WiFi Security Utopia - WPA2 WPA WEP Keys
WiFi Networks WLAN are now in many locations more common than the old fashioned cable connected Internet. Installation of cables in a building or office locations can many times be an expensive and a slow task. It might even require authorized technicians to install the cables across walls and to get the installations certified afterwards.
Another issue is if the cables are not long enough
Or there must be drilled holes in wall for new cables when a new room requires cables. This then requires installation certification, time and cost.
A cable can also simple break if someone have it connected to a laptop and another person walks and fall over the cable.
This could cause damage on the laptop and have the connection plug break, which would needs to be replaced.
Another issue is if a cable is bend to hard, the cables inside can break and would require to be repaired.
Another limitation is if a user has a laptop and wants to walk from room to room or a different place in the room, the user can only walk to locations with a cable plug and limiting the freedom of the user.
A simple solution to resolve the cable challenges could be wireless technology. Wireless Networks have been around for many years but has just started to catch on in the last few years. After most laptop vendors started to deliver ,their laptops with build in WiFi capabilities where at earlier times it was a hassle for the user to use an external PCMCIA card or USB adapters.
Today an ever-increasing need for Smart Phones and Sub Notebooks that only comes installed with WiFi capability puts and even more need for WiFi Networks.
The flexibility is that a User can easily connect to the network through walls or even floors without the need of any cables.
The user can even walk from departments in the organization and still be connected. Even the User can be abroad or at a coffee shop and still be connected.
We could now all take a rest, while connectivity freedom via WiFi utopia has been reached!
With most new technologies that are introduced, to solve a certain problem will also introduce new areas of concern or risk.
There are many concerns, risks, and security problems about WiFi technology. One could even argue that the technology have been introduced too fast without the scrutiny of the security point of view.
Key risk areas that have arisen while using wireless networks:
• WiFi Disturbance. There have been cases with 2.4 GHz and 5.8 GHz networks that can easily be disturbed. And being blocked from functioning. Even common cordless phones are known to interfere and the same with microwave Owens. A remote attacker can even buy a WiFi Jammer online and easily block entire WiFi networks. So if an organization solely rely on WiFi technology it can be very vulnerable to DoS Denial of Service attack.
• The encryptions used for Wi-Fi networks have been broken over and again. The first Encryption introduced WEP Wired Equivalent Privacy was already broken in 2001, and there has been found numerous flaws in this encryption technology.
• MAC address protection. The Wi-Fi Router Manufactures introduced MAC address protection by only allowing white listed MAC addresses of computers to connect. However attacks can easily in seconds spoof a MAC address and connect anyway
• The problem about sniffing of traffic can be caused when there are multiple users connected to an Access Point and the users might get the felling it is secure but in reality other people on the same access point can sniff passwords for websites, mail services if they are running without HTTPS. There have even been plugins for Firefox and other browsers that allowed to take over other peoples Facebook
• The more secure WPA/WPA2 was introduced to combat WEP security risks as being a replacement in 2003. On a WPA/WPA2 encrypted network an attacker can still cause DoS attacks against users by sending De authentication packets forcing the users to reconnect and this way sniff the connection handshake. Once the attacker has access to the connection handshake it can be subject to brute force in a distributed a fast way. This can lead to a compromise of a thought secure network.
• WPA TKIP Temporal Key Integrity Protocol injection vulnerability. It is possible to decrypt short packets. This do not lead to recovery of the key password but recovery of the keystream used to encrypt a packet. This can allow an attacker to inject faked ARP packets making the victim sending outgoing packets to the Internet.
• WPS Pin Key Recovery. This is very serious vulnerability introduced in December 2011. If a target Access Point has enabled Wi-Fi Protected Setup (WPS) feature it can be subject to attack. It does not even matter which encryption is used or strength of the password. Many Access Points comes from the manufacturer with the function enabled by default out of the package. It can allow an attacker to recover the WPS PIN sometimes in a few hours or few days and by that also get the routers WPA/WPA2 password.
• MS-CHAPv2 vulnerability. in 2012 a weakness was discovered in MS-CHAPv2 that allows brute-force attacks that can be done with modern hardware.
Powerful UTM Firewall, Vulnerability Scanner, WiFi Penetration Testing software
SecPoint is specialized to deliver the best IT security solutions and products.