WLAN Attacks and Protection

WLAN ATTACKS and PROTECTION

By,

101015275_Chandrak Trivedi

Learning Objectives

Understand the issues related to WLAN

Identify WLAN attacks and vulnerabilities

Describe existing WLAN security solution

Explain how WLAN are protected

Scanning and tools used for WLAN attacks

101015275_Chandrak 2

Introduction

WLANs are more flexibility, mobility, easy installation and low cost relative to wired networks.

The Standard security requirements in WLANs have achieved on two levels, frame security level, and RF security level.

Frame security level is concerned about how to transmit packets through the air securely. Use a strong encryption and a strong authentication.

RF security level is concerned about monitoring and scanning the air for detecting the illegal hotspots and the rogue access points.

101015275_Chandrak 3

ISSUES

Issue1: Unlike a wired network, a WLAN uses radio frequency transmission as the medium for communication.

Issue2: Our inability to effectively contain radio signals makes the WLAN vulnerable to a different set of attacks.

Issue3: MAC address filtering can be configured in an access point in order to allow only the authorized client in the network.

Issue4: SSID is an identification that allows the clients to communicate with the appropriate access point.

101015275_Chandrak 4

Types of WLAN Attacks

Confidentiality Attacks

Access Control Attacks

Integrity Attacks

Availability Attacks

Authentication Attacks

101015275_Chandrak 5

Attack Description Security ElementMan in the middleattack (MITM)

If data are unprotected, hackers can

intercept data.

Confidentiality

Integrity

Dictionary attack Programs that try large passwords to get

the correct one.

Authentication

Access control

Bit-flipping A cryptanalytic attack that can be used

against any encrypted data.Integrity

Handshake stole The attacker uses the role of theauthorized client to steal the handshake

between access point and client.

Authentication

Unauthorized clientaccess

If a network has a weak userauthentication, it is very easy for a hacker

to achieve access and take information.

Access control

DoS (Denial of Service) Congesting a network resource with more

requests.Availability

Rogue Access Points An unauthorized access point that hasbeen connected to the wired network,which can provide malicious orunauthorized users with open access to

the LAN.

Availability

IP Spoofing / MAC Address Spoofing If the hacker has a rogue access pointenabled DHCP, it can effect on the main

DHCP in the network.

Availability

101015275_Chandrak 6

Existing WLAN Security Solutions

Wired Equivalent Protocol (WEP)

Wi-Fi Protected Access (WPA)/ Temporal Key Integrity Protocol (TKIP)

WPA2 / Advanced Encryption Standard (AES)

WPA2 using 802.1x servers

101015275_Chandrak 7

Attack on WEP

Bit-flipping attack can make ciphertext XOR and key give the plain text easily.

Cyclic redundancy code (CRC) is not cryptographically strong.

It uses the 24-bit long initialization vector (IV) that is clear text added to the packet.

101015275_Chandrak 8

Attack on WPA/WPA2

Dictionary attacks and WPA handshake capture are the most popular attacks on WPA and WPA2 protocols.

Wi-Fi protected setup (WPS) are also connected to access point, but it can be hacked and attacked by the Reaver tool or Wifite tool (brute force attack).

101015275_Chandrak 9

https://www.youtube.com/watch?v=o5MmMBBC4BY

WLAN Protection

The Frame Level Security

Data confidentiality and Integrity - WPA2/AES provides the strongest wireless encryption.

Authentication and Access control - authentication scheme based on the IEEE 802.1x model.

The RF Security Level

Wireless Intrusion Detection System (Wireless IDS)

Wireless Intrusion Prevention System (Wireless IPS) 101015275_Chandrak 10

Tools

Aircrack, AirSnort, Kismet, Cain & Able, WireShark, Fern WifiWireless Cracker, CoWPAtty, Airjack, WepAttack, NetStumbler, Wifiphisher, Reaver, and Wifite.

http://resources.infosecinstitute.com/20-popular-wireless-hacking-tools-updated-for-2016/

101015275_Chandrak 11

Conclusion

The WEP protocol does not achieve the standard security requirements.

The proposed solution incorporates AES encryption, in conjunction with 802.1x authentication Free RADIUS server, provides a required frame security level for WLANs.

Detecting and preventing attackers are the best solution to achieve the RF security level.

Granting different privileges to the users in VLANs, isolating VLANs help with ease putting security policies and control users.

101015275_Chandrak 12

101015275_Chandrak 13