Wireless LAN Security (RM12/2002)

Similar documents
Wireless Attacks and Countermeasures

Karthik Pinnamaneni COEN 150 Wireless Network Security Dr. Joan Holliday 5/21/03

Wireless Network Security

How Insecure is Wireless LAN?

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

What is Eavedropping?

Wireless technology Principles of Security

Securing Wireless Networks by By Joe Klemencic Mon. Apr

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

BreezeACCESS VL Security

5 Tips to Fortify your Wireless Network

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

Detecting & Eliminating Rogue Access Point in IEEE WLAN

Wireless Network Security Fundamentals and Technologies

NETWORK SECURITY. Ch. 3: Network Attacks

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Chapter 5 Local Area Networks. Computer Concepts 2013

What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in Ne

Configuring Security Solutions

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

Managing Rogue Devices

Ethical Hacking and Prevention

PRODUCT GUIDE Wireless Intrusion Prevention Systems

Chapter 11: It s a Network. Introduction to Networking

Managing Rogue Devices

Digital Entertainment. Networking Made Easy

Endpoint Security - what-if analysis 1

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Achieving End-to-End Security in the Internet of Things (IoT)

Assignment Project Whitepaper ITEC495-V1WW. Instructor: Wayne Smith. Jim Patterson

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

CTS2134 Introduction to Networking. Module 08: Network Security

BackTrack 5 Wireless Penetration Testing

Configuring Security Solutions

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group

Chapter 11: Networks

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Overview of Security

jk0-022 Exam Questions Demo CompTIA Exam Questions jk0-022

Wireless KRACK attack client side workaround and detection

Chapter 4. Network Security. Part I

Wireless# Guide to Wireless Communications. Objectives

Wireless Technologies

Information Technology Policy Board Members. SUBJECT: Update to County WAN/LAN Wireless Standards

ECCouncil Certified Ethical Hacker. Download Full Version :

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

Define information security Define security as process, not point product.

THE 123 OF WIRELESS SECURITY AT HOME 家居 WIFI 保安 123

Blackjacking. Daniel Hoffman. Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise. Wiley Publishing, Inc.

Motorola AirDefense Retail Solutions Wireless Security Solutions For Retail

Recommendations for Device Provisioning Security

Chapter 24 Wireless Network Security

What action do you want to perform by issuing the above command?

FAQ on Cisco Aironet Wireless Security

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Wireless Network Security

IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

WHITE PAPER. A Manager s Guide To Wireless Hotspots How To Take Advantage Of Them While Protecting The Security Of Your Corporate Network

Pass Microsoft Exam

Chapter 1 B: Exploring the Network

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

Information System Security. Nguyen Ho Minh Duc, M.Sc

Technology in Action

GHz. VPN Router with RangeBooster User Guide WRV200 WIRELESS. Model No.

Requirements for Building Effective Government WLANs

Cyber Security Guidelines for Public Wi-Fi Networks

Bank Infrastructure - Video - 1

Wireless Router at Home

Course. Curriculum ADVANCED ETHICAL HACKING

Securing Wireless LANs with Certificate Services

A Division of Cisco Systems, Inc. GHz Mbps. Wireless-G. User Guide. VPN Broadband Router WIRELESS WRV54G. Model No.

Improving Security in Wireless Networks

2017 2nd International Conference on Communications, Information Management and Network Security (CIMNS 2017) ISBN:

The Challenges of Measuring Wireless Networks. David Kotz Dartmouth College August 2005

Wireless Security Security problems in Wireless Networks

Wireless Network Defensive Strategies

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

WHITE PAPER: IRONSHIELD BEST PRACTICES MANAGEMENT VLANS

System Threat Analysis Case Study for Software Based Communications

Submitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)

Technology in Action. Chapter Topics. Participation Question. Participation Question 8/17/11. Chapter 7 Networking: Connecting Computing Devices

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

COPYRIGHTED MATERIAL. Index

SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS

Computer Network Routing Challenges Associated to Tackle Resolution Protocol

Transcription:

Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002

For enquiry on this document, please direct to inspector of Regional Support Section, Infrastructure Division, Education Department at (852) 3123 8108 or write to Principal Inspector, Regional Support Section, Infrastructure Division, 5th Floor, Kai Tak Government Building, 5 Arrivals Road, Kowloon City, Hong Kong. The full text of this publication is available at the Information Technology Education Resource Centre home page at http://www.ited.ed.gov.hk

W irless Local Area Network (WLAN) application is becoming more popular in schools. The WLAN technology allows schools to extend their existing network with greater flexibility and more convenience. While enjoying the benefits from WLAN technology, schools themselves should also aware the issues and workarounds of WLAN security. About this document: This paper covers security issues in using WLAN in schools. Basic knowledge of WLAN is required in understanding this paper. WLAN security measures are introduced to enable schools to have a better understanding of the protection of their WLAN system. The main focus of the paper will be based on the 802.11b technology. However, most of the information is applicable to other WLAN standards. Security is a main concern when implementing and managing a network, especially a wireless network. In a wireless network, communication is broadcasted over radio wave. Hence, WLAN is more vulnerable to hackers attacks or eavesdropping. Schools should take proactive steps to minimize security risks in WLAN. Security threats of WLAN In general, hackers are easier to get into a WLAN than a wired network. They can access your network without your permission or notice by placing WLAN devices (either access point or WLAN client) in your network. This is referred to Insertion. (1) Insertion of wireless client, such as notebook computer or PDA, to a WLAN access point is easy. Such insertion can be performed remotely within the range of your WLAN coverage, with some of the WLAN information (e.g. SSID) has been known. The hacker can use computers to mimic the legitimate users. (2) Insertion of unauthorized WLAN access point may also happen in a network. However, hackers have to place the access point(s) in the network first. In some instances, a school staff may plug his/her own WLAN access points into the school LAN for convenience... In that way, he/she may have already opened a backdoor for hackers. As the signal of WLAN is broadcasting in air, interception and monitoring of the radio signal (eavesdropping) are commonly used. If an access point is connected to a hub instead of a switch, all traffic, including the wired traffic, across the hub can be potentially broadcasted over the wireless network. It would be easier for eavesdropping to take place. Common attacks on WLAN Here are the common attacks on wireless network which may work within range of your wireless signal. These attacks are usually based on insertion or eavesdropping of wireless access points/clients. In fact, the attacks are common in wired network also. Wireless Sniffer By using sniffer software in a wireless client, a hacker can sniff and capture any legitimate traffic. No attack is made during sniffing. The hacker is collecting vital packet information for later attack. Session Hijacking If sniffing is possible, it is also possible for a hacker to inject false traffic into a connection. As such, the hacker may be able to issue commands on behalf of a legitimate user by injecting traffic and so hijacking their victim s session. Spoofing The hacker uses a mobile device with spoofed MAC (Media Access Control) address. Using packet-capturing software, the MAC address can be found. Denial Of Service (DOS) DOS is a common attack for all networks. In a WLAN, the hacker might not steal any

information. The hacker may send continuous data packets to jam the access point, or use a high power radio signal generator to interfere the WLAN clients to access the WLAN. The users at that time cannot access the network service as the network is being kept busy by DOS attack. Man-in-the-middle attacks The hacker may set up an access point nearby with a different radio channel. When a user associates with this access point, the username and password will be captured by this fake access point. On the other hand, through monitoring the traffic between the access point and particular WLAN clients, hacker may set up a fake WLAN client and mimics a valid WLAN client to access the network. Built-in security features in WLAN The following are some built-in security features for WLAN equipment: SSID (Service Set ID) SSID is a unique network identifier with a maximum of 32 characters. Each wireless access point has to be assigned with an SSID. The WLAN clients need to know the SSID of the access point to be connected with. The SSID can also be used to differentiate one WLAN from another. The access points and clients connected to a specific WLAN must use the same SSID. WEP (Wired Equivalent Privacy) As its name say, WEP is designed to provide an equivalent level of privacy in the wireless environment as it is in the wired environment. WEP uses a shared and static key, known to both access points and clients, to encrypt data packets before transmission. Up to 4 sets of static keys can be defined in access points/clients. WEP uses either a 40-bit or a 128-bit encryption mechanism for encryption. For most WLAN access points, WEP is disabled by default. Security Risks of WLAN equipment The built-in WLAN security features may have the following security risks: SSID By default, the access point will broadcast the SSID periodically for the clients to discover it. Also, the SSID is sent over the air in clear text in WLAN transmission. A hacker may scan easily for SSID and discover the availability of the access points. Also, a WLAN access point may come with default SSIDs which are commonly known. Some of the default SSIDs are the name of the access point manufacturers such as Intel( intel ), Compaq ( compaq ) and Linksys( linksys ). Other common SSIDs such as wireless and wlan are used in some other products. WEP The encryption mechanism of WEP is proved to be vulnerable. Tools are widely available on the Internet to hack WEP encryption. Also, the static key architecture in WEP poses security weakness: the key authentication follows hardware instead of the users. If the wireless client (e.g. notebook computer or PDA) is stolen or lost, the key for the school is automatically compromised. On the other hand, static key is easy to be hacked. Managing the keys is not easy, especially in large wireless network. There is no easy way to protect the keys or to update them on a regular basis. ACL Spoofing of MAC address is possible. That is, a hacker can use devices to pretend he is a client with valid MAC address. Also, the number of MAC address entries that an access point can support is limited. Managing the ACL would be quite difficult for wireless network with a large number of access points and clients. Also, distribution of MAC address entries to the access points would be tedious manual task.

ACL (Access Control List) ACL (Access Control List) is used in some WLAN access points to control client access. The ACL is usually based on the client s wireless Ethernet MAC address which is unique in each client. The ACL is a database to store the MAC address that can access the WLAN. If the client s MAC address is not listed in the ACL, his/her access will be denied. Suggested WLAN security measures Here are some suggestions for enhancing the security of a wireless network. A general security set-up is good for any kinds of wireless network. An advanced security set-up may be applicable for wireless network with higher security requirements. However, it would incur a higher cost. General Security Setup No wireless device in SAMS network Wireless access point should NOT be connected directly to the SAMS network. Access points can only be used in other networks in schools such as the teaching and learning (ITED) network or MMLC network, but NEVER used in the administrative network such as SAMS. SSID (Service Set ID) Change the default SSID immediately after installation. Never use the default SSID. Turn off the SSID broadcasting if the WLAN is not in use. Change the SSID regularly. WEP (Wired Equivalent Privacy) Enable the WEP Never use the default WEP keys If possible, change the WEP key frequently ACL (Access Control List) Use MAC filtering if your WLAN access point supports this function. Access Point operations Change the default password for system administration. The default passwords are usually insecure, e.g. public is a common password in many access points. If possible, turn the access point power OFF when not in use for a considerable long period of time. Update the firmware of access points periodically. Do NOT connect the wireless access points to hubs in a wired network. Connect to switch can prevent easy sniffing. Use static IP address for WLAN clients Do NOT use DHCP (dynamic host configuration protocol) for assigning IP address to WLAN clients. Use static IP addresses for WLAN clients. With DHCP enabled, the hackers can get applicable IP addresses for entry. Audit the WLAN access points and clients regularly Keep good inventory and network records (e.g. IP addresses) for both WLAN access points and clients. Scan and audit regularly the WLAN equipment to ensure there is no rogue wireless connection. Physical security of WLAN equipment Protect access points and WLAN cards from lost or stolen. The notebook computers with WLAN cards should be secured as they can be used to access the WLAN. Advanced Security Setup Use Firewall to separate WLAN network In this setup, a firewall/gateway is placed between the wired and wireless network. The traffic to the wired network would be screened by the firewall. This can minimize the risk of rogue WLAN clients getting into the wired network. Such setup is essential when there is important/restricted information in the wired network.

Use VPN (Virtual Private network) For high security requirement, VPN can be used to provide more secure data communication. Under VPN, users communicate in an encrypted tunnel between their devices and the wired or wireless LAN. (N.B. Schools may need to acquire additional VPN devices/software for VPN implementation.) Summary At present, wireless networks using the 802.11b protocol are inherently insecure and vulnerable. However, poor network configuration is usually the main cause that affects wireless LAN security. In fact, it is impossible to completely eliminate the security risk of being hacked in a wireless system. However, the risk can be reduced significantly by adopting appropriate security measures. Although 802.11 has its vulnerabilities, schools themselves can mitigate WLAN security risks by education, careful planning, implementation, and management. Schools should also review the security policies of their wireless LAN from time to time to find out and prevent any security vulnerability of their WLAN. More security specifications are being proposed to enhance the security in 802.11 standard, such as 802.1x and 802.11i, to solve the static key, weak encryption and authentication problems. It is expected that the security weaknesses in WEP can be solved in later WLAN products.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback