Managing Security Risks in Wireless Networks

Research Method
For the purposes of this study, I will be conducting up to date research from reputable sources, I will point out possible security issues involved in wireless networks, and will suggest using several different security methods that could help to improve any possible security vulnerabilities.

For the purposes of this study, I have gathered important information from reputable sources through online journals, from professional sources in the network security field, and through my own prior knowledge and experience.
First I will list the different types of wireless vulnerabilities and threats; I will then follow with important information and suggestions for how to mitigate these possible issues before they have a chance to compromise a wireless network.

Wireless Vulnerabilities
Wireless vulnerabilities exist if there is a design flaw or a weakness that can be exploited by an attacker or a threat. A few possible wireless vulnerabilities are listed below.

Bluetooth Attacks – There are ways an attacker can access mobile devices through Bluetooth and create problems like DoS. Attackers can take advantage of an open Bluetooth port and insert infected code into a user’s system without their knowledge. This has recently been known to happen to users who own a FitBit device. FitBit connects to a user’s computer via Bluetooth. Since this port was left open waiting for a connection to FitBit devices, attackers injected code that would infect a computer or create a backdoor in. Attackers can also take advantage of Bluetooth devices such as cellphones. As long as the Bluetooth is enabled, an attacker can find means to connect to it and steal pictures or private data. These types of attacks have many names, but are commonly known as Bluesnarfing, Bluejacking, and Bluebugging.

Lost and Stolen Devices – Though this isn’t technically considered a vulnerability to wireless networks, if an attacker were able to get ahold of a device that has already gained access to the network, they would be able to take advantage of this and access the network themselves. Millions of devices are lost or stolen each year, which can increase the likelihood of an attacker gaining access by these means. Once an attacker has access to a device they would be able to access/steal data, inject malicious code, create a backdoor, access email, access applications with stored passwords, or access applications that don’t require authentication when on the network.

Parking Lot Attack – If a wireless network extends outside the perimeter of buildings, attackers can sit on the outskirts of a company network and gain access to the wireless network. An attacker will try several means in order to attempt to get into a network, including attempts at listening to traffic, scraping data for passwords, retrieving access point information, or creating a fake access point. All of this can be done without the user’s knowledge and from a safe distance. Once an attacker is able to find a user to connect to, they are able to create dialogues that pop up that request a password and the user unknowingly gives the password to the attacker. Now the attacker has an authenticated means of access the network and can do and access anything that the user can do.

Rogue Access Points – An attacker can easily set up a rogue device if there is access to network jacks. Rogue access can also be easily setup by an uneducated user within their department or area. If an attacker gains access to a rogue device whether they set it up themselves, or it was by a user, it could be an open door to the network. Access to a rogue device could give an attacker the means to getting the necessary credentials to log into the legitimate access points on the network. Once into the network the attacker would be able to attempt to further access systems and devices.

Shared Key Authentication – A shared key authentication attack is when the attacker is able to access the challenge and the response that happens between the access point and the authenticated device. Once the attacker has this information, they are then themselves able to act as the authenticated device.

SSID Search – An attacker is able to obtain an SSID by capturing network traffic. Once they find this information they are able to access the network using other means and get to areas that were not intended for generic users.

Unsecured Access – Unsecured access to a wireless network is a common vulnerability. Unfortunately many wireless routers and access points are shipped from the factory with default credentials. If an attacker knows the default information, they are able to easily access a router or access point.

WEP Attacks – WEP is not a secure protocol to use when setting up a wireless network and causes vulnerabilities in a WLAN whether it is in use or not. These types of attacks can be used to modify data, decrypt traffic, and access unauthorized areas.

Wireless Threats
Wireless threats can be considered as the means to which an attacker can make use of one of the above vulnerabilities. Threats on a wireless network can be anything from just someone seeing if they can get in, to someone wanting in to cause malicious harm to the network. There’s no way of knowing what an intruder intends to do, so it’s best to avoid access altogether. Some possible threats are listed below.

Denial of Service – This type of attack can happen to either a wired or a wireless network. The attacker floods the network with requests that make it difficult for the server to handle and authorized users are unable to gain access; Kumar, U. et al (2014). [5]

Dictionary Attacks – This can be done on a wireless or a wired network. The attacker goes through passwords one by one trying to find a password that works; Kumar, U. et al (2014). [5]

Eavesdropping – This is when an attacker injects messages into wireless traffic so that when the messages are decrypted he is able to figure out the key. The attacker will then be able to decrypt all of the messages; Kumar, U. et al (2014). [5]

IP Spoofing – This type of attack requires the attacker to hide their own IP address and use a known good IP address to gain access by impersonation.

Malicious Code – Using wireless protocols virus threats and Trojans are able to spread through smartphones.

Man in the Middle Attack – The attacker creates dummy AP’s then lets the user authenticate. With the AP in the middle of the connection the attacker is able to see the information that passes through the connection. ; Kumar, U. et al (2014). [5]

Traffic Analysis – The attacker gathers necessary information from the network in order acquire enough information to access the network; Kumar, U. et al (2014). [5]

Wardriving – The attacker searches for Wi-Fi signals in a moving vehicle.

Ways to secure
Securing a wireless network is a thought out process. All possible avenues of threat need to be considered so that one area is secure while an attacker just finds another way in. Many companies thought their network was secure, until information became compromised and leaked to the public.

Vendor Audit
The best way to secure a network is to think like an attacker. To find out just how secure your network is, it would be a great idea to have a wireless audit completed by an outside vendor. There are many advantages to using a vendor such as the thoroughness of the evaluation, a vendor may find things that were overlooked internally, using a vendor wouldn’t tie up already busy employees, a vendor may have access to more resources and tools to do the job, a vendor would be able to get the job completed quicker, and since it would be the vendors specialty; they would be more knowledgeable in the field. The disadvantage of using a vendor is that it’s expensive and can be difficult to get management buy-in.
When a vendor does an audit, they will attempt to compromise the network in ways that an attacker would; which is sometimes known as ethical hacking. The vendor will use several different methods to ethically hack a network and to check for vulnerabilities, such as:

  • Password cracking attempts
  • Site survey/Heat map
  • SSID Search
  • Search for Bluetooth connections
  • Search for rogue devices
  • Discuss policies and procedures

When the vendor is finished with the audit, they will give a summary of findings to outline any vulnerabilities that were found and offer suggestions to remediate the vulnerabilities. Hiring an auditor can be cost prohibitive for some companies, and it can sometimes be difficult to get approval for such an expense. In that case, there are steps that can be taken to make sure a network is secure without the use of an auditor.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *