Wireless security

Previous Page    Next Page

Computer Studies wireless router

WEP or Wired equivalent privacy encryption introduced in the 802.11b wireless standard was the first major security protocol giving the option of a 64 bit or 128 bit key but with the 24 bit IV or initialisation vector which reduces the key size down to 40 bit and 104 bits, WEP provides encrypted data and enables client authentication, it uses a shared key and a challenge and response mechanism to authenticate the clients and access points, it was discovered to be vulnerable, the IV was sent in clear text, using RC4 encryption algorithm and using sniffers and tools like Airocrack it's easy to capture the packets and can be easily cracked by hackers.

WPA or Wi-Fi protected access developed by the Wi-Fi alliance to overcome the vulnerabilities of WEP, the first version took into account older hardware while the 802.11i security standard was being ratified, version one incorporated TKIP or Temporal key integrity protocol which changes keys at a high rate of speed, the 802.11i standard released in 2004 became known as WPA2 and included the AES-CCMP or Advanced encryption standard as encryption algorithm, in counter mode, with cipher block chaining (CBC) message authentication code (MAC) protocol.

802.1X is a port based network access protocol which has several protocols including EAP or Extensible authentication protocol which provides multiple user-based authentication using smart cards, Kerberos, PKI or Public key infrastructure etc, EAP-TLS Transport layer security provides strong security but requires the use of a client and server certificates to perform authentication, dynamically user and session based keys are distributed to secure the connection, EAP-TTLS or Tunnelling transport layer security also provides mutual authentication of the client and server uses TLS records to tunnel for client authentication, PEAP or Protected extensible authentication protocol similar to EAP-TTLS, LEAP or Lightweight extensible authentication protocol used in older Cisco WLAN protocols, EAP-MD5 provides only minimal authentication capability it duplicates CHAP password protection not recommended because of security vulnerabilities.

SSID or Service set identifier broadcasts the name of the network you should always be change from the default SSID, you should also disable the broadcast of the SSID, this is a deterrent to casual hackers but can be easily discovered by more advanced hacker tools, the SSID is stored in Windows 2000 and XP, the SSID can be leaked on boot-up if Windows cannot access the network it's queried through broadcast. The MAC address is the hardware address of the client computer, these can be filtered in the access point configurations to prevent or enable a client to access the network, but MAC addresses can easily be sniffed and spoofed by software used by hackers so filtering MAC addresses as only limiting effectiveness. For more on wireless security

Wireless security testing

War driving refers to searching for unsecure wireless access points and war chalking is the practice of identifying the access points by marking buildings nearby so that other war drivers know that there's an access point that can provide you with free internet access from your laptop or PDA, the symbols that are chalked on the nearby buildings usually indicate the type, speed, bandwidth, the SSID and security of the unsecure access point, wireless security testing or penetration testing involves penetrating your own wireless network to determine the vulnerabilities and deficiencies of your network in order to fix them.

A good methodology provides a structure to testing procedures, and ensures that you don't overlook vulnerabilities and weaknesses in the wireless network, it provides for comprehensive testing, preparation of the type of tests involved, getting permission, preparing the tools to be used in the tests, reconnaissance providing valuable information about the target network, vulnerability testing of access points and devices, scanning the network for weaknesses, penetration and access of the network, using the resources, and gaining information from the network that can be exploited.

Some popular methodologies include OSSTMM, NIST SP 800-42, TRAWG, and OCTAVE, there's a wide variety of testing platforms available anything with a wireless card and software can be used, PDAs, Cell phones, Laptops, PCs, a variety of operating systems like Windows, Linux or MACs can be used, penetration testing tools for the Windows platform include, NetStumbler which can discover SSIDs, what encryption is in use WEP or WPA, Cain and Abel is a good multi-purpose tool for sniffing, password cracking, Nessus is a vulnerability scanner and Nmap is a port scanner, the Linux platform include Kismet, Dsniff, Ethereal/Wireshark is a good sniffing tool, there are also some Linux special security distributions Knobbix, Backtrack, NST, War Linux which have some useful tools installed on them.

To prevent others from accessing your network or stealing your data, you might have hackers trying to create denial of service preventing legitimate users from access to the network, you might have access points that have been setup to connect to yours to get your wireless clients to associate with them, use wireless security tools to detect unauthorised devices, look for unusual SSIDs, Ad-Hoc mode clients, access points that are not authorised for your network that don't belong there, compare a list of authorised MAC addresses to the MAC addresses that are being used on the network, look for different hardware types than the ones that you use, look for excessive traffic from a client or access point that may indicate an attempt to obtain a DHCP address or trying to get an access point to repeat it's initialisation vector, or find the SSID or MAC addresses that are used on the network, so it can later spoof those addresses, use automated wireless intrusion detection devices/software to detect unauthorised clients, create a strict policy for connecting to the network and internet use.

Previous Page    Next Page

Recommended Books