Wireless Network Security Basics
Wireless Networks are those in which the interconnection between devices is established without using wires. The nodes communicate using radio waves. The wireless adapter in a computer translates data in radio signals and transmit it. The wireless router receives the radio signals, decode it and sends the data to internet. Of course this process also works in reverse manner.
A wireless network is usually called as Wifi or WLan. The main advantages of Wireless Networks are that users are not bound to areas to plug into a Wall jack to connect to network and also it reduces the cost of cable used in Wired Networks.
The main disadvantage apart from network performance is lack of security. The wireless networks can be
easily compromised if they are not properly configured.
Basic Terminology
Service Set Identifier (SSID) :It is an alphanumeric string that differentiates the wireless networks .It can be
maximum of 32bit. There can be more than one network in a certain range or on a same channel, SSID
differentiates one from another. Simply it is the name of a network.
Wireless Access Point(WAP)
It is the point from where wireless network signals are generated. WAP is a device that receives radio signals from computers in network and send them to router.
Basic Service Set Identifier(BSSID)
It is the MAC address of WAP or wireless router. It is a unique 48 bit key.
Beacons :
These are wireless packets which are broadcasted to maintain the connectivity between WAP and the computers in network. The WAP broadcasts beacons from time to time to check connectivity with computers.
What is Wireless Equivalent Privacy (WEP)?
WEP is an encryption scheme used to encrypt the WiFi data streams. WEP encryption uses a 64bit or 128bit key.
A WEP uses the combination of an encryption key and Initialization Vector (IV). IV is any 24bit random number and is attached to encryption key to make it difficult to crack.64bit WEP encryption uses a 40bit key and 24 bit IV. Similary 128bit WEP encryption uses a 104 bit key and 24bit IV.
1. Authenticating Clients
The users/clients connection to the wireless network need to enter the correct WEP key to gain access to network.
2. Privacy
It protects the wireless data by encrypting them and allowing decryption by users who have correct WEP key.
The WEP key can be easily cracked by an attacker because size of IV that is 24bit is very short.The vulnerability in WEP is that an IV which is randomly generated is repeated after certain number of packets as it is short (24bit) and less number of combinations are possible.
Due to this insecurity, Wi-Fi Protected Access(WPA) and WPA2 security protocols were released. They provide more security by generating complex and dynamic keys which are hard to crack. The method of creating IVs and encryption keys was improved. WEP,WPA,WPA2 are secure in increasing order.
Basic Security Measures for Wireless Networks :
1. MAC filtering- The MAC address is theoretically a unique 48bit address by which a network device is
recognised. The administrator might let the only the particular clients to connect to network by checking whether their MAC address is present in the list of registered MAC addresses or not.
The drawback of this security mechanism is that administrator need to keep changing the list of MAC address according to new clients connecting and clients which have not been in use for a long time. This security mechanism can be bypassed by attacker by spoofing his MAC with already a registered one.
2.Hiding SSID
Do not simply broadcast the SSID. It lures the attackers or War Drivers to break into the networks. Wireless devices can only connect to WAP if the SSID is known.
3. Using encryption Keys
Using an encryption scheme like WEP,WPA or WPA2 is must for Wireless administrators. A WEP doesn't matter how long it is, can be cracked in minutes. So WPA or WPA2 is recommended.
4. Intrusion Detection Systems(IDS)
Completely securing a wireless is hard. But is easy to moniter what is going on in a network. IDS monitors traffic and alerts the administrator when something unusual is happening or traffic matches any predefined pattern of attack. Many open source products like AisSnare, Snort-Wireless,WIDZ etc are available for the same purpose.
About The Author
Aneesh M Makker is the owner of www.explorehacking.com, He has written several guest post on this blog, If you are interested in writing guest post kindly read the guidelines here
A wireless network is usually called as Wifi or WLan. The main advantages of Wireless Networks are that users are not bound to areas to plug into a Wall jack to connect to network and also it reduces the cost of cable used in Wired Networks.
The main disadvantage apart from network performance is lack of security. The wireless networks can be
easily compromised if they are not properly configured.
Basic Terminology
Service Set Identifier (SSID) :It is an alphanumeric string that differentiates the wireless networks .It can be
maximum of 32bit. There can be more than one network in a certain range or on a same channel, SSID
differentiates one from another. Simply it is the name of a network.
Wireless Access Point(WAP)
It is the point from where wireless network signals are generated. WAP is a device that receives radio signals from computers in network and send them to router.
Basic Service Set Identifier(BSSID)
Beacons :
What is Wireless Equivalent Privacy (WEP)?
WEP is an encryption scheme used to encrypt the WiFi data streams. WEP encryption uses a 64bit or 128bit key.
A WEP uses the combination of an encryption key and Initialization Vector (IV). IV is any 24bit random number and is attached to encryption key to make it difficult to crack.64bit WEP encryption uses a 40bit key and 24 bit IV. Similary 128bit WEP encryption uses a 104 bit key and 24bit IV.
The advantages of WEP
2. Privacy
The WEP key can be easily cracked by an attacker because size of IV that is 24bit is very short.The vulnerability in WEP is that an IV which is randomly generated is repeated after certain number of packets as it is short (24bit) and less number of combinations are possible.
Due to this insecurity, Wi-Fi Protected Access(WPA) and WPA2 security protocols were released. They provide more security by generating complex and dynamic keys which are hard to crack. The method of creating IVs and encryption keys was improved. WEP,WPA,WPA2 are secure in increasing order.
Basic Security Measures for Wireless Networks :
1. MAC filtering- The MAC address is theoretically a unique 48bit address by which a network device is
recognised. The administrator might let the only the particular clients to connect to network by checking whether their MAC address is present in the list of registered MAC addresses or not.
2.Hiding SSID
3. Using encryption Keys
4. Intrusion Detection Systems(IDS)
Aneesh M Makker is the owner of www.explorehacking.com, He has written several guest post on this blog, If you are interested in writing guest post kindly read the guidelines here
Excellent article but is only useful for network administrators..
ReplyDeleteNice post :) I feel SSH tunneling is also a good option for wireless security..one can encrypt the packets and cookies by that....there by one can avoid MITM attack and sidejacking....I cannot say that you can be fully secured but to some extent... :)
ReplyDeleteThanks for sharing.. :)
@Satyajit
ReplyDeleteI agree
SSH Tunneling:
http://rafayhackingarticles.blogspot.com/2010/05/how-to-bypasshack-firewall.html
rafay, good work always informative.
ReplyDeletewhen was this post created ? why no WPA and all the rest of the terminology ?
ReplyDeleteHello, You own a very interesting blog covering lots of topics I am interested as well.I just added your site to my favorites for being able in the future... Please continue your excellent artice writing.
ReplyDeletevery goog
ReplyDeleteExcellent article!
ReplyDeleteWhen deciding to add a new wireless intercom system to the ever increasing portfolio of wireless devices in your home or business, you need to first think about the compatibility with the products you already have (or your close neighbors have). You also need to consider the range and features you need.
ReplyDeleteHere are some software solutions online like Herstel Computer, draadloos en wifi, Netwerk Installeren and Reparatie PC.