See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/266631414

Investigation into IEEE 802.11 Security Issues Affecting Wireless Networks

Article · June 2011

DOI: 10.2316/P.2011.730-024

CITATIONS READS

0 330

3 authors:

Albert Kofi Kwansah Ansah Thomas Kwantwi

University of Mines and Technology (UMaT) University of Mines and Technology
14 PUBLICATIONS   24 CITATIONS    2 PUBLICATIONS   6 CITATIONS   

SEE PROFILE SEE PROFILE

William Akotam Agangiba

University of Mines and Technology
11 PUBLICATIONS   18 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Privacy-Preservation in Bitcoin Blockchain View project

Computation Offloading with blockchain in 5G Network Slicing View project

All content following this page was uploaded by Albert Kofi Kwansah Ansah on 20 February 2017.

The user has requested enhancement of the downloaded file.

 Proceedings of the IASTED International Conference
Wireless Communications (WC 2011)
June 1 - 3, 2011 Vancouver, BC, Canada
INVESTIGATION INTO IEEE 802.11 SECURITY ISSUES AFFECTING
WIRELESS NETWORKS
Albert K. Ansah1, Thomas Kwantwi2, Agangiba W. Akotam3
University of Mines and Technology
Computer Science and Engineering Department
P. O. Box 237, Tarkwa-Ghana
afkansah@yahoo.com
ABSTRACT
Wireless networking is one of the exciting developments
in the world of networking technology. After the
introduction of IEEE 802.11 Ethernet standard, Wi-Fi has
become the most widely adopted wireless networking
type on the wireless network environment. Since wireless
networking is easy to deploy and upgrade and with decent
data rate available today at low cost, implementation of
wireless networking is growing all over the place.
Organizations and enterprises are switching from the
traditional wired networks to wireless networking.
Wireless can serve in many capacities, from a simple
extension to a distribution point. One of the leading
glitches with wireless networking is that, the wireless
networking devices provide no security as they come out
of their boxes. Considering the fact that wireless networks
are built on a shared medium and data packets float
through the air on radio waves, security cannot be
overemphasized when dealing with wireless networking.
It is arguable that many network users don’t have
procedures when they deploy their WLAN for the first
time. It is the dearth of procedures that help attackers get
into any networks they want. This paper seeks to
demystify the security issues of the IEEE 802.11 wireless
standards. The paper goes on to address these security
concerns and points out the method used to secure a
wireless network.
KEY WORDS
IEEE 802.11 Standards, Wireless Communication, Wireless
LAN, Wireless Security, Data Encryption
1. INTRODUCTION
Today wireless is becoming the leader in communication
choices among users. It is not anymore a backup solution
for nomadic travellers but really a new mood naturally
used everywhere even when the wired communications
are possible. In some cases, the use of wireless
networking is inevitable; whereby the buildings are being
used as part of national heritage. In such cases, drilling
through obstacles to lay the cabling is simply prohibited
by law. Another case is offices positioned on opposite
sides of a busy street, highway or office park. Wireless
denotes the transmission of voice and data over radio
waves. Wireless allows communication with networks
without physical connection. Wireless technology is
DOI: 10.2316/P.2011.730-024 81
different from wired technology because the connection is
made by radio waves. To connect to a wired network, you
need wires and permissions sometimes from the network
administrator. For a wireless connection you can be
located anywhere you receive the signal from the
network. Connection to network wirelessly requires
devices that are capable of sending and receiving data. A
wireless network can be accessed from anywhere within a
coverage area. Indeed, security is always a big issue when
it comes to implementing a wireless Local Area Network
(WLAN). [1][2][3][4][17]
The principal aim for wireless deployment is to offer
unswerving signal coverage and Security with decent
performance for networks. Many organizations and also
home users are turning to wireless Local Area Network
technology simply to avoid having run network cables
throughout the building. This makes wireless network
installation and usage pretty flexible and portable. The
802.11 standard has turned out to be pretty common as a
means to enhance or extend the traditional wired network.
The wireless network widespread is unquestionably
linked to its flexibility, cost effectiveness and augmented
throughput compared to its wired network counterpart.
Flexibility means, wireless users stay connected whiles
working from a colleague’s desk and elsewhere within the
Wi-Fi range. 802.11 let users’ access servers, printers, and
other network resources regardless of their location, as
long as they stay in the Wi-Fi range. Network security has
always being a concern when deploying wireless
networks. Network security is a broad topic and covers a
multitude of sins. In a simplest form, Network Security is
making sure that nosy people cannot gain access to read
and modify data and messages intended for other people.
Security is always a priority for people who administrator
networks. The teething troubles in securing wired network
are augmented with a wireless network. In wired
networks, controlling access is very candid; that is if a
user has physical access to a network hub or switch, he
can use (or abuse) the network resources. Although
software mechanisms are an important component of
network security, denying physical access to network
devices is the ultimate access control mechanism. In
guileless term, allowing network access to trusted people
secures the network and for that matter the network
becomes trusted. The demand for wireless networking
hardware has experienced extraordinary progression,
evolving quickly from newness to essential. This has
compelled the Wi-Fi industry to come up with a
prodigious standard that could offer up to about 600 Mbps
connectivity speed such as in 802.11n standards.
[5][6][7][8][9][10]
Several organizations are now deploying Wireless Local
Area Networks (WLANs) because of the benefit and
flexibility that come with wireless networking.
According to a 2003 NOP World research study, WLAN
users connected to their corporate network 3.64 hours per
day longer than their wired peers, thus increasing
productivity by 27 percent. Through the flexibility of
WLANs, not only does the productivity increased
considerably, but also the response times are notably
improved. The widespread of wireless LANs depends
closely on the developed standards. The standardization,
however, ensures the reliability and the compatibility of
products from different equipment suppliers. One acute
difference between Ethernet and wireless is that, wireless
networks are built on a shared medium and therefore,
makes wireless network more vulnerable to security
threats if resilient security policies are not implemented.
[1][2][7]
Another grave problem with wireless networks is that, its
users are relatively anonymous. Anyone, with fair or
malice thought, can sit in any wireless available coverage
with a simple laptop and connect to the network. While
your access point range may be seemed to be just a couple
of hundred meters, a user with a high gain antenna may be
able to make use of the network even from several blocks
afar. Networks are targeted for various reasons by
exploring security vulnerabilities to gain access and
wireless networks are on the high risk. To access a
wireless network, a hacker only has to be in the proximity
of the wireless network range, often without even having
to enter the building of the potential victim. Systems are
targeted because of the information they contain or some
specific resources. The reasons for the network attack
could be financial, political, personal, or merely
convenience due to location or ease of access. The attack
can be simple scripted or well-thought-out and
orchestrated. [1][2][7]
2. BACKGROUND
The term 802.11 wireless network is often used rather
than 802.11 LAN. This particular technology thaws the
margin between local and wide area connectivity; 802.11b
standard point-to-point links can reach beyond 50 miles,
thus becoming wireless wide area network connections
when used as a last mile data delivery solution by wireless
long range links between offices. Thus the use of 802.11
technologies is considered very necessary for Local Area
Networks (LANs) and Wide Area Networks (WANs) and
therefore will always have different security requirements
and approaches. One of the major reasons for increasing
security concerns and attentiveness is the widespread area
of 802.11 network coverage precincts. An attacker can
position himself where no one expects and stay well away
from the network's physical premises. Another reason for
82
security concerns is the prevalent use of 802.11 networks
themselves. The demand for more bandwidth access and
wireless LAN equipment has experienced a phenomenal
growth in recent times. [7]
The prices of 802.11b client adapters dwindled to
almost the cost of 100BaseT Ethernet adapters after the
introduction of 802.11g standard hardware into the market
because of the prodigious advantage in terms of speed.
The growing deployment of protocols from the Wi-Fi
alliance is escalating the deployment of wireless
networks. 802.11n protocol completely redefines Wi-Fi
speed, ushering in a whole new level of network
performance. This standard promises far greater
bandwidth, better range, and reliable than its
predecessors. Consumers are now taking advantage of the
new electronic application such as VoIP telephony or
video streaming that come with wireless N. As emerging
Network Applications take hold in the enterprise, a
growing number of consumers will come to view 802.11n
standard not just as an enhancement to their existing
network, but especially as a necessity. Pervasive 802.11n
deployment will also accelerate the growth of the
enterprise Voice over WLAN market to profit
applications such as VoIP or video streaming. 802.11n
standard is a good opportunity to increase productivity
and mobility. The prevalent nature of wireless
communications forces a network designer to re-evaluate
some of the underlying principles of traditional network
architectures thereby increasing security concerns.
[4][5][7][9][10]
Network Security is concerned with people trying to
access remote services that they are not authorized to. It
also deals with the snags of legitimate messages being
captured and replayed, and with people trying to deny that
they sent certain messages. If an unauthorized user is
detected, practically, it is impossible to merely trace back
to the user. A reprehensible user who gains access to a
wireless network can log all network data on disk and
later use it to launch a more sophisticated attack against
the network. Most often attackers may not be interested in
data you send over the air, they just want to use your
bandwidth to surf on the Internet or for nefarious uses.
For enterprise networks, if attackers had accessed to them,
they can effectuate malicious operations under the
enterprise’s name. It is reasonably not enough to assume
that radio waves just stop at the edge of your property
line. This calls for an enormous fear regarding wireless
network security. Security problems are deliberately
caused mostly by malicious people trying to gain some
benefit, get attention, or to mischief someone. The table
below shows a couple of the most common perpetrators of
networks. It is conspicuous from the table that making a
network secure could involve a lot more than simply
keeping the network from programming slips. It involves
outwitting often clever or intelligent, enthusiastic, devoted
and every so often well-funded adversaries. It should be
clear, however, that measures that thwart casual
antagonists would have little impact on the staid ones.
Therefore security systems should consequently be designed with this fact in mind. [10][11][12]

Table 1: People who cause Security problems and why? Source: Computer Networks
Source: Computer Networks
Adversary Goal
Accountant To embezzle money from a company
Businessman To discover a competitor’s strategic marketing plan
Con man To steal credit card numbers for sale
Cracker To test out someone’s security system; steal data
Ex-employee To get revenge for being fired
Sales Rep To claim to represent all of Europe, not just Andorra
Spy To learn an enemy’s military or industrial secrets
Stockbroker To deny a promise made to a customer by e-mail
Student To have fun snooping on people’s e-mail
Terrorist To seal germ warfare secrets

Astonishingly, it is easy to design a system that is
cogently downright secure by using Virtual Private
Network (VPN) and firewalls. However, leaks like a sieve
can occur if couple of the machines is wireless and use
radio communication, which passes over the firewall in
both directions. 802.11 wireless networks coverage is
often a few hundred meters, so a mole can park within
employees’ car park, and leave an 802.11-enabled
notebook computer in the car to record any information
available. In theory, leakages like this should not happen.
Most of the security glitches can be marked out to the
wireless access point manufacturers in a bid to trying to
make their merchandise user friendly. Usually, the
wireless device begins operating immediately with no
security at all after connecting to a power source,
divulging secrets to anyone within radio range. Ethernet
traffic precipitously becomes available once connected to
Ethernet network. It therefore, goes without saying that
security is even more important for wireless systems than
for wired ones (Tanenbaum, 2003). [8][11][12]
3. WIRELESS SECURITY THREATS
Wi-Fi networks are still subject to malicious threats
regardless several measures taken by IT professionals.
The first dangers for wireless LAN are problems with the
standard overall design. The Wi-Fi, releasing new
standards has reused the same security tools from the
previous standards. Network administrators’ top priority
is always security. There are always difficulties in
keeping a wireless network secured. To connect to a
wired network, one needs wires and permissions from the
network administrator. For a wireless connection the same
person should only be located anywhere there is signal
from the network and do malicious things as those
attacks. A WLAN is open to anyone within range of an
access point and an appropriate credential to associate it.
An attacker need not have to physically enter the premises
to gain access to a WLAN but with a wireless network
interface card NIC and knowledge of cracking techniques.
Security concerns are more significant with business
networks because the backbone of business rest on the
protection of its information. Security breaches can lead
to serious repercussions. [10]
Eavesdropping is one of the activities used to gather
packets using a wireless sniffer such as Ethereal. Nothing
can be done to prevent this activity apart from encrypting
the network with encryption standard such as WEP or
WPA. Now war drivers, hackers or crackers and
employees are the three main categories of threat that lead
to unauthorized access. Hacker originally meant someone
who probes deeply into computer system to understand
the structure and complexity of the system, but today, it
has come to mean malicious intruders who always exploit
weak security measures. Wireless devices often than not
come WLAN-ready with default settings and can be
installed and used with little or no user configuration
leaving client authentication open. Tools such as wireless
sniffers which have legitimate purpose are used by
network engineers to capture packet for system debugging
and intruders can use the same tools to exploit security
weakness. [9][13][14][15]
A rogue access point could be configured with correct
security settings to capture data in a WLAN and also to
provide unauthorized users with information such as
MAC addresses of clients and to gain access to servers. A
typical example of a rogue access point is one installed by
employees which are intended for home use on the
business network without authorization. These access
points end up with security holes because they do not
have necessary security configuration. The man-in-the-
middle (MITM) attack is one of the sophisticated attacks
an unauthorized person can make by positioning himself
logically between a selected host as target and the router
or gateway. Whiles an attacker needs a physical access to
a wired LAN to plant his device logically, he uses the
radio waves emitted by access point to provide connection
in a WLAN. NIC cards only accept traffic meant for it but
attackers have special software to modify NIC cards to
accept all traffic and therefore can carry out wireless
MITM attacks using a NIC as an access point. The entire
network segment can be monitored by an attacker and
wreak havoc on any user connected to it. [9][13][14][15]
MITM attack defeat depends on how sophisticated the
WLAN infrastructure is and vigilance in monitoring
activities on the network. This process commences with
identifying legitimate devices on the WLAN. This is done

83
by authenticating every user on the WLAN. After
knowing all legitimate users, the focus is then moved to
monitoring the devices and traffic that is not supposed to
be there. The state-of-the-art WLAN devices provide
administrators with tools that work together as a wireless
intrusion prevention system (IPS). Some of the tools are
scanners that identify rogue access point and ad-hoc
networks and radio resource management (RRM) which
monitors the RF band for activity and access point load.
802.11b/g/n WLANS use the unlicensed 2.4 GHz ISM
band which is used by most wireless consumer products.
These devices can throng the RF band. An attacker can
create noise on all channels in the band with commonly
available device therefore creating a denial of service
(DoS) attack. Attacker using a computer NIC as access
point can flood the base service station (BSS) with clear-
to-send (CTS) messages, which rout carrier sense multiple
access/collision avoidance (CSMA/CA) function by the
station which in turn causes DoS. [9][13[14][15][17]
4. METHODS
802.11 protocols unleashed a data link-level security
protocol; Wired Equivalent Privacy (WEP), designed to
make the security of a wireless LAN as decent as its
counterpart wired LAN. It is an 802.11’s optional
encryption standard implemented in the MAC layer that
most radio network interface card and access point
vendors support. Once 802.11 security is enabled, secret
keys are shared with the base station (access point) by
each node. The distribution of the keys, however, is not
specified by the standard. WEP encryption uses a stream
cipher based on the RC4 algorithm designed by Ronald
Rivest and it was kept secret until it leaked out and was
posted on the Internet in 1994 (Tanenbaum, 2003). This
approach looked good initially until a method for
breaking it was published (Borisov et al., 2001). Many
installations use the same shared key for all users, which
means that each user can read all other users’ traffic. WEP
Table 2: Prime Stepping Stones to Secure WLAN
First Generation
Open Access
Encryption
SSID WEP
No encryption No strong authentication
Basic authentication Static breakable keys
Not a security handle Not scalable
In home networks, which are an example of an open
network, association is all that may be required to grant
access to client devices and services on the WLAN. A
login or an additional authentication may be required to
grant access to clients in a stricter security network. The
Extensible Authentication Protocol (EAP) manages the
login process. EAP is a framework for authenticating
network access. Organizations used MAC filtering
without broadcasting SSIDs in a bid to securing their
WLAN before the inception of 802.11i (WPA2) or even
84
could still be attacked even if users have discrete key,
because keys are usually stable for quite some period,
though, the WEP standard recommend that keys be
changed on every packet to avoid key stream reuse attack.
Despite the increasing popularity of 802.11 networks,
hardly anyone used WEP. The flaws of WEP shared keys
encryption were two-fold; firstly, the algorithm used to
encrypt the data was crackable and secondly, the problem
of scalability. The 32-bit WEP keys were manually
managed. Breaking 802.11's security is fairly
straightforward. [4][7][8][12][13]
Following the feebleness of WEP-based security, there
was a period of interim security measures. Cisco as
vendor trying to meet the demand for healthier security
came up with their own systems and at the same time
assisting to develop the 802.11i standard. The TKIP
encryption algorithm was born whiles developing the
802.11i standard. This was linked to the Wi-Fi Alliance
WiFi Protected Access (WPA) security mode. The initial
WPA 1.0 was a nonstandard protocol stack. The WAP
forum later came up with WAP 2.0 which largely used
standard protocol in all layers. This standard is IP based
and therefore supports full use of IPsec in the network
layer. With WAP 2.0, TCP connections are protected by
Transport Layer Security (TLS) in the transport layer.
TLS, a successor of Secure Sockets Layer (SSL) is a
cryptographic protocol developed by Internet Engineering
Task Force (IETF) that provides communication security
over the Internet. In today’s wireless networks, the
standard that should be widely followed is the 802.11i
which is similar to the WPA2 standard. Most enterprises
use WPA2 which includes a connection to a Remote
Authentication Dial In User Service (RADIUS) database.
[7][9][12][13][14][15][16]
The table below shows the prime stepping stones to
secure WLAN.
Interim Present
WPA 802.11i/WAP2
Standardized AES Encryption
Improved encryption Authentication: 802.1x
Strong user based
Dynamic key management
authentication
[14][15]
WPA. MAC filtering today is just fooled because
software are available that could be used to modify MAC
addresses of wireless adapters. MAC filtering can still be
used with additional security such as WPA2. Though, an
access point may not be broadcasting SSID, the back and
forth traffic between the client and the access point could
eventually reveal the SSID. An attacker who may be
monitoring such a wireless network or RF band could
sniff the SSID which is sent in plain text. Some
organizations turn off SSID broadcasting under their
security policy due to the ease of SSID discovery but this
idea of securing the WLAN with MAC filtering could
lead to a completely insecure WLAN. Now, port- based
Security
1997 – 2002 2003 – 2003
Time
Fig 1: Wireless Security Strength over years
802.11i specified two enterprise-level of encryption
mechanisms which was certified as WPA and WPA2 by
the WiFi Alliance. These are Temporary Key Integrity
Protocol (TKIP), which is certified as WPA which
addresses the original flaws concomitant with 802.11
WEP encryption method making use of the original
encryption algorithm used by WEP and Advanced
Encryption Standard (AES) notably IEEE 802.11i, which
brings the WLAN encryption standards into alignment
with broader Information Technology industry standards
and best practices . AES is much preferred to TKIP even
though; TKIP addresses all the known weakness of WEP.
TKIP performs two primary functions; it encrypts Layer 2
payload and carries out message integrity check (MIC) in
the encrypted packet. This goes a long way to ensure that
messages are not tampered with. The functions of both
AES and TKIP are practically the same except that AES
adds a sequence number to an encrypted data header and
also uses additional data from MAC header that allows
destination host to recognize if non-encrypted bits have
been tampered with. Some wireless routers or access
points may specify WPA as pre-shared key (PSK) or
PSK2 with TKIP and WPA2 as PSK or PSK2 with AES.
PSK2 without an encryption method specified refers to
WPA2. The concept of depth is having multiple solutions
by adding extra security to a WLAN. Depth can be added
to a WLAN by implementing three-step approach; SSID
cloaking, i.e. disabling SSID broadcasts from access
point, MAC address filtering i.e. creating a table in the
access point to either allow or deny clients based on the
physical address of the adapter and WLAN security
implementation i.e. WPA or WPA2. SSID cloaking and
MAC address filtering are both not considered as a valid
means of securing a WLAN because, MAC filtering are
85
access control such as WPA2 is the best way to ensure the
end users that are supposed to be on the WLAN.
[7][9][13][14][15][16]
2004 – date
easily spoofed and SSID are easily discovered whether or
not access point broadcast them. [7][9][13][14][15][16]
Air Magnet wireless LAN analyzer is useful software
that administrators could use to monitor wireless LAN for
increased reliability. It supports monitoring both 20 MHz
and 40 MHz channels. This software has the ability to
detect and identify the use of various sniffing tools such
as Network Stumbler and indicate any unauthorized user
attempting to access the network and also detect security
vulnerabilities. Today every wireless user must secure
their wireless with WPA or WPA2 encryption. It is quite a
difficult process to put in place as is being reckoned, and
users tend to leave their networks less secure just because
of the complexity of the procedure. Wi-Fi Protected
Setup is an optional certification program developed by
Wi-Fi Alliance to ease set up of security enables Wi-Fi
networks. WPS give end users of WLAN a more
standardized way to enable security features in their
network and additional devices can easily be added to the
network. WPS features two wizard applications; pushing
a button and pin methods. Wireless routers especially
802.11n routers come with a unique 4 or 8 digit pin
required for each device to get connected on the network.
A fixed PIN label is placed on the device which is used to
confirm the connection of intended devices. For increased
security, it also uses WPS to encrypt data and authenticate
each device on the network. Administrators can enable
data encryption using WPS by pushing a button
physically on the access point and other devices wanting
to connect with software-based button known as Push
Button Configuration (PBC). The table below summarizes
the process used to secure a WLAN under WiFi protected
[7][9]13][14][15]
setup method and the process.
 Table 3: WPS Methods Procedure

Wi-Fi Protected Setup Wi-Fi Protected Setup

Legacy Process
1. Power-on Access Point
2. Set network name (SSID)
3. Activate security
4. Set passphrase
5. Power-on client
6. Select network name (SSID)
7. Enter passphrase
PIN Method
1. Power-on Access Point/Register
2. Power-on client device
Network name generated automatically
and broadcast to client devices
3. Access register
4. Enter PIN
Push-Button Method
1. Power-on Access Point
2. Power-on client device
Network name generated automatically
and broadcast to client devices
3. Push button on Access Point
4. Push button on client device

Fig 2: SMC 802.11 n Pin method interface for WPS Fig 3: SMC 803.11 router: PBC method interface for WPS

5. DESIGN connected with a cable RJ45 to the router. Routers

Two simulations were performed with both 802.11g
(MicraDigital) and 802.11n (SMC) routers with three (3)
laptops, One (1) desktop and an access point to form two
wireless LANs in a bid to investigating the security of
802.11 standards. The laptops were connected wirelessly
to the routers and the desktop was the only device
effectively possess a default password and an SSID
interface where admins can design and increase the level
of security. The routers both support WPA in both
enterprise and pre-shared keys mode and WPA2/802.1X.
Figure 4 below show SMC 802.11n WPA/802.1X
interface.

Fig 4: SMC 802.11n WPA Interface

The aims of the simulation are to look at encryption
method or SSID using ‘War diving’ as explained above
and investigate the security of 802.11 devices. The
simulation was performed in two areas; Canary Wharf in
East London where there are several organizations such as
financial institutions and Greenwich; a touristic area in
South East London. These places were chosen to
investigate the security vulnerabilities that could be
potentially found on the WLANs available in such
important areas. The software used is Network Stumbler
or Netstumbler version 0.4.0 which can be downloaded
free from www.netstumbler.com. The software enabled
me to sniff several access points and monitor broadcast
and record information such as service set identifier
(SSID), MAC addresses, broadcast channel and network
types i.e. peer-to-peer or access point.

86
 Fig 5: Netstumbler Interface

6. RESULT ANALYSIS terms of the networks found with both the secured and
The following table shows the outcome of the simulation unsecured.
in
Table 4: Site Survey Results: July 2009
Location
Samples
Canary Wharf Greenwich
Number of Networks found 125 62
Number of unsecure networks 32 15
Number of secured networks with WEP 23 20
Number of secured networks with WPA 30 8
Number of secured networks with WPA2 40 19

The results above show that about a quarter of the Access
Points (AP) in both areas is unsecured. This may be due
to the fact that most of the network managers and users
are not implementing security as default during APs
installation. It is so amazing that a quarter of APs in a
sensitive place like Canary Wharf where information may
be sensitive with massive financial institutions is
unsecured, therefore a malicious person with good
hacking skills can get into those enterprise networks and
cause havoc. It is seen that enterprises encrypt their data
more than other environments. However, I could not
investigate whether the security method is 128-bit or 64-
bit encryption for the WEP and for the WPA, whether is a
pre-shared key or 802.1x

Fig 6: Graphical Presentation of Table 4: Site Survey Result: July 2009

I again sniffed my own area which showed my wireless interesting for an attacker because it could be used to
N AP named clifton (figure below), encrypted with WEP guess my default gateway and for that mather access my
with a serious security vulnerability revealing my subnet network.
information. The subnet information could be very

Fig 7: Netstumbler interface showing Subnet Information

87
 An astonishing revelation I found is that, security
encryption of my SMC wireless N access point was
having an effect on the throughput with increasing
distance in a mixed mode i.e. combination of 802.11
standards. The table below shows average sample
measurements taken over five (5) weeks between
Table 5: 802.11N throughput in mixed mode with different encryption methods in Mbps
Encryption Method (Downlink)
Distance from AP
WEP 128 WPA/TKIP WPA2/AES
Location 1: 10 feet 0.1421 0.4541 0.6845
Location 2: 30 feet 0.0156 0.131 0.0423
Location 3: 200 feet 0.00368 0.00514 0.0126
7. CONCLUSION
In conclusion, I will say that wireless networks are more
vulnerable than its wired counterpart therefore Network
Designers and Administrators are to take securities as top
priority. Since wireless APs comes ready once it is out of
the box, WLAN administrators must ensure that the
strongest security protocol such as WPA or WPA2 is
deployed to prevent activities like eavesdropping, war
drivers etc. if possible, WLAN admins should adopt the
Wi-Fi Protected Setup (WPS) program from Wi-Fi
Alliance to ease setting up security on their Wi-Fi
networks since it give a more standardize way to enable
security features and also extra devices could be easily
added. Enterprises should employ some of the state-of-
the-art WLAN devices tools that work with wireless
intrusion prevention system to identify rogue access
points and ad-hoc networks and radio resource
management which could pose a serious treats to their
WLANs. WLAN admins should legitimately identify all
devices on the network to defeat any man-in-the-middle
attack and also authenticate every user on the wireless
network.
REFERENCES
[1] 802.11n Speed. [Online] Available from:
http://80211n.com/80211n-speed.html
2010: (accessed 28 October 2010 1002)
[2] Schiller, J. H. Mobile Communications. 2nd Ed. Addison-
Wesley, England, 2003: 201-204, 207,
231-232
[3] Labiod, H., Afifi, H. and Santis, C. DE. Springer,
Netherlands, 2007:1
[4] Vladimirov, A. A., Gavrilenko, K. V. and Mikhailovsky, A.
A. Wi-Foo. Addison Wesley, England, 2004: 1-8
[5] New Wi-Fi Standard Promises Blazing Fast Data Speeds.
[Online] Available from:
88
View publication stats
01/07/09 – 03/08/09 depicting how the throughput drops
with highest encryption and increasing distance both
downlink and uplink. The WEP showed the lowest
throughput and this could be the fact manufacturers want
to force wireless users to go for higher encryption
methods.
Encryption Method (Uplink)
WEP 128 WPA/TKIP WPA2/AES
0.00545 0.00796 0.0165
0.001785 0.00463 0.00137
0.0004 0.0012 0.00019
http://www.wired.com/gadgetlab/2009/08/wi-fi-standard/
2009: (accessed 12 October 2010 1620)
[6] Heimann, J. Oracle Software Security Assurance Process.
[Online] Available from:
http://www.oracle.com/us/technologies/security/software-
security-assurance-wp-150395.pdf
2007: (accessed 28 October 2010 1130)
[7] Meyers, M. CompTIA Network+. 4th Ed. McGraw Hill,
USA, 2009: 504, 513-520
[8] Flickenger, R. Wireless Networking. 2nd Ed. Hacker
Friendly LLC, USA, 2007: 157-167
[9] Benton, K. (2010) The Evolution of 802.11 Wireless
Security. [Online] Available from:
http://itffroc.org/pubs/benton_wireless.pdf:
2010: (accessed 30 December 2010 1630)
[10] Lehtinen, R., Russell D. and Gangemi, G. T. Sr. Computer
Security Basics, 2nd Ed. O’Reilly Media, Inc., USA, 2006:
15-25, 21-39, 262-295
[11] McCabe, J. D. Network Analysis, Architecture, and
Design. 3rd Ed. Morgan Kaufmann, USA, 2007: 85, 225,
367, 371, 373
[12] Tanenbaum, A. S. Computer Networks, 4th Ed. Prentice
Hall, New Jersey, 2003: 300-350
[13] Security of the WEP algorithm. [Online] Available from:
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
2010: (accessed 03 December 2010 2041)
[14] Transport Layer Security. [Online] Available from:
http://en.wikipedia.org/wiki/Transport_Layer_Security
2010: (accessed 28 December 2010 2105)
[15] Wireless LAN Security. [Online] Available from:
http://en.wikipedia.org/wiki/Wireless_encryption
2010: (accessed 29 December 2010 1155)
[16] Martyn, M. Mobile and Wireless Design Essentials, Wiley
Publishing, Inc., Indianapolis, India, 2003: 31-63, 122-148
[17] Bosworth, S. and Kabay, M. E. Computer Security
Handbook. 4th Ed. John Wiley and Son, Inc, New York,
2002: 35, 178, 203, 255-258, 262-280