The Weakness of Wireless Networks Andysah Putera Utama Siahaan, Eko Hariyanto

Universitas Sumatra Utara

Jl. Dr. Mansur No. 9, Medan, Sumatra Utara, Indonesia andiesiahaan@students.usu.ac.id, eko_hariyanto_mdn@yahoo.co.id

Abstract— Security issues are very important in computer

networks, especially in wireless networks. The presence of

many vendors of wireless products serving a variety of

products at affordable prices contributes to drive

widespread the use of wireless technology. Wireless

technology is not only suitable for use in office or business

users but home users can also use this technology to make

the connectivity easier. This paper is intended to provide

information on threats and the easy way to secure wireless

network. As we know, the wireless technology is relatively

more vulnerable to security problems. Keywords—

Wireless, Network, Threat, Computer, Security.

I. INTRODUCTION

As the name implies, wireless technology uses radio waves

as a means of data transmission. Security process will become more difficult because we cannot see which radio waves are

used for data transmission. The weakness of wireless networks

can generally be divided into two types, such as the weakness

on the configuration and the weakness on the type of

encryption used. One of the examples of the causes of

weakness in the configuration is because at this time to build a

wireless network quite easy. It means when people do the

defence easily, it can be attacked easily too. Many vendors

provide features that allow users or admins to maintain the

configuration easily. So we often found in wireless networks

that they are still using the default built-vendor wireless

configuration. The admin who configurates the wireless

network is still using the default settings from the vendors

such as SSID, IP address, remote management, DHCP, and the

frequency without any encryption and even the password for

the wireless administration is still the standard factory default.

II. SECURITY GAP

Many the users of wireless connections don’t realize the

danger which is available when they are connected to wireless

access point (WAP) such as WLAN signals can be infiltrated

by hackers. Some of these threats can be a threat in wireless

networks, such as:

A. Sniffing to Eavesdrop.

To eavesdrop is to secretly listen to private

communications. Eavesdropping is a passive attack which

affects confidentiality of information. Network eavesdropping

involves reading packets which are not addressed to us.

Eavesdropping is usually used with other, active, attacks.

Regular insecure internet protocols are usually not protected

against eavesdropping attacks because they transmit

information unencrypted. Sensitive information transmitted in

clear text, such as usernames and passwords, is especially

vulnerable to eavesdropping attacks. The best defence against

eavesdropping/sniffing is the use of secure network protocols

which use encryption to protect confidentiality. Examples of

such protocols include Secure Shell (SSH), Secure Sockets

Layer/Transport Layer Security, and Encapsulating Security

Payload (ESP, part of the IP Security Architecture - IPSEC).

B. Distributed Denial of Service Attack.

A distributed denial-of-service (DDoS) attack is one in

which a multitude of compromised systems attack a single

target, thereby causing denial of service for users of the

targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying

service to the system to legitimate users. In a typical DDoS

attack, a hacker (or, if we prefer, cracker) begins by exploiting

a vulnerability in one computer system and making it the

DDoS master. It is from the master system that the intruder

identifies and communicates with other systems that can be

compromised. The intruder loads cracking tools available on

the Internet on multiple -- sometimes thousands of --

compromised systems. With a single command, the intruder

instructs the controlled machines to launch one of many flood

attacks against a specified target. The inundation of packets to

the target causes a denial of service.

While the press tends to focus on the target of DDoS

attacks as the victim, in reality there are many victims in a

DDoS attack -- the final target and as well the systems

controlled by the intruder. Although the owners of co-opted computers are typically unaware that their computers have

been compromised, they are nevertheless likely to suffer

degradation of service and malfunction. Both owners and

users of targeted sites are affected by a denial of service.

Yahoo, Buy.com, RIAA and the United States Copyright

Office are among the victims of DDoS attacks. DDoS attacks

can also create more widespread disruption. In October 2010,

for example, a massive DDoS attack took the entire country of

Myanmar offline.

A computer under the control of an intruder is known as a

zombie or bot. A group of co-opted computers is known as a

botnet or a zombie army. Both Kaspersky Labs and Symantec

have identified botnets -- not spam, viruses, or worms -- as the

biggest threat to Internet security.

C. Man-in-the-middle Attack.

Internet connections can be attacked in various ways. A

general type of attack is called ―Man-in–the-middle‖. The idea

behind this attack is to get in between the sender and the

recipient, access the traffic, modify it and forward it to the

recipient. The term ―Man-in-the-middle‖ have been used in

the context of computer security since at least 1994, Some

different variants of this kind of attack exist, but a general

definition of a man-in-the-middle attack may be described as a

― Computer security breach in which a malicious user

intercepts — and possibly alters — data traveling along a

network".

Fig. 1 - Man-in-the-middle Attack

D. Hidden SSID.

Many administrators conceal the wireless network SSID

with the intention that only those who know the SSID can

connect to their networks This is not true, because the hidden

SSID is not perfectly unseen. At certain times or in particular

when the client connects to or disconnects from a wireless

network, the client itself keeps sending the SSID in encrypted

plain text. If we want to eavesdrop, we can easily discover the

information we want. Some tools that can be used to get the

SSOD which is hidden are kismet (kisMAC), ssid_jack

(airjack), aircrack and much more.

Fig. 2 - Kismet Testing

III. SECURING THE WIRELESS NETWORKS

An unsecured wireless network is an open invitation to

hackers to walk right in to our computer and steal personal

information, upload malware onto our computer, and

otherwise terrorize us.

A. Changing Administrator Password and Username.

After we've taken the wifi router out of the box and started

the setup process, we will be asked to sign on to a specific

Web page and are required to enter information such as our

network address and account information. In theory, this Wifi

setup page is protected with a login screen (username and

password).

The Problem: Though the username and password are

intended to allow only us to get access to the Wifi setup and

the personal information we have entered, the fact remains

that the logins provided are usually given to everyone with the

same model router, and because most people never change

them, they remain an easy target for hackers and identity

thieves. In fact, there are sites that list the default usernames

and passwords for wireless routers, making a hackers job even

easier.

The Solution: Change the username and password for the

Wifi setup immediately after the first login. And if we are

going to spend the time changing our password, make sure it

is difficult to guess. Name, birth date, anniversary date, child's

name, spouse's name, or pet's name are going to be among the

hacker's first guesses. And because many hackers use a

technique called 'dictionary hacking,' (running a program that

tries common English words as passwords) we should make

sure that our password isn't just a common English word, but

rather is a combination of letters and numbers.

B. Upgrading the Wifi Encryption.

If the information sent back and forth over Wifi network

isn't adequately encrypted, a hacker can easily tap into the

network and monitor the activity. When we type personal or

financial information into a Web site, that hacker can then

steal that information and use it to steal our identity. The old

encryption standard Wired Equivalent Privacy (WEP) can be

hacked within 30 seconds, no matter the complexity of the

passphrase we use to protect it. Unfortunately, millions of

Wifi users are still using WEP encryption technology to

encrypt their information, despite the availability of the vastly

superior WPA2 encryption standard.

The Problem: Despite the superior encryption protection that

WPA2 provides, most Wifi home users have failed to upgrade

their protection because they were unaware of the problem, or

simply felt overwhelmed by the technical prospects of

upgrading. As a result, many continue to use WEP encryption, which is now so simple to hack that it is widely regarded as

little better than no encryption at all.

The Solution: The solution, of course, is to upgrade the Wifi

encryption to WPA2. But before adding WPA2 protection, we

will have to complete a few steps in order to update the

computer. The first step is to download and install Microsoft's

WPA2 hotfix for Windows XP. We will also likely need to

update the wireless card driver. These updates, if needed, will

be listed in Microsoft's Windows Update page under the

subheading "Hardware Optional".

Now that the computer and wireless card are up to date, we

will need to log into the router's administration page through

web browser. Once signed in, change the security settings to

"WPA2 Personal" and select the algorithm "TKIP+AES".

Finally, enter the password into the "Shared Key" field and save the changes.

C. Changing the Default System ID.

When we got our Linksys or D-Link router home from the

store and set it up, it came with a default system ID called the

SSID (Service Set Identifier) or ESSID (Extended Service Set

Identifier). This ID is also commonly referred to as the name

of our Wifi setup.

The Problem: Usually, manufacturers assign identical SSID

sets to their devices, and 80 percent of Wifi home users leave

their system on the default setting. So that means that 80

percent of homes have Wifi systems titled, "Default" or

"LinkSys" or whatever our provider sets as the default name.

The problem with these default settings is that they serve as

strong signals to hackers who have been known to just cruise neighborhoods looking for Wifi networks with default names

to hack into. Though knowing the SSID does not allow

anyone to break into our network, it usually indicates that the

person hasn't taken any steps to protect their network, thus

these networks are the most common targets.

The Solution: Change the default SSID immediately when we

configure our LAN. This may not completely offer any

protection as to who gains access to our network, but

configuring our SSID to something personal, e.g. "The Smith

House Wifi Network", will differentiate us from other

unprotected networks, and discourage hackers from targeting

us. As an added bonus, having a Wifi network with a unique

name also means that neither we or our family will make the

mistake of connecting through a neighbor's Wifi network, and

thus exposing our computers through their unprotected setup.

D. MAC Address Filtering.

If we've had an unsecured Wifi setup in our home in the

past, we can be fairly certain that at least one of our neighbors

is mooching off our Wifi to connect to the Internet. While everyone loves a friendly neighbor, providing an easy

resource for others to steal Internet access is morally and

legally questionable, but even scarier is the harm those

moochers can do to our computer.

In order to check who has been using our network, we'll

need to check the MAC address. Every wifi gadget is assigned

a unique code that identifies it called the "physical address" or

"MAC address." Our wifi system automatically records the

MAC addresses of all devices that connect to them. But

busting our Internet-stealing neighbors isn't all that MAC

addresses are good for, they can actually be a great help in

securing our WLAN.

The Problem: We are not sure who or what is accessing and

endangering our wifi network, and once we find out that

someone or something is mooching off our network, we want to stop them. But how?

The Solution: Checking the MAC address long for our wifi

network will give us a quick view of all the devices accessing

our network. Anything that isn't ours, we will want to keep

out. To do this, we will need to manually key in the MAC

addresses of our home equipment. This way, the network will

allow connections only from these devices, so our mooching

neighbors will be out of luck. Caution: This feature is not as

powerful as it may seem. While it will stop our average

neighborhood moocher or amateur hacker, professional

hackers use advanced software programs to fake MAC

addresses.

E. Stop Publicly Broadcasting the Network.

By now we've renamed the wifi so that hackers won't see the default name as they sweep for unprotected wifi setups.

But wouldn't it be even better if hackers and curious neighbors

didn't know we had a wifi setup at all? Usually, the access

point or router is programmed to broadcast the network name

(SSID) over the air at regular intervals. While broadcasting is

essential for businesses and mobile hotspots to let people find the network, it isn't needed at home, so eliminate it.

The Problem:Why broadcast to the world that we have a

wireless connection? We already know it; why do strangers

need to know? For most personal uses, we are better off

without this feature, because it increases the likelihood of an

unwelcome neighbor or hacker trying to log in to our home

network. The broadcast works like an invitation to the hackers

who're searching for just that opportunity.

The Solution: Most wifi access points allow the SSID

broadcast feature to be disabled by the network administrator.

If we are using a router, we have to set the SSID hidden or

disable the SSID broadcasting. Otherwise, we will need to

check the mane352ual for our hardware for specific

instructions on how to disable broadcasting for our router.

F. Auto-Connect to Open Wifi Networks.

Most computers provide a wifi setting that will configure

the computer to automatically connect to any open wifi

network without notifying us. While this setting isn't the

default, many individuals select the setting because it makes

connecting faster when we are traveling, or connecting at a

friend's house. Even more common, is to have selected

'connect automatically' to networks that we regularly connect

to. Again, this makes sense, as most people do not want to

have to manually type in the name of their wireless network

and the password each time they want to sign in at home.

Unfortunately, both wifi setups can cause major security

problems.

The Problem: If we connect to every available wifi network

automatically, we will inevitably end up connecting to dummy wifi networks designed specifically to catch unsuspecting

users and hack their computers. Similarly, if we automatically

connect to the regular wifi networks (meaning we don't

manually type in the network name and password every time)

then we may be setting theself up for a security breach. That is

because 80 percent of wifi users have not changed the name of

their wireless connection. Therefore, it is very easy for a

hacker to create a dummy network entitled "Linksys" or

"Default", then sit back and watch 80 percent of computers

automatically connect to the network since it has a 'trusted'

name.

The Solution: Never select the 'connect to available wifi

networks automatically' setup option under the Network

Connections window. If we don't want to have to manually

type in the name and password to the wifi connection each

time we sign in (the safest option), at least make sure that we have named the wifi connection something unique, and that

we eliminate all generic titled networks from our 'preferred

networks' list. That way, we won't get automatically

connected to dummy wifi networks setup by hackers and

given the names, "Default" or "Linksys".

G. Using A Built-in Firewall.

The IT security needs to use a layered approach. While no

single layer of the security is enough to withstand every

attack, adding layers to the security will help ensure that

spyware and malware are kept out. Two important security

layers are the router firewall and the individual PC's firewall.

The Problem: Routers come with built-in firewall capability.

However, since there is an option to disable them, they can

often be accidentally turned off by someone toggling options.

The Solution: Ensure that the router's firewall is enabled,

along with related built in security featured which block

anonymous internet requests or pings. This extra step will help

hide the network's presence to the internet, and thus help protect the network. After all, it's harder for hackers to

infiltrate what they can't find.

H. Positioning of the Router or Access Point.

Wifi signals don't know where the house ends and where

the neighbor's begins. This wifi signal leakage gives hackers

and neighbors the opportunity to find the wireless network

and attempt to access it.

The Problem: While a small amount of overflow outdoors is

not a problem, it is important to keep this leakage to a

minimum. This is important because the further the signal

reaches into the neighborhood, the easier it is for others to

detect and exploit.

The Solution: If we haven't yet installed the wireless home network, make sure to position the router or access point in

the center of the home rather than near windows or doors. If

we live in an apartment, consider that a wifi network is

restricted in part based upon the materials that it must pass

through, the more walls, doors, and metal the signal passes

through, the weaker it is. So if the goal is to reduce leakage,

we might consider mounting the wifi in a closet in order to

reduce signal strength.

I. Turning Off the Network.

Most of us know that it is impractical to constantly turn

devices on and off. Having a wifi connection is in large part a

device of convenience, and having to turn it off every time we

aren't using it, eliminates much of that convenience.

Unfortunately, a wifi connection is vulnerable when it is on;

therefore shutting off the wireless signal when not in use would be a huge boon to its security.

The Problem: There is an inherent tension between

convenience and security in deciding whether to turn off a wireless access point between connections.

The Solution: Just as we take extra home security measures

when taking a vacation, like asking the neighbors to pick up

the mail and leaving a light on, so also should we take extra

wifi security measures when the network will not be in use for

expended periods of time. Shutting down the network is a

basic but effective security measure that can protect the

network when we are not around to protect it, and hackers

may take the opportunity to mount their attack.

J. Putting the Improvements to the Test.

Now that we've made all these changes to the wifi setup, it

would be nice to know that we are secure. Unfortunately, the

only surefire test for how secure we are is to wait to see if we

get hacked. Trial by fire is no way to test the security, however, so thankfully there is a program to help audit the

wifi security.

The Problem: There is no way for the average home wifi user

to know if the changes they made to upgrade their wireless

security will really prove successful in keeping them safe.

The Solution: The Netstumbler utility, by Marius Milner will

both determine the network's vulnerabilities and unauthorized

access points. In addition to these security concerns, the

downloadable program will also reveal the sources of network

interference and weak signal strength, so that we can improve

the strength of the wifi signal. Netstumbler is free for

download, although the author asks that those who find the

tool helpful make a donation to support the creation of future

utilities.

Part of the problem of unsecured wireless networks can be

traced back to the manufacturers. Most retail WiFi products

are shipped with all security options turned off by default.

Since they work fine out of the box, many users may not feel a

need to look more into the setup options. However, all such

devices come with pretty good instructions and there is no

excuse for not reading the product manual. An unencrypted

wireless network is not just a security risk to the owner of the

network, but potentially to everyone else on the Internet. Once

someone has anonymous access to a wireless network, they

can do whatever they want on the Web with total anonymity.

Do ourself and our fellow Net citizens a favor and take the

steps to secure our network.

V. CONCLUSION

This article should serve as a basic primer on how to secure wireless networks from the wide array of threats that face it,

but it is important to keep in mind that no single article can

cover completely every security measure which can be used to

strengthen wifi system. Consequently, we have left off from

this list a wide variety of other valid security measures such

as; limiting intra-network file sharing, changing the default IP address of our wireless router, assigning a static IP address to

each of our PC's, disabling the DMZ and Remote

Management features, along with a host of indirectly related

but nonetheless necessary measures such as installing a PC

firewall, anti-virus software, anti-malware software, patch

updates and so on.

Despite these intentional omissions, following the 10 steps

outlined in this article will take the average user a long way

along the path of wireless security and ensure that we and our

family are able to enjoy the convenience of our wifi system

without compromising our PC's security.

.

REFERENCES

Mitch Tulloc, Understanding Microsoft Virtualization Sokutions, 2nd ed.,

Redmond, Washington 98052-6399, 2010.

Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specification, IEEE Std. 802.11, 1997.

Charlie Russel and Craig Zacker, Lunderstanding Windows Server 2008 R2 , 2nd ed., Redmond, Washington 98052-6399, 2010.

Bernard Golden, Virtualization For Dummies, 2nd ed., Wiley Publishing,

Inc, 2009.

Jim, Jr. Smith, Ravi Nair, James E. Smith, Heath Potter, Virtual

Machines: Versatile Platforms For Systems And Processes, Morgan

Kaufmann Publishers, May 2005 daemon9, route, infinity, IP-Spoofing Demystified, Phreak Magazine,

Vol.7, Issue 48, File 14 (1996).

R. T. Morris, A Weakness in the 4.2BSD UNIX TCP/IP Software,

Computing Science Technical Report 117, AT&T Laboratories (1985).

V. Paxson, S. Floyd, Wide-Area Traffic: The Failure of Poisson

Modeling, IEEE/ACM Transactions on Networking, 3 (3) (1994) pp. 226-

-244.

V. Paxson, S. Floyd, Why We Don’t Know How to Simulate The Internet,

Proceedings of the 1997 Winter Simulation Conference, Atlanta, GA

(1997).

P. A. Porras, A. Valdes, Live Traffic Analysis of TCP/IP Gateways ,

Proceedings of the Internet Society Symposium on Network and

Distributed System Security (March 1998).

J. Postel, editor, Internet Protocol, RFC791 (1981).

J. Postel, editor, Tranmission Control Protocol, RFC793 (1981).

C. L. Schuba et al, Analysis of a Denial of Service Attack on TCP, IEEE

Symposium on Security and Privacy (1997).

W. R. Stevens, TCP/IP Illustrated, Volume 1, The Protocols ,

Professional Computing Series, Addison Wesley (1994).

W. R. Stevens, TCP/IP Illustrated, Volume 3, TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols, Professional Computing

Series, Addison Wesley (1994).

Computer Emergency Response Team, TCP SYN Flooding and IP

Spoofing Attacks, CERT Advisory: CA 96-21 (September 1996).

C.P.S.T. Ltd., TCP SYN Flooding Attack and the Firewall-1

SYNDefender (October 1996).

L. S. Laboratories, Livermore Software Lab. Announces Defense against SYN Flooding Attacks (October 1996).

SUN Microsystems, SUN’s TCP SYN Flooding Solutions, SUN

Microsystems Security Bulletin: #00136 (October 1996).

D. Mills, Internet Delay Experiments, RFC 889 (1983).

Internet Traffic Archive, data available at URL: http://ita.ee.lbl.gov

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci557336,00.ht

ml