Wireless Network Vulnerabilities
On a computer system, data has three states: data at rest, data in use, and data in transit. Data in transit or transmitted data are especially vulnerable when the transit medium is wireless radio frequency (RF) transmissions, like that used on a wireless local area network (LAN). This vulnerability is difficult to mitigate due to the fact that wireless network traffic is virtually impossible to confine, unlike transmissions over a wire or cable media. In situations where wireless networking services are openly available without requiring some form or authentication or authorization, the wireless signal is in the air and open to anyone within range and is inherently not secure.
However, it is not only public networks that have problems with security. Wireless networks in a home or office can be subjected to a variety of eavesdropping and data capturing intrusions and attacks. Some of the attacks that can be carried out on a wireless network are very close, if not exactly the same, as many of the attacks made on wired networks. The attacks that the two media share are typically exploiting the same vulnerabilities.
An unsecured wireless network, in a home or business SOHO environment, is vulnerable to a number of attack vectors:
-
Physical intrusion—Anyone able to physically gain entrance to a working space that is within the range of a wireless network can intercept the transmissions between wireless nodes and a wireless access point or router. Nearly all portable electronic devices, smartphones, notebook computers, tablet computers, and more can connect to a wireless RF signal. Indoor transmission ranges for wireless network devices range from 150 to 300 feet. However, depending on the location of the access point, the outdoor range could extend as far as 1,000 feet. In residential areas in which houses are relatively close or in an apartment or condo building, an unsecured wireless network could have any number of unintended users, and who knows just what they may be doing on your dime.
-
Evil twin—If an intruder can access the wireless network’s signal, he or she may also be able to insert an access point or router into the network. Having done so, the intruder is then able to capture the network traffic, including that going onto the internet and web. In a SOHO setting, the traffic may include credit card or banking transactions, which the intruder can capture and use.
-
War driving—In spite of its name, there is no fighting involved in this passive type of attack on wireless network systems. However, it is a form of theft. A war driver is someone who moves around in neighborhoods, cities, and any other location where one or more private wireless networks are present. So, if a war driver is war driving on your block and your wireless local area network (WLAN) is active, the war driver can sense its signal on his or her wireless-network-enabled notebook computer. Depending on the security on the WLAN, the attacker can join the network, install malware, or just note the location of the wireless network and drive on. Your wireless network may now be on a local wireless networks open for hacking map.
-
Unauthorized File Sharing—secured public wireless networks can be a privacy or security problem for many reasons. One in particular occurs on wireless portable computers with unsecured file sharing. In this unsecured environment (just the word “unsecured” should have your attention), hackers may be able to access any directories and files that are configured for sharing, whether you intended to do so or not.
Minimize Wireless Risks
In addition to the security measures that we have covered to this point, specific countermeasures can be used to protect your data and resources on a wireless network. The use of strong passwords, restricted access, data encryption, anti-malware software, and guarded file sharing apply to wireless networks as well. However, given the inherent insecurity of transmitting data through the air, the actions described in the sections that follow can help to further reduce the attack surface of a wireless network.
Media Access Control (MAC) Address Filtering
The intent of MAC address filtering is to permit only the wireless network adapters, and the computer in which they are installed, to connect to the network. To accomplish this, the access control device (access point, router, etc.) allows only those devices included in a manually maintained MAC address filtering list of permitted MAC addresses to connect to the network. The MAC address is included in the message the requesting node sends to the access control device.
Should an ad hoc device not included on the MAC filter list attempt to connect to the network, it will be denied access. This approach is used to exclude rogue devices and works great for stable wireless networks that rarely, if at all, change. On more volatile networks, keeping the approved MAC address filtering list up to date can be tedious. Unfortunately, MAC filtering can be defeated by an intruder spoofing a MAC address that is on the approved list, provided he or she knows the service set identifier (SSID).
Encrypt Data in Transit
Encrypting the data transmitted over a wireless network prevents an intruder who intercepts that data from viewing it. An access point may provide several encryption protocols, but not all of them are trustworthy. The security protocols most likely available on your access point are as follows:
-
Wired Equivalency Protection (WEP)—WEP, the first generally available wireless security protocol, was to have provided an equivalent level of security as supported on wired networks. However, WEP had a host of security flaws and was deprecated in 2004. WEP is not a viable option to secure a wireless network.
-
Wi-Fi Protected Access (WPA)—“Wi-Fi” is a trade name for “wireless fidelity” that was adopted by the Wi-Fi Alliance, an international association of wireless technology companies. Wi-Fi encompasses the IEEE 802.11 wireless standards. WPA was pushed into the market as a replacement for WEP and its security problems. WPA was available in two versions: WPA Personal and WPA Enterprise.
-
WPA, version 2 (WPA2)—Because WPA used the same exploited elements as WEP, it did not provide improved security on upgraded WEP systems. While it shares a name with the previous version, WPA2 was much stronger than its predecessor. WPA2 can be paired with the Advanced Encryption Standard (AES). AES is the security algorithm used by the U.S. government and military.
-
WPA, version 3 (WPA3)—WPA2, while almost hacker-proof, does have one hackable weakness: dictionary attacks. In a dictionary attack, a hacker can attempt to log in with a stolen username and a list of passwords (the dictionary) used one at a time. WPA2 does not limit the number of login attempts, so the length of the dictionary is not a limiting factor. WPA3 prevents dictionary, brute force, and a number of other attacks as well as improving the use of encryption for data in transit.
Make sure that when you connect your devices to public networks that you choose the highest level of security available and disable the sharing of files and folders. This will help to prevent an unknown attacker from accessing your files.
Guard the SSID
The network created and supported from a wireless access point or router is collectively a service set. A service set has a unique identification code that is designated as the SSID.
Access points, routers, and other controller devices each have a default SSID assigned by the manufacturer. Typically, the default SSID is the manufacturer’s name and a random number, such as TP-Link_123456, netgear4988_2, or Linksys0099. An SSID can be up to 32 characters in length with no real minimum, but this can vary by manufacturer a bit. The SSID should be changed immediately after installation of an access point or other service set device. A common practice is to use a short or uniquely formatted phrase that is not easily guessed, such as “M I Z 1 4 U,” or “Home in the Bat Cave,” or the like.