Presentation By Yash Karanke,

B.C.A 3rd Sem.

WIRELESS LAN
SECURITY

What is Wireless Network?

A wireless local area network (WLAN) links two or

more devices over a short distance using a
wireless distribution method, usually providing a
connection through an access point (AP) for Internet
access , allowing users to move around within a local
coverage area, and still remain connected to the
network.

About Wireless LAN

Security

Wireless security is the prevention of

unauthorized access or damage to computers
using wireless networks

The most common types of wireless security

are Wired Equivalent Privacy (WEP) and WiFi Protected Access (WPA).

Wired Equivalent Privacy (WEP)

WEP is a notoriously weak security standard.

The password it uses can often be

cracked in a few minutes with a basic
laptop computer and widely available
software tools.

Wi-Fi Protected Access (WPA)

WPA was a quick alternative to improve security over WEP.

Wi-Fi Protected Access (WPA) took over WEP in the

year 2003 .
The current standard is WPA2.
WPA2 uses an encryption device which encrypts the
network with a 256 bit key.

Modes of unauthorized access

There are many ways to get unauthorized access of the

Wireless Internet. Such as

Non-traditional networks
Man-in-the-middle attacks (MITM)
Caffe Latte attack
Ad hoc networks
Malicious association
Etc

Non-traditional networks

Non-traditional networks such as personal network Bluetooth devices are not safe
from cracking and should be regarded as a security risk.

Even barcode readers, handheld PDAs, and wireless printers and copiers should
be secured.

These non-traditional networks can be easily overlooked by IT personnel who

have narrowly focused on laptops and access points.

Man-in-the-middle attacks (MITM)

The man-in-the-middle attack (often know as MITM, MitM, MIM, MiM, MITMA)
in cryptography and computer security is a form of active eavesdropping in
which the attacker makes independent connections with the victims and relays
messages between them, making them believe that they are talking directly to
each other over a private connection, when in fact the entire conversation is
controlled by the attacker.

Caffe Latte attack

The Cafe Latte attack allows you to obtain a WEP key from a client system.

Briefly, this is done by capturing an ARP packet from the client, manipulating it
and then send it back to the client.

Address Resolution Protocol (ARP) is a telecommunications protocol used for

resolution of network layer addresses.

Ad hoc networks

Ad hoc networks are defined as peer-to-peer(P2P) networks between wireless

computers that do not have an access point in between them.

While these types of networks usually have little protection, encryption methods
can be used to provide security.

Malicious association

Malicious associations are when wireless devices can be actively made by

attackers to connect to a company network through their cracking laptop.

These types of laptops are known as soft APs(Software Access Point) and
are created when a cyber criminal runs some software that makes his/her
wireless network card look like a legitimate access point

Once the thief has gained access, he/she can steal passwords, launch attacks on
the wired network, or plant Trojans!

Hide SSID
MAC ID filtering
Static IP addressing
Regular WEP
WPAv1
LEAP
WPAv2
Smart cards, USB tokens, and software tokens
RF shielding

Hide SSID

A simple but ineffective method to

attempt to secure a wireless network is
to hide the SSID . This provides very
little protection against anything but the
most casual intrusion efforts.
SSID = Service Set Identifier

MAC ID filtering

One of the simplest techniques is to only allow access from known,

pre-approved MAC addresses. Most wireless access points contain
some type of MAC ID filtering. However, an attacker can simply sniff
the MAC address of an authorized client and spoof this addresses.

A (MAC address) is a unique identifier assigned to network

interfaces for communications on the physical network segment.

Ex: Of MAC ID e.g.01-23-45-67-89-ab or 01:23:45:67:89:ab

Static IP
addressing

Typical wireless access points provide IP addresses to clients via DHCP.

Requiring clients to set their own addresses makes it more difficult for a casual or
unsophisticated intruder to log onto the network, but provides little protection
against a sophisticated attacker.

DHCP = Dynamic Host Configuration Protocol

The Dynamic Host Configuration Protocol (DHCP) is a network protocol used

to configure devices that area connected to a network so they can communicate
on that network using the Internet Protocol (IP).

WPA Wi-Fi Protected Access

There are two versions of WPA i.e WPAv1 and WPAv2.

The Wi-Fi Protected Access (WPA and WPA2) security protocols were
later created to address the problems with WEP. If a weak password,
such as a dictionary word or short character string is used, WPA and
WPA2 can be cracked.
WPA2 has been found to have at least one security vulnerability,
nicknamed Hole196. The vulnerability uses the WPA2 Group Temporal
Key (GTK), which is a shared key among all users of the same BSSID,
to launch attacks on other users of the same BSSID.
BSS is uniquely identified by a basic service set identification

LEAP

This stands for the Lightweight Extensible Authentication

Protocol. This protocol helps minimize the original security
flaws by using WEP and a sophisticated key management
system.

LEAP is not safe against crackers. THC-LeapCracker can be

used to break Ciscos version of LEAP and be used against
computers connected to an access point in the form of
a dictionary attack.

Smart cards, USB tokens, and software

tokens

This is a very strong form of security. When combined with some server software, the hardware or
software card or token will use its internal identity code combined with a user entered PIN to create a
powerful algorithm that will very frequently generate a new encryption code. The server will be time
synced to the card or token. This is a very secure way to conduct wireless transmissions.
Companies in this area make USB tokens, software tokens, and smart cards.
Currently the safest security measures are the smart cards / USB tokens. However, these are
expensive.
The next safest methods are WPA2 or WPA with a RADIUS server

RF shielding

Its practical in some cases to apply specialized wall paint and window film to a room or building
to significantly attenuate wireless signals, which keeps the signals from propagating outside a
facility.

This can significantly improve wireless security because its difficult for hackers to receive the
signals beyond the controlled area of an enterprise, such as within parking lots.

Despite security measures as encryption, hackers may still be able to crack them. This is done
using several techniques and tools.

End-to-end
encryption

One can argue that both layer 2 and layer 3 encryption methods are not good
enough for protecting valuable data like passwords and personal emails.

Those technologies add encryption only to parts of the communication path, still
allowing people to spy on the traffic if they have gained access to the wired
network somehow

The solution may be encryption and authorization in the application layer, using
technologies like SSL, SSH, GnuPG , PGP and similar.

The disadvantage with the end-to-end method is, it may fail to cover all traffic.

THANK YOU!