Wireless Networks Lecture 9: Wireless LAN Security Assistant Teacher Samraa Adnan Al-Asadi 1 Introduction Although wireless networks offer many advantages like its convenience, and ease of installation, it still suffers from many threats that occur due to the use of the radio signals through the open wireless medium (air) where the network can be hacked. Assistant Teacher Samraa Adnan Al-Asadi 2 Objectives of the WLAN Security There are many security objectives that must be satisfied by security solutions, these objectives in WLAN are the same as in the wired networks, and they are: 1. Authentication: ensures that only authorized users can communicate with the network, by verifying the identity of the users and allow their access to the network and its resources after they pass the authentication process successfully. 2. Data Confidentiality: ensures that any information transmitted throughout the network cannot be read or accessed by any unauthorized users. Assistant Teacher Samraa Adnan Al-Asadi 3 Objectives of the WLAN Security 3. Data Integrity: preserving the sanctity of the information that transmitted between authorized users in the network by detecting any changes in the information that happened due to the corruption, destroying, and changing before reaching its destination. 4. Availability: ensures that users can access the network and its resources at any times they need. 5. Intrusion detection and prevention: wireless intrusion detection services (IDS) and Intrusion prevention services (IPS) must detect and prevent any security threats from accessing the network, also it must prevents the user from accessing the resources of other users Assistant Teacher Samraa Adnan Al-Asadi 4 Major Threats against Network Security WLAN is insecure because of many characteristics of the wireless communication such as the invisibility of the wireless medium where the information can travel, also nothing can constrain the boundaries of the wireless communication, and the wireless medium is easy to monitor by using the proper software and equipment. For these reasons, WLAN is vulnerable to many security threats. Some of the major security threats are: Assistant Teacher Samraa Adnan Al-Asadi 5 Major Threats against Network Security Wireless Spoofing Attack: is a well-known attack technique in both wired and wireless networks. The attacker can gain access to the network and its resources by constructing frames and filling fields containing addresses or identifiers with forge values that belong to other authorized users in the network, so the attacker will pretend to be authorized by taking the identity of the authorized user. In wireless networks, these addresses or identifiers are MAC addresses that are unique for each host in the network. Spoofing attack can be classified according to the identifier that the attacker had spoofed to the most common spoofing attack type which is MAC address spoofing, where the MAC address is considered a global unique identifier to the Data link layer that can be used as an authentication factor for granting varying levels of network or system privilege to a user in both wired and wireless networks. Thus all what the attacker need is to change the manufacturer-assigned MAC address to any other legal value that belong to a legitimate user in the network. Beside MAC address spoofing, there is IP address spoofing, URL spoofing, and Email spoofing. Assistant Teacher Samraa Adnan Al-Asadi 6 Major Threats against Network Security Hijacking: is the case when the attacker steals one of the already established connections, and so enters the network without be detected as an attacker, but as an authorized user. Eavesdropping: is the passive monitoring of data that are transmitted throughout the network, this will affect the confidentiality of the transmitted data, and this can done because of the boundless feature of the wireless medium where the data radiated in the space without any control on whom will receive the data Assistant Teacher Samraa Adnan Al-Asadi 7 Major Threats against Network Security Network injection: is the case when the AP does not make use of the traffic filtering, the attacker can change the configuration of the routers, switches, and intelligent hubs by injecting reconfiguration commands that affect these devices, so the network will work corresponding to the new configuration, as a result to this type of attack, the network may brought down and all devices need to be rebooting or reprogramming. Rogue Access Point: this attack is done by installing an AP which appears as a valid authenticator that has the same SSID and stronger signal, in order to receive packets from the legal clients that connected with this rogue AP. From these captured packets, the attacker can gain sensitive information, or even can modify these packets then re- insert it into the network Assistant Teacher Samraa Adnan Al-Asadi 8 802.11 WLAN Authentication and its Weaknesses Open Authentication Vulnerabilities: in this mechanism, only MAC address is sent as the identity of the requested client, Open authentication mechanism provides no security solution because the AP does not verify the identity (MAC address), so the AP cannot determines whether the station is authorized or not, and as a result it will accept all requests Assistant Teacher Samraa Adnan Al-Asadi 9 802.11 WLAN Authentication and its Weaknesses Shared Key Authentication Vulnerabilities: this mechanism requires the use of WEP key to encrypt the challenge text sent from the AP with the key stream by using the exclusive-Or operation then sends the decrypted frame. This mechanism is vulnerable to the Man-in- the–middle attack, where the attacker can sniff both frames containing the (challenge text) and (the encrypted text response), and because the X-OR operation is reversible, the attacker will apply XOR operation between cipher text and plain text, so the attacker can determine the Key stream Assistant Teacher Samraa Adnan Al-Asadi 10 802.11 WLAN Authentication and its Weaknesses SSID Filtering Vulnerabilities: Service Set Identifier or network name, uses as a logical separation between the networks, stations must be configured with appropriate SSID in order to communicate with the Access Point. SSID does not provide any security solutions in the authentication of the users, because the SSID broadcasted in the Beacon frame, so the attacker can determine it by analyzing the Beacon frame using sniffer software. In the case when the SSID not broadcasted with the Beacon frame, the attacker can still find it in the Probe Response. Assistant Teacher Samraa Adnan Al-Asadi 11 802.11 WLAN Authentication and its Weaknesses MAC Address Filtering Vulnerabilities: MAC address is a 48 bit unique identifier assigned to every device in the network, this mechanism requires the building of an Access Control List (ACL) in the Access Point, so the AP will depend mainly on this list in the decision of accepting or denying the access request, if the received MAC address found in the ACL, the AP will accept the request, else the AP will deny it. In 802.11 specifications MAC addresses are sent in clear, enabling the attacker with the use of appropriate software to impersonate a valid MAC address, and so the attacker will gain access to the network. In the AP there may be also a table contains “bad” MAC addresses, the AP use it to permit any device request with the MAC address that not found in this table. Every misbehaving client that sends viruses or spams, the AP will add its MAC address to the table of “bad” MAC addresses and stop receiving any traffic from this client Assistant Teacher Samraa Adnan Al-Asadi 12 Thank You Assistant Teacher Samraa Adnan Al-Asadi 13