Wireless security

[1] It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools.

However, there are many security risks associated with the current wireless protocols and encryption methods, and in the carelessness and ignorance that exists at the user and corporate IT level.

In-Stat MDR and META Group have estimated that 95% of all corporate laptop computers that were planned to be purchased in 2005 were equipped with wireless cards.

Since most 21st-century laptop PCs have wireless networking built in (see Intel "Centrino" technology), they do not need a third-party adapter such as a PCMCIA Card or USB dongle.

However, lack of knowledge among users about the security issues inherent in setting up such systems often may allow others nearby access to the connection.

If an employee adds a wireless interface to an unsecured port of a system, they may create a breach in network security that would allow access to confidential materials.

[7] The modes of unauthorised access to links, to functions and to data is as variable as the respective entities make use of program code.

These types of laptops are known as “soft APs” and are created when a cyber criminal runs some software that makes their wireless network card look like a legitimate access point.

This presents no threats not already familiar to open/public or unsecured wifi access points, but firewall rules may be circumvented in the case of poorly configured operating systems or local settings.

MAC filtering is effective only for small residential (SOHO) networks, since it provides protection only when the wireless device is "off the air".

Any 802.11 device "on the air" freely transmits its unencrypted MAC address in its 802.11 headers, and it requires no special equipment or software to detect it.

Man-in-the-middle attacks are enhanced by software such as LANjack and AirJack which automate multiple steps of the process, meaning what once required some skill can now be done by script kiddies.

The usual reason for performing a DoS attack is to observe the recovery of the wireless network, during which all of the initial handshake codes are re-transmitted by all devices, providing an opportunity for the malicious attacker to record these codes and use various cracking tools to analyze security weaknesses and exploit them to gain unauthorized access to the system.

The Caffe Latte attack is another way to obtain a WEP key and does not require a nearby access point for the target network.

[13] The Caffe Latte attack works by tricking a client with the WEP password stored to connect to a malicious access point with the same SSID as the target network.

A WIPS is typically implemented as an overlay to an existing Wireless LAN infrastructure, although it may be deployed standalone to enforce no-wireless policies within an organization.

A simple but ineffective method to attempt to secure a wireless network is to hide the SSID (Service Set Identifier).

Requiring clients to set their own addresses makes it more difficult for a casual or unsophisticated intruder to log onto the network, but provides little protection against a sophisticated attacker.

The second generation of the WPA security protocol (WPA2) is based on the final IEEE 802.11i amendment to the 802.11 standard and is eligible for FIPS 140-2 compliance.

The TKIP encryption algorithm was developed for WPA to provide improvements to WEP that could be fielded as firmware upgrades to existing 802.11 devices.

Weak PSK passphrases can be broken using off-line dictionary attacks by capturing the messages in the four-way exchange when the client reconnects after being deauthenticated.

There was information, however, that Erik Tews (the man who created the fragmentation attack against WEP) was going to reveal a way of breaking the WPA TKIP implementation at Tokyo's PacSec security conference in November 2008, cracking the encryption on a packet in 12 to 15 minutes.

However, this extra layer of security may also be cracked with tools such as Anger, Deceit and Ettercap for PPTP;[28] and ike-scan, IKEProbe, ipsectrace, and IKEcrack for IPsec-connections.

This protocol is based on 802.1X and helps minimize the original security flaws by using WEP and a sophisticated key management system.

[32] Solutions include a newer system for authentication, IEEE 802.1X, that promises to enhance security on both wired and wireless networks.

Those technologies add encryption only to parts of the communication path, still allowing people to spy on the traffic if they have gained access to the wired network somehow.

An office LAN owner seeking to restrict such access will face the nontrivial enforcement task of having each user authenticate themselves for the router.

This can significantly improve wireless security because it is difficult for hackers to receive the signals beyond the controlled area of a facility, such as from a parking lot.

While open standards such as Kismet are targeted towards securing laptops,[39] access points solutions should extend towards covering mobile devices also.

A RADIUS server can also be configured to enforce user policies and restrictions as well as record accounting information such as connection time for purposes such as billing.

An example wireless router , that can implement wireless security features
Security settings panel for a DD-WRT router