Security of a Local Wireless network

Realised by : Lemaadi ABDELKERIM Admou IMRANE Alidrissi amnoun RACHID Supervised by : Mrs. KHADIJA Elatri Academic year : 2011/2012

Table of content

Introduction ....2 Wireless network .3 Securing wireless network ..................................6 WEP algorithm ...7 WPA algorithm ....9 WPA 2 algorithm ...10 Configuration of a Wireless router ....11 How to crack WEP Wireless Network ..18 Conclusion .20

Introduction
Nowadays, the use of the internet became a necessity as well as breathing air. The number of users is growing up rapidly every day by using different ways such as laptops, tablets or phones. The internet is composed by different types of networks, we can find: WAN: wide area network LAN: local area network MAN: metropolitan area network PAN: personal area network TAN: tiny area network, its a LAN but with less number of machines. CAN: campus area network, its a MAN with a large BP between its different LANs.

Everything has two sides. One is good and one is bad. Internet is the same. However good or bad depend on how people use and control it. People agree that internet always has an important role on a socioeconomic development. And it is one of the most important technological innovations in human history.

Wireless network
Wireless network is a network set up by using radio signal frequency to communicate among computers and other network devices. Sometimes its also referred to as WiFi network or WLAN. This network is getting popular nowadays due to easy to setup feature and no cabling involved. You can connect computers anywhere in your home without the need for wires. Here is simple explanation of how it works, let say you have 2 computers each equipped with wireless adapter and you have set up wireless router. When the computer sends out the data, the binary data will be encoded to radio frequency and transmitted via wireless router. The receiving computer will then decode the signal back to binary data. It doesnt matter you are using broadband cable/DSL modem to access internet; both ways will work with wireless network. If you heard about wireless hotspot that means that location is equipped with wireless devices for you and others to join the network. The two main components are wireless router or access point and wireless clients. If you have not set up any wired network, then just get a wireless router and attach it to cable or DSL modem. You then set up wireless client by adding wireless card to each computer and form a simple wireless network. You can also cable connect computer directly to router if there are switch ports available.

If you already have wired Ethernet network at home, you can attach a wireless access point to existing network router and have wireless access at home.

Wireless router or access points should be installed in a way that maximizes coverage as well as throughput. The coverage provided is generally referred to as the coverage cell. Large areas usually require more than one access point in order to have adequate coverage. You can also add access point to your existing wireless router to improve coverage.

Wireless Operating Mode

The IEEE 802.11 standards specify two operating modes: infrastructure mode and ad hoc mode. Infrastructure mode is used to connect computers with wireless network adapters, also known as wireless clients, to an existing wired network with the help from wireless router or access point. The 2 examples which we specified above operate in this mode. Ad hoc mode is used to connect wireless clients directly together, without the need for a wireless router or access point. An ad hoc network consists of up to 9 wireless clients, which send their data directly to each other.

Securing wireless network

Security usually refers to ensuring that users can perform only the tasks that they are authorized to do and can obtain only the information that they are authorized to have.

The goals of network security are to maintain integrity, protect confidentiality, and ensure availability.

The exponential growth of networking, including wireless technologies, has lead to increased security risks.

Many of these risks are due to hacking, as well as improper uses of network resources. The specific weaknesses and vulnerabilities of WLANs will be covered.

WEP Algorithm

Definition
A security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. - The use of the RC4 algorithm

This picture show the process of encrypting wep key After taping Key as Plain Text, this text is transformed to cipher text via RC4 algorithm

Length of WEP Key:

-A 64-bit WEP key is usually entered as a string of 10 hexadecimal(base 16) characters (0-9 and A-F). -A 128-bit WEP key is usually entered as a string of 26 hexadecimal characters

WEP Authentication:
- Open System authentication :

Any client can authenticate with the Access Point and then attempt to associate

- Shared Key authentication

WPA Algorithm

Definition: (Wi-Fi Protected Access)

-security protocols and security certification programs developed by the Wi-Fi Alliance to secure - use of the AES algorithm

PSK authentication :
The client and the Access point must have the same shared key configured.

10

WPA2 Algorithm

Definition: (Wi-Fi Protected Access II)

WPA2 is the current standard defined via 802.11i It uses the AES algorithm. This protocole has the same principles of functioning as the WPA Protocol, the only Difference that the length of wpa2 key is longer.

11

Configuration of a Wireless router

Implementing network security is very important. You need to know the ways to safeguard your network in order to minimize the risk from being compromised by hackers, worms, viruses and other intrusions.

Changing Router Default Password

Dont use default password on router. You should change the password after initial router configuration Dont use easily guessed password, such as your name, pets name, birth date, etc. A good password is composed of number, alphabet (upper case/lower case) and symbol.

Enabling Firewall on Router

If the router provides firewall feature, use it!! Tune and make some testing on firewall. This feature is useful to drop unknown traffic from Internet and also can restrict the traffic going out to Internet.

Router Firmware Upgrade

Usually router vendor will release new router firmware from time to time for fixing some software bugs and patching security holes. You should upgrade the router firmware when its available. The firmware can be found on vendor website.

Computer Security
You need to update computer OS system and software as often as you can. Again, the updates will patch security holes and fix software bugs. For Windows OS users, you can use Windows Automatic Updates to update the system. If you have set up virtual servers or DMZ hosts, make sure you have latest system and software update installed. This is very important due to virtual server and DMZ hosts are exposed directly to Internet and easily to be compromised if not updated.

12

Also, installing antivirus and anti-spyware software with up-to-date signature is a must to secure your computer. After all, there are constantly new security threats trying to steal your personal information, so you might consider Life Lock to help protect your identity too.

Note: Do not use USB drive or external drive from unknown or untrusted source. If you want to use it, make sure you scan the drive with updated antivirus and anti-spyware software.

Non-Administrator Access to Windows OS

Don't log on to Windows or other OS by using administrator ID with full access privilege for daily operation tasks! You should always use normal user ID with limited access privilege for checking email, web surfing, online gaming, online chatting, etc. Administrator ID should only be used for the tasks which could not be done by using normal user ID. This is the reason why we said that: Since you will get full access privilege with administrator ID, the computer is much easier to be compromised if you click on malicious email link, access to compromised website or perform other online activities.

Avoiding Phishing Attack

Beware of phishing attack! Dont simply click on the link in email, facebook, twitter or other websites, the link might bring you to malicious website to install malware on your computer or lure you into providing online banking or other personal information. Common phishing attack usually appears to be sent from bank, paypal, financial organization or online portal, so you should always check with respective organization contact first before doing anything. Delete emails from unknown sender; dont even try to check the content.

Physical Network Security

Many people might neglect physical network security; however you should keep an eye on it. Do some checking on physical network sometimes to see any unrecognized devices connecting to router or identify unusual setup on network.

13

Application:
This is an example of configuring a wireless network router. Router : SAGEM Fast 3304-v2 Operator : Morocco Telecom

Step1: specify language, username and password.

Step2 : the home page

14

Step3: taking the wireless choice from the menu.

Step4: page of configuring wireless.

15

Step5: defining the channel type.

Step6: choosing the network encryption mode.

16

Step7: entering the WEP type.

Step8 : entering the Key

17

Step9: we can also defining a MAC Filter

Step10: disabling, allowing or dening the MAC Filter.

18

How to crack WEP Wireless Network

Backtrack : BackTrack is a distribution based on the Ubuntu GNU/Linux distribution aimed at digital forensics and penetration testing use. Aircrack-ng : Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2 cracker and analysis. Iwconfig : It is used to set the parameters of the network interface; your wireless interface used is wlan0. airmon-ng : Can be used to enable monitor mode on wireless interfaces. airodump-ng : With this command you can see a list of wireless networks and you specify: The (Channel) which is your networks channel. The BSSID which is the MAC Address for your Access point.

aireplay-ng : Here we are creating router traffic to capture more packets faster to speed up your crack. In this command you specify: -e (ESSID): it is the name of our access point. -a its the MAC address of your access point. -h MAC address of the connected client to our access point.

And you specify your wireless interface. Packets Injection We are creating router traffic to capture more packets faster to speed up our crack.

19

aircrack-ng Its a methodology to crack the wep key. You specify: BSSID (The Mac address of the access point). And you launch your command.

20

Conclusion

Wireless has grown rapidly in the past few years, and travelers search for the wi-fi "hot spots" where they can connect while they are away from the home or office. Many airports, coffees, hotels and motels now routinely provide these services, some for a fee and some for free. A next big growth area is the surge towards universal wireless access, where almost everywhere is a "hot spot". Municipal wi-fi or city-wide access, wiMAX offering broader ranges than wi-fi, EV-DO, 4g, and other formats will joust for dominance in the USA in the years ahead. The battle is both economic and political. Another trend that is rapidly affecting web designers is the growth of smaller devices to connect to the Internet. Small tablets, pocket PCs, smart phones, ebooks, game machines, and even GPS devices are now capable of tapping into the web on the go, and many web pages are not designed to work on that scale. As the Internet has become ubiquitous, faster, and increasingly accessible to non-technical communities, social networking and collaborative services have grown rapidly, enabling people to communicate and share interests in many more ways. Sites like Facebook, Twitter, Linked-In, YouTube, Flicker, Second Life, delicious, blogs, wikis, and many more let people of all ages rapidly share their interests of the moment with others everywhere. In this situation we have to protect our self from hackers, worms, viruses and other intrusions.

21