Original scientific paper
287
Wireless Network Security recommendations Using the Application for Security Evaluation
Aleksandar Skendžić Polytechnic “Nikola Tesla” Gospić
Bana Ivana Karlovića 16, Gospić, Croatia [email protected]
Božidar Kovačić Department of Informatics, University of Rijeka
Radmile Matejčić 2, Rijeka, Croatia [email protected]
Edvard Tijan Faculty of Maritime Studies, University of Rijeka
Studentska ul. 2, Rijeka, Croatia [email protected]
Summary
The proposed system of security recommendations of wireless local area net-work allows applications to achieve higher levels of security. In order to build a security model, it is crucial to pre-evaluate the parameters that affect the secu-rity of the wireless network. When evaluating the parameters, expert literature along with practical experience of network administrators has been used. The results of evaluation parameters are included in the constructed security model of the proposed application. The proposed model contributes to a simpler problem solving of wireless network security through the evaluation of safety parameters. In addition, the proposed system gives recommendations regarding security at two levels, together with an appropriate security evaluation. The chosen safety parameters were evaluated using a questionnaire among CARNet system engineers in educational institutions. The results obtained may help to efficiently prevent wireless network security breaches.
Keywords: open source e-bus system, wireless network security, evaluation
Introduction Configuring security is one of the main problems of wireless networks. It can be hypothesized that the security of wireless networks is lower than security of wire networks [1]. Security is a key element in wireless communication because the communica-tion occurs via an unreliable media (air) [2]. Safety of networks, services and
doi: 10.17234/INFUTURE.2015.31
INFuture2015: e-Institutions – Openness, Accessibility, and Preservation
288
transactions is essential for the creation of trust in various forms of personal communication. A threat in network environment is defined as a circumstance, condition or event that can harm the network and computing resources in the form of destruction, disclosure, modification of data, denial of service, fraud and abuse [6]. In order to protect the wireless network communication channel, numerous algorithms [8], certificates and protective mechanisms have been de-fined and used for the protection of wireless local area network (WLAN). They are an integral part of the security policy of institutions or organizations, and are carried out to a certain degree. In the development of the proposed security model, the protective measures to be employed rely on the use of wireless networks security mechanisms in order to reduce the risk of security breaches. The choice of mechanisms for protection of wireless networks, with regard to the purpose of the local network, can result in optimal security solution that can be applied. If the effectiveness of wireless network security is confirmed by expert evaluation, the risk is reduced, and se-curity is not compromised. If safeguards are not effective, security could be di-rectly compromised. Although the security level cannot reach 100%, it is neces-sary to attempt all the necessary means of increasing the security level. Conse-quently, a higher security level requires greater financial investments, which implies a higher cost of planning and setting up the active wireless network equipment. In determining the concept of wireless network security, special at-tention should be given to the following segments:
protection of an institution’s information system, protection of personal data (on networked computers), restricted user access (user levels and user rights), use of standard encryption algorithms, use of compatible active network equipment, ease of network access, existence and enforcement of security policies [10].
The rest of this paper is structured as follows: Chapter 2 gives a description of the security system; Chapter 3 presents the methodology and tools used to de-velop the system for wireless network security evaluation; Chapter 4 describes the development and structure of the system; Chapter 5 and 6 offers security pa-rameters evaluation and the interpretation of security evaluation values; finally, we conclude the paper (Chapter 7) and list references. Security System At the beginning, it was necessary to restrict the parameters that are an integral part of the overall security system. In the first phase of the study, the parameters that affect the security of the network were analyzed. Expert literature has been used for the purpose of determining and specifying the security parameters. Based on that, a questionnaire was devised and filled in by network adminis-
trators froters werenetwork sDefining the optimof the syselements the often The methprovemening the pr ChoosinSecurityThe systenetwork s
Ne Ex
Figure 1 tion. Thedure of thnot requir
The levelprovides
1 Croatian A
A. Skend
om state edue evaluated bsystem in thethe level of
mal selection stem is assocof the securapplied me
hodology is nt always staroblem.
ng a Tool foy Evaluatioem for securisecurity evaletwork adminaminee levelprovides an
ese procedurehe system. Are authorizat
Figure 1.
l of action othe ability
Academic and R
džić, B. Kovačić
ucational instby network eir home instf security impof paramete
ciated with irity system.
ethodology isalso known
arts by analy
or Buildingn
ity evaluationuation. The a
nistrator (expl of action (aoverview ofes are availadditionally, uion.
Defined user au
of the networto create qu
Research Netwo
ć, E. Tijan, Wire
titutions (CAadministrato
titutions. plies the cre
ers that influeidentifying thRegarding t
s known asn as the Demyzing the cur
g a System f
n is implemeapplication epert) level ofapplication uf procedures able to the uusers are abl
authorization pr
rk administrauestions and
ork (CARNet)
less Network Se
ARNet1 memors based of
eation of secence it. The he actions ththe security Plan-Do-Ch
ming cycle. rrent situatio
for Wireles
ented as an aenables usersf action, ser). which defin
user through le to use cert
ocedure (source
ator (expert)multiple an
ecurity recomme
mbers). Thesf the existing
urity systemeffective fun
hat interconnmanagemen
heck-Act (PDDeming cycn, followed b
ss Network
pplication fos action at tw
ne the level oauthenticati
tain procedur
e: authors)
) through thenswers. Que
endations …
289
e parame-g wireless
m based on nctionality nect all the nt process, DCA) [5]. cle of im-by deduc-
k
or wireless wo levels:
of user ac-ion proce-res that do
e interface estions are
INFuture2015: e-Institutions – Openness, Accessibility, and Preservation
290
measured by weight grades and higher weight rating implies a greater impact of the given parameter on the overall security of wireless networks. The logging module enables a user to log in and create questions by selecting Log in. This module also allows user testing using the created questions. The questions cre-ate a structured tree with subordinate and super ordinate relations. By selecting the Create Questions option , the user has to fill in the required input fields: the number of the subordinate question, question description and the number of the super ordinate question. The button Create creates a question, and has the fol-lowing required fields: question number and description. A tree structured in this way provides an overview of super ordinate and subordinate relations be-tween questions and provides the option to edit questions and create multiple responses. The button Create response gives the opportunity to define all the answers to a question. Weight value is added to the answers based on user eval-uation. The level of action by the respondents relies on the possibility of evaluating wireless network security in the login module of the application. By selecting the Create Test option, user fills in a questionnaire which contains previously entered parameters by the administrator. The user selects each parameter and provides an answer from the list of possible answers. In the end, the result is checked through the recommendation module. By comparing the weight value of each parameter, recommendations are given to the user in order to achieve higher security levels. The level of action by the user is achieved by logging into the system via the administrator password. Users wishing to check network security select the option for creating a test. For the construction of the system, PHP (server side) and Javascript (client side) have been used, driven by MySQL database management system. Development tool YII [9] was used as the framework. The use of scripting languages in the dynamic generation of web sites contains two main elements: (1) server with a programming platform and (2) database with the associated database manage-ment system and script language. Development and Structure of the System for Wireless Network Security Evaluation The application for wireless network security evaluation is based on the schema shown in Figure 2. Such a model may result from the transformations of the Entity-Relation (ER) data model [3]. The method of constructing an ER model is well known. The model was constructed according to Chen notation and uses key inheritance, while the weak entity type was determined according to the MIRIS2 notation [4].
2 Metodologija za Razvoj Informacijskog Sustava (MIRIS) – Methodology for Information System development.
Figure 2. Eapplication Access ruuser is loto all useracces to t EvaluatiQuestionnwireless through Gsystem enthe each snetwork ieter whiccation devThe deverity paramistrators (parameter
A. Skend
E-R diagram (sc(source: author
ules have beegged into thrs without ththe Ispitivanj
ing the Selenaire was cnetwork se
Google docs ngineers (59 security parain organisati
ch is shown ivelopment.
eloped systemmeters which(CARNet syrs are evalua
džić, B. Kovačić
chema) of the isrs)
en defined foe system. Fo
he need for auje module.
ected Wireonsisted of
ecurity paramform in therespondents
ameter. Key on, security in Table 1. C
m gives recomh were definystem engineated, which r
ć, E. Tijan, Wire
spitmreza.sql d
or every conor example, Iuthentication
eless Netwo19 question
ameters [19]period of M
s). Every engquestions wepolicies to e
Collected qu
mmendationned using expeers). The limrelies on the w
less Network Se
database obtaine
ntroller, whicIspitivanjeCon. Ispitivanje
ork Securityns which ar]. Questionnay 2014 – Ju
gineer gave aere based froevaluation ofuestionnaire
ns based on tpert literaturmitation of tweight value
ecurity recomme
ed via MySQL
ch are executontroler enab
eControler co
y Parametee oriented onaire was duly 2014 to aan answer anom installed f each securidata is used
he evaluatioe and netwothe system ie of each par
endations …
291
L Workbench
ted only if ables acces ontrols the
ers on default distributed a CARNet nd score to WiFi [18] ity param-for appli-
on of secu-ork admin-is the way rameter. In
INFuture20
292
cases wheation systcurity parquestionnrameters, Table 1: Aresults
As seen iparametertion direcan open ttion is str[12]. The mod0.08. On active netcan affecage has bability of rity is demore peohas been extremelyreceiver a
3 Wired Equ4 Wi-Fi Pro
15: e-Institution
ere two secutem will offerameters beinaire results
the weight f
Awarded weig
in Table 1, tr (WEP3, W
ctly affects thtype are extrerongly recom
del (type) of the network
twork equipt the securityeen assigned
f wireless netcreased beca
ople and is massigned a w
y important band vice vers
uivalent Privac
otected Access (
s – Openness, A
urity parameter both logicng evaluatedin which CAfactors have b
ght factors (p
he weight faPA4, WPA2)he security oemely vulner
mmended in o
network equk equipmentment. Activey of the wired a weight vatwork signalause the netwmore vulneraweight valuebecause it filsa.
y (WEP) (WPA)
Accessibility, an
ters cannot bcal solutions.d. AccordingARNet systembeen calcula
ponders) of se
actor 0.15 ha) [7], becaus
of wireless nrable to secuorder to achi
uipment hast market, vae network eqeless networalue of 0.18. l, inside or owork covers able to secure of 0.21. LAlters the netw
nd Preservation
be evaluated Table 1 off
g to the calcum engineers ated, as show
ecurity param
as been assigse it is consietworks, i.e.
urity threats aieve a satisfa
s been assignarious manufquipment wirk. Wireless If there is a
outside the bua larger are
rity breachesAN or wirelework traffic
n
differently, fers an overvulated averagevaluated se
wn in Table 1
meters based o
gned to the edered that th, wireless neand the use o
actory level o
ned a weightfacturers offeith greater canetwork signneed for greuilding, netwea that is accs [13]. Firewess network ffrom the sen
the evalu-view of se-ages of the ecurity pa-.
on research
encryption he encryp-etworks of of encryp-of security
ht value of fer diverse apabilities nal cover-
eater avail-work secu-cessible to wall usage firewall is
nder to the
The numbsignal spawireless level, andin the orgwall and curity witscribes thsigned a vices, WeThe mini(VPN6). Sutes to into using tsented incounts areto servicerity. Acco(strong asr = 0.78 weight vabecause th The RanThe grade1 and 5, wvalues of within the Table 2: T
5 File Trans6 Virtual Pr7 Remote A8 Lightweig
A. Skend
ber of wirelatial coveragnetwork cov
d vice versa ganization hasecurity polithin the orga
he goals or pweight valueeb services amal weight Such WLAN
ncreasing thethe RADIUS
n higher edue assigned cees and applicording to thessociation de
(Table 1). alues (2% anhey show low
nge of Values for assessiwhere 5 reprf security grae overall wir
The range of v
sfer Protocol (Frivate Network
Authentication Dght Directory A
džić, B. Kovačić
ess networkge, and has bverage gene[14]. The de
ave been assiicy are key eanization. Thprocedures ofe of 0.1. Edund file transfvalue of 0.0
N setup is nee overall netwS protocol ancation instituertain rights cations), whie survey, theefined withinTwo paramnd 4%) and w influence o
ues of Securing wireless
resents the hiades as well reless networ
values of secu
FTP)
(VPN) Dial-In User Ser
Access Protocol
ć, E. Tijan, Wire
users is probeen assigne
erally implieefinition andigned a weig
elements in bhe security pf security. Thucational insfer services (
02 refers to teither standarwork securitynd LDAP dirtutions. Throregarding thich contribu
e calculated wn ± 0.70 to ±
meters (VPN,are almost
on the final r
rity Gradesnetwork sec
ighest level oas the percen
rk security is
urity grades
rvice (RADIUS(LDAP)
less Network Se
oportional toed a weight vs more user
d the existenght value of both LAN andolicy defineshe network sstitutions bas(FTP5). the use of virdized nor my. The weighrectory serviough LDAP he use of netwtes to netwoweights indic
± 0.90) with t, RADIUS7
negligible inresult.
s curity are shoof security (Tntage of eac
s given in Tab
S)
ecurity recomme
o the wirelesvalue of 0.09rs and lowece of securit0.13. Encrypd wireless nes the planninservices havesically use e
rtual privatemandatory, bu
ht value of 0ce that are w+ RADIUS
work resourcork (and overcate a high cthe results of+ LDAP8)
n the final e
own as valueTable 2). Thh evaluated ble 2.
Sour
endations …
293
ss network 9. Greater
er security ty policies ption, fire-etwork se-ng and de-e been as-
e-mail ser-
e networks ut contrib-0.04 refers well repre-S, user ac-ces (access rall) secu-correlation f the study have low
evaluation,
es between he range of
parameter
urce: Authors
INFuture20
294
System emodel of whom areThe questwireless nQuestionnaverage vless netwfive-pointportant torameter issecurity pwireless nage gradethan 2 (<network shand, thenetwork sa differenthe perceTable 3.
Table 3: T
Network encryptioVPN, whtional insthors reco
15: e-Institution
engineers havf evaluation. e employeestionnaire connetwork secunaire items cvalues for in
work securityt Liker scaleo a small degs very imporparameter grnetwork safee value of a2), it does nsecurity, as i
e average grasecurity largent level of seentage of pa
The range of se
administratoon and firewhich can be estitutions, or ommend furt
s – Openness, A
ve evaluatedA random s
s (system ennsisted of tenurity parametconsisted of dividual stat
y were obtaine was used (gree, 3 = secrtant, 5 = secrades were uety in instituta particular wot represent it directly leade value of er than 2, rep
ecurity. Secuarameter grad
ecurity grade v
ors have givewall usage (s
xplained by is not emplo
ther research
Accessibility, an
d the paramesample of ex
ngineers) of n questions. ters individuf statements,tements and ned. In orde1 = securitycurity paramcurity paramused as the btions. The mwireless neta satisfactor
essens wirelef each parampresents a sa
urity levels bde value in
values
en the highesee Table 1)the fact that
oyed by the h.
nd Preservation
eters that arexaminees wathe CARNetEach examin
ually. and by evaparameters
er to evaluat parameter n
meter is impometer is cruci
basis for estmain assumpt
work securitry level withess network
meter which catisfactory sebased on each
the overall
st grades to ). The lowest VPN is not current samp
n
used in theas used (N=5t member innee needed to
aluating eachwhich influe
te preparatornot importanortant, 4 = seal). Averagetablishing thtion is that ifty parameterin the overalsecurity. Oncontributes tocurity level, h parameter security are
Sour
parameters rst grade wasoften found
ple of exami
e proposed 59), all of
nstitutions. o evaluate
h of them, ence wire-ry tasks, a nt, 2 = im-ecurity pa-e values of he level of f the aver-r is lesser ll wireless
n the other o wireless but offers grade and
e given in
urce: Authors
relating to s given to
d in educa-inees. Au-
Figure 4 the paramtwo levelparameter(named “choices b
Figure 3: D
Figure 4: Athe overall sigurnosti”)istrators) ha
A. Skend
illustrates thmeter value inls: level 1 rers in case ofPreporuka 2
being made (F
Data input with
An example of wsecurity grade
). At the end ofave evaluated th
džić, B. Kovačić
he security lenput. After mecommendatif two choice”) compares Figure 3).
hin the Ispitivanj
wireless networe (“Ocjena”) (3f the research anhe selected secu
ć, E. Tijan, Wire
evel given thmaking a chotion (named es being mads evaluated p
nje module for w
rk security reco32%) and the cnd parameter evurity parameter
less Network Se
he value 2 (3oice, recomm“Preporuka”
de, while levparameters in
wireless networ
ommendation (“corresponding svaluation, the es.
ecurity recomme
2% overall),mendations ar”) compares vel 2 recommn case of thre
rk security chec
“Preporuka” - Lsecurity level (examinees (netw
endations …
295
, based on re given at evaluated
mendation ee or more
ck
Level 1) with (2) (“Ocjena work admin-
INFuture20
296
Graph 1: Nthe system
As shownencryptio4.18) if cwork secube explaintions or iOverall swas 3.59. ConclusIn order tkey aspecdertaken. engineersthey admteria. Theto set the analysis hanalysis wtion. In athat the pwhich envery imp
15: e-Institution
Network admm model (avera
n in Graph 1on algorithmcompared tourity. The loned by the fs not used b
score of netw. Authors rec
sion to define the cts of securiUsing a que
s) at educatioministrate, sece collected d
criteria for ahas yielded was used as
addition, the proposed ap
nhance the leortant to ch
s – Openness, A
ministrator satiage values)
1, network ads (average v
o other selecwest grade (
fact that VPNby the samplwork admin
commend fur
specificationty settings o
estionnaire, donal institutiocurity criteriaata was analassessing thrproperties imthe basis fo
evaluation opplication enevel of securoose networ
Accessibility, an
isfaction with
dministratorsvalue 4.12) acted paramet(3.53) was giN is not oftene of examin
nistrator satisrther research
ns for the secof active wirdata was collons regardina and the strulysed statisticreats, and wemportant foror developinof the modelnables recomrity. In the prk equipmen
nd Preservation
h the selected
s have givenand firewall ters which iniven to the un employed ees includedsfaction withh.
curity modelreless networlected from a
ng security oucture and ecally. The coeight factors r the set reseng applicatiol was conduc
mmendations process of s
nt by an esta
n
d parameters i
Sour
n the highest usage (aver
nfluence wiruse of VPN, w
in educationd in this reseh selected p
l, an analysisrk equipmenadministratorf the wireles
evaluation of ollected datafor each crit
earch goals. n for securitcted. It was c
of security ecurity plan
ablished man
included in
urce: Authors
t grades to rage value reless net-which can nal institu-earch [15]. parameters
s of all the nt was un-rs (system ss network f these cri-a was used teria. Data Statistical ty evalua-concluded measures
nning, it is nufacturer.
A. Skendžić, B. Kovačić, E. Tijan, Wireless Network Security recommendations …
297
On today’s market, different equipment is available, but when making a choice, certain qualities should be taken into consideration, namely, the possibility of maximum adaptability of network equipment. If case a network device got lost, there should be a procedure for reporting it. Moreover, it is important to define a procedure in case of intrusion, i.e., in case of a security breach. In addition to developing the system for evaluating the security of wireless local area net-works , this work is also sample research of wireless networks security in edu-cational institutions in Croatia. This research represents a contribution to the theoretical and practical consid-ering the areas of security of wireless local area networks and provides excep-tional importance on recruiting value of each parameter active safety wireless network equipment for the purpose of determining the level of required security protection. Security tests regarding wireless network vulnerability should be conducted periodically, and it is necessary to evaluate security risks [16]. Eve-rything mentioned above should be incorporated into the security policy. In or-der to enhance the model of evaluation, the authors recommend further re-search. References [1] A. S. Tanenbaum, D. J. Wetherall, Computer networks, 5th ed. SAD: Prentice Hall, 2011. [2] H. Hamidović, WLAN - Bežične lokalne računalne mreže. Zagreb: Info press, 2009. [3] C. J. Date, An introduction to database systems, 6th edition. Reading MA: Addison Wesley, 1995. [4] M. Pavlić, Razvoj informacijskih sustava, Znak, Zagreb, 1996. [5] M. Piškor, V. Kondić, Đ. Mađerić, “Proces implementacije lean-a u malim organizacijama”.
Tehnički glasnik, Vol. 5 No. 1, 2011. [6] G. Gledec, M. Mikuc, M. Kos, Sigurnost u privatnim komunikacijskim mrežama. Zagreb:
FER, 2008. [7] http://www.cert.hr/sites/default/files/CCERT-PUBDOC-2009-06-267.pdf (12.2.2013.) [8] http://www.cert.hr/sites/default/files/NCERT-PUBDOC-2010-12-001_0.pdf (12.2.2013.) [9] http://www.yiiframework.com/about/ (06.02.2015) [10] Radojević, B. Problematika provođenja sigurnosne politike u visokoškolskim ustanovama u
RH. Opatija: MIPRO, 2011. [11] Skendžić, A. Sigurnost infrastrukturnog načina rada bežične mreže standarda IEEE 802.11.
Zbornik Veleučilišta u Rijeci, Vol. 2 (2014), No. 1. [12] Prodanović, R., Simić, D. A Survey of Wireless Security. Journal of Computing and Infor-
mation Technology - CIT 15, 2007, 3, 237–255. [13] http://blogs.aerohive.com/blog/the-wireless-lan-training-blog/wifi-back-to-basics-24-ghz-
channel-planning. (08.02.2015) [14] http://wireless-spot.blogspot.com/2009/11/ad-hoc-and-infrastructure-modes.html
(02.10.2015) [15] http://www.cis.hr/www.edicija/LinkedDocuments/CCERT-PUBDOC-2003-02-05.pdf
(09.10.2015) [16] http://www.cis.hr/sigurosni-alati/ispitivanje-sigurnosti-bezicnih-mreza.html 01.10.2015) [17] https://docs.google.com/forms/d/1G4kpM52yhh5z2U3oon92iEyRy0dQeSi2jdFr6_
mzWs/viewform (05.6.2014.) [18] http://www.wi-fi.org/ (01.10.2015)