Securing Wireless LANs — Ethical Hacking 101

Wireless networks offer convenience and flexibility but also introduce unique security challenges. This article explores the evolution of wireless security protocols, common vulnerabilities, and best practices for hardening Wi-Fi networks against unauthorized access and attacks.

Photo by Brett Jordan on Unsplash

Evolution of Wireless Security Protocols:

• WEP (Wired Equivalent Privacy): An early attempt at wireless security, now considered obsolete due to vulnerabilities in its RC4 encryption and initialization vectors (IVs).
• WPA (Wi-Fi Protected Access): Introduced to address WEP’s weaknesses, using RC4 with either a pre-shared key (PSK) or a RADIUS server for authentication.
• WPA2: The current standard, employing stronger AES encryption and CCMP for improved security. Supports both PSK and RADIUS authentication. However, vulnerabilities like KRACK can exploit the handshake process.
• WPA3: The latest generation, offering enhanced security features such as:
• Disallowing outdated protocols like TKIP and RC4.
• Protected Management Frames (PMF) to prevent eavesdropping and forgery of management frames.
• Simultaneous Authentication of Equals (SAE) to replace PSK with a more secure key exchange mechanism.

Additional Wireless Technologies:

• RFID (Radio-Frequency Identification): Used for asset tracking, inventory management, and contactless payments.
• NFC (Near Field Communication): A subset of RFID enabling short-range communication for contactless payments and data exchange.
• Bluetooth: A wireless technology for short-range communication between devices.

Bluetooth Security Concerns:

• Bluejacking: Sending unsolicited messages to Bluetooth-enabled devices.
• Bluesnarfing: Stealing data from Bluetooth devices without the user’s knowledge.

Wireless Network Coverage and Site Surveys:

• Signal Strength: Measured in dBm (decibel-milliwatts), with higher values indicating stronger signals.
• Noise: Interference from other wireless devices or environmental factors can degrade signal quality.
• Channel Overlapping: Access points using the same channel can interfere with each other, reducing performance.
• Wi-Fi Site Surveys: Assess wireless coverage, identify dead zones, and optimize access point placement using tools like NetSpot.

Wireless Attack Techniques:

• Deauth Attacks: Disconnecting clients from the network by sending deauthentication frames.
• Packet Capture and Analysis: Tools like Wireshark and tcpdump capture wireless traffic for analysis.
• Cracking WPA/WPA2 Handshakes: Tools like Aircrack-ng can crack PSK-based WPA/WPA2 passwords by capturing and analyzing handshake packets.

Wi-Fi Hardening Techniques:

• Strong Encryption: Implement WPA2 or WPA3 with AES encryption.
• Robust Authentication: Use RADIUS server for centralized authentication or strong PSKs with a minimum of 12 characters.
• EAP (Extensible Authentication Protocol): Provides stronger authentication methods like EAP-TLS, EAP-TTLS, and PEAP.
• MAC Address Filtering: Limit network access to specific devices based on their MAC addresses.
• Hidden SSID: Hiding the network name doesn’t prevent discovery but adds a layer of obscurity.
• Captive Portal: Requires users to authenticate before accessing the network, often used in public Wi-Fi hotspots.

Additional Security Considerations:

• Regularly update firmware on access points and wireless devices.
• Disable WPS (Wi-Fi Protected Setup) due to vulnerabilities.
• Monitor network activity for suspicious behavior.
• Implement a comprehensive security policy for wireless network access.