Wireless LANs (WLANs) use radio frequencies (RFs) that are radiated into the air from an antenna that creates radio waves. These waves can be absorbed, refracted, or reflected by walls, water, and metal surfaces.
We are using wireless network technology for short distance, but we can increase the transmitting power and we’d be able to gain a greater distance, but doing so can create some nasty distortion, so it has to be done carefully.
By using higher frequencies, we can attain higher data rates, but this is, unfortunately, at the cost of decreased transmitting distances
The 802.11 : Standards :
802.11 is an evolving family of specifications for wireless local area networks (WLANs) developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE).
Wireless Security :
In this point we are going to learn wireless security, means when you use wireless network that time what kind of security threats we have to keep in mind or what kind of attacks will happen through wireless network, so let’s start
Wireless Threats :
Protection of data and the authentication processes are certainly key threats, in today’s wireless network technology.
Rogue Aps :
A rogue access point is a device not sanctioned by an administrator, but is operating on the network anyway. This could be an access point set up by either an employee or by an intruder. The access point could also belong to a nearby company.
These are some reasons to suspect that an access point is a rogue :
The SSID of the access point is neither your network SSID nor listed in the permitted SSID list.
The access point is an ad-hoc access point, formed directly between two client devices.
Network management features of the access point, such as SNMP, HTTP, and Telnet have been disabled.
The access point's MAC address does not appear in ARP tables.
The access point is listed in the rogue list, where it has been added by an administrator.
One way to keep rogue APs out of the wireless network is to employ a wireless LAN controller (WLC) to manage your APs. This is a nice mitigation technique because APS and controllers communicate using Lightweight Access Point protocol (LWAPP) or the newer CAPWAP, and it just so happens that one of the message they share is called Radio Resource Management (RRM).
Ad Hoc Networks :
ad hoc networks are created peer to peer or directly between stations and not through an AP. This can be a dangerous configuration because there's no corporate security in place, and since these networks are often created by unsophisticated users.
When you've got a Cisco Unified Wireless Network (CUWN) in operation, ad hoc networks can be identified over the air by the kind of frames they send, which are different from those belonging to an infrastructure network. When these frames are identified, the CUWN can prevent harmful intrusions by sending out something known as de-authentication frames to keep your stations from associating via ad hoc mode.
Denial of Service :
Sometimes the hacker just wants to cause some major network grief, like jamming the frequency where your WLAN lives to cause a complete interruption of service until you manage to ferret out the jamming signal and disable it. This type of assault is known as a denial of service (DOS) attack.
In this Denial of service attack frames are sent unauthenticated and unencrypted. Since unauthenticated and disassociation frames are classified as management frames, the Management Frame Protection (MFP) mechanism can be used to prevent the deluge.
Passive Attack :
Passive attacks are most often used to gather information to be used in an active attack a hacker is planning to execute later, and they usually involve wireless sniffing. During a passive attack, the hacker captures large amounts of raw frames to analyze online with sniffing software used to discover a key and decrypt it or the data will be analyzed offline.
We can use an intrusion detection system (IDS) or an intrusion protection system (IPS) to guard against passive attacks :
IDS An intrusion detection system (IDS) is used to detect several types of malicious behaviors that can compromise the security and trust of your system.
IPS An intrusion prevention system (IPS) is a computer security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real time, to block or prevent those activities.
The goal of a security mechanism is to provide three features :
Confidentiality of the data
An assured identification process and when faced with decisions about security, you need to consider these three things :
The safety of the authentication process
The strength of the encryption mechanism
Its ability to protect the integrity of the
War Driving :
War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, you need a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.
Remote Authentication Dial-In-User Service (802.1x) :
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that Offers us several security benefits : authorization, centralized access, and accounting supervision regarding the users and/or computers that connect to and access our networks' services. Once RADIUS has authenticated the user, it allows us to specify the type Of rights a user or workstation has, plus control what it, or they, can do within the network. It also creates a record of all access attempts and actions. The provision of authentication, authorization, and accounting is called AAA, and it’s part of the IEEE 802.1 x security standard.
Temporal Key Integrity Protocol :
TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE802.11i standard for wireless LANs (WLANs). It was designed to provide more secure encryption than the notoriously weak Wired Equivalent Privacy (WEP), the original WLAN security protocol. TKIP is the encryption method used in Wi-Fi Protected Access (WPA), which replaced WEP in WLAN products.
Wi-Fi Protected Access or WPA2 Pre-Shared Key :
WPA/ WPA 2 Pre-Shared Key (PSK)'is a better form of wireless security than any other basic wireless security method.
Wi-Fi Protected Access (WPA) is a standard developed by the Wi-Fi Alliance, WPA provides mainly known as the Wireless Ethernet Compatibility Alliance (WECA). WPS provides a standard for authentication and encryption of WLANs that’s intended to solve known security problems.
Wi-Fi Protected Access 2 (WPA 2) - Pre-Shared Key, and also called WPA or WPA2Personal, it is a method of securing your network using WPA2 with the use of the optional Pre-Shared Key (PSK) authentication, which was designed for home users without an enterprise authentication server.
A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.
EAP Transport Layer Security (EAP-TLS) is the most secure method, but it's also the most difficult to configure and maintain. To use EAP-TLS, you must install a certificate on both the authentication server and the client. An authentication server pair of keys and a client pair of keys need to be generated first, signed using a PKI, and installed on the devices. On the station side, the keys can be issued for the machine itself and/or for the user. In the authentication stage, the station, along with the authentication server (RADIUS, etc.), exchange certificates and identify each other. Mutual authentication is a solid beneficial feature, which ensures that the station it's communicating with is the proper authentication server. After this process is completed, random session keys are created for encryption.