Wireless Intrusion Detection Systems - Essay Example

Wireless Intrusion Detection Systems Introduction The numbers of organization using wireless networks are on the increase and threats to wireless networks are many and potentially disturbing. Although efforts have been made to protect these networks, the technology used is basically not certain and still very much vulnerable to active attacks and passive intrusions. Wireless networks are not only vulnerable to TCP/IP-based attacks subject to wired networks; they are as well focus to a wide range of 802.11-specific threats. For the purpose of security and detection of these possible threats, wireless networks must take up a safety measure that comprises an intrusion detection system (IDS). All organizations with wireless networks ought to think about an IDS solution. This essay is intended to explain the intrusion methods, need for wireless intrusion detection system and as well identify the rewards and problems of wireless intrusion detection systems (Farshchi, 2003). Methods of intrusion Usually, signals from wireless networks are radiated by an omni-directional aerial system beyond the proposed coverage area. Such an environment makes the physical protection of the network generally impossible. Several passive and active intrusion methods rapidly came up to exploit this weakness. In passive methods radio frequency (RF) monitoring is used. The active systems can transmit signals to inquire the status of the network and also put in malicious data into the network to create interruptions. This is the most common methods and is on the rise since new abuse and tools emerge often. One of the common wireless intrusion methods is known as ‘Wardriving’. Normally, this is done by using a Windows laptop running Wardriving software, for example NetStumbler, and equipped with an IEEE 802.11b adapter and external aerial. The ‘Wardriver’ moves near the wireless network area expecting to detect IEEE 802.11b signals that have spilled out onto the area around. NetStumbler search for beacon frames from the access points (APs) and processing these beacon frames, it is feasible to resolve the encryption strength, channel, and type of hardware used. The Wardriver may also get other details of the network such as the Service Set Identifier (SSID). Usually, this is done as a hobby and such hobbyists may combine the data with Global Positioning System (GPS) information to generate geographic maps of wireless networks in the area and their configurations. There are different software’s available for Wardriving, basing on the platform used. As a matter of fact, active software like NetStumbler, dStumbler, and MiniStumbler transmit probe request frames to extract responses from APs (Wright, 2002). This helps their probability of detecting APs. Another popular intrusion method is the Linux program AirSnort, most commonly used tool for WEP key extraction. Intruder by means of AirSnort would clandestinely gather wireless network traffic of the intended network. AirSnort can find out the WEP key of the network by processing the weak frames collected. There is also possibility of denial-of-service (DoS) attack on the network. This can happen in many ways, the most common is the use of radio frequency equipment to transmit noise at 2.4 GHz which correspond to the operating frequency of the network. This would interrupt and cause the network to a total collapse. Another method is to transmit void frames to clients or APs, so that the clients or APs would react to these void frames and could disrupt the flow of usual traffic. Few other intrusion methods are also available but not discussed here. Intrusion Detection Systems At present there exist some intrusion detection products with active response functions to counter above attacks. But, no one offer enough security for wireless networks, particularly for bigger network systems. AirDefense [8] is a whole hardware and software system comprising of sensors positioned all over the network, which are interfaced to a supervision electrical device, and managed by a monitor console. AirDefense can guard up to ten APs by detecting intruders and attacks and as well identify likely vulnerabilities in the network such as misconfigurations. The manufacturer of AirDefense explains that it can detect the majority of the threats described above. Further, AirDefense presents other administrative tasks like fault tracking and record auditing. Yet another commercial IDS is AirMagnet [9] that uses laptops and also comprises a Cisco wireless card. Similar to AirDefense, it integrates detection of vulnerabilities and intrusions. AirMagnet detects illegal APs and clients and DoS attacks by flooding. Surveyor Wireless is a similar product like AirMagnet. Another method for intrusion detection is the Fake AP an easy Linux program that imitates a user-specified list of APs by transmitting IEEE 802.11b beacon frames. It makes an intruder confuse who is passively attacking the network. AirSnare [12] is a program for Windows that senses DHCP requests or illicit MAC addresses trying to connect to an AP. Intrusion reaction consists of an alert to the administrator and optional message is sent to the intruder via Windows net message. A perfect intrusion detection system merges the functions of the products explained above and also enforces some fresh features. The major purpose of the new device would be intrusion detection. This may take place at different levels. The primary level would be to monitor the Media Access Control (MAC) address of network adapters trying to link with the network. Suppose the MAC address does not contain in the white list or is blacklisted, it is considered as a potential intruder. This type of processes is generally identified as MAC filtering and may not be convenient in a large organization where customers may use their own wireless cards. The MAC addresses are not entirely indiscriminate. The initial three bytes are exact to each manufacturer and these manufacturers generally use only a minute range of the existing addresses. Through observation of each MAC address against such models, it is feasible to decide fake addresses randomly generated by intruders (Lim, et.al., 2003). Conclusion Wireless intrusion detection systems are an essential requirement to the security of wireless networks. Even though there are disadvantages in employing a wireless IDS, the benefits are presumably show to offset the downsides. With the competence to sense probes, DoSs, and variety of 802.11 attacks, as well to support with policy enforcement, the benefits of a wireless IDS can be phenomenal. An IDS is only one aspect of the larger security solutions. Wireless networks need a number of other security actions to have an adequate level of security yet the addition of a wireless IDS can really enhance the safety stance of the entire network. As the threats to wireless networks go on increasing, and the rising complexity of attacks, a method to recognize and report on threat data can really improve the safety of a wireless network (Farshchi, 2003). References Farshchi, J. (2003) Wireless Intrusion Detection Systems [Online] Available from: < http://www.securityfocus.com/infocus/1742> [12 March 2008]. Lim, et.al., (2003) Wireless Intrusion Detection and Response [Online] Proceedings of the 2003 IEEE Workshop on Information Assurance United States Military Academy, West Point, NY. Available from: [12 March 2008]. Wright, J. (2002). Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection, [Online document], 2002 Nov 8, [cited 2003 Jan 30], Available from: Read More