Most organizations underestimate the importance of network security, and wireless security is not different. According to Bartz (2013), in the early days of wireless networking, security was weak which lead to many vulnerabilities making wireless network unattractive to most enterprises. However, with improvements in wireless security, partly due to Wi-Fi Alliance certifications and IEEE 802.11i, numerous organizations have adopted wireless network. Wireless networking presents numerous advantages to these firms and improves productivity due to the increased accessibility to information sources. Wireless networks are also easy to configure and reconfigure. They are faster and cheaper. In addition, wireless networks are convenient, expandable and easy to integrate with other networks. However, wireless technology creates a wide variety of new threats and alters the current information security risk profile. Despite the new security threats and vulnerabilities introduced by wireless security, the main security objectives are the similar to those of wired networks (Frangoudis, & Polyzos, 2014). The security arrangement must preserve the confidentiality of information and data, the maintaining integrity, and availability of information and information systems.
Wireless network vulnerability and major security threats
A Wireless network consists of four main components that include transmission of data through radio frequencies, access point that gives a connection to the organization network, user devices, and the user. These components provide avenues for attacks. Some of the common wireless network attacks include accidental association, malicious association, ad-hoc networks, non-traditional networks, identity thefts, denial of services attacks, network injections, and man-in-the-middle attacks.
Denial of services
Denials of services are the most common attacks. They occur when an attacker or intruder continuously bombards a targeted accessible point or network with spurious requests, premature successful connection messages, failure messages and other commands (Bhuyan et al., 2014). The attacks cause legitimate causes, not to be able to access the network and may even cause the network to crash. Most of denial of service attacks relies on the misuse of protocols such as the extensible authentication protocol.
Identity theft (spoofing)
Identity thefts (MAC spoofing) takes place when a hacker taps and listens in on network traffic and identify MAC address of a computer with network privileges. Most wireless networks allow some degree of MAC filtering to authorize computers with specific MAC Ids to access and utilize the network. Nevertheless, several programs have "sniffing" capabilities. A combination of these programs with other softwares allows a computer to pretend it has MAC address that the hacker or cracker can easily get around.
Malicious association
Malicious association occurs when wireless devices are actively made by hackers or crackers to connect to an organization network to their computer rather than the organization access point. These types of computers or laptops are "soft access points" and appears when hacker runs some programs that make his or her wireless network look similar to the legitimate access points. The cracker uses the soft access points to gain access to the organization network. Consequently, the hacker can steal passwords, launch attacks on the network or introduce Trojan horses. Wireless network operates at layer level 2 or layer three, and the normal network authentication, and virtual private networks do not offer barriers.
Accidental association
Unauthorized access to an organization wireless and wired network can originate from several methods and intents. Accidental Association is one such method. Accidental association occurs when a wireless network of an organization overlaps with that of another organization and users do not realize the overlap. It causes a security breach that exposes the organization information.
Man-in-the-middle attack
Man-in-the-middle attacks involve a binary masquerade, where the hacker or attacker convinces the sender that she or he is the authorized recipient of applications, resources or services. The hacker can sniff the network traffic. For example, a man-in-the-middle attack. Softwares such as LANjack and AirJack enhance such attacks by automating multiple steps of processes.
Routing attacks
Routing attacks involve the intrusion of the routing of packets through a network. Different types of routing attacks are possible at the network layers including spoofing, altering or replaying routing information. These attacks create routing loops, extend intended routing paths, thus generating bogus error messages, and increasing end-to-end latency. According to Harvey (2011), selective forwarding attacks subvert a node in a network to drop selected packets. Sinkhole attacks destabilize a node in a network to attract packets to it while wormhole attacks record packets from one specific location in a network and transmit them to another location to disrupt its overall functionality.
Securing wireless network
Wireless communication creates three basic threats that include disruption, alteration, and an interception. As a result, wireless network security measures need to protect the confidentiality of the transmissions. There are two main types of countermeasures applicable to reduce the risk of eavesdropping. These include signal-hiding techniques and encryption. Attackers need to identify and locate the wireless network before they can intercept the transmission (Choi, Choi, & Kim, 2014). However, an organization can take several steps to make it difficult to locate the network access points. For example, the organization can turn off the service set identifier (SSID) broadcasting by wireless points, reducing signal strength to the lowest level and assigning cryptic names to SSIDs. The organization can also protect the confidentiality of information by encrypting the wireless network information. Encryption enables an organization to scramble its data or information to make it inaccessible to intruders unless they have decryption programs.
Interception and alteration of wireless transmission are a form of man-in-the-middle attacks. Such attacks can be reduced significantly through strong encryption and authentication. Authentication procedures include credentials such as passwords, digital certificates, smart cards and other authentication procedures. Some of the available encryption and authentication option available for wireless networks include WEP, SSID, and open system authentication. Companies can take several steps denial of services attacks. The company can conduct surveys to identify locations where signals from intruding devices exists and using the results of the survey to locate access points within an organizations network. Wireless networks require regular scanning and auditing for rouge hardware. Organizations can use some of the common network mapping tools such as netstumbler to audit their networks. They can also use specialized tools such as Airsnort to crack WEP and audit network for weak keys and security settings. End users are vital components of wireless network. They are the fourth component of any network. As a result, training the end users on the various security policies and procedures is vital in securing the entire network.
The Wi-Fi Alliance recommends the use of Wi-Fi Protected Access (WPA) to enhance 802.11i security. WAP improves 802.11i by improving security of encryption keys through Temporal Key Integrity and Protocol (Luettmann, & Bender, 2007). WAP also expands the length of initialization vectors and provides strong authentication.
In addition, organizations can carry out simple but effective procedures to ensure their networks are safe. For example, the organization should establish policies that require all employees to turn off the office wireless network when it I not in use. Hackers cannot access a wireless network that is off. They can also ensure they preset their routers password and change the identifiers of their routers from default.
Conclusion
The convenience, cost-effectiveness, flexibility and several other advantages make a wireless network the most common network structures in the future. The increased popularity of wireless networks brings with it numerous advantages to organizations and at the same time exposes the organizations too numerous security threats and vulnerability. Some of the common wireless network attacks include accidental association, malicious association, ad-hoc networks, non-traditional networks, identity thefts, denial of services attacks, network injections, and man-in-the-middle attacks. In addition, wireless communication creates three basic threats that include disruption, alteration, and an interception. As a result, wireless network security measures need to protect the confidentiality of the transmissions. They also need to ensure continued availability of the system and the integrity of data. Wireless security network will remain a critical subject of interest for the coming years as more wireless technologies emerge.
References
C hoi M., Robles R & Hong C (2008). Wireless network security: Vulnerabilities, threats, and countermeasures. International Journal of multimedia and ubiquitous engineering. Vol. 3 (3); 28.
Harvey M (2014). Wireless next generation networks: A virtual-based trust model. New York, USA.
Bartz R (2009). CWTS: Certified Wireless Technology Specialist official study guide. Wiley Publishing, USA.
Frangoudis, P., & Polyzos, G. (2014). Security and performance challenges for user-centric wireless networking. IEEE Communications Magazine, 52(12), 48-55. doi:10.1109/MCOM.2014.6979951
Bhuyan, M. H., Kashyap, H. J., Bhattacharyya, D. K., & Kalita, J. K. (2014). Detecting Distributed Denial of Service Attacks: Methods, Tools, and Future Directions. Computer Journal, 57(4), 537-556.
Park, M., Choi, Y., Eom, J., & Chung, T. (2014). Dangerous Wi-Fi access point: attacks on benign smartphone applications. Personal & Ubiquitous Computing, 18(6), 1373-1386. doi:10.1007/s00779-013-0739-y
Choi, J., 슬롯사이트주소 Choi, C., Ko, B., & Kim, P. (2014). A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment. Soft Computing - A Fusion Of Foundations, Methodologies & Applications, 18(9), 1697-1703. doi:10.1007/s00500-014-1250-8.
Luettmann, B. M., & Bender, A. C. (2007). Man-in-the-middle attacks auto-updating software. Bell Labs Technical Journal, 12(3), 131-138. doi:10.1002/bltj.20255.
Wireless Security
Klaudia Goode (2019-07-15)
| Enviar respuesta
Most organizations underestimate the importance of network security, and wireless security is not different. According to Bartz (2013), in the early days of wireless networking, security was weak which lead to many vulnerabilities making wireless network unattractive to most enterprises. However, with improvements in wireless security, partly due to Wi-Fi Alliance certifications and IEEE 802.11i, numerous organizations have adopted wireless network. Wireless networking presents numerous advantages to these firms and improves productivity due to the increased accessibility to information sources. Wireless networks are also easy to configure and reconfigure. They are faster and cheaper. In addition, wireless networks are convenient, expandable and easy to integrate with other networks. However, wireless technology creates a wide variety of new threats and alters the current information security risk profile. Despite the new security threats and vulnerabilities introduced by wireless security, the main security objectives are the similar to those of wired networks (Frangoudis, & Polyzos, 2014). The security arrangement must preserve the confidentiality of information and data, the maintaining integrity, and availability of information and information systems.Wireless network vulnerability and major security threats
A Wireless network consists of four main components that include transmission of data through radio frequencies, access point that gives a connection to the organization network, user devices, and the user. These components provide avenues for attacks. Some of the common wireless network attacks include accidental association, malicious association, ad-hoc networks, non-traditional networks, identity thefts, denial of services attacks, network injections, and man-in-the-middle attacks.
Denial of services
Denials of services are the most common attacks. They occur when an attacker or intruder continuously bombards a targeted accessible point or network with spurious requests, premature successful connection messages, failure messages and other commands (Bhuyan et al., 2014). The attacks cause legitimate causes, not to be able to access the network and may even cause the network to crash. Most of denial of service attacks relies on the misuse of protocols such as the extensible authentication protocol.
Identity theft (spoofing)
Identity thefts (MAC spoofing) takes place when a hacker taps and listens in on network traffic and identify MAC address of a computer with network privileges. Most wireless networks allow some degree of MAC filtering to authorize computers with specific MAC Ids to access and utilize the network. Nevertheless, several programs have "sniffing" capabilities. A combination of these programs with other softwares allows a computer to pretend it has MAC address that the hacker or cracker can easily get around.
Malicious association
Malicious association occurs when wireless devices are actively made by hackers or crackers to connect to an organization network to their computer rather than the organization access point. These types of computers or laptops are "soft access points" and appears when hacker runs some programs that make his or her wireless network look similar to the legitimate access points. The cracker uses the soft access points to gain access to the organization network. Consequently, the hacker can steal passwords, launch attacks on the network or introduce Trojan horses. Wireless network operates at layer level 2 or layer three, and the normal network authentication, and virtual private networks do not offer barriers.
Accidental association
Unauthorized access to an organization wireless and wired network can originate from several methods and intents. Accidental Association is one such method. Accidental association occurs when a wireless network of an organization overlaps with that of another organization and users do not realize the overlap. It causes a security breach that exposes the organization information.
Man-in-the-middle attack
Man-in-the-middle attacks involve a binary masquerade, where the hacker or attacker convinces the sender that she or he is the authorized recipient of applications, resources or services. The hacker can sniff the network traffic. For example, a man-in-the-middle attack. Softwares such as LANjack and AirJack enhance such attacks by automating multiple steps of processes.
Routing attacks
Routing attacks involve the intrusion of the routing of packets through a network. Different types of routing attacks are possible at the network layers including spoofing, altering or replaying routing information. These attacks create routing loops, extend intended routing paths, thus generating bogus error messages, and increasing end-to-end latency. According to Harvey (2011), selective forwarding attacks subvert a node in a network to drop selected packets. Sinkhole attacks destabilize a node in a network to attract packets to it while wormhole attacks record packets from one specific location in a network and transmit them to another location to disrupt its overall functionality.
Securing wireless network
Wireless communication creates three basic threats that include disruption, alteration, and an interception. As a result, wireless network security measures need to protect the confidentiality of the transmissions. There are two main types of countermeasures applicable to reduce the risk of eavesdropping. These include signal-hiding techniques and encryption. Attackers need to identify and locate the wireless network before they can intercept the transmission (Choi, Choi, & Kim, 2014). However, an organization can take several steps to make it difficult to locate the network access points. For example, the organization can turn off the service set identifier (SSID) broadcasting by wireless points, reducing signal strength to the lowest level and assigning cryptic names to SSIDs. The organization can also protect the confidentiality of information by encrypting the wireless network information. Encryption enables an organization to scramble its data or information to make it inaccessible to intruders unless they have decryption programs.
Interception and alteration of wireless transmission are a form of man-in-the-middle attacks. Such attacks can be reduced significantly through strong encryption and authentication. Authentication procedures include credentials such as passwords, digital certificates, smart cards and other authentication procedures. Some of the available encryption and authentication option available for wireless networks include WEP, SSID, and open system authentication. Companies can take several steps denial of services attacks. The company can conduct surveys to identify locations where signals from intruding devices exists and using the results of the survey to locate access points within an organizations network. Wireless networks require regular scanning and auditing for rouge hardware. Organizations can use some of the common network mapping tools such as netstumbler to audit their networks. They can also use specialized tools such as Airsnort to crack WEP and audit network for weak keys and security settings. End users are vital components of wireless network. They are the fourth component of any network. As a result, training the end users on the various security policies and procedures is vital in securing the entire network.
The Wi-Fi Alliance recommends the use of Wi-Fi Protected Access (WPA) to enhance 802.11i security. WAP improves 802.11i by improving security of encryption keys through Temporal Key Integrity and Protocol (Luettmann, & Bender, 2007). WAP also expands the length of initialization vectors and provides strong authentication.
In addition, organizations can carry out simple but effective procedures to ensure their networks are safe. For example, the organization should establish policies that require all employees to turn off the office wireless network when it I not in use. Hackers cannot access a wireless network that is off. They can also ensure they preset their routers password and change the identifiers of their routers from default.
Conclusion
The convenience, cost-effectiveness, flexibility and several other advantages make a wireless network the most common network structures in the future. The increased popularity of wireless networks brings with it numerous advantages to organizations and at the same time exposes the organizations too numerous security threats and vulnerability. Some of the common wireless network attacks include accidental association, malicious association, ad-hoc networks, non-traditional networks, identity thefts, denial of services attacks, network injections, and man-in-the-middle attacks. In addition, wireless communication creates three basic threats that include disruption, alteration, and an interception. As a result, wireless network security measures need to protect the confidentiality of the transmissions. They also need to ensure continued availability of the system and the integrity of data. Wireless security network will remain a critical subject of interest for the coming years as more wireless technologies emerge.
References
C hoi M., Robles R & Hong C (2008). Wireless network security: Vulnerabilities, threats, and countermeasures. International Journal of multimedia and ubiquitous engineering. Vol. 3 (3); 28.
Harvey M (2014). Wireless next generation networks: A virtual-based trust model. New York, USA.
Bartz R (2009). CWTS: Certified Wireless Technology Specialist official study guide. Wiley Publishing, USA.
Frangoudis, P., & Polyzos, G. (2014). Security and performance challenges for user-centric wireless networking. IEEE Communications Magazine, 52(12), 48-55. doi:10.1109/MCOM.2014.6979951
Bhuyan, M. H., Kashyap, H. J., Bhattacharyya, D. K., & Kalita, J. K. (2014). Detecting Distributed Denial of Service Attacks: Methods, Tools, and Future Directions. Computer Journal, 57(4), 537-556.
Park, M., Choi, Y., Eom, J., & Chung, T. (2014). Dangerous Wi-Fi access point: attacks on benign smartphone applications. Personal & Ubiquitous Computing, 18(6), 1373-1386. doi:10.1007/s00779-013-0739-y
Choi, J., 슬롯사이트주소 Choi, C., Ko, B., & Kim, P. (2014). A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment. Soft Computing - A Fusion Of Foundations, Methodologies & Applications, 18(9), 1697-1703. doi:10.1007/s00500-014-1250-8.
Luettmann, B. M., & Bender, A. C. (2007). Man-in-the-middle attacks auto-updating software. Bell Labs Technical Journal, 12(3), 131-138. doi:10.1002/bltj.20255.
Añadir comentario