An Overview of Wireless Network Security
ITNW 2313 – Networking Hardware
Prof. Michael P. Harris, CCNA, CCAI
Introduction
Networks carry all sorts of confidential data, so security is a highly important part of
any wireless network structure. Security ensures that the same level of data integrity
and confidentiality as a wired network are maintained. Without properly implemented
security measures, any wireless network adapter coming within range of another
network adapter or access point can join the network. The amount of non secure
wireless access points is alarming – a recent study showed how over 90% of Access
Points have little or no security enabled. I once did a little research of my own and
found that 3 out of 5 of the public access points I checked had either no security at all
or WEP - which allowed me to crack the key within 15 minutes using freely available
tools on the Internet.
So why is there such a high lack of security? Well, I would say it’s probably down to
laziness and lack of knowledge; people are not aware of these things. Especially in
small companies and at home, people tend to have the “so long as it’s up and
running” attitude which means that if after using the wireless setup wizard they are
able to browse the internet or access files remotely from a wireless device then all is
well… BIG mistake! To overlook wireless security is like leaving the front door to your
house permanently open. Without any - or little - security that’s essentially what
you’re doing; allowing anyone in range to sniff your network packets, read your emails, use your internet for free, and even gain access to your files.
With the introduction of push-button security for home user products, we can expect
to see an increase in the implementation of wireless security among wireless router
users. The main aim behind push-button security is to provide a simplified and
enhanced method of setting up and building a home network. With so many people –
particularly home users – failing to notice the importance of security as part of their
wireless network building, push-button becomes a means of enabling some form of
security with a click of the mouse or touch of a button. While one may begin to
question the strength of such security, another will remind you that something is
better than nothing at all!
If you’re reading this and still use WEP, check for a driver and/or firmware update for
your hardware and, if possible, change to WPA security now! Also, keep in mind for
the next time you purchase new hardware, make sure the product supports WPA TKIP
at the very least.
Wireless Security Threats
What are the threats that we face today with regards to wireless networks? An
informative list has been compiled by the National Institute of Standards and
Technology as part of their documentation on Wireless Security. Hereunder is an
extract from that document.
To date, the list below includes some of the more salient threats and vulnerabilities
of wireless systems:















All the vulnerabilities that exist in a conventional wired network apply
to wireless technologies.
Malicious entities may gain unauthorized access to an agency’s computer
or voice (IP telephony) network through wireless connections,
potentially bypassing any firewall protections.
Sensitive information that is not encrypted (or that is encrypted with
poor cryptographic techniques) and that is transmitted between two
wireless devices may be intercepted and disclosed.
Denial of service (DoS) attacks may be directed at wireless connections
or devices.
Malicious entities may steal the identity of legitimate users and
masquerade them on internal or external corporate networks.
Sensitive data may be corrupted during improper synchronization.
Malicious entities may be able to violate the privacy of legitimate users
and be able to track their physical movements.
Malicious entities may deploy unauthorized equipment (e.g., client
devices and access points) to surreptitiously gain access to sensitive
information.
Handheld devices are easily stolen and can reveal sensitive information.
Data may be extracted without detection from improperly configured
devices.
Viruses or other malicious code may corrupt data on a wireless device
and be subsequently introduced to a wired network connection.
Malicious entities may, through wireless connections, connect to other
agencies for the purposes of launching attacks and concealing their
activity.
Interlopers, from inside or out, may be able to gain connectivity to
network management controls and thereby disable or disrupt operations.
Malicious entities may use a third party, un-trusted wireless network
services to gain access to an agency’s network resources.
Internal attacks may be possible via ad hoc transmissions.
As with wired networks, agency officials need to be aware of liability issues for the
loss of sensitive information or for any attacks launched from a compromised
network.
~ Source: NIST, United States of America
As you can see, there are vulnerabilities on all levels, some of which wouldn’t
normally come to mind, so we must be prepared for the worst and not take anything
for granted. One prime example would be, with reference to the above point about
how handheld devices are easy stolen - we can take the simple preventative measures
to combat such a threat. Don’t carry round highly sensitive information on your
portable device; only take what is absolutely necessary. Leave other data on the
corporate or home network, or on a removable storage media. Also, if available,
enable the auto lock feature (with a password) and add a PIN number to the device;
so that when you switch it on, you will have to enter a Personal Identification Number
before it starts up.
Wireless Security Considerations
The following are a few things you need to ask yourself when implementing security
for your wireless network.






Do I have some form of logging enabled? Logging is important as it will help you
to trace who is trying to gain unauthorized access to your network. It will also
act as evidence when prosecuting a suspected intruder in court.
Do I allow guest access? If you do then be sure to separate your corporate
network from the WLAN by placing the WLAN in your DMZ or outside the
network and implement a firewall between them. Also, don’t forget to log and
audit guest user activity so that you can see if any abuse is taking place.
Where does my wireless signal end? Perform a site survey and find out exactly
where the signal starts and ends; know your boundary.
Do I know what’s on the network? Document everything and when a new access
point is attached to the current network make sure you know about it. In larger
companies, departments implement their own WLAN by adding an access point
to the network and not informing the administration department, thus
potentially opening up a hole in the network.
Have I performed a Wireless LAN security audit? Make sure you scan your
network to identify known vulnerabilities, and if any are found, take action as
soon as possible!
Are the wireless clients safe? Introduce, or amend a current security policy that
will require mobile users to keep their laptops protected with antivirus and
firewall software.
Tips for Securing your Wireless Network
There are a numbers of things you can keep in mind which will help to lessen the
likeliness of a breach of security in your wireless network. I have compiled a list of
tips that I think will be of use to anyone who has a wireless network.









As should be the case with a wired network, only share what is needed. Don’t
share entire partitions, share folders instead. Also, depending on the level of
confidentiality, you should always password protect anything that is shared
using an archive tool.
If you’ve implemented the WEP authentication method, be sure to use the
Shared Key method, every so often change your WEP keys and make them as
difficult as possible.
Be sure to secure your wireless access point with a strong password; don’t just
leave the default one in place!
Disable access point administration via wireless clients. This means that any
changes to the access point configuration would have to be done from a
machine attached to the wired network.
On smaller networks, use MAC address filtering as an added means of security.
Don’t rely on this feature alone but use it in conjunction with another security
method.
Change the default SSID to something that is understandable to you but not to
outsiders. This will make it slightly more difficult for people to connect to your
network. Be sure to change it to something that won’t give too much
information away about your network.
Disable SSID broadcasting. This feature is meant to make it easier for clients to
connect to the network because the network name can be automatically
discovered by the client operating system. This means anyone in range of your
access point will automatically know your network exists.
If you need wireless access in your building alone, try putting the access point
in the centre of the building to decrease the chance of a wardriver* being in
range of your signal.
If you’re willing to see a dip in speed then using a VPN would be the more
secure option for a wireless network. This is fairly quick and easy to setup and
has great benefits, as opposed to other means of security.
* A wardriver is a person who roams around with his/her laptop to gather information
about a wireless system.
Types of Security
SSID (Service Set Identifier)
An SSID, or Network Name (like a Windows networking Workgroup name), is a
“secret” `@grin` name given to a wireless network. I put secret in inverted commas
because it can be sniffed pretty easily. By default, the SSID is a part of every packet
that travels over the WLAN. Unless you know the SSID of a wireless network you
cannot join it. Every network node must be configured with the same SSID of the
access point that it wishes to connect, which becomes a bit of a headache for the
network administrator.
WEP (Wired Equivalent Privacy)
Developed in the late 1990s, WEP is a basic protocol that is sometimes overlooked by
wireless administrators because of its numerous vulnerabilities. The original
implementations of WEP used 64-bit encryption (40-bit + 24-bit Initialization Vector).
By means of a Brute Force attack, 64-bit WEP can be broken in a matter of minutes,
whereas the stronger 128-bit version will take hours. It’s not the best line of defense
against unauthorized intruders but better than nothing and mainly used by the
average home user. One of the drawbacks of WEP is that since it uses a shared key, if
someone leaves the company then the key will have to be changed on the access
point and all client machines.
WEP2 (Wired Equivalent Privacy version 2)
In 2004, the IEEE proposed an updated version of WEP; WEP2 to address its
predecessor’s shortcomings. Like WEP it relies on the RC4 algorithm but instead uses a
128-bit initialization vector making it stronger than the original version of WEP, but
may still be susceptible to the same kind of attacks.
WPA (Wi-Fi Protected Access)
WPA provides encryption via the Temporary Key Integrity Protocol (TKIP) using the
RC4 algorithm. It is based on the 802.1X protocol and addresses the weaknesses of
WEP by providing enhancements such as Per-Packet key construction and distribution,
a message integrity code feature and a stronger IV (Initialization Vector). The
downside of WPA is that unless your current hardware supports WPA by means of a
firmware upgrade, you will most likely have to purchase new hardware to enjoy the
benefits of this security method. The length of a WPA key is between 8 and 63
characters – the longer it is the more secure it is.
WPA2 (Wi-Fi Protected Access version 2)
Based on the 802.11i standard, WPA2 was released in 2004 and uses a stronger
method of encryption – AES (Advanced Encryption Standard). AES supports key sizes of
128 bits, 192 bits, and 256 bits. It is backward compatible with WPA and uses a fresh
set of keys for every session, so essentially every packet that sent over the air is
encrypted with a unique key. As did WPA, WPA2 offers two versions – Personal and
Enterprise. Personal mode requires only an access point and uses a pre-shared key
for authentication and Enterprise mode requires a RADIUS authentication server and
uses EAP.
MAC Address Filtering
MAC Address Filtering is a means of controlling which network adapters have access
to the access point. A list of MAC Addresses is entered into the access point and
anyone whose MAC address on the wireless network adapter does not match an entry
in the list will not be permitted entry. This is a pretty good means of security when
also used with a packet encryption method. However, keep in mind that MAC
addresses can be spoofed. This type of security is usually used as a means of
authentication, in conjunction with something like WEP for encryption. Below is a
basic image demonstrating the MAC Address Filtering process:
A laptop, with MAC Address 00-0F-CA-AE-C6-A5 wants to access the wireless network
via the access point. The access point compares this Address to its list and permits or
denies access accordingly.
VPN (Virtual Private Network)
Perhaps the most reliable form of security would be to setup a VPN connection over
the wireless network. VPNs have for long been a trusted method of accessing the
corporate network over the internet by forming a secure tunnel from the client to the
server. Setting up a VPN may affect performance due to the amount of data
encryption involved but your mind will be at rest knowing your data is secure. The
VPN option is preferred by many enterprise administrators because VPNs offer the
best commercially available encryption. VPN software uses advanced encryption
mechanisms (AES for example), which makes decrypting the traffic a very hard, if not
impossible, task.
For a clearer understanding of the VPN link method, see the image below.
There are various levels of VPN technology, some of which are expensive and include
both hardware and software. Microsoft does however provide us with a basic VPN
technology – commonly used in small to medium enterprise networks - Windows 2003
Advanced Server and Windows Server 2008. These are more than capable of handling
your wireless VPN requirements.
802.1X
With 802.1X the authentication stage is done via a RADIUS server (IAS on Windows
Server 2003/2008) where the user credentials are checked against the server. When a
user first attempts to connect to the network they are asked to enter their username
and password. These are checked with the RADIUS server and access is granted
accordingly. Every user has a unique key that is changed regularly to allow for better
security. Hackers can crack codes but it does take time, and with a new code being
generated automatically every few minutes, by the time the hacker cracks the code it
would have expired. 802.1X is essentially a simplified standard for passing EAP
(Extensible Authentication Protocol) over a wireless (or wired) network.
Below is an image showing the 802.1X process.
The wireless client (laptop) is known as the Supplicant. The Access Point is known as
the Authenticator and the RADIUS server is known as the Authentication server.
General Tips and Tricks








When purchasing a wireless NIC card, try and get one that can take an external
antenna. This will allow you to change it for a stronger one if ever required.
When you are out and about with your Wi-Fi enabled laptop, disable Microsoft
File and Printer sharing (which enables other computers to access resources on
your computer) so as not to leave your computer vulnerable to hackers.
If you are concerned about the interference from other Wireless Access Points
or wireless devices in the area, set the AP and wireless clients to use a nonoverlapping channel such as 1, 6 or 11.
Change the configuration interface password of the access point before you
enable it. This is more common sense than a tip but most people overlook this
part of setting up a wireless network.
Only buy an access point that has upgradeable firmware. This will allow you to
take advantage of security enhancements or interface updates.
On the same note as above, keep the access point firmware up to date.
Upgrade your firmware whenever a new one is available. It will probably
consist of a new or improved feature.
When you are not using Wi-Fi on your Wi-Fi enabled laptop, turn it off. As well
as protecting yourself from hackers you will be saving battery power.
From time to time, scan the area for rogue access points. If an employee went
out and bought a cheap AP and NIC card, and plugged it into the corporate
network behind the firewall then all your hard work securing the network will
go out the window. This is commonly seen on university campuses where
students purchase hardware and setup a rogue access point in their dorm
rooms.
News and Statistics
Even though the approval of 802.11n is pending, hardware manufacturers such as
Belkin have already started to offer Pre-N routers and wireless network adapters.
These offer improved network speed and range which would benefit users who wish to
transfer larger files and stream audio/video. With Pre-N, an Access Point and Wireless
NIC Card 10 feet away from each other have an average throughput of about 40mbps.
Hardware vendors, such as Linksys and D-Link have also announced the use of MIMO
(Multiple- In-Multiple-Out) in their products. MIMO allows the signal to be bounced
off several antennas and paths so that data delivery is guaranteed. Basically, many
unique data streams are passed in the same frequency channel. It is a technology that
allows for the boosting of wireless bandwidth and range, effectively providing better
performance for wireless multimedia and entertainment systems.
The Wi-Fi market is booming with over 98% of all laptops shipped in 2009 being Wi-Fi
enabled.
In the last quarter of last year, Wi-Fi hardware revenues grew by 17% over the
previous year.
Guest access looks set to be a key requirement for enterprises. The ability to send
and receive mail and access information on the enterprise servers while attending a
meeting at another company is a major plus for mobile workers.
Wireless data revenues are set to grow to 130 billion US Dollars within the next few
years.
60% of hotels in the tourism industry deploy WI-FI themselves, without using a service
provider. They usually bill it to the room or offer it free as an amenity to guests.
In a recent Poll, forty per cent of people said they would buy a cell phone with Wi-Fi
and only twelve per cent said they would want to get TV on their cell phone. The
possibility of using voWLAN (Voice Over Wireless Local Area Network) is appealing to
many business users. This would allow someone to use GSM while out and about and
switch to voWLAN as soon as they step back into the office.
Conclusion
That concludes my overview of wireless security article. We took a look at why
security is so important for wireless networks, I gave you some general tips for
securing a network and showed you the different threats that one may face. Despite
what most people think, a wireless network can be secure. However, there is a dire
need for better education and stronger security implementations.