Security mechanisms in Wi-Fi .........………….……………………….. P.7

Network Security ……….………………………………………… P.8

Wi-Fi security in future …………………………………………………. P.8

What was learned …………………………………………………. P.9

Conclusion ..................................................................... P.10

Bibliography …………………………………….…………… P.11

Word Count: 2,047 Words

INTRODUCTION:

Information security is playing an important part in most of the companies at the moment. For example, you can't do your online transactions without using security methods such as SSL (Secure Socket Layer). However, without security your data would be spread out to anonymous people. These people can exploit your data to use it for their own goods. For instance, they would be to use your information in illegal way to login to your bank account. In this project, we are presenting the Wi-Fi security. The purpose of this project is to illustrate how the security is involved in the Wi-Fi. For starters, Wi-Fi is a shortcut for the name "Wireless Fidelity" which means it uses the radio waves to connect to the internet on a high speed connection. Wireless is now used in many devices that we are using it in our life such as video games consoles (PS3, Xbox, Nintendo Wii), laptops, personal computers (PC's), PDA's that are using Palm OS and new generation of smart phones such as Nokia, Android phones and I Phone. As for the PC's, you can connect to the internet without a wire by using Wireless adapters (ALFA & Genius wireless adapters are good examples). Back to 1991, the wireless was first named as the WaveLAN (Wave Local Area Network). NCR and AT&T Corporations were the first inventors of 802.11 technologies. First, we will start to discuss how the Wi-Fi was first discovered by these to corporations. After that, we are going to talk about the evolution of the Wi-Fi security and how most of the companies are now demanding the security of their wireless networks. Finally, we will look for solutions to minimize the risks of the intruders in the Wi-Fi field and to look for some solutions for lowering the Wi-Fi devices prices.

HISTORY:

Wi-Fi can be defined as a wireless network technology which it uses the radio waves in providing wireless network and internet connections like in televisions, cell phones and radio. The history of Wi-Fi dates back in the year 1991 in Nieuwegein, Netherlands. It was been invented by NCR Corporation with co-operation of AT&T where it was used at first by cashier system. Vic Hayes is the person who invented the Wi-Fi. He was involved in the design of standards such as IEEE 802.11a, 802.11b, as well as 802.11g. The initial Wi-Fi had 11 Mb/s rate operating in 2.4 GHz band. In the year 2000, they reached our market. Currently, 802.11n is the most advanced standard used.

§ INTRUSION THROUGH WI-FI

Without tight security and the right security system and tools, an individual or business data can be exposed to intrusion though various means. Intrusion through Wi-Fi may be through mis-configured access point, unauthorized/rogue access points, hacker hacking through the system or even a neighbor trying to access your unsecured Wi-Fi network. All this and more may be intrusion means via Wi-Fi that can open a back-door into one’s or organization Wi-Fi and compromise important data.

"A major example of intrusion through Wi-Fi may be through packet sniffing where free programs such as tcpdump may be used in capturing any data that is sent through the wireless connection" (Lukasa, 2012). Therefore, any type of data/internet traffic that is unencrypted from the computer is transparently seen including any website visited. Additionally, tools such as nmap are used in scanning quietly into a machine system in attempt to establish services that were left open so as to break into them. "Sharing of remote screen and desktop allows for intrusion through visual observation of everything that happens in the machine" (Thought Leadership Summit Digest).

Unpatched exploits is another example of intrusion through Wi-Fi and especially open Wi-Fi where attackers runs codes arbitrary in one’s machine. "It involves the installation of spyware, the likes of keylogger" (Lukasa, 2012). Also, hijacking is another type of intrusion through open Wi-Fi through the concept of Man-In- The-Middle-Attack. Another machine intercept an individual computer traffic that is intended for a 3^rd party, record or adjust it and later sends it. False HTTP’s connections are set up and cookies are sent in form of plaintext and broadcasted to the whole wireless connection.

§ APPLYING SECURITY TO WI-FI

There are various ways of protecting Wi-Fi from intrusion through implementing wireless intrusion prevention system for Wi-Fi security. To begin with, always use strong usernames and password for the network to avoid keeping it open for unauthorized access. Settings for default username and password for routers and access point given by web tools should always be changed to complicated ones hard for hackers to change. Additionally, avoid auto-connecting to open Wi-Fi networks such as neighbor’s routers or free wireless hotspots expose one’s computer to security risk. It is important to turn on WEP/WAP encryption, change the manufacturer’s default SSID immediately after configuring Wi-Fi as it’s commonly known to hackers as well as enable the physical address commonly known as MAC Address.

"To avoid Man-In-The-Middle attacks, always ensure the use of HTTPS in sending credentials and in establishing connections with different authenticated services" (Mitchell, n.d). It is important to always turn off Wi-Fi network during long extended period of Wi-Fi non-use through shutting down the network hence preventing hackers from breaking into your data. Also and importantly, firewalls should be enabled and turned on to prevent from hacking. Static IP addresses should be assigned to devices to avoid network attackers from obtaining IP addresses.

ATTACKS ON WI-FI NETWORKs:

This part deals is explaining some attacks which administrators of Wi-Fi networks have guarded against it. We have classified the attacks and this classification is important to understand the positive and negative points of the DAIR (Dense Array of Inexpensive Radios) security management system.

Eavesdropping:

The Eavesdropping is known as a passive attack. In this type of attacks, the attacker listens to the wireless network traffic and tries to gain useful information as much as possible. The listeners can use this technique to break the code. "Passive attacks are difficult, if not impossible, to detect and we do not address them in this paper" (Paramvir, 2006).

Intrusion:

The second attack is known as the intrusion which is an active attack. This attack allows the attacker to access the network in an illegal way, in other words; unauthorized access. By gaining a physical access to the wired network, an attacker can have the access to the corporate network by connecting the Wireless Access Point to it.

Denial of service:

Another type of active attacks is the DoS attack. This type of attack is known with by their possibility to be solved. In the Denial of Service attack can exploit several flaws in the IEEE 802.11 protocol. It can also gain access to the network and attacking the Access Points by mounting it.

Phishing:

Phishing is also an active attack. It is designed to extract private information by using various techniques. The DIAR system can detect this type of attacks.

SECURITY MECHANISMS IN WI-FI:

To avoid the main weakness is to use a small key for encryption. Studies have shown that an encryption infiltrator could threaten the Wi-Fi in three ways: by decrypting data that was in the air, by changing the data and before forging key to gain unauthorized access to network and Internet.

Encryption:

TKIP (Temporal Key Integrity Protocol) increases the size of the key even up to 128 bits and replaces this key and redistributed by the authentication server. To do this, the key is distributed to the client and the access point by the TKIP and sets up a key hierarchy. Then, the TKIP will generate a unique data encryption keys to encrypt every data packet that is connected through a wireless access point during the user's session.

Authentication:

Wi-Fi uses authentication with one of the Extensible Authentication Protocol types available today. The 802.1x technology is a port-based network access control method used in wired and wireless devices. In August 2001, it was adopted as a standard by the IEEE (Institute of Electrical and Electronics Engineers).

NETWORK SECURITY:

One of the main issues with wireless network security is known as the simplified access to the network. A couple years ago, we used to use the old way to connect to the internet which it is known as the traditional wired network such as (Ethernet). With wired networking a computer must gain access to the source with an Ethernet cable. On the other hand, Wi-Fi has also range depending on the router used, however it can’t get through concrete. If an attacker gained access to the Wi-Fi network he/she can initiate a DNS spoofing attack against any other user of the network by forging a response before the queried DNS server has a chance to reply.

WI-FI SECURITY IN FUTURE:

Nowadays, Wi-Fi devices are providing default username and password for the users. While people are always depending on it, they are still not aware of the attackers whom may take advantage of that. Because, most of the automatically username and password provider can set the same password for more than one account. However in future, Wi-Fi devices must have a friendly interface which allows the normal user to set his username and password manually when he first start using his new device.

Another important point is that the user must change his password every week minimum in his Wi-Fi devices to make it more secure and to prevent being hacked by using different methods of encryption rather than depending on the WEP or by using the virtual private network (VPN).

Unfortunately, encryption handles a great amount of bandwidth. Because of this, some people are depending on controlling access to their WLANs based on the MAC address of the device that is requesting the access to the internet. "The major flaw with this approach is that the MAC address is just a 12 digit long HEX number that can be viewed in clear text with a network sniffer program" (Roger, 2012). A hacker will have an easy entrance to the victim's PC by just waiting for the device to connect to the WLAN and use the duplicated MAC address to login to the normal user PC.

§ WHAT WAS LEARNED:

By going through the project, we have now the knowledge and the experience in how to avoid being hacked. We have found several tips to prevent hackers:

1- Use a strong password: By mixing upper and lower cases with numbers, a hacker will have the difficulty to guess your password or even by using brute-forcing attacks programs. The advantage of this is to frustrate the attacker as much as possible.

2- Clear the web browser cookies: Always clear your cookies from the PC you are in before you logout or leave it.

3- Keep your computer up-to-date: Microsoft Windows updates are very important because it checks for any vulnerability in the computer.

4- Update your password: Changing your password every week or whenever you feel it is necessary to be changed will keep you safe from password guessers. However, most of the people are not used to change their passwords after the first time they set it up.

5- Don't use common usernames: users that use the word "Admin" or "Administrator" are making the job easy for the hacker. It's like they have done the 50% of the job.

6- The use of SSL or HTTPS: When you want to do online payments from websites, make sure that the address bar starts with https:// or the color is green such as the example below:

CONCLUSION:

All in all, we know now the first step for implementing the wireless network is by understanding the threats or the attack on the Wi-Fi network. One of these threats is known as DoS (Denial of Service attack). Even thought that users have the ability to access the internet and share their files and folders from home, college or cafe they are still in risk of being attacked by these intruders. We are now able to limit the impact of these attacks by using several security standards which we can combines three-party authentication with tunnels in the network. Moreover, securing opened wireless ports is very important to reduce the risk of hacking. We recommend you to keep your network safe and secured from intruders.

BIBLIOGRAPHY:

Bahl, P., Chandra, R., Padhye, J., Ravindranath, L., Singh, M., Wolman, A., et al. (2006). ATTACKS ON WI-FI NETWORKS. Enhancing the Security of Corporate Wi-Fi Networks Using DAIR (p. 2). Uppsala, Sweden: ACM.

J. Bernstein. (n.d.). DNS forgery. djbdns. Retrieved November 27, 2012, from cr.yp.to/djbdns/forgery.html

Janith. (n.d.). 10 Tips to Prevent Hackers. Blogussion. Retrieved November 27, 2012, from http://www.blogussion.com/blogging-tips/ten-tips-to-prevent-hackers

Jensen, J. (2007, October 26). 802.11 g: Pro's & Cons of a Wireless Network in a Business Environment. Networkbits: Network and Technology Articles. Retrieved November 27, 2012, from http://networkbits.net/wireless-printing/80211-g-pros-cons-of-a-wireless-network-in-a-business-environment/

Lukasa. (2012). How does a hacker in a public WIFI actually view your computer? Retrieved from http://superuser.com/questions/282079/how-does-a-hacker-in-a-public-wifi-actually-view-your-computer

Mitchell, B. (n.d). 10 Tips for Wireless Home Network Security. Retrieved from http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm

Paramvir. (2006). ATTACKS ON WI-FI NETWORKS. Enhancing the Security of Corporate Wi-Fi Networks Using DAIR (p. 2). Uppsala, Sweden: ACM.

Problems and solutoions to WiFi security. (n.d.). WiFiNotes.com. Retrieved November 27, 2012, from http://wifinotes.com/wifi-security-problems-and-solutions.html

Publishing Team. (2003, June 25). Wi-Fi Protected Access (WPA) NeedToKnow - Part II. Tom's Guide: Tech For Real Life. Retrieved November 29, 2012, from http://www.tomsguide.com/us/wi,review-149-2.html

Roger. (2012). How to secure a wireless network. TechRadar. Retrieved from http://www.techradar.com/news/world-of-tech/roundup/how-to-secure-a-wireless-network-1075710

Thought Leadership Summit Digest. (n.d) . Wi-Fi Security: Intrusion Detection and Prevention: A Webtorials Thought Leadership Summit Digest. Retrieved from http://www.webtorials.com/main/resource/papers/summits/WIPS/WIPS-Digest-Final.pdf

Wavesight & Wireless Security. (2005, December 13). Wavesight. Retrieved November 26, 2012, from www.wavesight.com/Support/Knowledge_Base/Wireless_Security.asp

Wi-Fi. (n.d.). The Tech Terms Computer Dictionary. Retrieved November 28, 2012, from http://www.techterms.com/definition/wifi

Wi-Fi - Wikipedia, the free encyclopedia. (n.d.). Wikipedia, the free encyclopedia. Retrieved November 25, 2012, from http://en.wikipedia.org/wiki/Wi-Fi

Wi-Fi Protected Access: Strong, standards-based, interoperable security for todayâ€™s Wi-Fi networks (p. 6). (2003). Security for homes and small offices. Wi-Fi Alliance.

Wright, J. (2007, September 5). Security Laboratory: Wireless Security. SANS Technology Institute. Retrieved November 26, 2012, from http://www.sans.edu/research/security-laboratory/article/wireless-security-1

APA formatting by BibMe.org.

CMH 307

Wednesday, January 9, 2013

Meeting minutes

Meeting Agenda

Course self-reflection

Network Security