A Wireless Network Structure Considering Security - Coursework Example

Your first and sur Your Due Wireless Security Figure A Wireless Network Structure Considering Security Wireless Networks are widely used both for individual or business purposes. Today the number of Laptops, PDA's and Mobile Phones that use Wireless Communication Technologies is increasing in every minute. PDA's give you the opportunity to access to the internet, check your email and much more. Mobile phones too, they help you to send Multi-Media Messages (MMS, for example photo or MP3 files) to other people with cell phones or individual email addresses. You can also use General Packet Radio Service (GPRS) that is probably provided by your mobile phone network's operator to access to the internet. You can simply use Laptop, PDA or Cell Phones to establish connection to each other via Bluetooth. These devices all give you the ability to "enter a network mobile which has many benefits for you. However, wireless networking has many security issues. Crackers have found wireless networks relatively easy to break into, and even use wireless technology to crack into non-wireless networks."1 "An increasing number of government agencies, businesses, and home users are using, or considering using, wireless technologies in their environments. Agencies should be aware of the security risks associated with wireless technologies. Agencies need to develop strategies that will mitigate risks as they integrate wireless technologies into their computing environments. This document discourses some common wireless technologies in brief, outlines the risks in relation to them and will offer some guidance for mitigating those risks. "2 It also provides "top 10 tips for wireless home network security"3. We will also point to some of the ways crackers use to enter wireless networks and how they can easily bring down even a whole none wireless network via that. An Overview of Wireless Technology No physical connection is established between the devices in a wireless network. No cable or wire to joint two devices to each other or one device to a network. All devices connect through radio frequencies to transmit the data. Wireless technology may involve complicated systems such as Wireless Local Area Networks known as WLAN. It may also include simple devices that do not have a storage system such as wireless headphones and microphones. Devices with Infra-Red technology are also involved such as a wireless mouse or a remote controller. Wireless Networks help implementing a mechanism to transmit data between devices and also inside the devices. These networks are categorized into three main groups. Wireless Wide Area Networks or WWAN for example GSM (Global System for Mobile Communications), Wireless Local Area Networks or WLAN and Wireless Private Area Networks known as WPAN technology for example Bluetooth. Figure 2: A Wireless Wide Area Network (WWAN) Mainly, the devices that use wireless technology are the devices that can be carried easily from one place to another such as Laptop computers, Personal Digital Assistants (PDA's) and Cell Phones. "Many laptop computers have wireless cards pre-installed for the buyer." 4 "PDAs are data organizers that are small enough to fit into a shirt pocket or a purse. PDAs offer applications such as office productivity, database applications, address books, schedulers, and to-do lists, and they allow users to synchronize data between two PDAs and between a PDA and a personal computer. Newer versions allow users to download their e-mail and to connect to the Internet."5 Figure 3: A Wireless LAN There are two standards for wireless technology, IEEE 802.11 developed by IEEE in 1997. It is a standard for data transmission in WLANs. "802.11 is the original WLAN standard, designed for 1 Mbps to 2 Mbps wireless transmissions. The 802.11b standard is currently the dominant standard for WLANs, providing sufficient speeds for most of today's applications. Because the 802.11b standard has been so widely adopted, the security weaknesses in the standard have been exposed. Bluetooth has emerged as a very popular ad hoc network standard today. The Bluetooth standard is a computing and telecommunications industry specification that describes how mobile phones, computers, and PDAs should interconnect with each other, with home and business phones, and with computers using short-range wireless connections. Bluetooth network applications include wireless synchronization, e-mail/Internet/intranet access using local personal computer connections, hidden computing through automated applications and networking, and applications that can be used for such devices as hands-free headsets and car kits."6 Figure 4: Bluetooth connection between devices Wireless Security Issues Most of the security issues discussed in regular (cabled or linked via wire) networks can also be known as wireless threats too. They are categorized in NIST handbook about security 7 to nine groups of threats started from common errors in protocols "to threats to a person's privacy. However, the more immediate concerns for wireless communications are device theft, denial of service, malicious hackers, malicious code, theft of service, and industrial and foreign espionage."8 A device can simply be stolen because of its portability. Once the device is stolen, all the necessary opportunities are in touch of the thief from a simple phone number list to simple access to email, bank account information and much more. The thief can simply enter the network as an authorized member. "Authorized and unauthorized users of the system may commit fraud and theft; however, authorized users are more likely to carry out such acts. Since users of a system may know what resources a system has and the system's security flaws, it is easier for them to commit fraud and theft."9 Malicious hackers are the normally persons outside a company, agency or organization. Although an employee can be a hacker as well, but most of the attacks are from outside of population. Hacking a wireless network does not mean that only notebooks, PDAs and Cell phones are hacked. A hacker can simply use a wireless network to crack into a non-Wireless network. This is an important issue for the companies, agencies and organizations that are using non-wireless networks have wireless devices in use and connected to the network. For instance, "In-Stat MDR and META Group have estimated that 95% of all corporate laptop computers that were planned to be purchased in 2005 were equipped with wireless. Issues can arise in a supposedly non-wireless organization when a wireless laptop is plugged into the corporate network. A cracker could sit out in the parking lot and break in through the wireless card on a laptop and gain access to the wired network. If no security measures are implemented at these access points, it is no different from providing a patch cable out the back door for crackers to plug into whenever they wish."10 There are a number of ways for unauthorized access to a network as is stated in wikipedia11 web site. Below is a brief description of them. Accidental Association, It happens when two separate wireless area networks each one for a separate company on a building, overlap each other. A user may be unaware of such an issue however this for example helps a person in a company to have the access the network of other company with or without awareness. Malicious Association, It happens "when wireless devices can be actively made by crackers to connect to a company network through their cracking laptop instead of a company access point (AP). These types of laptops are known as "soft APs" and are created when a cracker runs some software that makes his/her wireless network card look like a legitimate access point. Once the cracker has gained access, he/she can steal passwords, launch attacks on the wired network, or plant trojans. Since wireless networks operate in the Layer-2 world, Layer-3 protections such as network authentication and virtual private networks (VPNs) offer no protection. Wireless 802.1x authentications do help with protection but are still vulnerable to cracking. The idea behind this type of attack may not be to break into a VPN or other security measures. Most likely the cracker is just trying to take over the client at the Layer-2 level."12 Another security threat can happen inside an Ad-hoc network. In these type of networks, the connection from one device is peer to peer. That means that no access point is established between two device and this also means that the security in such networks is low. There are some methods that may help increase the security in such networks such as encryption methods. "Non-traditional networks such as personal network Bluetooth devices are not safe from cracking and should be regarded as a security risk. Even bar code scanners, handheld PDAs, and wireless printers and copiers should be secured. These non-traditional networks can be easily overlooked by IT personnel that have narrowly focused on laptops and APs."13 Identity theft, It happens when a cracker uses a software with network sniffing abilities. Such software, listen to the network traffic steal the MAC address of a computer on the network. Then they use it to steal information with that MAC address privileges. Another way for unauthorized access to a network is called "Man-in-the-middle attacks". "A man-in-the-middle attack is one of the more sophisticated attacks that have been cleverly thought up by hackers. This attack revolves around the attacker enticing computers to log into his/her computer which is set up as a soft AP (Access Point). Once this is done, the hacker connects to a real access point through another wireless card offering a steady flow of traffic through the transparent hacking computer to the real network. The hacker can then sniff the traffic for user names, passwords, credit card numbers...etc. One type of man-in-the-middle attack relies on security faults in challenge and handshake protocols. It is called a "de-authentication attack". This attack forces AP-connected computers to drop their connections and reconnect with the cracker's soft AP. Man-in-the-middle attacks are getting easier to pull off due to software such as LANjack and AirJack automating multiple steps of the process. What was once done by cutting edge crackers can now be done by script kiddies, less knowledgeable and skilled hackers sitting around public and private hotspots. Hotspots are particularly vulnerable to any attack since there is little to no security on these networks."14 Denial of service happens when the attacker tries to send a vast amount of incorrect data to the network and the info that cause the system to face with unhandled errors and finally crashes. These kinds of attacks are the result of using protocols in a bad way. The last way that a hacker or cracker may use to dominance network is "Network Injection". In this way, the hacker simply injects malicious codes that can change network configurations, switches and routers information, A kind of attack that finally brings the network down. Malicious codes can be logic bombs, Trojans, scripts or viruses. Ways to counteract / prevent the hacker attacks There are always ways for hackers to attack a network because of lacks in security and protocols in the network and their components, However there are ways that help counter the attacks that has happened or is going to happen. Once they are known, IT professionals must learn about the type of attack and do as much as they can to counter it. IT professionals and system administrators can also prevent eventual future attacks by predicting them when analyzing the network and considering the security weakness of it. There are of course ways that help preventing most of the attacks, but everyone must consider that these can never guaranty that no more attacks will happen again. There are methods of counteracting security risk that involves securing all wireless LAN devices as much as possible, enhancing the knowledge of the people who are using wireless devices of security issues regarding wireless systems and finally using a monitoring system to show the weaknesses and breaches in the wireless network. Using MAD ID filtering can also help preventing the use of fake IDs via the attackers. As stated above, attackers can listen to the MAC ids by some special software easily. One other useful way is "Static IP Addressing", "Disabling at least the IP address assignment function of the network's DHCP server, with the IP addresses of the various network devices then set by hand, will also make it more difficult for a casual or unsophisticated intruder to log onto the network. This is especially effective if the subnet size is also reduced from a standard default setting to what is absolutely necessary and if permitted but unused IP addresses are blocked by the access point's firewall. In this case, where no unused IP addresses are available, a new user can log on without detection using TCP/IP only if he or she stages a successful Man in the Middle Attack using appropriate software."15 There also are other methods such as WEP encryption16, Wi-Fi Protected Access (WPA)17, WPA218, LEAP, PEAP, TKIP, RADIUS, WAPI that complete definition for them is available at wikipedia web site. Ways to increase Wireless Home Network Security19 In addition to security risks counteracting methods, there are simple ways (Some of them may also be mentioned above) that every one using a wireless LAN can do to increase the wireless security or not to threat the system's security unwanted. There are ways such as changing the default administrator username and password, turning on compatible WPA/WEP encryption, changing the default SSID, Enabling MAC address filtering, Disabling SSID broadcast, Preventing to auto connection to wireless networks, Assigning static IP addressing to devices, Positioning the router or any access point safely and Turning off the network during extended periods of non-use. References Wikipedia, Wireless Security, May 29th 2007, Available from http://en.wikipedia.org/wiki/Wireless_security Tom Karygiannis, Les Owens, Wireless Network Security 802.11, Bluetooth and Handheld Devices , NIST ( National Institute of Standards and Technology ), Available to download from csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf Top 10 Tips for Wireless Home Network Security, From Bradley Mitchell, Your Guide to Wireless / Networking.FREE Newsletter. Available from http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm Wikipedia, Wireless Security, May 29th 2007, Available from http://en.wikipedia.org/wiki/Wireless_security Wikipedia, Wireless Security, May 29th 2007, Available from http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy Wikipedia, Wireless Security, May 29th 2007, Available from http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access Wikipedia, Wireless Security, May 29th 2007, Available from http://en.wikipedia.org/wiki/IEEE_802.11i Figure 1: http://manageengine.adventnet.com/products/wifi-manager/wifi-manager-de/images/wireless-lan-security.gif Figure 2: http://www.barcodeid.com/Graphics/WAN.jpg Figure 3: http://www.digitprocom.com/images/wslan/NETWORKS.JPG Figure 4: http://www.wam.umd.edu/ytchang/basicconcepts.html Read More