: While a small amount of overflow outdoors is not a problem, it is important to keep this
leakage to a minimum. This is important because the further your signal reaches into theneighborhood, the easier it is for others to detect and exploit.
The Solution: If you haven't yet installed your wireless home network, make sure to position the router or access point in the center of the home rather than near windows or doors. If you live in an
apartment, consider that a wifi network is restricted in part based upon the materials that it must passthrough, the more walls, doors, and metal the signal passes through, the weaker it is. So if your goal is
to reduce leakage, you might consider mounting your wifi in a closet in order to reduce signal strength.
When to Turn Off the Network
Most of us know that it is impractical to constantly turn devices on and off. Having a wifi connection
is in large part a device of convenience, and having to turn it off every time you aren't using it,eliminates much of that convenience. Unfortunately, a wifi connection is vulnerable when it is on;
therefore shutting off your wireless signal when not in use would be a huge boon to its security.
The Problem: There is an inherent tension between convenience and security in deciding whether toturn off a wireless access point between connections.
The Solution: Just as you take extra home security measures when taking a vacation, like asking your neighbors to pick up the mail and leaving a light on, so also should you take extra wifi security
8/6/2019 Wirless Lan Security
http://slidepdf.com/reader/full/wirless-lan-security 17/18
measures when your network will not be in use for expended periods of time. Shutting down thenetwork is a basic but effective security measure that can protect your network when you are not
around to protect it, and hackers may take the opportunity to mount their attack.
Putting your Improvements to the Test
Now that you've made all these changes to your wifi setup, it would be nice to know that you are
secure. Unfortunately, the only surefire test for how secure you are is to wait to see if you get hacked.Trial by fire is no way to test your security, however, so thankfully there is a program to help audit
your wifi security.
The Problem: There is no way for the average home wifi user to know if the changes they made toupgrade their wireless security will really prove successful in keeping them safe.
The Solution: The Netstumbler utility, by Marius Milner will both determine your network'svulnerabilities and unauthorized access points. In addition to these security concerns, the
downloadable program will also reveal the sources of network interference and weak signal strength,so that you can improve the strength of your wifi signal. Netstumbler is free for download, although
the author asks that those who find the tool helpful make a donation to support the creation of futureutilities.[15]
References:
1. [Sara NasreWirelessLan Security
Research Paper05/05/2004IT 6823 Information Security
Instructor: Dr. Andy JuAn WangSpring 2004]
2. [Wireless LAN Security Issues and Solutions
Cliff Skolnick, BAWUG]
[3]Mohammad O. Pervaiz, MihaelaCardei, and Jie Wu
Department of Computer Science &Engineering, Florida Atlantic University
777 Glades Road, Boca Raton, Florida 33431,USA
E-mail:{mpervaiz@, mihaela@cse., jie@cse.}fau.edu
[4]WLAN security ± Status, Problems and Perspective
Marco Casole
Ericsson Enterprise AB ±Wireless LAN Systems ± 164 80 Stockholm - Sweden
Ph.: + 46 08 508 79822, Fax: + 46 08 585 31290, e-mail: [email protected]
[5]Wikipedia and MSc¶s Presentation from uol
[6]http://www.stumbler.net