Wirless Lan Security

8/6/2019 Wirless Lan Security

http://slidepdf.com/reader/full/wirless-lan-security 1/18

The University Of Lahore

Computer Networks

Sir Waseem IqbalSubmitted by:

Muhammad Zia Shahid

********************************

Term Paper

Wireless LAN Security Risks and Solutions



Topics:

Introduction of wireless LAN Security

Security Black points

Security Hacks Method

Protection Methods

Final Result

Abstract:

Current Wireless LAN Security Risks and Solution are written down in this paper. This paper will also

provide an overview of the major Security risks, threats and vulnerabilities with WLAN systems.Protection methods will also help us to prevent the WLAN.

Term Paper Feature: What is a WLAN Security...?

Importance of WLAN Security

Discuss Security Problems and Risks

Hacks Techniques and Available software in black market

How to Protect the WLAN System

Volunteer born Findings

Introduction of wireless LAN Security



Wireless networks based on IEEE802.11 standard have experienced excellent growth. This has

happened mainly due to the timely release of the IEEE 802.11 standard[1], the cost of the hardware, and high data rate (11 Mbps for IEEE

802.11b and 54 Mbps for IEEE 802.11a) .Many organizations are findingthat WLANs (Wireless Local Area Networks) are anessentialConnectedto traditional wired LANs, needed to satisfy

Requirements for mobility, relocation, ad hoc networking, and coverage

of locations hard to wire.Applications areas for WLANs can be classified in the followingCategoriesLAN extension, cross-building interconnect, nomadic

Access and ad hoc wireless networks. WLANs are being largely used inEducation, healthcare, financial industries, and various public places such

as airline lounges, coffee shops, and libraries. Although the technologyhas been standardized for many years, providing the wireless network

security has become a critical area of concern. Due to the broadcastof the wireless communication, it becomes easy for an attacker to

hack wireless communication or to disturb the normal operation of thenetwork by injecting additional traffic .[2]

Furthermore, an interestingway has been registered in technology-oriented high

Densepopulated independent, nonprofessional,computer amateurs install aWLAN AccessPoint and allow everyone to access it for free.[3]

IEEE 802.11 specifies an optional encryption capability called Wired Equivalent Privacy( WEP ). The purpose is to establish security to wired networks. WEP incorporates the

RC4 algorithm from RSA Data Security. This algorithm encrypts over-the-air transmissions.

The lack of cables makes WLANs easy to install for system

administrators and, at the same time, offer mobility

and flexibility for the users. This kind of portability at areasonable price, without a noticeable drop in bandwidth,has been mainly responsible for WLAN¶s widespread usage

in the home environment.[4]

WLAN ArchitectureAn IEEE 802.11 WLAN is a group of stations (wireless nodes) locatedwithin a limited physical area. The IEEE 802.11 architecture consists of

several components that interact to provide a WLAN that supportsstation mobility. The basic building block of IEEE 802.11 LAN is the

basic service set(BSS), which consists of some number of stations executing the same

MAC protocol and competing for access to the same, shared wirelessmedium. The association between a station and a BSS is dynamic. When

getting out of the range, a station may disassociate to the current BSS,and it may associate later to another BSS. The component that

interconnects BSSs is the distribution system (DS). The DS can be aswitch, a wired network, or a wireless network. A BSS connects to a DS



through an Access Point (AP). An AP functions like a bridge, movingdata between its BSS and the DS. A set of BSSs and the DS form an

extended service set (ESS) network. Stations within an ESS maycommunicate and mobile stations may move from a BSS to another. The

EES appears as a single logical LAN at the logical link control (LLC)level. The integration of IEEE802.11 architecture with a traditional

wired 802.x LAN is accomplished through a portal.

Security Black points

� Traffic Analysis.

� Passive Eavesdropping.

� Active Eavesdropping.

� Unauthorized Access.

� Man-in-the-middle

� Session High-Jacking

� Denial of service (DoS)



Traffic Analysis

� Traffic analysis allows the attacker to obtain three forms of information.

� The attacker preliminary identify that there is activity on the

network.

�

The identification and Physical location of the Wireless AccessPoint (AP).

� The type of protocol being used during the transmission.

Passive Eavesdropping

� Passive Eavesdropping allows the attacker to obtain two forms of

information.

�

The attacker can read the data transmitted in the session.

� The attacker can read the information i.e source, destination, size,

number and time of transmission.

Active Eavesdropping



Active Eavesdropping allows the attacker inject the data into the

communication to decipher the payload.

Active Eavesdropping can take into two forms.

The attacker can modify the packet.

The attacker can inject complete packet into the data.

The WEP by using CRC only check the integrity of the data into the

packet. Unauthorized Access

Due to physical properties of the WLAN, the attacker will always have

access to the Wireless components of the network.

If attacker becomes successful to get unauthorized access to the network

by using brute force attack, man in the middle and denial of service attack,

attacker can enjoy the whole network services.

Man-in-the-MiddleThe man-in-the-middle,bucket-brigade attack, or sometimes Janus attack, is a form of

active eavesdropping in which the attacker makes independent connections with the

victims and relays messages between them, making them believe that they are talking

directly to each other over a private connection, when in fact the entire conversation is

controlled by the attacker. The attacker must be able to intercept all messages going

between the two victims and inject new ones, which is straightforward in many

circumstances (for example, an attacker within reception range of an unencrypted Wi-

Fi wireless access point, can insert himself as a man-in-the-middle).



Session Hi-Jacking

In computer science, session hijacking is the exploitation of a valid computer

session²sometimes also called a session key ²to gain unauthorized access to

information or services in a computer system. In particular, it is used to refer to

the theft of a magic cookie used to authenticate a user to a remote server. It has

particular relevance to web developers, as the HTTP cookies used to maintain a

session on many web sites can be easily stolen by an attacker using an

intermediary computer or with access to the saved cookies on the victim's

computer (see HTTP cookie theft).

[5]

Security Hacks Method

� NetStumbler

� K ismet

� Wellenreiter

� THC-R UT

� Ethereal

� AirSnort

� HostAP



� WEPWedgie

� AirSnarf

� SMAC

� Aircrack

� Aircrack-ng

� WepAttack

� WEPCrack.

� coWPAtty

NetStumbler

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using802.11b, 802.11a and 802.11g

[6]



K ismet

Kismet is an 802.11 wireless network detector, sniffer, and intrusion

detection system. Kismet will work with any wireless card which

supports raw monitoring mode, and can sniff 802.11b, 802.11a, 802.11g,

and 802.11n traffic (devices and drivers permitting).

[7]

Wellenreiter

Wellenreiter was developed to analyze wrongly configured networks. This is simple and

Possible transparently and without interfering the network. The collected information helps toOptimize the environment.[8]



THC-R UT

RUT (aReyoUThere, pronouced as 'root') is your first knife on foreign

network. It gathers informations from local and remote networks.[9]

Ethereal

Ethereal is a network packet analyzer. A network packet analyzer will try to capture

network packets and tries to display that packet data as detailed as possible.[10]



AirSnort

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates

by passively monitoring transmissions, computing the encryption key when enough

packets have been gathered.[11]

AirSnarf

AirSnarf is a simple rogue wireless access point setup utility designed to demonstrate how

a rogue AP can steal usernames and passwords from public wireless hotspots. AirSnarf

was developed and released to demonstrate an inherent vulnerability of public 802.11b

hotspots--snaring usernames and passwords by confusing users with DNS and HTTP

redirects from a competing AP.[12]



Aircrack

Aircrack is a set of tools for auditing wireless networks:

yairodump: 802.11 packet capture program

yaireplay: 802.11 packet injection program

yaircrack: static WEP and WPA-PSK key cracker

yairdecap: decrypts WEP/WPA capture files[13]

WEPCrack

WEPCrack is an open source tool for breaking 802.11 WEP secret keys. This tool is is animplementation of the attack described by Fluhrer, Mantin, and Shamir in the

paper "Weaknesses in the Key Scheduling Algorithm of RC4"[14]



Protection Methods

Changing Administrator Passwords and UsernamesAfter you've taken your wifi router out of the box and started the setup process, you will be asked to

sign on to a specific Web page and are required to enter information such as your network address andaccount information. In theory, this Wifi setup page is protected with a login screen (username and

password).

The Problem: Though the username and password are intended to allow only you to get access to your Wifi setup and the personal information you have entered, the fact remains that the logins provided are

usually given to everyone with the same model router, and because most people never change them,they remain an easy target for hackers and identity thieves. In fact, there are sites that list the default

usernames and passwords for wireless routers, making a hackers job even easier.

The Solution: Change the username and password for your Wifi setup immediately after the first login.

And if you are going to spend the time changing your password, make sure it is difficult to guess.Your name, birth date, anniversary date, child's name, spouse's name, or pet's name are going to be

among the hacker's first guesses. And because many hackers use a technique called 'dictionaryhacking,' (running a program that tries common English words as passwords) you should make sure

that your password isn't just a common English word, but rather is a combination of letters andnumbers.

Upgrading your Wifi Encryption

If the information sent back and forth over your Wifi network isn't adequately encrypted, a hacker can

easily tap into the network and monitor your activity. When you type personal or financial information

into a Web site, that hacker can then steal that information and use it to steal your identity.The oldencryption standard Wired Equivalent Privacy (WEP) can be hacked within 30 seconds, no matter the

complexity of the passphrase you use to protect it. Unfortunately, millions of Wifi users are still usingWEP encryption technology to encrypt their information, despite the availability of the vastly superior

WPA2 encryption standard.

The Problem: Despite the superior encryption protection that WPA2 provides, most Wifi home usershave failed to upgrade their protection because they were unaware of the problem, or simply felt

overwhelmed by the technical prospects of upgrading. As a result, many continue to use WEPencryption, which is now so simple to hack that it is widely regarded as little better than no encryptionat all.

The Solution: The solution, of course, is to upgrade your Wifi encryption to WPA2. But before you can

add WPA2 protection, you will have to complete a few steps in order to update your computer. Thefirst step is to download and install Microsoft's WPA2 hotfix for Windows XP. You will also likely

need to update your wireless card driver. These updates, if needed, will be listed in Microsoft'sWindows U pdate page under the subheading "Hardware Optional".

Now that your computer and wireless card are up to date, you will need to log into your router's

administration page through your web browser (this is the page you signed into in order to setuptheWifi router the first time you opened it up, the specific URL can be found in your router's

instruction manual.) Once signed in, change the security settings to "WPA2 Personal" and select the



algorithm "TK IP+AES". Finally, enter your password into the "Shared K ey" field and save your changes.

Changing the Default System ID

When you got your Linksys or D-Link router home from the store and set it up, it came with a defaultsystem ID called the SSID (Service Set Identifier) or ESSID (Extended Service Set Identifier). This ID

is also commonly referred to as the name of your Wifi setup.

The Problem: Usually, manufacturers assign identical SSID sets to their devices, and 80 percent of Wifihome users leave their system on the default setting. So that means that 80 percent of homes have Wifi

systems titled, "Default" or "LinkSys" or whatever your provider sets as the default name.

The problem with these default settings is that they serve as strong signals to hackers who have beenknown to just cruise neighborhoods looking for Wifi networks with default names to hack into.

Though knowing the SSID does not allow anyone to break into your network, it usually indicates thatthe person hasn't taken any steps to protect their network, thus these networks are the most common

targets.

The Solution: Change the default SSID immediately when you configure your LAN. This may not

completely offer any protection as to who gains access to your network, but configuring your SSID tosomething personal, e.g. "The Smith House Wifi Network", will differentiate you from other

unprotected networks, and discourage hackers from targeting you. As an added bonus, having a Wifinetwork with a unique name also means that neither you or your family will make the mistake of

connecting through a neighbor's Wifi network, and thus exposing your computers through their unprotected setup.

MAC Address Filtering

If you've had an unsecured Wifi setup in your home in the past, you can be fairly certain that at least

one of your neighbors is mooching off your Wifi to connect to the Internet. While everyone loves a

friendly neighbor, providing an easy resource for others to steal Internet access is morally and legallyquestionable, but even scarier is the harm those moochers can do to your computer.

In order to check who has been using your network, you'll need to check the MAC address. Every wifigadget is assigned a unique code that identifies it called the "physical address" or "MAC address."

Your wifi system automatically records the MAC addresses of all devices that connect to them. But busting your Internet-stealing neighbors isn't all that MAC addresses are good for, they can actually be

a great help in securing your WLAN.

The Problem: You are not sure who or what is accessing and endangering your wifi network, and onceyou find out that someone or something is mooching off your network, you want to stop them. But

how?

The Solution: Checking the MAC address long for your wifi network will give you a quick view of allthe devices accessing your network. Anything that isn't yours, you will want to keep out. To do this,

you will need to manually key in the MAC addresses of your home equipment. This way, the network



will allow connections only from these devices, so your mooching neighbors will be out of luck.Caution: This feature is not as powerful as it may seem. While it will stop your average neighborhood

moocher or amateur hacker, professional hackers use advanced software programs to fake MACaddresses.

Stop Publicly Broadcasting your Network

By now you've renamed your wifi so that hackers won't see the default name as they sweep for unprotected wifi setups. But wouldn't it be even better if hackers and curious neighbors didn't know

you had a wifi setup at all? Usually, your access point or router is programmed to broadcast thenetwork name (SSID) over the air at regular intervals. While broadcasting is essential for businesses

and mobile hotspots to let people find the network, it isn't needed at home, so eliminate it.

The Problem:Why broadcast to the world that you have a wireless connection? You already know it;why do strangers need to know? For most personal uses, you are better off without this feature,

because it increases the likelihood of an unwelcome neighbor or hacker trying to log in to your homenetwork. The broadcast works like an invitation to the hackers who're searching for just that

opportunity.

The Solution: Most wifi access points allow the SSID broadcast feature to be disabled by the network

administrator. If you are using a Linksys router, instructions to disable your SSID broadcast are here,and for those of you using D-Link, your instructions are here (See Figure 1.6 on page 4). Otherwise,

you will need to check the manual for your hardware for specific instructions on how to disable broadcasting for your router.

Auto-Connect to Open Wifi Networks?

Most computers provide a wifi setting that will configure your computer to automatically connect toany open wifi network without notifying you. While this setting isn't the default, many individuals

select the setting because it makes connecting faster when you are traveling, or connecting at a friend'shouse. Even more common, is to have selected 'connect automatically' to networks that you regularly

connect to. Again, this makes sense, as most people do not want to have to manually type in the nameof their wireless network and the password each time they want to sign in at home. Unfortunately, both

wifi setups can cause major security problems.

The Problem: If you connect to every available wifi network automatically, you will inevitably end up

connecting to dummy wifi networks designed specifically to catch unsuspecting users and hack their computers.

Similarly, if you automatically connect to your regular wifi networks (meaning you don't manually

type in your network name and password every time) then you may be setting yourself up for asecurity breach. That is because 80 percent of wifi users have not changed the name of their wireless

connection. Therefore, it is very easy for a hacker to create a dummy network entitled "Linksys" or "Default", then sit back and watch 80 percent of computers automatically connect to the network since

it has a 'trusted' name.

The Solution: Never select the 'connect to available wifi networks automatically' setup option under your Network Connections window. If you don't want to have to manually type in the name and



password to your wifi connection each t ime you sign in (the safest option), at least make sure that youhave named your wifi connection something unique, and that you eliminate all generic titled networks

from your 'preferred networks' list. That way, you won't get automatically connected to dummy wifinetworks setup by hackers and given the names, "Default" or "Linksys".

You've got a built-in firewall, so use it

Your IT security needs to use a layered approach. While no single layer of your security is enough to

withstand every attack, adding layers to your security will help ensure that spyware and malware arekept out. Two important security layers are the router firewall and your individual PC's firewall.

The Problem: Routers come with built-in firewall capability. However, since there is an option to

disable them, they can often be accidentally turned off by someone toggling options.

The Solution: Ensure that your router's firewall is enabled, along with related built in security featuredwhich block anonymous internet requests or pings. This extra step will help hide your network's

presence to the internet, and thus help protect your network. After all, it's harder for hackers toinfiltrate what they can't find.

Positioning of the Router or Access Point

Wifi signals don't know where your house ends and where your neighbor's begins. This wifi signal

leakage gives hackers and neighbors the opportunity to find your wireless network and attempt toaccess it.

The Problem: While a small amount of overflow outdoors is not a problem, it is important to keep this

leakage to a minimum. This is important because the further your signal reaches into theneighborhood, the easier it is for others to detect and exploit.

The Solution: If you haven't yet installed your wireless home network, make sure to position the router or access point in the center of the home rather than near windows or doors. If you live in an

apartment, consider that a wifi network is restricted in part based upon the materials that it must passthrough, the more walls, doors, and metal the signal passes through, the weaker it is. So if your goal is

to reduce leakage, you might consider mounting your wifi in a closet in order to reduce signal strength.

When to Turn Off the Network

Most of us know that it is impractical to constantly turn devices on and off. Having a wifi connection

is in large part a device of convenience, and having to turn it off every time you aren't using it,eliminates much of that convenience. Unfortunately, a wifi connection is vulnerable when it is on;

therefore shutting off your wireless signal when not in use would be a huge boon to its security.

The Problem: There is an inherent tension between convenience and security in deciding whether toturn off a wireless access point between connections.

The Solution: Just as you take extra home security measures when taking a vacation, like asking your neighbors to pick up the mail and leaving a light on, so also should you take extra wifi security



measures when your network will not be in use for expended periods of time. Shutting down thenetwork is a basic but effective security measure that can protect your network when you are not

around to protect it, and hackers may take the opportunity to mount their attack.

Putting your Improvements to the Test

Now that you've made all these changes to your wifi setup, it would be nice to know that you are

secure. Unfortunately, the only surefire test for how secure you are is to wait to see if you get hacked.Trial by fire is no way to test your security, however, so thankfully there is a program to help audit

your wifi security.

The Problem: There is no way for the average home wifi user to know if the changes they made toupgrade their wireless security will really prove successful in keeping them safe.

The Solution: The Netstumbler utility, by Marius Milner will both determine your network'svulnerabilities and unauthorized access points. In addition to these security concerns, the

downloadable program will also reveal the sources of network interference and weak signal strength,so that you can improve the strength of your wifi signal. Netstumbler is free for download, although

the author asks that those who find the tool helpful make a donation to support the creation of futureutilities.[15]

References:

1. [Sara NasreWirelessLan Security

Research Paper05/05/2004IT 6823 Information Security

Instructor: Dr. Andy JuAn WangSpring 2004]

2. [Wireless LAN Security Issues and Solutions

Cliff Skolnick, BAWUG]

[3]Mohammad O. Pervaiz, MihaelaCardei, and Jie Wu

Department of Computer Science &Engineering, Florida Atlantic University

777 Glades Road, Boca Raton, Florida 33431,USA

E-mail:{mpervaiz@, mihaela@cse., jie@cse.}fau.edu

[4]WLAN security ± Status, Problems and Perspective

Marco Casole

Ericsson Enterprise AB ±Wireless LAN Systems ± 164 80 Stockholm - Sweden

Ph.: + 46 08 508 79822, Fax: + 46 08 585 31290, e-mail: [email protected]

[5]Wikipedia and MSc¶s Presentation from uol

[6]http://www.stumbler.net



Wirless Lan Security

Documents