Managing Security Risks in Wireless Networks

What is Wireless Communication?
According to Kumar and Gambir (2014), “Wireless communication is the exchange of data between two or more points that are not joined by an electrical transmitter.” (p. 25). A wireless network uses radio frequency transmissions such as electromagnetic waves for transmitting voice and data. The information transmits from sender to receiver through open space over frequency bands known as channels. There are currently 5 types of wireless communication, these are infrared, Bluetooth, Wi-Fi, radio, and cell phone. Because of the way these communicate through the open air, this makes them inherently difficult to secure and creates many avenues for attack. For the purposes of this paper we will focus mainly on the aspect of Wi-Fi environments.

WLAN Equipment
A typical home network consists of a modem, a router and wireless devices that can connect to the router. Wireless devices could be items such as laptops, tablets, cell phones, printers, gaming devices, TV’s, security systems, etc. (See Figure 1.).

Figure 1- Example of a Home Network
A home network can appear simple, but still can have many avenues for attack. A corporate wireless network can vary and can be much more complex. Since a corporate wireless network can be much larger in size, this also increases the number of avenues for attack and can make it a security nightmare. For example, a corporate network can contain many access points, switches, hubs, repeaters, and wireless controllers, depending on the size of the campus. See Figure 2 for an example of what a small campus might look like. A wireless network could even extend to a separate campus in another location.

Figure 2 – Example of a Corporate WLAN

Wireless Standards
A wireless standard is a guideline that is set to standardize the frequency, range, and data rate of wireless transmissions using different applications or mode of transmission. This standard is set by IEEE, which is the Institute of Electrical and Electronics Engineers. IEEE develops the global standards for many technologies including wireless technology. The first wireless technology standard of 802.11 began in 1997. Several standards have followed since 1997 with the most recent being that of 802.11ac in 2013 and 802.11af in 2014. IEEE is working on newer standards currently which are long overdue. In my opinion, as fast as technology changes the standards should also change; RFiD Centre. (2016). [11]

Standard Data Rate Range Frequency
802.11 1-2Mbps 20 feet indoors 2.4GHz RF
802.11a Up to 54Mbps 25-75 feet indoors 5GHz
802.11b Up to 11Mbps Up to 150 feet indoors 2.4GHz
802.11g Up to 54Mbps Up to 150 feet indoors 2.4GHz
802.11n Up to 600Mbps 175+ feet indoors 2.4GHz/5GHz

Wireless Security Protocols
There are a few different types of wireless security protocols that are available that are based on the standards provided by IEEE. Those standards are as follows:
WEP – WEP can be defined as Wireless Equivalent Privacy. WEP is a protocol defined in IEEE’s 802.11 standard. When WEP initially began it was thought to be secure until a flaw was found allowing WEP to be cracked rather quickly. There were several flaws found in WEP such as its use of streaming algorithm, header vulnerabilities, it lacked authentication, and more. WEP is still used, but isn’t a preferred security method due to its vulnerabilities; Ijeh, A. et al (2009). [3]
WPA – WPA is known as the Wi-Fi Protected Access protocol. WPA is basically a re-engineered version of WEP. To make WPA more secure than WEP several changes needed to be made. Authentication was added, the header was protected, it uses TKIP (Temporal Key Integrity Protocol) instead of AES, and it uses a non-linear algorithm. TKIP ended up not being a secure enough form of encryption, so WPA2 was developed to replace WPA; Ijeh, A. et al (2009). [3]
WPA2 – WPA2 is similar to the WPA protocol. WPA2 made the transition to using AES encryption, and it included an enhanced integrity check. WPA2 is currently the most secure protocol to use. WPA2 can be used with either the AES, TKIP, or mixed mode (AES/TKIP) options; Ijeh, A. et al (2009). [3]

Literature Review
Like most information in the field of technology, wireless information gets outdated and needs to be maintained to stay accurate. Articles that were written within the last year could already be outdated and difficult to use to secure a network in its entirety. The following literature is an attempt at the most recent updates in wireless security.

Ethical and Legal Concerns
Houston, Reams, and Zelinsky (N.D.) discuss a few of the ethical aspects involved in wireless networks. [1] Though this is not a complete list of ethical dilemmas that can arise by the use of a wireless network, it does pose some great ideas in who should be responsible for the security of wireless networks.

Security Concerns
Zaman, Ahmad, Azhar, Nawaz, Abbas, and Idrees (2014) discuss several types of vulnerabilities and threats that should be considered when configuring wireless networks. [2] There are many types of security risks possible in a wireless network, it’s important to stay up to date on the most recent vulnerabilities and threats.
Kumar and Gambhir (2014) discuss the different types of security attacks and security protocols. [5] Knowing the types of attacks that can occur on a network is one of the best ways to mitigate risks.

Policies and Procedures
Ijeh, Brimicombe, Preston, and Imafidon (2009) examined the different types of protocols for wireless security and completed a study to determine how the location of the data that gets transmitted could be restricted in order to increase security on a wireless network. [3] The authors outline several security challenges that should be considered in the wireless network development process.
Mandeville (N.D.) has completed documentation for creating a security plan for wireless networks. He lays out options for security plans with different protocols that could help to secure a wireless network.
Sans (2014) has created a generic wireless communication policy that can be modified for use by anyone in the internet community. [6] Policies are great for having a guideline to go by when securing a network. There is an inherent flaw in using a template though, it’s important to make sure it fits your network.

Waliullah, Moniruzzaman, and Rahman (2015) conduct an experimental analysis to study well know attacks and discuss ways to monitor and mitigate those attacks. [4]
Cai (2014) investigates different methods of monitoring wireless network technologies such as WiFi Networks, Cellular Networks, and Wireless Sensor Networks.

Literary Improvements
This study will provide literary improvements with updated wireless security information. We will add to existing literature with updated information on vulnerabilities, current threat information, and ways to manage risk.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *