PL  |  NL  |  FR  |  ES  |  PT  |  IT  |  DE  |  DK  |  NO  |  SE  |  FI  |  GR  |  JP  |  CN  |  KR  |  RU  |  AE

  Report this article

More information

Frame Relay Topologies

When to Use NAT

What is Frame Relay

Frame Relay Virtual Circuits

Dialer Profiles and Dialer Rotary Group Configuration

The Difference Between Hackers and Crackers

DDR and Dialer Profiles

Network Separation

Hacking; Cracking; and Other Malicious Behavior

Passive Operating System Identification Fingerprinting

SANS Top 10 and Exploits run by crackers

Network Isolation

Why to Deploy a VPN

Suspicious Events on WLAN

Reasons why Wirelwss Networks are hacked

The use of wireless networks is increasing at very fast rates worldwide, largely owing to the relative ease of use and the attendant convenience, as well as the relatively lower and ever falling costs of ownership [5]. The most widely deployed wireless networks at the moment include Wireless LANs (WLANS) or 802.11x networks, wireless access networks or wireless local loops or 802.16 networks, including WIMAX, and Personal Area Networks (PANs) or BlueTooth or 806.15 networks. These wireless networks are emerging as a major source of security threats in a wide range of applications, including e-commerce applications. Any one with a wireless enabled device can easily listen at the hotspots and if the network association rules are not security conscious, serious security breeches and compromises can result, with unfavorable effects on data confidentiality, integrity, availability and non-repudiatability. The scope of attacks and threats are many [4], in many respects similar to threats in wired networks. The earlier wireless networks were not designed and built with security in mind, same as was the case with the Internet. The earliest protocol, Wire-Equivalent Protocol (WEP) was intended to fill the security gap. But the static nature of this protocol, coupled with rather weak encryption and authentication mechanisms, still leaves the wireless LAN vulnerable to a countless of security attacks. Improved protocols such as Wi-fi Protected Access (WPA) and its later versions attempt to overcome most of the shortcomings of WEP, but there are still certain security issues.

Wireless Technologies

Data networks have traditionally relied on 802.11x WLANs, but other technologies that are increasingly being deployed. Broadband wireless networks are becoming more and more common as the last mile or local loop access to the Internet, mainly as a replacement for copper and fiber media. The 802.16 networks are similar to the 802.11x networks, save for the coverage distances and the rather fixed nature of the former. PANs also have their unique features as technologies suited for ad-hoc networking and characterized by very short distances. There are also other technologies that are based on cell phone technologies; particularly 3G phones can allow seamless integration with the Internet.

WLAN Technologies

There various blends of 802.11 blends, designated as 802.11a, 802.11b, 802.11g, 802.11i and 802.11n. The major differences among these Wi-fi LANs are based on the frequency band used, the bandwidths, the coverage distances, and, to some, extent the physical and data-link layer implementation details. All the WLAN technologies operate in the unlicensed frequency bands. 802.11b operates in the ISM (Industry, Scientific and Medical) band of 2.4 GHz [1] while 802.11a/g operate within the 5.3 GHz to 5.8 GHz bands. The respective transfer rates (over-the-air rates) for the 802.11a/b/g are 54, 11 and 54 Mbps. The more advanced 802.11a/g use Orthogonal Frequency Division Multiplexing (OFDM) and other techniques that allow backward compatibility with the slower 802.11b.

802.11n network

Billed as the next generation wireless LAN, this technology seeks to meet the major challenges to existing WLAN technologies. These challenges include bandwidth and range. 802.11n defines modifications to the Physical layer and the MAC layer, making possible to attain a maximum rate of 500 Mbps [2].

Security challenge

All the WLAN technologies employ more or less similar implementation architectures, generally referred to as infrastructure network architectures. Stations with suitable wireless interface cards communicate through the Basic Service Set (BSS) Access Points (APs), where the BSS basically defines the overall coverage area of the access points. The nature of wireless networks is such that any nearby mobile or device can monitor the activities on the network and compromise the network security. Figure 802.11 networks devices can only monitor network activities upon association, which

basically goes through three basic states [3]:

• Unauthenticated and unassociated
• Authenticated and unassociated, and
• Authenticated and associated.

The attacker can only have access to the network after going through the association process. 802.11 use the WEP to provide confidentiality and integrity. The default mechanism is the open system authentication, in which the authentication management frames are sent in clear text. This presents an obvious hole for an attacker to get to know the station SSID (Service Set ID) and MAC address. What follows after this can be any of the possible masquerading attacks, including denial of service attacks. These attacks are minimized by configuring the second security option of 802.11 WEP, i.e., utilizing the challenge-response mechanism. This typically goes through four steps, in which each time encryption is used for confidentiality purposes. But even this option has flaws. The protocol is static and the attacker can eavesdrop on one leg of the communication, by first capturing the frames in the second and third frames of the challenge-response mechanism. The second frame usually contains a random challenge that is in clear text. The third step is an encrypted version. If the attacker knows the Initialization Vector (IV) used in the key exchange, the attacker can perform the decryption and obtain all the information necessary for the authentication to the required access point. Again the attacker gains access to the network.

For data integrity, WEP uses a simple CRC algorithm. A hacker can, thus, easily decrypt packets, modify information within the packets, re-encrypt, and forward data. This data will be received and assumed wholesome so long as the CRC calculated at the recipient is correct.

Thus, four basic vulnerabilities have been identified with WEP [6]:

• Encryption is not often used correctly
• There is no means of preventing message forgeries
• Encryption keys are re-used, allowing others to read data without knowing the encryption key
• Week authentication, making it possible for an attacker to associate relatively easily with the network.

802.11i and WPA

This new standard has emerged in order to address the flaws so far observed in the various 802.11 technologies. 802.11i addressed the various flaws by incorporating the following features:

• Use of 802.1x authentication protocol. An authentication server is used to determine the right of any station to associate with the network.
• Use of the more secure AES encryption algorithm, together with the cipher chain block operation mode. This protocol is called Cipher Block Chaining Message Authentication Protocol (CCMP).
• Use of a Temporal Key Integrity Protocol (TKIP), to overcome the vulnerabilities related to the static nature of WEP.
• Use of session keys, to avoid the flaws associated with reuse of the same key in WEP.

WPA is based on the mechanisms of 802.11i and offers certain additional functionalities to the standard. These features include the incorporation of Extensible Authentication Protocol (EAP), as in IPSec, for more secure authentication. For message integrity, a feature called Message Integrity Check (MIC) is incorporated to prevent any feasible message modification.

WPA in its initial form has certain vulnerabilities. The one-way authentication provided for in 802.1x cannot eliminate the problem of a rogue AP joining the network. With knowledge of the Extended Service Set ID (ESSID), the rogue AP can easily communicate with other stations in the network without these stations realizing the AP is a masquerader.

WPA2 is emerging as a standard that seeks to overcome these vulnerabilities, but there will still be problems of Denial of Service (DoS) and Distributed DoS (DDoS) attacks.

BlueTooth Technologies

These technologies, detailed in 802.15 standard, provide wireless solutions in a limited distance, typically ten meters within a room. Also known as, ad-hoc networks, these technologies do not require a network infrastructure to operate in. BlueTooth is organized in piconets, with up to 8 devices in one piconet. Up to ten piconets can exist in a 10-meter bubble. A gross data rate of up to 2 Mbps is possible [7]. BlueTooth, like some versions of 802.11 networks, operates in the ISM 2.4 GHz frequency band, making it quite prone to frequency interference problems from devices like microwave ovens, other WLANs, etc.

BlueTooth can be a source of network attacks. Two or more devices can be in a room, one of which may have malicious intentions. If the other device is a member of a network, security breeches can ensue. Any Piconet has a master station and several slave stations. The operation of a typical BlueTooth device that makes the attacks possible are outlined below:

• The master enters inquiry mode and sends out an inquiry to discover devices available to connect to.
• Potential slaves make themselves discoverable by entering inquiry scan mode and listen for an inquiry from a master.
• On receiving an inquiry, the slave responds to the master with a Frequency Hop Synchronisation packet (FHS). The FHS contains information that is needed to create a connection to the device; this information includes its Bluetooth address and class of device. This address is usually 48 bits long.
• The master collects the FHS information from each device discovered. To connect to one of these devices the master goes into page mode and will page the device using the corresponding Bluetooth address.
• The slave being paged by a master will need to be in page scan mode to be able to connect to a master

Some of the security features of BlueTooth include:

• Discoverability, which is usually an option in BlueTooth devices. A device with "non-discoverable" feature turned on, may not be detected by nearby devices. But the fact that the option is selectable opens up the network devices to random attacks as most users will forget to turn on the feature.
• BlueTooth addresses can be discovered during communication, since the address is usually not encrypted. Though frequency hopping is used to provide protection yet a cracker can simulate the pseudo-random sequence to synchronize with communicating devices.
• BlueTooth uses a pairing method during initial authentication. Once two devices are paired the information is stored in the devices and there will be no further need for authentication in another session. If an attacker gains access to any of the pairs, a hole will be opened up for attacks.
• Social engineering types of attacks can be quite common, particularly with a number of mobile phones, PDAs and other portable devices. Most of the users of these devices are not security conscious.

Conclusions

There is no doubt that wireless devices and networks will continue to dominate various activities in the Internet. The broadcast nature of wireless systems at the frequencies often used makes it fairly easy for attackers to gain access to networks. Several protocols are in use with the various types of networks. These protocols improve security capabilities of these networks, but, like the wired parallels security can never be 100%. Various flaws and vulnerabilities have been identified in this paper.

In spite of the observed flaws wireless networks are increasingly being used in some mission critical applications like e-commerce, patient monitoring and management systems, etc.

REFRENCES

[1] "Intel and 802.11" (2005)

http://www.intel.com/standards/case/IEEE802_11.htm

[2] "The Next Generation of Wireless LAN Emerges with 802.11n"

http://www.intel.com/technology/magazine/communications/wi08041.pdf

[3] Arbaugh W.A, Shankar N, Wan Y.C.J (2001) "Your 802.11 Wireless Network has No Clothes" Department of Computer Science, University of Maryland.
http://www.cs.umd.edu/~waa/wireless.pdf

[4] "Virus and Malicious Code Protection for Wireless Devices"

http://www.trendmicro.com/NR/rdonlyres/E173C2EB-8C12-43FB-83E3-88DD8D6ED0ED/2772/wirelessprotection022801.pdf

[5] "White paper on vulnerabilities of 802.1x"

www.cs.umd.edu/~waa/1x.pdf.

[6] Walker J. (2005) "IEEE 802.11i Standard Improves Wireless LAN Security"

http://www.intel.com/technology/magazine/standards/80211i-0505.htm

[7] Bialoglowy M. (2005) "BlueTooth Security Review"

http://www.securityfocus.com/infocus/1830