Wireless Networks
Lecture 9:
Wireless LAN Security
Assistant Teacher Samraa Adnan Al-Asadi
1
Introduction
Although wireless networks offer many
advantages like its convenience, and ease of
installation, it still suffers from many threats that
occur due to the use of the radio signals through
the open wireless medium (air) where the
network can be hacked.
Assistant Teacher Samraa Adnan Al-Asadi
2
Objectives of the WLAN Security
There are many security objectives that must
be satisfied by security solutions, these objectives
in WLAN are the same as in the wired networks,
and they are:
1. Authentication: ensures that only authorized
users can communicate with the network, by
verifying the identity of the users and allow their
access to the network and its resources after they
pass the authentication process successfully.
2. Data Confidentiality: ensures that any
information transmitted throughout the network
cannot be read or accessed by any unauthorized
users.
Assistant Teacher Samraa Adnan Al-Asadi
3
Objectives of the WLAN Security
3. Data Integrity: preserving the sanctity of the information
that transmitted between authorized users in the network by
detecting any changes in the information that happened due
to the corruption, destroying, and changing before reaching
its destination.
4. Availability: ensures that users can access the network
and its resources at any times they need.
5. Intrusion detection and prevention: wireless intrusion
detection services (IDS) and Intrusion prevention services
(IPS) must detect and prevent any security threats from
accessing the network, also it must prevents the user from
accessing the resources of other users
Assistant Teacher Samraa Adnan Al-Asadi
4
Major Threats against Network Security
WLAN is insecure because of many
characteristics of the wireless communication such as
the invisibility of the wireless medium where the
information can travel, also nothing can constrain the
boundaries of the wireless communication, and the
wireless medium is easy to monitor by using the proper
software and equipment. For these reasons, WLAN is
vulnerable to many security threats. Some of the major
security threats are:
Assistant Teacher Samraa Adnan Al-Asadi
5
Major Threats against Network Security
Wireless Spoofing Attack: is a well-known attack technique
in both wired and wireless networks. The attacker can gain access to
the network and its resources by constructing frames and filling fields
containing addresses or identifiers with forge values that belong to
other authorized users in the network, so the attacker will pretend to be
authorized by taking the identity of the authorized user.
In wireless networks, these addresses or identifiers are MAC
addresses that are unique for each host in the network. Spoofing attack
can be classified according to the identifier that the attacker had
spoofed to the most common spoofing attack type which is MAC
address spoofing, where the MAC address is considered a global
unique identifier to the Data link layer that can be used as an
authentication factor for granting varying levels of network or system
privilege to a user in both wired and wireless networks. Thus all what
the attacker need is to change the manufacturer-assigned MAC address
to any other legal value that belong to a legitimate user in the network.
Beside MAC address spoofing, there is IP address spoofing, URL
spoofing, and Email spoofing.
Assistant Teacher Samraa Adnan Al-Asadi
6
Major Threats against Network Security
Hijacking: is the case when the attacker steals
one of the already established connections, and so
enters the network without be detected as an attacker,
but as an authorized user.
Eavesdropping: is the passive monitoring of
data that are transmitted throughout the network, this
will affect the confidentiality of the transmitted data,
and this can done because of the boundless feature of
the wireless medium where the data radiated in the
space without any control on whom will receive the
data
Assistant Teacher Samraa Adnan Al-Asadi
7
Major Threats against Network Security
Network injection: is the case when the AP does not
make use of the traffic filtering, the attacker can change the
configuration of the routers, switches, and intelligent hubs by
injecting reconfiguration commands that affect these devices, so
the network will work corresponding to the new configuration,
as a result to this type of attack, the network may brought down
and all devices need to be rebooting or reprogramming.
Rogue Access Point: this attack is done by installing an
AP which appears as a valid authenticator that has the same
SSID and stronger signal, in order to receive packets from the
legal clients that connected with this rogue AP. From these
captured packets, the attacker can gain sensitive information, or
even can modify these packets then re- insert it into the network
Assistant Teacher Samraa Adnan Al-Asadi
8
802.11 WLAN Authentication and its
Weaknesses
Open Authentication Vulnerabilities: in this
mechanism, only MAC address is sent as the identity of
the requested client, Open authentication mechanism
provides no security solution because the AP does not
verify the identity (MAC address), so the AP cannot
determines whether the station is authorized or not, and
as a result it will accept all requests
Assistant Teacher Samraa Adnan Al-Asadi
9
802.11 WLAN Authentication and its
Weaknesses
Shared Key Authentication Vulnerabilities:
this mechanism requires the use of WEP key to encrypt
the challenge text sent from the AP with the key stream
by using the exclusive-Or operation then sends the
decrypted frame. This mechanism is vulnerable to the
Man-in- the–middle attack, where the attacker can sniff
both frames containing the (challenge text) and (the
encrypted text response), and because the X-OR
operation is reversible, the attacker will apply XOR
operation between cipher text and plain text, so the
attacker can determine the Key stream
Assistant Teacher Samraa Adnan Al-Asadi
10
802.11 WLAN Authentication and its
Weaknesses
SSID Filtering Vulnerabilities: Service Set
Identifier or network name, uses as a logical separation
between the networks, stations must be configured with
appropriate SSID in order to communicate with the
Access Point. SSID does not provide any security
solutions in the authentication of the users, because the
SSID broadcasted in the Beacon frame, so the attacker
can determine it by analyzing the Beacon frame using
sniffer software. In the case when the SSID not
broadcasted with the Beacon frame, the attacker can
still find it in the Probe Response.
Assistant Teacher Samraa Adnan Al-Asadi
11
802.11 WLAN Authentication and its
Weaknesses
MAC Address Filtering Vulnerabilities: MAC address
is a 48 bit unique identifier assigned to every device in the
network, this mechanism requires the building of an Access
Control List (ACL) in the Access Point, so the AP will depend
mainly on this list in the decision of accepting or denying the
access request, if the received MAC address found in the ACL,
the AP will accept the request, else the AP will deny it. In 802.11
specifications MAC addresses are sent in clear, enabling the
attacker with the use of appropriate software to impersonate a
valid MAC address, and so the attacker will gain access to the
network. In the AP there may be also a table contains “bad”
MAC addresses, the AP use it to permit any device request with
the MAC address that not found in this table. Every misbehaving
client that sends viruses or spams, the AP will add its MAC
address to the table of “bad” MAC addresses and stop receiving
any traffic from this client
Assistant Teacher Samraa Adnan Al-Asadi
12
Thank You
Assistant Teacher Samraa Adnan Al-Asadi
13