Wireless Security is always be a concern and in Wi-Fi Technology Security will play an important role in corporate network. As we all know that Wi-Fi works on signal strength, and we can not control the signal to spread. So, it is very easy to connect with your Wi-Fi network and hack your network if you do not have strong Security on Wireless network.
(Disclaimer : This blog is only for educational and informational Purpose only. We believes that everyone is aware about technology, Security, Ethical Hacking, Cyber Security and how to avoid such risks. All our blogs have been made using our own knowledge, experience, server, lab etc. It does not contain any illegal activities. Our sole purpose is to share our knowledge only. Any related word, things, activity, example are simply coincidence only. Kbrosis Technologies is not responsible for misuse of provided information).
Wireless Clients
Wireless clients are considered to be any end-devices which has capability to connect or access internet without any wire connectivity. Now, in this 21st century, those devices can be almost anything.
Smartphones & Smartwatch − These are one of the most globally used wireless devices. They support multiple wireless standards on one box, for example, Bluetooth, Wi-Fi, Calls, GPS etc..
Laptops − These are a type of device which we all use every single day.
Smart-home Equipment − IOT also a emerging technology in current generation, IOT based smart-home equipment connected with Internet over GSM or Wi-Fi and we can access and manage from everywhere, for example freezer that you can control over Wi-Fi or a temperature controller, AC, Cars etc.
Wireless Security – Access Point
Access Point (AP) is the central node in 802.11 wireless implementations. It is the interface between wired and wireless network, that all the wireless clients associate to and exchange data with.
Common Wi-Fi Attacks & Risk
Wireless Security – Integrity Attacks
Integrity of the information is ensures that data was not tampered, when communicating from one point to another over the network (either wireless or wired).
In wireless communication, 802.11 radios can be detected by any 3rd party on the same frequency channel and can enter in Wi-Fi network. Below is the example of integrity attack.
In above example, suppose someone (victim) is sending any email or information over Wi-Fi and the information is not well encrypted (or attacker broke the encryption and have the chance of reading everything in clear text), then wireless attacker (attacker) can reads the whole packet & modifies and can re-inject a message back to the air, to go to the internet via the AP.
In that situation, if there are no integrity checks that would detect a modification in the message then the recipient would get a modified message by hacker.
There are 2 main security solution against such type of an integrity attack − encryption (so that attacker would not be able to read the message at all) and Message Integrity Codes (MICs) that are basically hashing function like MD5 or SHA1.
Wireless Security – DoS Attack
If someone facing issue of disabling the service or degrading its performance it can be of Denial of Service (DoS) attacks. The cost of such an attack may be very expensive for a victim or companies.
Wireless networks are also playing a crucial part in productivity of the employees. We all use wireless laptops and smartphones in a workplace. With the lack of wireless network working, our productivity is decreased.
DoS attacks on availability may be divided into 3 types −
- Layer 1 DoS– Using jammers
- Layer 2 DoS
- Layer 3 DoS
Wireless Security – Layer 2 DoS
These attacks are most likely launched by malicious attackers. The main idea behind this attack is to temper the 802.11 wireless frames and inject or re-transmit them into the air.
The most common types of Layer 2 DoS attacks involve spoofing of disassociation or de–authentication management frames.
Mitigation technique against those type of attacks is to use an 802.11w-2009 Standard Management Frame Protection (MFP).
In simple words, this standard requires that management frames (like disassociation or de-authentications frames) are also signed by a trusted AP, and if they come from a malicious client or a fake AP, they should be denied.
What is MFP (Management Frame Protection) & MIC
One method of Management Frame Protection (MFP) is Infrastructure MFP. With this method, each management frame includes a cryptographic hash called a Message Integrity Check (MIC). The MIC is added to each frame before the Frame Check Sequence (FCS). When this is enabled, each WLAN has a unique key sent to each radio on the AP. Then, the AP sends management frames, and the network knows that this AP is in protection mode.
The other method of MFP is called Client MFP. If the client is running Cisco Compatible Extensions (CCX) 5 or better, it can talk to the AP and find out what the MIC is. Then it can verify management frames it hears in addition to the APs that provide this function. The major benefit of this mode is the extension of detection.The clients can detect the AP called BAD_AP that is generating invalid frames, even though BAD_AP is out of the range of the APs that are in protection mode.To enable MFP, choose SECURITY > Wireless Protection Policies > AP Authentication/ MFP.
Wireless Security – Layer 3 DoS
Layer 3 DoS is to congest the WI-Fi network and the host with sending a large volume of traffic to process, resulting in crashing of a host.
The most common types of Layer 3 DoS attacks are –
- Fraggle Attack
Attacker sends a large amount of UDP echo requests to IP broadcast address. The source IP address is spoofed and is set to a victim IP address. By doing that, all the replies originated on by the clients on the broadcast subnet are sent back to the victim.
- Ping Flood Attack
Attacker sends a large number of ICMP packet to the target computer using ping. Imagine a malicious party that owns botnet of thousands of PCs. If we imagine a ping flood attack running at the same time from all of those PC, then it may become pretty serious.
Rogue Access Point Attacks
When we discuss about corporate networks, the corporate WLAN is an authorized and secured wireless network but if any WLAN radio or AP that is connected to the corporate network (most often to some network switch) without the authorization is called Rogue access device (AP).
Let’s understand in simple way–Suppose you have 50 access points in corporate network on your floor, but at the same points on other floor some other organization also installed AP in their network and those AP have good signal strength, then user can be try to connect with those AP which is called Rogue AP. We can identify such Rouge AP from WLC and Wi-Fi network analyser tools.
In Cisco there are technology to detect Rogue AP and protect from them is called Clean Air Technology
Clean Air Technology
Clean Air has the unique ability to detect RF interference that other systems can’t see, identify the source, locate it on a map, and then make automatic adjustments to optimize wireless coverage.
Cisco Clean Air technology enables organizations to:
- Automatically optimize the wireless LAN for better reliability and performance
- Perform remote troubleshooting for fast problem resolution and less downtime
- Detect non-Wi-Fi security threats and resolve issues in real time with CleanAir Analyst, allowing non-Wi-Fi interference to be mapped in real time with existing
network resources
- With Cisco Clean Air technology, if an interference source is strong enough to completely jam a Wi-Fi channel, the system will change channels within 30 seconds to avoid the interference, resuming client activity on another channel outside of the affected area.
- Cisco Clean Air technology uses silicon-level intelligence to precisely detect and classify over 20 interference types, changing channels only if it determines that the interference is severe enough to impact network performance.
Visit to our site : https://www.kbrosistechnologies.com/
Watch more Video https://www.youtube.com/channel/UCpcd6IshE1caAbf9EdJd3gw
