Security+: Wireless Network Security Issues (SY0-401) [DECOMMISSIONED ARTICLE]
NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Today, wireless networking is widely used in both home and corporate networks. However, managing wireless networks and their security for reliable access is a herculean task. As a matter of fact, wireless networking involves various security issues that hamper the provision of reliable services to the users. The underlying wireless network techniques involve various security issues that are also significant for Security+ exam.
What Wireless Protocols Do I Need to Know for the Security+ Exam?
WiFi Protected Access (WPA)
WPA is a WiFi security standard that was designed to improve upon the security features of WEP (wired equivalent privacy). Unfortunately, WPA is not fully secure and is vulnerable to brute-force attacks. WPA is based on two encryption protocols: temporal key integrity protocol (TKIP) and lightweight extensible authentication protocol (LEAP). WPA also uses a static and secret passphrase which is, in fact, an actual cause of its downfall. The hackers run a brute-force guessing attack to steal a passphrase secretly. Besides, LEAP and TKIP encryption techniques are also vulnerable to various cracking methods that include dictionary attacks, brute-force attacks, and rainbow table attacks.
WPA2 is a new encryption solution that adds robust security network (RSN) support. RSN includes added protection for pre-roaming authentication, key caching, ad-hoc networks, and the counter mode with cipher block chaining message authentication code protocol (CCMP), which is based on an AES encryption solution. Unfortunately, WPA2 is no longer a 100% secure solution for WiFi networks because malicious parties have discovered nefarious ways to crack it. Linux and Android systems are more vulnerable than other systems, such as macOS, iOS, and so on. According to the research done by Math Vanhoef, a postdoc security researcher in the computer science department of the Belgian University KU Leuven, malicious parties can use a novel attack technique to compromise even encrypted data that might include text messages, emails, passwords, credit card numbers, and so on. On the other hand, the research also reveals that a patch for fixing the novel attack has also been discovered. Additionally, the Wi-Fi Alliance also appreciated and issued a security advisory thanks to Vanhoef for his great work in this regard.
Wired Equivalent Privacy (WEP)
WEP, defined by the IEEE 802.11 standard, is based on RC4 (Rivest Cipher 4) but, due to flawed security, it’s weak in various areas, two of which are the use of a poor implementation of initiation vectors (IVs) and a common static key. The bad guys can easily crack WEP even in less than a minute. Today, WEP has been replaced by WPA and WPA2 to provide reliable WiFi security solutions.
EAP, PEAP, LEAP and Wireless Security Best Practices
Extensible Authentication Protocol (EAP)
EAP isn’t a mechanism for authentication, but an authentication framework. It allows the new authentication technologies to be compatible with the existing wireless technologies. EAP has more than 40 different methods that include wireless methods EAP-TLS, LEAP, EAP-TTLS, EAP-AKA, and EAP-TLS.
Protected Extensible Authentication Protocol (PEAP)
PEAP is a version of EAP whose aim is to provide encryption and more secure authentication for Wireless Local Area Networks (WLANs). PEAP uses the public key certificate to authenticate a server and carries an authentication in a TLS (Transport Layer Security) session. The TLS session can provide a secure channel of communications for WLAN users, authentication server, and WLAN stations.
Lightweight Extensible Authentication Protocol (LEAP)
LEAP was designed to address deficiencies in a TKIP. Unfortunately, a malicious tool, namely Asleap, was developed in 2004 aimed at exploiting the weak protection mechanism provided by the LEAP. Network security professionals recommend EAP-TLS security mechanism as the better alternative to LEAP. However, if the use of LEAP is inevitable, then a complex password should be used.
A MAC filter stores a list of authorized devices on a WiFi network. Each device on the network has a valid MAC address that is used to identify that device. The Wireless Access Point (WAP) uses MAC filter to block all unauthorized devices. Unfortunately, some malicious tools have been discovered that perform MAC Spoofing, a technique for changing a factory-assigned MAC address of any device on a network.
Disable SSID Broadcast
A Service Set Identifier (SSID), also known as SSID Broadcast is a feature which is turned on by default on wireless networks. A wireless network uses SSID broadcast to establish connectivity with other devices within the range of that network. The network administrators are recommended to disable SSID broadcast to protect their networks from unauthorized users.
Virtual Private Network (VPN) over open wireless
A VPN is used to provide confidentiality for network communication between the individual system, a remote user, or multiple networks. The VPN can be created over both private and public networks and both wired and wireless networks. In fact, VPN reduces various wireless networking issues.
Adjusting Wireless Access Point (WAP)
The connectivity between a wireless device and WAP is established within the specific area which is known as Wireless cells. The intruders capitalize on the moment when wireless cells leak outside the secured environment. The network administrators should adjust the strength of the WAP to mitigate intruders’ access and to maximize authorized users’ access. To do so, the uniquely placement of WAPs, noise transmission, and shielding is required.
802.11 And 802.11a, b, g, n
802.11 is an IEEE standard for wireless network communications. Its versions (technically called amendments) include:
- 11: 2Mbps, 2.4 GHz
- 11a: 54Mbps, 5 GHz
- 11b: 11Mbps, 2.4 GHz
- 11g: 54Mbps, 2.4 GHz
- 11n: 200+ Mbps, 2.4 GHz or 5 GHz
An 802.11 standard also describes the Wired Equivalent Privacy (WEP). WEP is used to provide the same level of encryption and security on wireless networks as is found on cabled or wired networks.
Antenna placement can be a great concern in wireless networks. Fixing antenna in a wrong place can frequently disrupt the wireless communication. To overcome this issue, several site surveys should be carried out for testing the strength of signals at different locations. Antenna placement should be confirmed on a site where the strength of signals is excellent. For good results, always use the central location of your wireless network, avoid electrical instrument, avoid reflective or flat metal surfaces, and avoid physical obstructions.
Power level controls
Power level controls are a feature of the antenna provided by some WAPs to make the wireless signals more strong for ensuring the reliable connectivity. In fact, antenna power levels have logical and physical adjustments. These adjustments are necessary when wireless signals are weak even after adjusting antenna placement and performing site surveys. Before making adjustments, the default setting must be noted so that in case of troubleshooting the antenna can be restored to the default setting if required.
A captive portal is an access-control web page used for authentication purposes. This page may ask the web client to provide login detail, input access code, or input payment information. Capital portals are typically used by libraries, bars, airports, restaurants, hotels, and other business centers.
There are various types of antennas that can be directional or omnidirectional, and these are used for base stations and wireless clients. Directional antennas send and receive signals in one primary direction. For example, Parabolic, Panel, Cantenna, and Yagi are directional antennas. On the other hand, omnidirectional antennas focus on sending and receiving capabilities in all directions. For instance, Pole antenna, also known as rubber duck antenna or base antenna is an omnidirectional antenna used to send and receive signals in all directions. It’s widely used for client devices and base stations.
The wireless network experts frequently conduct site surveys to assess the wireless networks’ signals quality, strength, and interference by using a device, called RF signal detector. The purpose of a site survey is to find out deficiencies and to enhance the performance of the wireless network.
InfoSec Security+ Boot Camp
The InfoSec offer a Security+ Boot Camp that teaches you the information theory, as well as reinforces theory with hands-on exercises that help you “learn by doing.”
Moreover, the InfoSec has been one of the most awarded (42 industry awards) and trusted information security training vendors for 17 years.
InfoSec also offers thousands of articles on all manner of security topics.