Advertisement

Securing Wireless Network

Posted On January 23, 2012 by Rose Mary filed under Miscellaneous

It's estimated that in a day 15000 concentrated attempts are made against government networks, web sites and infrastructure. Wireless is cheaper than Wired Networks, but securing them needs careful planning.

Wireless networks have been an essential part of communication in the last century. In 1997, IEEE 802.11 was accepted as the standard data communication format for wireless local area networks. The technology continues to grow today. Governments and large corporations are constantly looking out for the latest and fastest standard to work from. It's cheap, convenient, easy to set up, and provides great mobility. The freedom from tangled cables is intoxicating but comes with a price.

It's estimated that in a day 15000 concentrated attempts are made against government networks, web sites and infrastructure.

Wireless Signals

A wireless network can broadcast far outside your building. With a powerful antenna and some widely available hacking software, anyone sitting near your installation or even driving by can passively (without alerting the target) scan all the data flowing in your network. Securing a wireless network is as important as locking the door on your car when you leave it in the parking garage. There are several methods that we implement to insure security of the network.

Many wireless AP's (access points) let you adjust the signal strength; some even let you adjust signal direction. Begin by placing your AP's as far away from exterior walls and windows as possible, then play around with signal strength so you can just barely get connections near exterior walls. This isn't enough, though. Sensitive snooping equipment can pick up wireless signals from an AP at distances of several hundred feet or more. So even with optimal AP placement, the signal may leak.

Lock each AP

 A lot of people don't bother changing the defaults on their APs, and maintaining the default administrator password makes your system a good target. Use a strong password to protect each admin interface of your router.

Use SSIDS/ESSIDS wisely

Change the default Service Set Identifiers (SSIDs) for your APs, and don't use anything obvious like your address or company name. For corporate setups, buy APs that let you disable broadcast SSID. This way way by hackers will not be able to see the network. If you would like to see how find out if your Wireless can be hacked use programs such as Kismet (www.kismetwireless.net) kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

Limit access rights

Chances are, not everyone in your building needs a wireless card. Once you determine who should take to the airwaves, set your APs to allow access by wireless cards with authorized MAC addresses only. Enterprising individuals can spoof MAC addresses.

Wireless security Protocols

WEP:
Wired Equivalent Privacy. Originally intended to give you the same or similar level of security as on a wired network, but it didn't quite work out that way.
In basic layman's terms, WEP works by using secret keys, or codes to encrypt data. The Access Point and the client must know the codes in order for it to function. It uses either 64 bit or 128 bit keys, though the added security from the larger number isn't as much as you would think.
The actual user keys (codes) are 40 bits and 104 bits, with the extra 24 bits used by something called the Intialization Vector (IV).
The encryption is created by taking the IV and randomizing it for each packet, while keeping the secret code the same. The AP and the client decrypt and retrieve the message/data and all is right in the world, in theory.

Problems:

• There is no limit on using the same IV value more than once. This makes the encryption vulnerable to collision-based attacks.
• Because the IV is only 24 bits, there are only ~16.7 million possible variations. Sounds like a lot, but it's quite small in the cryptography world.
• Master keys are used directly, when they should instead be used to generate other temporary keys.
• Users don't change their keys very often on most networks, giving attackers ample time to try various techniques.

If you have nothing else, WEP is better than nothing of course, but I wouldn't trust extremely sensitive data with it.

WPA:
Wifi Protected Access. It bridges the gap between WEP and the upcoming 802.11i standard, and is implementable via firmware upgrades in older hardware. WPA uses Temporal Key Integrity Protocol (or TKIP), which is designed to alow WEP to be upgraded through corrective measures that address the existing security problems.

Advantages over WEP:

• IV length has increased to 48 bits from 24 bits, which allows WPA to achieve over 500 trillion possible key combinations.
• IVs are now better protected through the use of the TSC, or TKIP sequence counter, helping to prevent the re-use of IV keys.
• Master keys are never directly used.
• Better key management
• Impressive message integrity checking

I have not gone into the Enterprise level of WPA, which is actually intended to be used with something called a RADIUS server for access control. Most home users use what is called WPA-PSK, which is for use on smaller networks that need good security without the extra cost and configuration. WPA and WPA-PSK use the same encryption methods, however.

IMPLIMENTING  TKIP or AES

TKIP(Temporal Key Integrity Protocol)

Is a security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as a solution to replace WEP  without requiring the replacement of legacy hardware. This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and a solution was required for already deployed hardware.

TKIP uses the same underlying mechanism as WEP, and consequently is vulnerable to a number of similar attacks. The message integrity check, per-packet key hashing, broadcast key rotation, and a sequence counter discourage many attacks. The key mixing function also eliminates the WEP key recovery attacks.

AES (Advanced Encryption Standard)

In cryptography, the Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each of these ciphers has a 128-bit block size, with key  sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor,the Data Encryption Standard (DES).

AES is the better option.

It is basically a patch for the weakness found in WEP.  The problem with the original WEP is that an attacker could recover your key after observing a relatively small amount of your traffic.  TKIP addresses that problem by automatically negotiating a new key every few minutes -- effectively never giving an attacker enough data to break a key.  Both WEP and WPA-TKIP use the RC4 stream cipher.

AES takes more computing power to run so small devices but is the most secure option you can pick for your wireless network.

Of the two I would suggest AES.  Not only for security reasons but also for performance reasons.  Whenever you enable security on a wireless network you take some kind of performance hit (security requires extra bandwidth and processing time). Interestingly enough, the hit for AES is much smaller than the drop for WEP or TKIP!  More exact figures can be found on wireless router reviews on www.smallnetbuilder.com (Tom’s Hardware).  In the end AES gives you more security and a faster network than TKIP.

How People hack into your wireless network ?

You have read all the technology behind Wireless networks and also how to secure them. Now to better  understand why you have to be worried about the security of your wireless networks lets look at how malicious attackers gain access to your wireless networks

The various methods used by hackers that enable them to exploit wireless connections typically begin with finding wireless networks to crack and gathering as much information about it as possible. This is called Network enumeration.Finding the networks is often done by WarXing, through the use a computer with a network discovery software program such as Kismet, or Network stumbler. After this, more information is gathered by eavesdropping  the network. This may be done by "sniffing", which is monitoring the data packets transmitted by the wireless network. Sniffing is done through network analyzers or "sniffer"s. The information that sniffer programs make available include SSID's, IP's, number of computers connected to the network, types of encryption, and MAC-addresses. Also, network mappers may be used to figure out which servers are running the network and what their operating system is. SSIDSniff, Blade Software IDS Informer, and commands such as ArPing may be used to gather IP addresses. This is especially useful if MAC filtering  is turned on. Also, the obtaining of sensitive information such as SSID's and passwords may also accur through specialised searches through common search engines as Google. There are even programs created which can automate these specialised searches (e.g. SiteDigger).

A next step is scanning for vulnerabilities. This is called a vulnerability assessment. This is done through another network enumerator called a network scanner (e.g. nessus, nmap, wireshark, Mognet). Also, the vulnerability of the access point itself through its firmware may be looked into through tools such as Pong.

Depending on the outcome of this, the hacker determines a means of entry. This may involve simply breaking the encryption through raw computing power (by network encryption-cracking software), through authentication as a legitimate user through any ports/services that are available/left open, creation of a null session (if the OS running is Windows), Man-in-the-middle attack, Queensland attack, ARP Poisoning, combined attacks (e.g. DoS-attacks through the use of Packet injectors on specific servers to relocate traffic). Posing as a legitimate user requires the wireless network's authentic SSID, BSSID, and WiFi-channel. This may be set using tools as Linux Wireless Extension and Wireless Tools. It may also require a valid MAC address which may be obtained via network analyzers and altered through MAC-spoofers as SMAC, MAC Changer or even the ifconfig-command. Access to the entire system through authenthication as a legitimate user may not be available. To break into other (still restricted )parts of the network, password crackers may be used. A null session is a connection to a freely accessible remote share called IPC$ and allows immediate read and write access with Windows NT/2000 and read-access with Windows XP and 2003. Also, if the hacker has been able to recover info on the type of hardware used, he can look into online information booklets about the default settings of these devices, allowing (in some cases) access to the network. Websites offering such default settings information (SSID's, WEP passwords) include CIRT.net

Comments

Post a comment

Name

Email address

URL

Comment

If you enter anything in this field your comment will be treated as spam