Security threats in a Wi-Fi Network

This article attempts to understand what kind of threats a Wi-Fi network could face, especially given the fact that even a person going on a road nearby could reach the enterprise Wi-Fi signals. We look at the vulnerabilities of WEP network, Network sniffers, SSID broadcasting, DOS attacks, De-Auth attacks, Mac-address spoofing, Man-in-the-middle attacks, honey pot attacks, rogue access points and the threat faced by them, Patches in your PC not being up to date, ad-hoc networks, Special Wi-Fi devices like Wireless cameras and wireless phones, loopholes in the authentication protocols, hackers who escape counter scanning by wireless IDS devices.Introduction:

Even though wireless has become a secondary network in most enterprises and institutions, people are not aware of the threats that a wireless network could pose to the security of the data in their organization. Especially given the fact that wireless is available everywhere – even on the roads nearby, sometimes. So, in this article, we would look in what possible ways can a wireless network be broken or hacked so that network administrators can be aware of such means and secure their wireless networks accordingly.

WEP Networks:

No doubt, some encryption is better than not having encryption at all. WEP is an encryption standard used by some of the old wireless networks, and even some new ones which are not properly configured. Since this was developed a long time back, there are quite a few vulnerabilities that networks are prone to, when using that encryption now. Especially with some of the older network adaptors which don’t support more advanced standards.

Static WEP is definitely not a good option. Here, the actual WEP key is used to encrypt frames for all stations/ clients and the same WEP key is used always and with every client. So, when certain software’s (which are freely available on the internet) are used to sniff the network and collect sufficient number of frames that use the weak initialization vectors of WEP, the WEP key can be derived. So, when the encryption is broken, all the data is exposed to the hacker. Dynamic WEP is far better as it uses different WEP keys for each station and they keep changing after a fixed time interval. But still it is prone to attacks, atleast for a short period of time, which is enough for stealing the data in most cases. More advanced algorithms like WPA use a primary key and this primary key is used to generate a secondary key which encrypts the data. But even this is not totally secure. The best encryption available today is based on the IEEE 802.11i also called as WPA 2 standard. But this is like a bigger and tougher lock. It can be broken by a determined hacker.

Network sniffers:

These are passive monitors of the Wi-Fi networks. They could be used by the network administrator to look for abnormal behaviours too. But if they are used by hackers, then some critical information could fall into their hands, which they could use to penetrate or damage the network.

DOS Attacks:

Denial of Service attacks are not restricted to the wireless space. It is also prevalent in the wired space. The basic premise of such attacks is to send a lot of requests to the host in order to choke it with packets and not letting the genuine packets to go be processed by them.

There are certain commercially available Wi-Fi jammers which could cause more damage to a substantial part of a big network. But fortunately these equipments are costly and not used by the average hacker.

Even a laptop with wireless NIC card can initiate a DOS attack. An attacker can send floods of 802.11 associate frames that want to consume ll available client slots in AP, thereby preventing the clients from connecting to the AP.

There are certain hackers who take advantage of holes in the authentication protocols like LEAP, PEAP, EAP handshake etc. and can flood the authentication server through the wireless network.

De-Auth Attacks:

Attackers can send de-authenticate frames continuously to PC’s connected to the wireless network and make it appear to look as if those frames are actually coming from the access point. If this process is repeated, stations will assume Wi-Fi is no longer available from that AP and start for searching other AP’s in the area. So, effectively, that AP is taken off the network at least temporarily.

Mac Address Spoofing:

There are software’s available freely which allow a PC to change its MAC address (The physical address, which is supposed to be permanent for a PC) and broadcast them to the Wi-Fi network. This happens to gain network access, after a MAC address has been sniffed out of the network. In fact, hackers can even change the windows registry entry to make themselves to look like a genuine client.

Man in the middle attacks:

The intruder makes a legitimate AP connect to his AP, then the intruder connects to the enterprise AP. All the communications between the client and the network now flows through the intruder allowing him to modify, delete or add data.

Honeypot attacks:

The attacker advertises the same SSID as the organization. The employees see two SSID’s with a same name. They become confused and some of them connect to the rogue AP which is broadcasting the SSID. This process is also enhanced by the attacker by making his rogue AP propagate wireless signals with a higher power(maybe by using an amplifier) – and the clients generally associate to the strongest signals. This way, they steal their way in to the Wi-Fi networks.

Rogue Access Points (AP):

We have seen the rogue access points as in the above two scenarios, but what if a employee who wants to have his own wi-fi network brings a small access point, plugs it to the network, and start using it? This is especially possible in companies where there is no internet access allowed through Wi-Fi or for that employee. The problem with such AP’s is, they may not be properly configured (weak encryption keys, no encryption at all etc) and hence becomes the weakest point from there the hackers can easily get access to the corporate network.

Client (PC) Configuration:

PC’s which are not running the latest patches for operating systems or anti-virus are prone to internet worms running malicious software’s on their system. They generally send out email floods, but can also give full control of the network for a remote attacker.

Ad-hoc Networks:

There are certain laptops running the latest operating systems (With active Wi-Fi adaptors installed in them) that could connect with each other without authentication or encryption. If a hacker connects himself this way with another laptop in the organization and if that laptop is connected to the wired network and bridging mode is enabled, the data can be easily stolen.

Wi-Fi devices other than PC/Laptops:

Wi-Fi or IEEE 802.11 standard as we know now has become extremely popular and widely used. So, a lot of devices have started coming with a wireless enabled interface. But many of them don’t follow the latest encryption technologies or authentication methodologies. That exposes them to the hackers who are looking for loopholes in the Wi-Fi networks. Some examples of such devices are Wi-Fi phones and Wi-Fi cameras.

excITingIP.com

You could stay up to date on the various computer networking technologies by subscribing to this blog with your email address in the sidebar box mentioned as “Get email updates when new articles are published”