Abstract
The growth of information technology has made wireless networking one of the most imperative tools of communication. Businesspersons and home users have resorted to wireless technology as a way of communicating with business partners and friends. This is because wireless networking is easily accessible, inexpensive and easy to use. For example, the emergence of new technologies has created hot spots where on-the-go laptop users can access the internet anywhere be it in shops, homes, schools, airports or workplaces. However, with all advantages associated with wireless networks, the absence of security threats is inevitable. In recent years, wireless networks have encountered security threats, which poses a risk to information privacy. These security threats are dangerous to business opportunities and the general lives of wireless technology users. Such security threats have forced information technology experts to put into operation technological solutions aimed at curtailing wireless security threats and vulnerabilities. The probability of winning over security threats is high simply because wireless security is principally a management dilemma. Nevertheless, to control wireless security risks, experts must assess the associated security risks and look for modalities of mitigating them. The paper examines various wireless network security threats within a certain environment and provides solutions for eliminating those security threats. (Gast, 2005, pp. 1-12).
Introduction
Wireless security is a way of thwarting unauthorized entry or destruction of computers through wireless networks. Today, many persons and organizations use wireless networks to manage their interests. Interconnected computers and wireless carded laptop notebooks face many security risks, which compromises the privacy of stored data. For instance, computer hackers have produced a mechanism of breaking into wireless networks with a lot of ease. Interestingly, these hackers deploy wireless technologies to break into wired networks and commit offences. This is the reason organizations and individuals using wireless networks must look for means and ways of controlling unauthorized entries into private and vital resources available in wireless networks. Wireless technology users continue to suffer by day as wireless security threats keep on increasing and becoming popular. Moreover, the ignorance of wireless network users has also prompted unauthorized access to wireless networks. For example, when information technology experts introduced wireless networking, security threats seemed less as this particular technology applied only in big organizations and offices. However, as time went by, individuals started using it. Consequently, this became possible for crackers to latch modalities of accessing resources from wireless networks. (Ross, 2008, pp. 3-13).
In most cases, some of these security threats are associated with wireless protocols, encryption, recklessness, and unawareness of computer users either at the individual or commercial information technology level. On a rather worrying note, some of the cracking methods that breach network security appear more complicated, and with the presence of Windows and Linux tools, crackers find it easy to institute wireless network threats. Perhaps to start with, we need to relook at the advantages of wired networks both to legible users and crackers or hackers. Primarily, wireless networks exhibit many advantages to legible users. For example, they are cost-efficient, convenient, produce expected results, easy to deploy and expand, and finally, easy to integrate with other networks. Nevertheless, some disadvantage worries like security, range of operation, dependability and network speed appear to limit its applications. With these worrying issues, nobody can predict the efficiency and security of wired networks. In addition, unofficial access points, transmittable SSIDS, and unknown MAC addresses remain paramount security threats. However, with Wireless Local Area Network troubleshooting techniques like Fluke, Network General and Network Instruments, wireless network users can eliminate or avoid security threats. (Min-kyu, Robles, Hong, & Kim, 2008, p. 78).
Wireless Vulnerabilities, Threats and Countermeasures
The normal wireless network composes of three fundamental components and the user. Under this scenario, the user becomes the fourth component. The first component is radiofrequency, which help in the transmission of information from one point to another. Secondly, there are access points for connecting with other networks. The third component is, of course, IT devices (Client devices) such as desktop computers, laptop computers and PDAs. Ironically, network threats target these components leading to network security aims like confidentiality, integrity and accessibility.
Network Security Threats
Accidental Association
Unauthorized entry into wireless networks occurs in different ways. Although many of them occur intentionally, there is an accidental one. The accidental association is a wireless network security breach that exposes confidential information of a proprietary company elsewhere. In most cases, this happens between two nearby wireless networks. A user can turn on a client device only to find overlapping data that belongs to the neighbour. This kind of security breach sometimes known as mis-association is majorly accidental but, in rare cases, it can be deliberate especially when an attacker aims to connect a personal computer to the neighboring wireless network access points (APs).
Malicious Associations
This particular wireless network security threat is intentional and the attacker aims to obtain information from a particular wireless network. In order to access such information, requires components like wireless devices and cracking laptops. The cracking laptop will act as an access point while the wireless device will link the cracking laptop and the wireless network. One characteristic of these cracking laptops (soft access points) is that they resemble the targeted access points. Consequently, when an attacker inserts a wireless network card, the system unlocks and somebody can now access any data. After such a successful unlawful entry, the cracker can now access passwords, instigate new network hitches, or deposit viruses and trojans into the network. Perhaps one advantage associated with wireless networks is that they operate at layer 2 and layer 3. Thus, the available security protection mechanism, which includes network authentication and virtual private networks (VPNs), cannot control malicious associations. On the other hand, research shows that wireless 802.1x authentications were previously believed by many to secure, as of now, crackers can still enter a wireless network. However, in wireless networks safeguarded by wireless 802.1x authentications, crackers tend to target Layer 2 networks rather than virtual private networks (VPNs). This is because Layer 2 is easier to crack than VPNs. (Kelley, 2003, pp. 60-69).
Passive Eavesdropping
This is another wireless network security threat where an attacker scrutinizes every session happening within the wired network. In most cases, the attackers target the payload in order to get private information. The payload contains very secure plaintext information, which an attacker can access through flouting the encryption. In fact, this type of security threat appears simple in that attackers need access transmission only. For instance, using a directional antenna, crackers are able to detect wireless transmissions (802.1) even at miles away. This makes the wireless network more vulnerable to attack as one cannot physically control transmission detection. Most users believe that the deployment of wireless networks includes the rearrangement of access points with encryption. Nonetheless, this is never the same as the majority of wireless network APs contain many vulnerabilities such as wired equivalent privacy (WEP) and the 802.11 wireless security standards. Through passive eavesdropping, an attacker can obtain transmittable data and also use other means to examine packets of data transmitted in a particular session. Furthermore, attackers can use a directional antenna to determine the basis, destination, dimension and period of transmissions. Thus, it is very clear transmissions can compromise data privacy by inviting attacks. (Welch 2003, pp. 2-3).
Ad-hoc Networks
These particular networks can execute wireless security threats and allow unlawful data access. Experts create ad-hoc networks by connecting wireless computers without necessarily using access points. Thus, it is very much clear that these wireless networks lack efficient protection. Nevertheless, when building such networks, experts tend to deploy encryption methods as security measures. Through Ad-hoc networking, experts create a security hole believing that it will offer the necessary security and prevent any intended malice. However, these experts do not understand that within a corporate environment, some versions of the Microsoft Windows operating system have security breaches that can allow easy access of data. This can be a challenge to many users who are not in a situation to identify unsecured Ad-hoc networks within the computer’s operating system. The scenario is even worse when a user uses the same Ad-not network computers for a wired network.
This is because a viaduct form linking the corporate network with an unsecured Ad-hoc connection, which create vulnerable access points. A viaduct can either be direct or indirect. The direct viaduct occurs when users join two access points while an indirect bridge or viaduct occurs when many computers draw resources from the server. Of the two, the indirect bridge or viaduct appears more insecure than the direct one. Firstly, individual or corporate data executed through perceived secure wired networks, can appear on an attacker’s endnote computer drive and then be retrieved through an unsecured Ad-hoc network. Secondly, viruses or trojans exposed to a particular wireless network through an unsecured Ad-hoc connection can create a pathway to private data hence, a security threat. Captivatingly, this type of security threat does not require password cracking as crackers can enter malevolent codes to an unsuspecting user’s end node arrangement and thereby access information through an Ad-hoc network. (Welch, 2003, pp. 2-6).
MAC Spoofing (Identity Theft)
This threat is a bit complicated in those crackers manufacturing devices, which can enable them to eavesdrop on network traffic and thereby make out the computer’s MAC address that has got varied network dispensations. Although most wireless networks characterize by MAC filtering, which is ideally, a security practice that allows authorized wireless network access using MAC identification cards, research shows that crackers can develop software programs with “sniffing” capabilities, and hence obtain secure addresses such as MAC addresses. Perhaps, the only scenario where MAC filtering appears protective is when users operate small residential (SOHO) networks. This is because, under SOHO networks, wireless devices are “off the air” making it hard to detect MAC addresses. However, with bigger wireless networks, the 802.11 wireless devices are evidently “on the air”. The disadvantage associated with such networks is that when the 802.11 device is “on the air”, it carries an unencrypted MAC address right at the header, and with simple software programs or pieces of equipment, crackers can obtain the MAC address. For instance, the combination of freeware wireless packet analyzer together with 802.11 wireless receivers such as computer laptops and wireless adapters can enable someone to retrieve the MAC address of transmitting wireless networks, of course, within 802.11 assortments. Thus, it is very clear MAC filtering does not offer enough security to transmit networks as users perceive. (Min-kyu, Robles, Hong, & Kim, 2008, pp. 84-87).
Man-in-the-middle Attacks
Research shows that crackers targeting wireless networks find it easier to obtain confidential information at Layer 2 and Layer 3. This is because, at this stage, encryption dominates in the transmitted packets making it easier to access heading information at the second or third data link layer. Nevertheless, if a user deploys virtual protocol networks (VPNs) or IPsec security, the probability of accessing header information lessens. With the man-in-the-middle attack, unauthorized persons can obtain confidential information from a session or sometimes alter the transmittable packets, which will then compromise the integrity of a particular session. For example, during a wireless network session, a cracker may read and even modify the contents of the original data before the receiver gets it. However, it is not clear to many how this happens. To start with, a cracker committing a man-in-the-middle attack breaks the session to detach the connection existing between the target and access points (APs). After successfully detaching the two, the cracker will then connect the actual APs to a wireless card. The wireless card will lead a traffic flow of data from the wireless network to the hacker’s retrieving device. Secondly, the cracker can use wireless pieces of equipment to break the wireless network at access points. Consequently, the encrypted tunnel will exhibit vulnerabilities and make private data access easier.
Denial of Service
This is another type of wireless security threat where the attacker repeatedly barrages the targeted wireless network or access points (APs) with spurious requests, intriguing wireless network link communications, stoppage instructions and data. Since the network is not used to these new messages and commands, the access points disassociate the network revealing encryption. On a more worrying note, the system can lock out the legitimate user and sometimes crash. Additionally, the denial-of-service attacks targets the annihilation of network protocols like the Extensive Authentication Protocol (EAP) to access private data. However, this type of security threat is ineffective to a considerable extent as the attacker cannot access the real individual or corporate data. The interrupted wireless network cannot offload data to any wireless device and in most cases, the network crashes after interruption.
Consequently, many users might wonder the reason for performing a denial-of-service attack if the attacker cannot access organizational data. Nevertheless, there is a reason malicious attackers decide to perform this security threat. After a successful denial of service attack, the wireless network locks, or crashes. This is the time when the malicious attackers take their time to monitor its recovery. As the network recovers, some data can be re-transmitted to other wireless devices, which includes codes, passwords, and IDs. Later, the crackers will use these factors together with cracking tools to make an unlawful entry into the wireless network. Research shows that feebly encrypted wireless networks such as wired equivalent privacy (WEP) are the most affected due to their numerous tools. (Min-kyu, Robles, Hong, & Kim, 2008, pp. 80-85).
Consequences of Poor Wireless Network Security
Wireless networks characterize by portability and productivity, and this is the main reason many people use them either at home or organizational level. In addition, wireless network connections do not use cables but instead, involve plugging in an AP or a router to a client device. Nevertheless, with this open connectivity, the probability of a threat attack is high. Thus, the meagre security standards in addition to undeveloped technologies, defective implementations and ignorance are some of the factors that lead to the construction of an unsecured wireless network. With these factors dominating the deployment of an unsecured wireless network, hackers and crackers find it easier to make unauthorized entries through the communication medium. Consequently, poor network security leads to the compromise of data and other resources in terms of reliability, accessibility and confidentially.
Organizational resources such as fiscal statements, individual data and intellectual information that appear sensitive to the public should receive maximum security to preserve their confidentiality. In most cases, this happens when encryption and security mechanisms within a wireless network appear weak or vulnerable. An intruder can alter, destroy or delete stored data in a wireless network when the system exhibits some deformities in data-synchronization routines that link wireless network users and the back-end storage. In addition to this, security threats such as denial of service can enable crackers to use network bandwidth for their selfish interests. Other consequences associated with poor wireless network securities include resource theft mechanisms such as consumption of disk space and bandwidth, piracy, downloading pornographic materials and entertainment literature via stolen airwaves. Some people can utilize the presence of poor wireless networks to steal information, which is wanted somewhere else. Krishnamurthy, Joseph, &Tanapat, 2002, pp. 157-166).
Effective Strategies for Improving Wireless Network Security
In most cases, the nature of a wireless network in terms of construction and deployment determines whether the network is prone to security threats such as interception, disruption and alteration. However, experts have come up with various ways of eliminating network threats. For example, eavesdropping, which is very common in at least all wireless networks can be controlled using two major ways. The first one is, of course, creating a difficult environment for establishing and seizing wireless signals. Secondly, users can use encryption to safeguard privacy even in situations where crackers intercept the network. Two years ago, experts came up with a Wireless Intrusion Prevention System (WIPS), which is sable to thwart all intended security threats. Today, most organizations use this system to protect their wireless networks against security threats.
Wireless Security Strategies
Static IP Address
Most hackers access network data through an IP address. It is therefore paramount to look for modalities of preventing this. For example, users can disable their IP address function from the server whenever the system is not running. This will lower the chances of logging in failed messages, trial keys and rogue passwords into the network. In addition, the deployment of access pint firewalls can help in jamming an unused IP address and retaining network confidentiality. Users can also decrease the size of a fastidious subnet to reduce the chances of threat attacks. This is useful in discouraging man-in-the-middle threats. (Skoudis, 2002, p. 351).
Password Change
Wireless devices come with default passwords. If users fail to change such passwords, some crackers can capitalize on this and enter that wireless network. Thus, it is advisable to change the default passwords of wireless devices to minimize security threats. In addition, users should look for unique passwords and one that includes non-alphanumeric characters to make the network more secure.
MAC Filtering
When deploying wireless networks, engineers must create MAC identification filtering as a security strategy. This will allow only users to gain authorized entry into networks characterized by MAC IDs and minimize accidental associations. However, users should not rest assured because crackers can fake MAC IDs and access their networks.
Encryption
So far, this has proved to be the most effective way of discouraging wireless network security threats. An encrypted system can show and report some of the threats targeting the system. Luckily, most wireless devices such as APs, caller devices and base stations come with built-in encryptions systems and the user needs to turn it on so that it protects the network. (Krishnamurthy, Joseph, & Tanapat, 2002, pp. 160-165).
Use of Anti-virus and Firewalls
Some networks collapse due to invasion from trojans and viruses. Just like computers connected to the internet, wireless network computers can also catch malware, trojans and viruses. Thus, it is advisable to install all wireless network computers with anti-malware programs and update them periodically to offer protection.
Educating Users
As one constituent of wireless networking, users ought to understand how to protect their wireless systems. Thus, it is quite imperative to train them on the security measures to undertake to protect their wireless systems. Most hackers and crackers find their way into other people’s wireless networks due to the ignorance of users. Thus, if experts equip these users with strategies for eliminating threats, wireless networks will remain secure.
Network Auditing
Through auditing, users can identify rogue hardware, disjointed access points and wireless functions. This is vital for weak systems such as WEP as tools like Airsnort can correct any existing network anomaly. (Skoudis, 2002, pp. 352-359).
Conclusion
Wireless networks associate with many advantages such as increased productivity and reduced operating costs. Through wireless networks, business opportunities have improved greatly. Today, millions of people work as information technology staff all over the world courtesy of wireless networks. However, with all these numerous benefits, wireless networks encounter deliberate and accidental security threats that lead to information loss or system collapse. Consequently, there is loss of data, confidentiality compromise, interception, and disruption of normal processes. If users undertake security measures, they can eliminate these threats and maintain confidentiality.
Reference List
Gast, M. (2005). 802.11 Wireless Networks: The Definitive Guide. (2nd Ed.). Sebastopol, CA: O’Reilly & Associates.
Kelley, D. (2003). The X factor: 802.1x may be just what you need to stop intruders from accessing your network. Information Security, 6(8), 60-69.
Krishnamurthy, P., Joseph, K. &Tanapat A. (2002). Security in Wireless Residential Networks. IEEE Transactions on Consumer Electronics, 48(1), 157- 166.
Min-kyu, C., Robles, R., Hong, C. & Kim, T. (2008). Wireless Network Security: Vulnerabilities, Threats and Countermeasures. International Journal of Multimedia and Ubiquitous Engineering, 3(3), 77-86.
Ross, J. (2008). The Book of Wireless: A Painless Guide to Wi-Fi and Broadband Wireless. (2nd Ed.) San Francisco: No Starch Press.
Skoudis, E. (2002). Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. New Jersey, Upper Saddle River: Prentice Hall.
Welch, D. (2003). Wireless Security Threat Taxonomy: Proceedings of the 2003 IEEE. Workshop on Information Assurance. New York: United States Military Academy.