Free Computer Courses Training Tutorials Home  ->  Learn About Computers, Software Development & Information Technology  ->  Table of Contents

Chapter 19:
Wireless Security


Introduction to Wireless Networking

In the past five years, there has been a huge boom in communication devices.It was not so long ago, less than 10 years, actually, when pagers were the latest in fast communications.It's not that there were no cell phones, but that they were big, bulky, and extremely expensive.A few years can change a lot of things, certainly with respect to technology, but these past few years have been incredible.Cell phones have become as mandatory as landlines.Without them, it is impossible to communicate, keep in touch.Today's busy lifestyle demands that we have our wireless devices to keep in touch with business associates as well as loved ones.

You might be thinking to yourself, 'nobody would be interested in my conversations or text messages.' They might be boring and dull, but that does not mean you should not be worried about wireless security.And for those of you who do deal with information of a more sensitive nature, then you have already thought about this issue.Anytime there is a signal transmission, there are great vulnerabilities. Cell phones and other wireless devices work by transmitting a signal to a station, the station then relays that message to a satellite which sends it to another station which then sends it to a specific cell phone or other wireless device.As you can imagine, there are plenty of places for a message to be intercepted.In order to solve that problem, many people have encryption on their cell phones and other wireless communication devices. The encryption on most wireless technology is not very good.Furthermore, it is not difficult for a hacker to break into a wireless system using standard wireless cards, as they are almost all interchangeable.Indeed sometimes I find myself accidentally using the wireless card of my neighbor upstairs, and he finds himself using mine.Just like if we had the same code on our garage door openers.Neither what he does nor what I do are particularly interesting, no real reason to spy, but there are security concerns.

Not only would a hacker have access to your personal information stored on your computer, including passwords and credit card numbers, wireless devices and connections are especially vulnerable to hijacking.A hacker can potentially hijack your computer to hack into, say, the pentagon website.He/she gets off clean and all the records point to you as the person who hacked into the pentagon's website.In other words, the hacker could use you, an innocent person, to be the dummy on his/her crime spree. There are some things you can do to protect yourself.

  1. Do not put any sensitive information on your Palm Pilot or other pocket PC. These devices have no built in security features and can be easily hacked by anyone. The equipment to hack a pocket PC is much cheaper than the actual pocket PC.

  2. Use Encryption. Encryption for wireless devices is widely available to consumers.Just make sure to buy it from a reputable company.Also, remember that the security must be set up at all access pints, that means that if there are four PDA's, and three desktops connected via wireless the security must be set up on all six devices.

  3. Follow the security advice that has come before. Remember all that stuff about passwords and keeping your computer physically protected? This applies to PDA's also.Don't take it if you don't need it and be sure to keep a good eye on it. If it is stolen, that person has access to your encryption codes and can break into the computers that do have lots of information on them.

Wireless security still has a long way to come.Lucky for us, there are some very intelligent people working on this perplexing problem.Everyday that passes brings us closer to more secure wireless technology.

Growing Popularity of Wireless Networks

In recent years, wireless local area networks (WLANs) have experienced a rapid growth. A continuously changing business environment requires greater flexibility from people and their working equipment. Therefore, enterprises of all sizes have started to notice the importance of wireless connectivity inside the office premises. Today, wireless networking in the home is a vibrant and growing market. Modern families have a growing dependence on the PC for work, school, and play.  There is a continuous fall in the prices of powerful PCs, resulting in more households with multiple computers scattered through several rooms. A home WLAN enables these computers to share a single Internet connection, usually a broadband connection, as well as share applications, files, and printers. Without a home network, each computer would require its own dedicated modem line for Internet access. Sharing one broadband connection over a LAN makes economic sense and enhances performance and the overall end-user experience. Because of this, WLANs have fast become the home network solution of choice, providing a quick, convenient, and easy way to share computer resources, while offering the additional benefit of user mobility. Client devices such as laptop PCs and PDAs (personal digital assistants) stay connected on the wireless network as people carry them from room to room. The reason of WLANs becoming popular is that with wireless connectivity, users no longer have to drop cable to every desktop and can easily connect from just about anywhere on the networking area.  Wireless LAN's provide always-on network connectivity while allowing office workers to roam throughout a building without being bound by wires. Wireless LANs seem to be low cost and easily deployed. With new interoperable WLAN products with IEEE 802.11b standard, small enterprises and organizations are able to enjoy the convenience of wireless LANs.

Wireless Protocol Standards

IEEE 802.11

Although there are many standards developed for wireless LANs but the most commonly used standard is what the industry knows as 802.11 or Wi-Fi. The 802.11 standard was developed by the IEEE (Institute of Electrical and Electronics Engineers) and ratified in 1997. The IEEE is a standards developing body whose members are engineers, scientists and students in electronics and allied fields. Currently, the IEEE has task group committees that continue to refine the 802.11 standards. Each committee uses a letter such as 802.11a or 802.11b and so on to label the developing standard. The Wi-Fi Alliance is a non-profit group that was established in 1999 to certify interoperability of wireless LAN products based on the IEEE 802.11 specification. Currently products are certified in the 802.11a and 802.11b standards. Although products have reached the market for the 802.11g standard, they are based on a draft specification not yet certified by the Wi-Fi Alliance.

802.11 Standards

The 802.11 suite has the four established standards with the 802.11 suite, namely, 802.11, 802.11a, 802.11b and 802.11g. IEEE is continuing to work on new standards that will eliminate or mitigate the shortcomings of the existing standards. Additional standards are still under development that will extend the physical layer options, improve security, and add quality of service (QoS) features. Among the IEEE 802.11 suite of standards used to define wireless Ethernet, similarities exist between the four established standards. Despite the apparent similarities evident among these four standards, each has unique characteristics.

802.11 standards have built-in encryption called WEP. It has been shown that WEP has poor authentication and flaws in the encryption protocol that makes it a weak security tool. Most wireless devices have WEP turned off by default. Even when WEP is turned on, hackers can crack it with minimal effort. Since WEP is part of the 802.11 standard, it is recommended that it be enabled. Although WEP provides minimal security, it at least provides a way of slowing down the hacker.

Introduced in July 1997, 802.11 was the first IEEE standard used for wireless data networking applications with maximum data transfer rates at 2 Mbps in the 2.4 gigahertz (GHz) radio band. Within 802.11, two different modulation schemes are supported that can be used to transmit data signals. One of the two modulation schemes used in 802.11 is frequency-hopping spread spectrum (FHSS). This transmission technique is used in WLAN transmissions where the data signal is modulated with a narrowband carrier signal that "hops" in a random sequence from frequency to frequency as a function of time over a wide band of frequencies. This technique reduces the chances of interference because another interfering signal will only affect the 802.11 signal if both are transmitting at the same frequency at the same time. The other modulation scheme used in 802.11 is direct-sequence spread spectrum (DSSS), which is a transmission technique in which a data signal at the sending station is combined with a higher data rate bit sequence, or chipping code, that divides the user data according to a spreading ratio. If one or more bits in the pattern are damaged during transmission, the original data can be recovered due to the redundancy of the transmission. Although the 802.11 standard supports both modulation schemes, the two types of spread spectrum technologies are not compatible. The number of channels used by 802.11 compliant products depends on the modulation scheme used. More specifically, FHSS-based products use 79 channels of the Unlicensed National Information Infrastructure (UNII) band, whereas DSSS-based products use either 3 non-overlapping channels or 6 overlapping channels of the Industrial, Scientific, and Medical (ISM) radio band.

802.11a, a physical layer standard for WLANs, was completed in September 1999. 802.11a specifies characteristics for high-speed broadband WLAN access. The standard can also be applied to wireless asynchronous transfer mode (ATM) systems and is used in access hubs. It is offered in the 5 GHz radio (UNII) band, and operates on 8 channels; however, the available radio spectrum in some countries permits the use of 12 channels. The additional number of channels used in the higher spectrum yields less interference from neighboring APs. Until recently, operating in the 5 GHz spectrum band was either limited or illegal in several European countries. Different regions of the world have allocated different amounts of spectrum, so geographic location determines how much of the 5 GHz band is available. Several countries, including France and Ireland, allow the delivery and use of 802.11a compliant products, and other countries have placed their own regulations on using 802.11a products. 802.11a compliant networks transfer data at rates of up to 54 Mbps in the available radio spectrum, which is up to five times faster than 802.11b compliant networks. More commonly, however, 802.11a compliant networks communications are at the 6 Mbps, 12 Mbps, or 24 Mbps data rates. Again, as the distance between the user and the AP increases, the data rate decreases. Home networking users may find the increased bandwidth of 802.11a compliant networks useful when using applications requiring large bandwidth, such as for streaming video, music, and large file transfers. 802.11a compliant networks use orthogonal frequency division multiplexing (OFDM) modulation to provide these data rates. OFDM is a type of digital modulation in which a signal is divided into separate channels at different frequencies. The 802.11a was the first in the suite of 802.11 standards originally proposed to the IEEE, but due to the complexity of the implementing OFDM, the 802.11b standard was approved first.

802.11b, the second physical layer standard for WLANs, was completed in September 1999. Currently, a wide range of products is available to the public in North America, Europe, and Asia. Unlike users of 802.11a compliant products, who are encountering problems using the 5 GHz spectrum band in Europe, users of 802.11b compliant products have the support of global networking component manufacturers. The 802.11b standard specifies operation on three channels in the 2.4-2.4835 GHz spectrum and offers wireless throughput of up to 11 Mbps per channel. The maximum throughput is generally less than 11 Mbps due to the shared bandwidth split between users of a particular AP. As is common with WLANs, the data rates tend to decrease as the distance between the user device and the AP increases. Generally, 802.11b compliant products have a range of approximately 100 meters, but can realize a much greater range of coverage under optimal conditions where interference is limited. The 802.11b compliant chipsets use the modulation scheme known as complementary code keying (CCK), a form of DSSS, to transmit data signals through the three available channels. This unlicensed portion of the radio band shares space with many low-power signals from home electronics, including microwave ovens, cordless telephones, Bluetooth-enabled devices, and garage-door openers. 802.11b compliant products have a range of up to 400 meters in ideal conditions and would be compatible with the products that meet the new 802.11g standard when it is finalized.

IEEE formed Task Group G to develop a new standard, 802.11g, offering wireless communication over relatively short distances at up to 54 Mbps. This standard features increased data transmission rates while maintaining interoperability with 802.11b compliant products. The standard uses OFDM to achieve data rates from 22 Mbps to up to 54 Mbps (i.e., doubling the data rates of 802.11b compliant products); however, 802.11g compliant products will be backward compatible with 802.11b compliant products that use the modulation scheme CCK (i.e., a form of DSSS). The backward compatibility feature allows an 802.11b compliant client adapter card to interact directly with an 802.11g compliant AP. Communications between 802.11g and 802.11b compliant devices are limited to data rates up to 11 Mbps, depending on the range between the pieces of equipment. 802.11g compliant products also support packet binary convolution coding (PBCC) modulation, an option that provides faster data rates. This use of different modulation schemes makes it possible for 802.11g compliant products to be compatible with existing 802.11b compliant products. 802.11g compliant products use three channels in the 2.4 GHz spectrum.

Benefits of Wireless Networks

The recent and ever increasing widespread reliance on networking in business and the rapid growth of the Internet and online services are strong attestations to the benefits of shared data and shared resources. With wireless LANs, users can access shared information without looking for a place to plug in, and network managers can set up or augment networks without installing or moving wires.

Wireless LANs offer the following productivity, convenience, and cost advantages over traditional wired networks:

Risks and Vulnerabilities

Insertion Attacks
This type of attack involves unauthorized devices being deployed in order to gain access to an existing network. Laptops or PDA's can be configured to attempt access to networks simply by installing wireless network cards and setting up near a target network. If password authentication is not enabled on the network, connection to an access point and network resources is simplified. Another type of insertion attack is the deployment of rogue access points either by a hacker or by well-meaning internal employees seeking to enhance wireless coverage. Hacker controlled access points can be used to entice authorized wireless clients to connect to a hacker's access point rather than the network's intended access points. In addition, access points not authorized by the network administrator have the potential to be improperly configured and vulnerable to outside attack. This presents the risk of the interception of login ID's and passwords for future direct attacks on a network. The risk can be magnified if rogue access points are deployed behind the corporate firewall.

Brute Force Password Attacks
Even when password authentication is implemented on wireless network access points, unauthorized access is still possible through the use of brute force dictionary attacks. Password cracking applications can methodically test passwords in an attempt to break-in to a network access point.

Denial of Service
The 2.4 GHz frequency range, within which 802.11b operates, is shared with other wireless devices such as cordless telephones, baby monitors and Bluetooth based devices. All of these devices can serve to degrade and interrupt wireless signals. In addition, a determined and resourceful attacker with the proper equipment can flood the frequency with artificial noise and completely disrupt wireless network operation.

Client-to-Client Attacks
A wireless access point is not necessary for two wireless enabled clients to communicate. As such, each client is at risk from the same file sharing and TCP/IP attacks as clients on a wired LAN.

Interception and Monitoring
An attacker can passively intercept wireless network traffic and through packet analysis determine login ID's and passwords as well as collect other sensitive data using wireless packet sniffers, etc.

Wireless Packet Sniffers
The ease with which intruders can penetrate a wireless network is now being made easier with the release of several software applications that allow intruders to passively collect data for real time or later analysis. Such analysis can lead to the compromise the network. Examples include Airopeek, AirSnort, NetStumbler and WEPCrack. AirSnort is an application that utilizes known WEP flaws to extract the WEP key and allow unauthorized network access. NetStumbler is a full-featured wireless sniffer that logs an extensive array of information about any wireless network it happens to encounter: MAC address of the access point, network name, SSID, manufacturer, channel in use, signal strength, and whether or not WEP is enabled. An intruder looking to attack a target wireless network can make use of all of this information.

Another problem with 802.11b networks is that the equipment used is designed to allow for ease of installation. For this reason, even though security features may be present, in most cases the default settings are for the features to be turned off in order to allow a network to be up and running as quickly as possible. Network administrators who leave their equipment with the default settings intact are particularly vulnerable as hackers are likely to try known passwords and settings when attempting to penetrate wireless networks.

Hardware Theft
Should a wireless network device be lost or stolen the person in control of the device could potentially access the network without authorization without the knowledge of network and security administrators. In the event of a theft, the entire network (in some cases) needs to be reconfigured to eliminate this vulnerability.

Security Measures for Securing Wireless Networks

There are numerous things that can be done to secure a network and to prevent attacks and unknown users from entering the network. Security is a balance of technology, usability and cost. The following are basic security recommendations specifically addressing wireless networks.

Develop a dynamic security model
A good security policy provides a security model for managing the network. It defines the limitations for acceptable network operation and performance. These limitations vary from network to network and so are the resulting security policies. The security model provides a baseline for security policy and must be dynamic to change as technology and security needs change. The security policy must include policy for all aspects of managing a network including the site and infrastructure of the network, administrative issues and the user.

Design the system with security
It is always best to design a system with security from the start. Consideration should be given to placement of the equipment and what security features are important for the particular situation before the purchase of wireless equipment. Some wireless equipment allows the broadcast feature of the SSID to be shut off, filtering of the MAC addresses or adjustment of the signal strength. Some wireless equipment may even have security enhancements for firewalls, authentication or encryption. If security is not considered from the beginning, some of these features may be missed when purchasing equipment.

Control the broadcast area
Some wireless equipment allows the radio signal strength to be adjusted in different directions. Consider this when purchasing equipment. Whether this is available or not, the access point needs to be set up so the radio signal becomes weaker near the walls. This weakens the radio signals that are available to unknown users outside the building.

Wired Equivalent Privacy (WEP)

The main purpose of the WEP was to provide a level of privacy equivalent to that ordinarily present in wired LANs. Wired LANs are usually protected by physical security measures within a facility and do not incorporate encryption. Since wireless LANs are not protected by a physical boundary, their transmissions penetrate walls. WEP was added to the 802.11 standard to provide a level of privacy equivalent to a physical boundary such as a wall. WEP has two main goals, access control and privacy. WEP prevents unauthorized users from gaining access to the network. Unauthorized users would not have the WEP Key. Additionally, WEP provides privacy by encrypting data streams and only users with the correct WEP key can decrypt the data stream.

WEP is an optional encryption scheme that offers a mechanism for securing wireless LAN data streams. WEP uses a symmetric scheme where the same key and algorithm are used for both encryption and decryption of data. For WiFi certification, vendors must support 40-bit encryption keys. Vendors implement encryption and decryption in either software or, vendors such as Cisco, will implement using hardware accelerators to minimize the performance degradation of encrypting and decrypting data streams. Authentication within the 802.11 standard can either be either Open System or Shared Key. Under the Open System, any STA may request authentication. The AP may grant authentication to all requestors or only to those on an access list. In either case, the entire process is done in clear text. Under the Shared Key authentication, the AP would send the client a challenge test packet that the client must encrypt with the correct WEP key and return to the AP. If the client has the wrong key or no key, it would fail authentication and would not be allowed to associate with the AP.

Turn off the broadcast SSID function
Each wireless access point has a name called a Set Service Identifier or SSID. In order to connect to this access point, any other device must have that name. Most networks broadcast the SSID, by default, to make these connections easier. If you have a wireless device that allows it, turn off the broadcast function.

Allow authorized MAC (Media Access Control) addresses only
Each networking computer device has a unique MAC address. Some wireless access points allow for filtering of authorized MAC addresses. Determine who should have wireless access and set up the access point so only those MAC addresses are allowed to use that access point.

Change the SSID name
Wireless network products are shipped with a default SSID name. It is usually something obvious like the manufacturer's name. Change the SSID to something less obvious. Do not use any information in a name that identifies you, such as a business name or phone number. Change the name periodically in order to have a secure SSID.

Ban rogue access points
All unauthorized access points must be banned to secure a network. An unauthorized access point that is added to the network is not likely to be configured in such a manner to be secure. This is a policy that must be communicated to users. The network administrator can scan for rogue access points by using free software such as Netstumbler to locate unauthorized access points.

Kerberos securely authenticates the users request for access to the network. The client contacts the authentication server to get a digital certificate and an encryption key or session key. The session key is then used to request a network service. The digital certificate is embedded in the network protocol which allows the processes implementing the services to know the identity of the users involved. It allows for data stream integrity using Data Encryption Standard (DES).

VPN (Virtual Private Network)
The VPN provides a virtual "tunnel" to allow the user to access the corporate network through a public network like the Internet. It does this by authenticating, encrypting and encapsulating data. There are many different ways to set up a VPN, some of which are very costly. To provide a secure environment, the administrator must know how to properly set up the VPN. When the VPN is set up properly, it is generally considered one of the most secure ways to transfer data across the wireless network or the Internet. The VPN usually causes a loss of performance in the network; however, it should improve as hardware acceleration engines for algorithm encryption is built into processors.

Continuously upgrade the network equipment firmware
Firmware is a combination of software and hardware that is built into most wireless networking devices and has data or programs recorded on them regarding hardware operation. Manufacturers continuously release updated firmware and the equipment needs to have its firmware periodically upgraded in order to fix bugs and/or provide new functionality for the device. WLAN owner should make it a point to update the firmware of all system components from their manufacturer's web site on a regular basis. By doing so, the WLAN's equipment may then acquire new security features. The new feature can then be leveraged in order to assist in securing of the WLAN.

Wireless Security Tools

There are many tools available today to help ensure that WLANs are safe from potential hackers and attackers. These tools help owners to find security vulnerabilities so that they can repair them prior to them being exploited.

Wireless Access Point Detection Tools

These tools are used to help WLAN owners and administrators to test their networks to determine if all WAPs are properly secured and signal strength is set as to not transmit out of the desired area.

NetStumbler provides the ability to scan the airwaves for and log 802.11b WAPs using a Windows computer. This software is very popular amongst war drivers, but has, in the past, been limited to only to use with ORiNOCO wireless network cards although, the most recent version supports a whole load of new cards on XP. NetStumbler is a freeware and can be downloaded from the site.

AirTouch Network's War Walking Kit
AitTouch is a software and hardware package that also helps to sniff out WAPs. This package comes with a hand held antennae, wireless network card, and all associated software. Using this kit, owners can walk the perimeter of their property or home to ensure there are no rouge wireless signals available for potential attacks.

Author WEP Cracking Tools

Use of these tools assists in verifying that the WEP algorithm on network components has been enabled with a strong encryption key.

WEPCrack is a Linux based WEP cracking tool that takes advantage of faults discovered in the key scheduling of the RC4 algorithm. Once an attacker has a WEP encryption key, they can read anything that users are pushing across their wireless signal, thus owners want to ensure that they change their keys on a regular scheduled basis.

AirSnort is a tool that, via air sniffing, can recover both 40 and 128-bit WEP encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered". This tool is a very similar to WEPCrack, in that it also exploits known faults in the RC4 algorithm.

Wireless Traffic Sniffing Tools

By using wireless sniffers, WLAN owners can monitor their wireless network traffic to verify that it is properly secured and therefore, help to ensure that a man in the middle attack will not occur.

Ethereal is a network packet sniffer that supports both open source and Windows. Sniffing the network traffic will help the owner to determine if their data is at risk while in transport or if it has been adequately protected. This traffic can be analyzed real time or saved to a file for analysis at a later time. Ethereal is a freeware download that is available at

This freeware wireless sniffer is different from a normal network sniffer because it separates and identifies different wireless networks in the area. This feature is rather practical when working in close proximity with other WLANs, so that traffic from nearby networks is not confused as that of the network being analyzed.

Tips for Securing Wireless Networks


© 2012 by DeepSearcher Inc. - All rights reserved