Wireless LAN Security by Arpit Bhatia

Informatics

Practises

Project

Arpit

Bhatia

Sri Guru Nanak Public School

Adarsh Nagar, Delhi

TopicWireless LAN

Security

Contents❖ Acknowledgement❖ Introduction❖ Components of Wireless LAN❖ Use of Wireless LAN❖ Advantages in Wireless LAN❖ Disadvantages in Wireless LAN❖ Threats to wireless environments❖ Types of Risks in Wireless LAN❖ Known Risks❖ Security Options❖ Security Measures in Wireless Network❖ Bibliography

I would like to express my special thanks of gratitude to my teacher MS. RICHA

mam who gave me the golden opportunity to do this wonderful project on the topic

Wireless LAN Security , which also helped me in doing a lot of Research and i came

to know about so many new things .

I am really thankful to them .

Secondly i would also like to thank my parents and friends who helped me a lot in

finishing this project within the limited time.

Acknowledgement

Introduction➢ A wireless local area network (LAN) is a flexible data communications system

implemented as an extension to, or as an alternative for, a wired LAN.

➢ With Wireless Networking, no cables or wires are needed to network your computers

and share your Internet connection.

➢ Wireless local area networks (WLANs) based on the Wi-Fi (wireless fidelity)

standards are one of today's fastest growing technologies in businesses, schools, and

homes, for good reasons.

Introduction➢ WLANs offer a quick and effective extension of a wired network or

standard LAN.

➢ They provide mobile access to the Internet and to enterprise networks

so users can remain connected away from their desks.

➢ With a simple access point attached to the wired network, personal

computers, laptops, handheld devices, printers, and other network

devices can connect with the wired network at broadband speeds.

Components of Wireless LAN

➢ACCESS POINT~ A wireless Access Point (AP) is a device that allows wireless devices to connect to a wired network using Wi-Fi, or related standards. The AP usually connects to a router (via a wired network) as a standalone device, but it can also be an integral component of the router itself.


➢ Bridge~ A wireless bridge is a hardware component used to connect two or more network

segments (LANs or parts of a LAN) which are physically and logically (by protocol) separated. It does not necessarily always need to be a hardware device, as some operating systems (such as Windows, GNU/Linux, Mac OS X and Freebsd) provide software to bridge different protocols.


➢NIC~ A wireless network interface controller (NIC) is a network interface controller which connects

to a radio-based computer network rather than a wire-based network.A NIC is an essential component for wireless desktop computer. This card uses an antenna to communicate through microwaves. A NIC in a desktop computer usually is connected using the PCI bus.


➢ANTENNA~ An antenna (or aerial) is an electrical device which converts electric power into radio waves, and vice versa. It is usually used with a radio transmitter or radio receiver.


➢AAA SERVER~ An AAA server is a server program that handles user requests for access to

computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services.


➢NMS SERVER~ Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages. It is part of network management.

Use of Wireless LAN★Education

Connectivity to the University Network for collaborative class activities.

Ability to access research sources without requiring a hard point.

Use of Wireless LAN★FinanceFacilitates electronic payments for goods and services.

Improve the speed and quality of trades.

Use of Wireless LAN★Manufacturing

Link factory floor workstations to servers.

Remote data collections.

Tracking of goods.

Advantages of Wireless LAN

❖ Productivity and convenience advantage

❖ Installation speed and simplicity

❖ Reduced cost of ownership

❖ Installation flexibility

❖ Scalability

❖ Mobility

Disadvantages of Wireless LAN

❖Harmful for Environment

❖Signal bleed over

❖Less Capacity

❖High cost

Threats to WLAN EnvironmentsAll wireless computer systems face security threats that can compromise its systems and services. Unlike the wired network, the intruder does not need physical access in order to pose the following security threats:

❏Eavesdropping➢ This involves attacks against the confidentiality of

the data that is being transmitted across the network.

➢ In the wireless network, eavesdropping is the most

significant threat because the attacker can

intercept the transmission over the air from a

distance away from the premise of the company.

❏Tampering➢ The attacker can modify the content of the

intercepted packets from the wireless network and

this result in a loss of data integrity.

❏Unauthorised access and spoofing

➢ The attacker could gain access to privileged data and resources in the network by assuming the identity of a valid user. This kind of attack is known as spoofing.

➢ To overcome this attack, proper authentication and access control mechanisms need to be put up in the wireless network.

❏Denial of Service ➢ In this attack, the intruder floods the network with

either valid or invalid messages affecting the availability of the network resources.

➢ The attacker could also flood a receiving wireless station thereby forcing to use up its valuable battery power.

❏Other Security Threats

➢ The other threats come from the weakness in the network administration and vulnerabilities of the wireless LAN standards

➢ For e.g. the vulnerabilities of the Wired Equivalent Privacy (WEP), which is supported in the IEEE 802.11 wireless LAN standard.

Concerns in Wireless LAN

● Anyone within the geographical network range of an open, unencrypted wireless network can 'sniff' or record the traffic, gain unauthorized access to internal network resources as well as to the internet.

● If router security is not activated or if the owner deactivates it for convenience, it creates a free hotspot.

Types of

Risks inWireless LAN

➢ Internal Risks➢ External Risks

Internal RIsks

❖ Rogue WLANs~ Unauthorized, “rogue” wireless LANs are clearly a foreseeable internal risk to the security, confidentiality, and integrity of customer information.

❖ Insecure WLANs~ Insecure wireless LANs are a recognized security risk. While wireless LANs are often deployed for their productivity benefits, security is often an afterthought.

❖ WLAN Policy violation~ WLAN policy violations are a recognized internal risk to the security, confidentiality, and integrity of customer information.

External Risks

❖ Network Eavesdropping~ Because wireless communication is

broadcast over radio waves, eavesdroppers who merely listen to the

airwaves can easily pick up unencrypted messages. Additionally,

messages encrypted with the Wired Equivalent Privacy (WEP) security

protocol.

❖ Theft of WLAN credentials~ The theft of an authorized WLAN

user’s identity poses one the greatest threats. Service Set Identifiers

(SSIDs) that act as crude passwords and Media Access Control (MAC)

addresses that act as personal identification numbers are often used to

verify that clients are authorized to connect with an access point.

Known Risks

❏ Insertion attacks

❏ Interception & unauthorized

monitoring

❏ Jamming

❏ Client to client attacks

❏ Brute force attacks

❏ Encryption attacks

❏ Misconfigurations

Security Options

1. For closed networks (home users and organization) configure

access restrictions in the access points.

1. For commercial providers it should to be isolated wireless network.

1. End to end encryption.

❏ There are three principle ways to secure a

wireless lan .

Security

Measures in

Wireless

Network

❖SSID Hiding● A simple but effective method to attempt to secure a wireless

network is to hide the SSID (Service Set Identifier). This provides very little protection against anything but the most casual intrusion efforts.

Additionally, devices which are configured to connect to a network which does not broadcast its SSID may try to connect to the network by broadcasting for the network, a behavior which reveals the SSID to wireless snoopers in the vicinity of the device.

❖Mac ID Filtering● In computer networking, MAC Filtering (or GUI filtering, or layer

2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network.

One of the simplest techniques is to only allow access from known, pre-approved MAC addresses. Most wireless access points contain some type of MAC ID filtering. However, an attacker can simply sniff the MAC address of an authorized client and spoof this addresses.

❖Static IP

AddressingTypical wireless access points provide IP addresses to clients via DHCP. Requiring clients to set their own addresses makes it more difficult for a casual or unsophisticated intruder to log onto the network, but provides little protection against a sophisticated attacker.

❖802.11 SecurityIEEE 802.1X is an IEEE Standard for Port-based Network Access Control (PNAC). It

is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

IEEE 802.1X defines the encapsulation of the Extensible Authentication Protocol (EAP) over IEEE 802, which is known as "EAP over LAN" or EAPOL.

EAPOL was originally designed for IEEE 802.3 Ethernet in 802.1X-2001, but was clarified to suit other IEEE 802 LAN technologies such as IEEE 802.11 wireless and Fiber Distributed Data Interface (ISO 9314-2) in 802.1X-2004.

❖Restricted access Networks

Solutions include a newer system for authentication, IEEE 802.1x, that promises to enhance security on both wired and wireless networks. Wireless access points that incorporate technologies like these often also have routers built in, thus becoming wireless gateways.

❖End-to-End

EncryptionWith encryption on the router level or VPN, a single switch encrypts all traffic, even

UDP and DNS lookups. With end-to-end encryption on the other hand, each service to be secured must have its encryption "turned on", and often every connection must also be "turned on" separately.

For sending emails, every recipient must support the encryption method, and must exchange keys correctly. For Web, not all websites offer https, and even if they do, the browser sends out IP addresses in clear text.

The disadvantage with the end-to-end method is, it may fail to cover all traffic.

❖802.11i SecurityThe newest and most rigorous security to implement into WLAN's today is the

802.11i RSN-standard. This full-fledged 802.11i standard (which uses WPAv2) however does require the newest hardware (unlike WPAv1), thus potentially requiring the purchase of new equipment. This new hardware required may be either AES-WRAP (an early version of 802.11i) or the newer and better AES-CCMP-equipment.

One should make sure one needs WRAP or CCMP-equipment, as the 2 hardware standards are not compatible.

❖WAPIWAPI stands for WLAN Authentication and Privacy Infrastructure.

WLAN Authentication and Privacy Infrastructure (WAPI) is a Chinese National Standard for Wireless LANs (GB 15629.11-2003). Although it was allegedly designed to operate on top of WiFi, compatibility with the security protocol used by the 802.11 wireless networking standard developed by the IEEE is in dispute.

Due to the limited access of the standard (only eleven Chinese companies had access), it was the focus of a U.S.-China trade dispute

❖Smart cards, USB tokens and Software tokens

This is a very strong form of security. When combined with some server software, the hardware or software card or token will use its internal identity code combined with a user entered PIN to create a powerful algorithm that will very frequently generate a new encryption code.

This is a very secure way to conduct wireless transmissions. Companies in this area make USB tokens, software tokens, and smart cards.

Currently the safest security measures are the smart cards / USB tokens.

❖RF ShieldingIt’s practical in some cases to apply specialized wall paint and

window film to a room or building to significantly attenuate wireless signals, which keeps the signals from propagating outside a facility.

This can significantly improve wireless security because it’s difficult for hackers to receive the signals beyond the controlled area of an enterprise, such as within parking lots.

Bibliography❏Internet❏Books❏Magazines❏Newspapers

Thank

You

Arpit Bhatia

Sri Guru Nanak Public SchoolAdarsh Nagar, Delhi

Date post:	22-Jan-2018
Category:	Internet
Upload:	arpit-bhatia
View:	233 times
Download:	2 times