Network security

Wireless attacks and mitigation

February 2, 2021 by Nitesh Malviya

Wireless networks have become an inherent part of our life and we all use wireless networks in some form in our day to day life. Of all the utilities provided by wireless networks, we use wireless networks widely for connecting to the internet. We connect to the internet wirelessly either by router or using mobile data and enjoy the internet on our device from anywhere in the house.

However, maintaining security of our wireless network is vitally important. The wireless network we use is responsible for transferring and sending data like username, password, card details and other sensitive data. If the wireless network we use is not secure then we are at risk and face undesirable consequences.

For example – An attacker could perform following attacks if the wireless network is not secured –

1)      Intercept data being transmitted or received

2)      Gain access to the files and folders onto the system

3)      Use your internet connection and hijack it to use your bandwidth

Now the question is how do we keep our wireless network safe and secure from external attacks.

Following are the attacks which are conducted widely on wireless network along with the steps one should take to safeguard themselves from the attacks –

1)    Evil Twin Attack – This attack is also known as rogue WiFi hotspot attack. In this attack, an attacker sets up an illegitimate WiFi access point by setting up the WiFi network with the same SSID name as set up by the company/organisation. Thus, a user when trying to connect to the network may not understand whether its trying to connect to the organisation network or to the rogue access point. If the user connects to a rogue access point, their data can be intercepted, unencrypted and read by the attacker.

For organizations who offer Wi-Fi Network for accessing external and internal networks can make use of wireless intrusion prevention systems (WIPS) to detect the presence of rogue access points. WatchGuard is one of the tools which can help in identifying rogue access points. For Wi-Fi users, an evil twin Access Point attack is impossible to detect. The best way to safeguard themselves is to use VPN for accessing and surfing the internet.

2)    Change default home network name – If one has to secure their wireless network, the first thing they should do is change their default home network name. This is also known as SSID. Default network name reveals router brand being used and helps cybercriminals to search for vulnerabilities in specific brands and try to exploit vulnerabilities present in them. SSID should be unique and should not reveal brand manufacturer name.

3)    Wi-Fi Password – Many times the password set for accessing wireless connection is too simple to predict and guess. Mobile number, children’s name, date of birth can prove disaster since anyone can get into your network. The password should be long enough and must be a combination of alphabet, numbers and special characters so it becomes difficult for an attacker to guess the password. Also, the Wi-Fi password should be changed after a certain period of time like after every 30 days or so.

4)    Wireless Encryption – Routers provide various encryption like WEP, WPA, WPA2 and WPA3. WEP and WPA should not be used anyhow, WPA2 should be used. Not all routers provide WPA3 and if available WPA3 should be used instead of WPA2 along with AES Encryption.

5)    Default login username password – By default majority of the router uses admin:admin as username password for accessing router console page. This is the easiest way to access the router console once you are into the network and can change the password of the Wi-Fi connection. The default username and password should be changed so it becomes difficult to access the router console.

6)    Change default IP to access router console – Usually router console can be easily accessed by querying 192.168.0.1 or 192.168.1.1 over the Browser. This makes it very easy for anyone to access the router login page and try various password combinations. If default IP is changed, it becomes difficult to access the console page and try brute forcing the passwords.

7)   Turn off DHCP – If possible DHCP should be turned off and only static IP addresses should be assigned to the devices in the network.

8)    Disable Remote Access to Router – Many a times the router console can be accessed remotely. This enables an attacker to access the router over the internet, making the router more vulnerable and prone to various forms of attacks which can be conducted sophisticatedly over the internet.

9)    Firmware Update – The router firmware should be kept updated to the latest version. This prevents flaws and vulnerabilities present in older versions which can be exploited by an attacker.

10)    Firewall – A firewall should be actively used to allow legitimate traffic to flow within the network. Proper firewall setting should be done on the router page to allow only certain types of traffic rest should be denied.

11)  VLAN Isolation – VLAN should be made use of to segregate the network and allow devices to be placed in a particular VLAN.

These are some of the simple and effective steps which when followed can provide all round-protection for your Wi-Fi Network.

Wifi Attacks Tools

Following are the tools widely used for conducting various types of attacks over wifi connection – 

  1. Aircrack
  2. AirSnort
  3. Kismet
  4. Cain & Able 
  5. Wireshark
  6. Fern WiFi Wireless Cracker
  7. CoWPAtty
  8. Airjack
  9. WepAttack
  10. NetStumbler
  11. Reaver
  12. Pyrit

Wifi security best practices

Along with the countermeasures mentioned above, following are the best practices one should follow for securing their WiFi Networks – 

  • Use Wireless Controller – Wireless Controller is a device which controls and manages functionalities of all the access points in the network. Thus, a wireless controller configures and manages all the access points within the network. This mitigates evil twin and MITM attacks.
  • WPA2 should be used – WPA2 encryption protocol should be used by default. If available, WPA3 should be used. 
  • Employ AAA for recording user activity – Authentication, Authorization, and Accounting (AAA) server such as a RADIUS server should be made use of for authentication and authorization of users. Also, their activity should be logged and recorded.
  • VPN – Make use of VPN if needed or possible.
  • Segregate Guest Network – Guest networks should be segregated and separate VLANs must exist for guest users and employees.

Conclusion

Wireless Network though they make our life sophisticated comes with the great responsibility of securing them since they are more vulnerable to attack as compared to wired networks. If one is using wireless networks then proper security measures should be in place to make them secure and safe from attacks.

 

Sources

  1. https://www.darkreading.com/attacks-breaches/understanding-evil-twin-ap-attacks-and-how-to-prevent-them-/a/d-id/1333240 
  2. http://info.teledynamics.com/blog/common-wi-fi-security-threats-and-how-to-mitigate-them 
  3. https://www.sciencedirect.com/topics/computer-science/wireless-network-security 
  4. https://www.cybintsolutions.com/this-is-what-you-need-to-know-about-wireless-network-security/ 
  5. https://www.kaspersky.co.in/resource-center/preemptive-safety/protecting-wireless-networks  
  6. https://heimdalsecurity.com/blog/home-wireless-network-security/  
Posted: February 2, 2021
Articles Author
Nitesh Malviya
View Profile

Nitesh Malviya is a Security Consultant. He has prior experience in Web Appsec, Mobile Appsec and VAPT. At present he works on IoT, Radio and Cloud Security and open to explore various domains of CyberSecurity. He can be reached on his personal blog – https://nitmalviya03.wordpress.com/ and Linkedin – https://www.linkedin.com/in/nitmalviya03/.