IEEE 802.11 which denotes present day Wi-Fi
communication mode is getting predominant importance. From complex wired local
area network to Wi-Fi network, the complexities of installation and maintenance
were reduced greatly. But such growth has its own inherit disadvantages. With Wi-Fi
routers or Wi-Fi modems which stand as access points are susceptible to various
challenges. With a simple Wi-Fi antenna and a network sniffer our present day Wi-Fi
connections are vulnerable to attacks. The technology has developed to the extent
that we can setup a simple Wi-Fi connection by turning USB Wi-Fi adapters as Wi-Fi
access points. Hence, we have to adapt ourselves to present day security
challenges.
Basic:
First and foremost rule when it comes to Wi-Fi
security is “No foolproof method” exists. When it comes to information
security, no expert would guarantee with 100% safety. The modern day challenges
not only rattle small and medium enterprises but also pull the pillars of
multi-national companies. Recent attack on Sony over filming the movie “The
Interview” is quite example of what present day information security has to
transform.
With the advent of Wi-Fi compatible devices such as
printers, scanners, fax machines, etc. we need to do a lot than to feel relax
of the comfort the Wi-Fi connections provide. For instance, we have a Wi-Fi
enabled security Camera in our apartment to monitor our rooms. A good attacker
will have all eyes on our home if our Wi-Fi connections are compromised. The
very security camera will pose imminent danger to us. It would have been a
better scenario without the Wi-Fi security camera.
With more and more devices adapting to Wi-Fi
integration, the need of security of our network started resonating vibrantly. If
no foolproof method exists, better make it complicated for the dedicated
hackers to gain access into our wireless networks.
Open Wi-Fi connections:
With modern day computing,
every home started adapting to Wi-Fi connections than the traditional wired
connections. Even though, the internet access is provided with fiber optic
cables, the internet connection is shared with multiple home computers through
a Wi-Fi router. The ease of use and hassle free operation makes the Wi-Fi the preferred
choice over the wired LAN.
The awful part of the story is people need comfort at
the cost of security. The networking ignorant people put the Wi-Fi connection
without any protections. An open Wi-Fi connection is walk in the park, even to
a kid, to gain access to your network. So it would be wise to place encryption key
in our Wi-Fi connection which will be cover in detail later.
Wi-Fi Router:
Next common syndrome with Wi-Fi users
is they never change username and password which come with router manual. The
default user name & password of our Wi-Fi router to well known to the
world. So anyone who knows the make and model can directly login into our Wi-Fi
router configuration page. That’s enough to play havoc!
With access to heart of our Wi-Fi router they can
sniff out any information which traverses through that router. Keep in mind;
one can set a custom route to direct traffic from our network to the attacker
sniffers to extract username and password, bank credentials and all. So, the first part is to change the default
username and password of the Wi-Fi router or modem whichever is in use.
Case Study:
I was recently asked to inspect the
network security of a company. The company was not too big but contained decent
number of staff to run the business. The network consists of Wi-Fi router
secured with encryption. The primary purpose of the Wi-Fi router is to transfer
files between the server and work desk. The major complaint was the internet is
unusually slow. The major part of employee work depends upon internet to send
and receive classified accounts.
At inspection, nothing was unusual inside the network.
Local file transfers were fine. But internet access was choked. On analysis,
one unknown computer was connected through Wi-Fi which was downloading torrent
files. On further study, the network was encrypted with weak password. A brute
force dictionary attack was good enough to crack it. Then I tried to login to
the Wi-Fi router, the pathetic router not even had a password to gain access to
configuration pages. Such type of network little difficult to crack.
Encryption:
It is always safe to ensure wireless
communication is encrypted to avoid eavesdropping. And for good never prefer
the obsolete WEP method. WEP were most susceptible to exploitation. It is wise
choice to avoid the method in any part of the network.
The wise choice would be depend on the WPA-PSK if
the Wi-Fi to be decided to use for personal networking. Keep a strong
passphrase to avoid another intrusion. The best part of the network security is
there is no foolproof method to protect the network. So, it is wise to make it
difficult to get past the network authentication than to simply letting in the eavesdropper.
MAC address authentication:
For modern day
computing, MAC address authentication does much bad than good. It is one of the
easiest ways to limit the number of connections to the Wi-Fi network. By
creating a list of trusted stations, we can avoid other stations getting network
access. But such method has its own limitation. Anybody who knows the MAC addresses
of the trusted station, then the attacker could easily spoof the MAC to gain
access to the network as trusted station. These kind of intrusion are least
detected.
The other methods to safe guard Wi-Fi connections
will be continued in other post.
No comments:
Post a Comment