Wireless Network Security

Posted on by Gary Ackerman

Another post for my network security students, but you can read it too 🙂

Wireless technology has become an integral part of our daily lives, both personally and professionally. From smartphones and laptops to tablets and IoT devices, wireless networks provide the convenience of accessing information, communicating, and controlling devices without the constraints of physical cables. However, the very nature of wireless communication, which relies on radio waves transmitted through the air, makes it susceptible to various security threats and vulnerabilities. This blog post will explore common wireless attacks, identify weaknesses in wireless security protocols, and examine solutions for securing wireless networks.

Common Wireless Attacks

Wireless networks are vulnerable to a variety of attacks, including:

  • Rogue Access Points (APs): A rogue AP is an unauthorized access point connected to a network, often by an employee who wants to bypass the official IT security policies. A rogue AP can provide open access to an attacker who can circumvent the company’s security. For example, an employee might install a wireless router to provide wireless access for their colleagues, unknowingly creating a security hole for an attacker.
  • Evil Twins: An evil twin is a fraudulent access point that looks legitimate to lure unsuspecting users. Attackers set up these fake APs, often with names that resemble legitimate ones, to trick users into connecting and then intercept their traffic.
  • Eavesdropping: This type of attack involves an unauthorized user intercepting wireless communications between devices. Attackers can listen to data transmissions and steal sensitive information. For instance, a threat actor could capture unencrypted data such as usernames, passwords, or credit card numbers transmitted over a wireless network.
  • Wireless Denial-of-Service (DoS) Attacks: These attacks aim to disrupt wireless network availability by overwhelming it with traffic or interfering with its signals. For example, jamming the wireless signal or manipulating duration field values can prevent legitimate users from accessing the network.
  • Man-in-the-Middle Attacks: In this type of attack, an attacker intercepts communication between two devices, potentially stealing or altering the information being exchanged. Man-in-the-middle attacks can occur on wireless networks when a threat actor positions themselves between a client and an access point to intercept data.
  • Bluesnarfing: This is an attack that involves gaining access to information on a device using a Bluetooth connection.
  • Bluejacking: This attack is when unsolicited messages are sent to Bluetooth enabled devices.
  • Disassociation: This type of attack prevents a device from connecting to a wireless network.
  • Jamming: A wireless denial-of-service attack in which a signal is blocked by a threat actor.
  • Radio Frequency Identification (RFID): This is a wireless technology commonly used to transmit information between tags that are detected by a reader. These are vulnerable to eavesdropping attacks because the signals can be intercepted and confidential data can be stolen.
  • Near Field Communication (NFC): A wireless technology that allows for the transfer of data between devices that are close to each other. This is vulnerable to interception and eavesdropping attacks.
  • Initialization Vector (IV): An IV is a 24-bit value that changes each time a packet is encrypted and then is combined with a shared secret key. If not used properly, the IV is vulnerable to attack.

Vulnerabilities in Wireless Security

Early wireless security protocols, while well-intentioned, had significant vulnerabilities. These included:

  • Wired Equivalent Privacy (WEP): WEP was an early attempt to provide security to wireless networks, but it has several well-known vulnerabilities and is no longer considered secure.
  • Wi-Fi Protected Setup (WPS): WPS was designed to make it easier to configure wireless security. However, the PIN method of WPS has a vulnerability that can be exploited to gain access to the network. The push-button method is not vulnerable.
  • MAC Address Filtering: Although MAC address filtering can prevent unauthorized devices from connecting to a network, it is not a very strong security measure because MAC addresses are transmitted unencrypted and are easily spoofed.
  • Wi-Fi Protected Access (WPA): WPA was designed as a replacement for WEP and was stronger, but it also had some vulnerabilities that led to the development of WPA2.

Modern wireless security solutions are much more secure. Wi-Fi Protected Access 2 (WPA2) and Wi-Fi Protected Access 3 (WPA3) form the foundation of today’s wireless security solutions.

  • WPA2 uses the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), which mandates the use of the AES cipher.
  • WPA3 includes Simultaneous Authentication of Equals (SAE), which provides stronger security even when weak passwords are used. WPA3 is intended to simplify security configurations while improving security protection.

Solutions for Securing Wireless Networks

Securing a wireless network involves a layered approach with the following steps:

  • Proper Installation: When installing a wireless LAN, it is important to consider the optimum location for the wireless router or access point, ensuring that signal coverage is uniform and that the signal does not extend too far outside the building for security reasons. Site surveys should be conducted to properly plan wireless access point placement. The range of a Bluetooth signal can be estimated with a range estimator tool to help plan for a secure install.
  • Strong Authentication: Use a strong authentication method for wireless networks. WPA2 Enterprise and WPA3 can use Extensible Authentication Protocol (EAP), a framework for transporting authentication protocols, to implement strong security through the use of digital certificates. Some common EAP protocols include EAP-TLS, EAP-FAST, and EAP-TTLS. For example, EAP-TLS uses digital certificates for authentication.
  • Strong Encryption: WPA2 and WPA3 use strong encryption protocols like AES-CCMP. It is important to ensure that these protocols are properly implemented and that weak encryption methods are not used]. For instance, using a strong passphrase is also recommended.
  • Regular Updates: Wireless devices and software should be kept up to date with the latest security patches to address any newly discovered vulnerabilities.
  • Wireless Intrusion Prevention Systems (WIPS): A WIPS is designed to detect and prevent wireless attacks. These systems are designed to monitor wireless traffic and to automatically block unauthorized access.
  • Captive Portals: A captive portal requires a user to agree to a policy or enter valid login credentials before accessing the wireless network. This is commonly used in public Wi-Fi hotspots to provide a higher level of security. Captive portals can be used to present information, policies, or to require login credentials.
  • Network Segmentation: Segmenting a network divides it into smaller, isolated networks, limiting the spread of an attack. VLANs can be used to segment the wireless network and limit access.
  • Disabling WPS: If you use WPS, the PIN method should be disabled due to security vulnerabilities.
  • MAC address filtering: MAC address filtering is a less secure option, but it can be used to limit which devices are permitted to connect to the network.
  • Wireless LAN Controllers (WLCs): For enterprise environments, a WLC can manage multiple access points and automatically distribute settings, providing a higher level of security and centralized control. The WLC manages controller access points and is a single device that can be configured.

Additional Security Considerations

  • Bluetooth Security: Bluetooth connections also pose security risks, and care must be taken to ensure that devices are configured securely.
  • RFID and NFC: These wireless technologies are vulnerable to eavesdropping. Care must be taken to protect information transmitted by RFID and NFC devices.
  • Wireless Monitoring Tools: Tools such as NirSoft WifiInfoView and Vistumbler can be used to display information about wireless networks, including their security configurations. While these tools do not “crack” networks, they can be used to assess the security of available wireless networks.f

Conclusion

Wireless security is a critical component of overall cybersecurity. By understanding common wireless attacks, identifying vulnerabilities in wireless security protocols, and implementing the solutions described above, individuals and organizations can significantly enhance the security of their wireless networks and protect their data.