Post on 04-Apr-2015
description
The Weakness of Wireless Networks Andysah Putera Utama Siahaan, Eko Hariyanto
Universitas Sumatra Utara
Jl. Dr. Mansur No. 9, Medan, Sumatra Utara, Indonesia andiesiahaan@students.usu.ac.id, eko_hariyanto_mdn@yahoo.co.id
Abstract— Security issues are very important in computer
networks, especially in wireless networks. The presence of
many vendors of wireless products serving a variety of
products at affordable prices contributes to drive
widespread the use of wireless technology. Wireless
technology is not only suitable for use in office or business
users but home users can also use this technology to make
the connectivity easier. This paper is intended to provide
information on threats and the easy way to secure wireless
network. As we know, the wireless technology is relatively
more vulnerable to security problems. Keywords—
Wireless, Network, Threat, Computer, Security.
I. INTRODUCTION
As the name implies, wireless technology uses radio waves
as a means of data transmission. Security process will become more difficult because we cannot see which radio waves are
used for data transmission. The weakness of wireless networks
can generally be divided into two types, such as the weakness
on the configuration and the weakness on the type of
encryption used. One of the examples of the causes of
weakness in the configuration is because at this time to build a
wireless network quite easy. It means when people do the
defence easily, it can be attacked easily too. Many vendors
provide features that allow users or admins to maintain the
configuration easily. So we often found in wireless networks
that they are still using the default built-vendor wireless
configuration. The admin who configurates the wireless
network is still using the default settings from the vendors
such as SSID, IP address, remote management, DHCP, and the
frequency without any encryption and even the password for
the wireless administration is still the standard factory default.
II. SECURITY GAP
Many the users of wireless connections don’t realize the
danger which is available when they are connected to wireless
access point (WAP) such as WLAN signals can be infiltrated
by hackers. Some of these threats can be a threat in wireless
networks, such as:
A. Sniffing to Eavesdrop.
To eavesdrop is to secretly listen to private
communications. Eavesdropping is a passive attack which
affects confidentiality of information. Network eavesdropping
involves reading packets which are not addressed to us.
Eavesdropping is usually used with other, active, attacks.
Regular insecure internet protocols are usually not protected
against eavesdropping attacks because they transmit
information unencrypted. Sensitive information transmitted in
clear text, such as usernames and passwords, is especially
vulnerable to eavesdropping attacks. The best defence against
eavesdropping/sniffing is the use of secure network protocols
which use encryption to protect confidentiality. Examples of
such protocols include Secure Shell (SSH), Secure Sockets
Layer/Transport Layer Security, and Encapsulating Security
Payload (ESP, part of the IP Security Architecture - IPSEC).
B. Distributed Denial of Service Attack.
A distributed denial-of-service (DDoS) attack is one in
which a multitude of compromised systems attack a single
target, thereby causing denial of service for users of the
targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying
service to the system to legitimate users. In a typical DDoS
attack, a hacker (or, if we prefer, cracker) begins by exploiting
a vulnerability in one computer system and making it the
DDoS master. It is from the master system that the intruder
identifies and communicates with other systems that can be
compromised. The intruder loads cracking tools available on
the Internet on multiple -- sometimes thousands of --
compromised systems. With a single command, the intruder
instructs the controlled machines to launch one of many flood
attacks against a specified target. The inundation of packets to
the target causes a denial of service.
While the press tends to focus on the target of DDoS
attacks as the victim, in reality there are many victims in a
DDoS attack -- the final target and as well the systems
controlled by the intruder. Although the owners of co-opted computers are typically unaware that their computers have
been compromised, they are nevertheless likely to suffer
degradation of service and malfunction. Both owners and
users of targeted sites are affected by a denial of service.
Yahoo, Buy.com, RIAA and the United States Copyright
Office are among the victims of DDoS attacks. DDoS attacks
can also create more widespread disruption. In October 2010,
for example, a massive DDoS attack took the entire country of
Myanmar offline.
A computer under the control of an intruder is known as a
zombie or bot. A group of co-opted computers is known as a
botnet or a zombie army. Both Kaspersky Labs and Symantec
have identified botnets -- not spam, viruses, or worms -- as the
biggest threat to Internet security.
C. Man-in-the-middle Attack.
Internet connections can be attacked in various ways. A
general type of attack is called ―Man-in–the-middle‖. The idea
behind this attack is to get in between the sender and the
recipient, access the traffic, modify it and forward it to the
recipient. The term ―Man-in-the-middle‖ have been used in
the context of computer security since at least 1994, Some
different variants of this kind of attack exist, but a general
definition of a man-in-the-middle attack may be described as a
― Computer security breach in which a malicious user
intercepts — and possibly alters — data traveling along a
network".
Fig. 1 - Man-in-the-middle Attack
D. Hidden SSID.
Many administrators conceal the wireless network SSID
with the intention that only those who know the SSID can
connect to their networks This is not true, because the hidden
SSID is not perfectly unseen. At certain times or in particular
when the client connects to or disconnects from a wireless
network, the client itself keeps sending the SSID in encrypted
plain text. If we want to eavesdrop, we can easily discover the
information we want. Some tools that can be used to get the
SSOD which is hidden are kismet (kisMAC), ssid_jack
(airjack), aircrack and much more.
Fig. 2 - Kismet Testing
III. SECURING THE WIRELESS NETWORKS
An unsecured wireless network is an open invitation to
hackers to walk right in to our computer and steal personal
information, upload malware onto our computer, and
otherwise terrorize us.
A. Changing Administrator Password and Username.
After we've taken the wifi router out of the box and started
the setup process, we will be asked to sign on to a specific
Web page and are required to enter information such as our
network address and account information. In theory, this Wifi
setup page is protected with a login screen (username and
password).
The Problem: Though the username and password are
intended to allow only us to get access to the Wifi setup and
the personal information we have entered, the fact remains
that the logins provided are usually given to everyone with the
same model router, and because most people never change
them, they remain an easy target for hackers and identity
thieves. In fact, there are sites that list the default usernames
and passwords for wireless routers, making a hackers job even
easier.
The Solution: Change the username and password for the
Wifi setup immediately after the first login. And if we are
going to spend the time changing our password, make sure it
is difficult to guess. Name, birth date, anniversary date, child's
name, spouse's name, or pet's name are going to be among the
hacker's first guesses. And because many hackers use a
technique called 'dictionary hacking,' (running a program that
tries common English words as passwords) we should make
sure that our password isn't just a common English word, but
rather is a combination of letters and numbers.
B. Upgrading the Wifi Encryption.
If the information sent back and forth over Wifi network
isn't adequately encrypted, a hacker can easily tap into the
network and monitor the activity. When we type personal or
financial information into a Web site, that hacker can then
steal that information and use it to steal our identity. The old
encryption standard Wired Equivalent Privacy (WEP) can be
hacked within 30 seconds, no matter the complexity of the
passphrase we use to protect it. Unfortunately, millions of
Wifi users are still using WEP encryption technology to
encrypt their information, despite the availability of the vastly
superior WPA2 encryption standard.
The Problem: Despite the superior encryption protection that
WPA2 provides, most Wifi home users have failed to upgrade
their protection because they were unaware of the problem, or
simply felt overwhelmed by the technical prospects of
upgrading. As a result, many continue to use WEP encryption, which is now so simple to hack that it is widely regarded as
little better than no encryption at all.
The Solution: The solution, of course, is to upgrade the Wifi
encryption to WPA2. But before adding WPA2 protection, we
will have to complete a few steps in order to update the
computer. The first step is to download and install Microsoft's
WPA2 hotfix for Windows XP. We will also likely need to
update the wireless card driver. These updates, if needed, will
be listed in Microsoft's Windows Update page under the
subheading "Hardware Optional".
Now that the computer and wireless card are up to date, we
will need to log into the router's administration page through
web browser. Once signed in, change the security settings to
"WPA2 Personal" and select the algorithm "TKIP+AES".
Finally, enter the password into the "Shared Key" field and save the changes.
C. Changing the Default System ID.
When we got our Linksys or D-Link router home from the
store and set it up, it came with a default system ID called the
SSID (Service Set Identifier) or ESSID (Extended Service Set
Identifier). This ID is also commonly referred to as the name
of our Wifi setup.
The Problem: Usually, manufacturers assign identical SSID
sets to their devices, and 80 percent of Wifi home users leave
their system on the default setting. So that means that 80
percent of homes have Wifi systems titled, "Default" or
"LinkSys" or whatever our provider sets as the default name.
The problem with these default settings is that they serve as
strong signals to hackers who have been known to just cruise neighborhoods looking for Wifi networks with default names
to hack into. Though knowing the SSID does not allow
anyone to break into our network, it usually indicates that the
person hasn't taken any steps to protect their network, thus
these networks are the most common targets.
The Solution: Change the default SSID immediately when we
configure our LAN. This may not completely offer any
protection as to who gains access to our network, but
configuring our SSID to something personal, e.g. "The Smith
House Wifi Network", will differentiate us from other
unprotected networks, and discourage hackers from targeting
us. As an added bonus, having a Wifi network with a unique
name also means that neither we or our family will make the
mistake of connecting through a neighbor's Wifi network, and
thus exposing our computers through their unprotected setup.
D. MAC Address Filtering.
If we've had an unsecured Wifi setup in our home in the
past, we can be fairly certain that at least one of our neighbors
is mooching off our Wifi to connect to the Internet. While everyone loves a friendly neighbor, providing an easy
resource for others to steal Internet access is morally and
legally questionable, but even scarier is the harm those
moochers can do to our computer.
In order to check who has been using our network, we'll
need to check the MAC address. Every wifi gadget is assigned
a unique code that identifies it called the "physical address" or
"MAC address." Our wifi system automatically records the
MAC addresses of all devices that connect to them. But
busting our Internet-stealing neighbors isn't all that MAC
addresses are good for, they can actually be a great help in
securing our WLAN.
The Problem: We are not sure who or what is accessing and
endangering our wifi network, and once we find out that
someone or something is mooching off our network, we want to stop them. But how?
The Solution: Checking the MAC address long for our wifi
network will give us a quick view of all the devices accessing
our network. Anything that isn't ours, we will want to keep
out. To do this, we will need to manually key in the MAC
addresses of our home equipment. This way, the network will
allow connections only from these devices, so our mooching
neighbors will be out of luck. Caution: This feature is not as
powerful as it may seem. While it will stop our average
neighborhood moocher or amateur hacker, professional
hackers use advanced software programs to fake MAC
addresses.
E. Stop Publicly Broadcasting the Network.
By now we've renamed the wifi so that hackers won't see the default name as they sweep for unprotected wifi setups.
But wouldn't it be even better if hackers and curious neighbors
didn't know we had a wifi setup at all? Usually, the access
point or router is programmed to broadcast the network name
(SSID) over the air at regular intervals. While broadcasting is
essential for businesses and mobile hotspots to let people find the network, it isn't needed at home, so eliminate it.
The Problem:Why broadcast to the world that we have a
wireless connection? We already know it; why do strangers
need to know? For most personal uses, we are better off
without this feature, because it increases the likelihood of an
unwelcome neighbor or hacker trying to log in to our home
network. The broadcast works like an invitation to the hackers
who're searching for just that opportunity.
The Solution: Most wifi access points allow the SSID
broadcast feature to be disabled by the network administrator.
If we are using a router, we have to set the SSID hidden or
disable the SSID broadcasting. Otherwise, we will need to
check the mane352ual for our hardware for specific
instructions on how to disable broadcasting for our router.
F. Auto-Connect to Open Wifi Networks.
Most computers provide a wifi setting that will configure
the computer to automatically connect to any open wifi
network without notifying us. While this setting isn't the
default, many individuals select the setting because it makes
connecting faster when we are traveling, or connecting at a
friend's house. Even more common, is to have selected
'connect automatically' to networks that we regularly connect
to. Again, this makes sense, as most people do not want to
have to manually type in the name of their wireless network
and the password each time they want to sign in at home.
Unfortunately, both wifi setups can cause major security
problems.
The Problem: If we connect to every available wifi network
automatically, we will inevitably end up connecting to dummy wifi networks designed specifically to catch unsuspecting
users and hack their computers. Similarly, if we automatically
connect to the regular wifi networks (meaning we don't
manually type in the network name and password every time)
then we may be setting theself up for a security breach. That is
because 80 percent of wifi users have not changed the name of
their wireless connection. Therefore, it is very easy for a
hacker to create a dummy network entitled "Linksys" or
"Default", then sit back and watch 80 percent of computers
automatically connect to the network since it has a 'trusted'
name.
The Solution: Never select the 'connect to available wifi
networks automatically' setup option under the Network
Connections window. If we don't want to have to manually
type in the name and password to the wifi connection each
time we sign in (the safest option), at least make sure that we have named the wifi connection something unique, and that
we eliminate all generic titled networks from our 'preferred
networks' list. That way, we won't get automatically
connected to dummy wifi networks setup by hackers and
given the names, "Default" or "Linksys".
G. Using A Built-in Firewall.
The IT security needs to use a layered approach. While no
single layer of the security is enough to withstand every
attack, adding layers to the security will help ensure that
spyware and malware are kept out. Two important security
layers are the router firewall and the individual PC's firewall.
The Problem: Routers come with built-in firewall capability.
However, since there is an option to disable them, they can
often be accidentally turned off by someone toggling options.
The Solution: Ensure that the router's firewall is enabled,
along with related built in security featured which block
anonymous internet requests or pings. This extra step will help
hide the network's presence to the internet, and thus help protect the network. After all, it's harder for hackers to
infiltrate what they can't find.
H. Positioning of the Router or Access Point.
Wifi signals don't know where the house ends and where
the neighbor's begins. This wifi signal leakage gives hackers
and neighbors the opportunity to find the wireless network
and attempt to access it.
The Problem: While a small amount of overflow outdoors is
not a problem, it is important to keep this leakage to a
minimum. This is important because the further the signal
reaches into the neighborhood, the easier it is for others to
detect and exploit.
The Solution: If we haven't yet installed the wireless home network, make sure to position the router or access point in
the center of the home rather than near windows or doors. If
we live in an apartment, consider that a wifi network is
restricted in part based upon the materials that it must pass
through, the more walls, doors, and metal the signal passes
through, the weaker it is. So if the goal is to reduce leakage,
we might consider mounting the wifi in a closet in order to
reduce signal strength.
I. Turning Off the Network.
Most of us know that it is impractical to constantly turn
devices on and off. Having a wifi connection is in large part a
device of convenience, and having to turn it off every time we
aren't using it, eliminates much of that convenience.
Unfortunately, a wifi connection is vulnerable when it is on;
therefore shutting off the wireless signal when not in use would be a huge boon to its security.
The Problem: There is an inherent tension between
convenience and security in deciding whether to turn off a wireless access point between connections.
The Solution: Just as we take extra home security measures
when taking a vacation, like asking the neighbors to pick up
the mail and leaving a light on, so also should we take extra
wifi security measures when the network will not be in use for
expended periods of time. Shutting down the network is a
basic but effective security measure that can protect the
network when we are not around to protect it, and hackers
may take the opportunity to mount their attack.
J. Putting the Improvements to the Test.
Now that we've made all these changes to the wifi setup, it
would be nice to know that we are secure. Unfortunately, the
only surefire test for how secure we are is to wait to see if we
get hacked. Trial by fire is no way to test the security, however, so thankfully there is a program to help audit the
wifi security.
The Problem: There is no way for the average home wifi user
to know if the changes they made to upgrade their wireless
security will really prove successful in keeping them safe.
The Solution: The Netstumbler utility, by Marius Milner will
both determine the network's vulnerabilities and unauthorized
access points. In addition to these security concerns, the
downloadable program will also reveal the sources of network
interference and weak signal strength, so that we can improve
the strength of the wifi signal. Netstumbler is free for
download, although the author asks that those who find the
tool helpful make a donation to support the creation of future
utilities.
Part of the problem of unsecured wireless networks can be
traced back to the manufacturers. Most retail WiFi products
are shipped with all security options turned off by default.
Since they work fine out of the box, many users may not feel a
need to look more into the setup options. However, all such
devices come with pretty good instructions and there is no
excuse for not reading the product manual. An unencrypted
wireless network is not just a security risk to the owner of the
network, but potentially to everyone else on the Internet. Once
someone has anonymous access to a wireless network, they
can do whatever they want on the Web with total anonymity.
Do ourself and our fellow Net citizens a favor and take the
steps to secure our network.
V. CONCLUSION
This article should serve as a basic primer on how to secure wireless networks from the wide array of threats that face it,
but it is important to keep in mind that no single article can
cover completely every security measure which can be used to
strengthen wifi system. Consequently, we have left off from
this list a wide variety of other valid security measures such
as; limiting intra-network file sharing, changing the default IP address of our wireless router, assigning a static IP address to
each of our PC's, disabling the DMZ and Remote
Management features, along with a host of indirectly related
but nonetheless necessary measures such as installing a PC
firewall, anti-virus software, anti-malware software, patch
updates and so on.
Despite these intentional omissions, following the 10 steps
outlined in this article will take the average user a long way
along the path of wireless security and ensure that we and our
family are able to enjoy the convenience of our wifi system
without compromising our PC's security.
.
REFERENCES
Mitch Tulloc, Understanding Microsoft Virtualization Sokutions, 2nd ed.,
Redmond, Washington 98052-6399, 2010.
Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specification, IEEE Std. 802.11, 1997.
Charlie Russel and Craig Zacker, Lunderstanding Windows Server 2008 R2 , 2nd ed., Redmond, Washington 98052-6399, 2010.
Bernard Golden, Virtualization For Dummies, 2nd ed., Wiley Publishing,
Inc, 2009.
Jim, Jr. Smith, Ravi Nair, James E. Smith, Heath Potter, Virtual
Machines: Versatile Platforms For Systems And Processes, Morgan
Kaufmann Publishers, May 2005 daemon9, route, infinity, IP-Spoofing Demystified, Phreak Magazine,
Vol.7, Issue 48, File 14 (1996).
R. T. Morris, A Weakness in the 4.2BSD UNIX TCP/IP Software,
Computing Science Technical Report 117, AT&T Laboratories (1985).
V. Paxson, S. Floyd, Wide-Area Traffic: The Failure of Poisson
Modeling, IEEE/ACM Transactions on Networking, 3 (3) (1994) pp. 226-
-244.
V. Paxson, S. Floyd, Why We Don’t Know How to Simulate The Internet,
Proceedings of the 1997 Winter Simulation Conference, Atlanta, GA
(1997).
P. A. Porras, A. Valdes, Live Traffic Analysis of TCP/IP Gateways ,
Proceedings of the Internet Society Symposium on Network and
Distributed System Security (March 1998).
J. Postel, editor, Internet Protocol, RFC791 (1981).
J. Postel, editor, Tranmission Control Protocol, RFC793 (1981).
C. L. Schuba et al, Analysis of a Denial of Service Attack on TCP, IEEE
Symposium on Security and Privacy (1997).
W. R. Stevens, TCP/IP Illustrated, Volume 1, The Protocols ,
Professional Computing Series, Addison Wesley (1994).
W. R. Stevens, TCP/IP Illustrated, Volume 3, TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols, Professional Computing
Series, Addison Wesley (1994).
Computer Emergency Response Team, TCP SYN Flooding and IP
Spoofing Attacks, CERT Advisory: CA 96-21 (September 1996).
C.P.S.T. Ltd., TCP SYN Flooding Attack and the Firewall-1
SYNDefender (October 1996).
L. S. Laboratories, Livermore Software Lab. Announces Defense against SYN Flooding Attacks (October 1996).
SUN Microsystems, SUN’s TCP SYN Flooding Solutions, SUN
Microsystems Security Bulletin: #00136 (October 1996).
D. Mills, Internet Delay Experiments, RFC 889 (1983).
Internet Traffic Archive, data available at URL: http://ita.ee.lbl.gov
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci557336,00.ht
ml