🔒Network Security and Forensics Unit 6 – Wireless Network Security

Wireless Network Basics

• Wireless networks transmit data over radio waves instead of physical cables
• Operate on different frequency bands such as 2.4 GHz and 5 GHz
• Wi-Fi is a common wireless networking technology based on IEEE 802.11 standards
  • Includes various versions like 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac
• Wireless networks consist of wireless access points (WAPs) and wireless clients (laptops, smartphones)
• WAPs act as central hubs that broadcast wireless signals and connect wireless clients to the network
• Wireless networks can operate in two modes: infrastructure mode and ad-hoc mode
  • Infrastructure mode involves wireless clients connecting to a WAP
  • Ad-hoc mode allows wireless devices to connect directly to each other without a WAP
• Wireless networks offer flexibility and mobility but are more vulnerable to security threats compared to wired networks

Wireless Security Threats

• Eavesdropping involves intercepting and capturing wireless network traffic to gain unauthorized access to sensitive information
• Man-in-the-Middle (MitM) attacks occur when an attacker intercepts communication between two parties and can monitor, modify, or inject malicious data
• Rogue access points are unauthorized WAPs installed without the knowledge of network administrators, potentially allowing attackers to gain access to the network
• Wardriving is the act of searching for and mapping wireless networks from a moving vehicle using specialized software and equipment
• Wireless jamming involves using devices that emit radio signals to interfere with or disrupt wireless network communications
• Evil twin attacks involve setting up a fake WAP with the same SSID as a legitimate one to trick users into connecting and revealing sensitive information
• Wireless networks are susceptible to denial-of-service (DoS) attacks, which aim to overwhelm the network with traffic and make it unavailable to legitimate users
• Wireless client attacks target vulnerabilities in wireless devices (laptops, smartphones) to gain unauthorized access or install malware

Authentication and Encryption Protocols

• Wired Equivalent Privacy (WEP) is an outdated security protocol that uses a static encryption key, making it vulnerable to cracking
• Wi-Fi Protected Access (WPA) is an improved security protocol that addresses the weaknesses of WEP
  • WPA uses the Temporal Key Integrity Protocol (TKIP) for enhanced encryption
• WPA2 is the successor to WPA and is currently the most widely used wireless security protocol
  • WPA2 uses the Advanced Encryption Standard (AES) for strong encryption
  • Provides two authentication methods: Pre-Shared Key (PSK) and Enterprise
• WPA3 is the latest version of the WPA protocol, offering enhanced security features and improved protection against brute-force attacks
• 802.1X is an authentication framework commonly used in enterprise wireless networks
  • Uses the Extensible Authentication Protocol (EAP) for secure authentication
  • Supports various EAP methods like EAP-TLS, EAP-TTLS, and PEAP
• RADIUS (Remote Authentication Dial-In User Service) is a centralized authentication, authorization, and accounting (AAA) protocol often used in conjunction with 802.1X
• Virtual Private Networks (VPNs) can be used to secure wireless connections by encrypting data transmitted over the network

Securing Wireless Access Points

• Change the default SSID (network name) to a unique and non-descriptive name
• Disable SSID broadcasting to prevent the WAP from announcing its presence
• Enable strong encryption (WPA2 or WPA3) to protect wireless communication
• Use a strong and complex pre-shared key (PSK) for WPA2-PSK networks
• Implement MAC address filtering to allow only authorized devices to connect to the WAP
  • Maintains a whitelist of permitted device MAC addresses
• Limit the WAP's signal strength and range to minimize exposure beyond the intended coverage area
• Regularly update the WAP's firmware to patch security vulnerabilities and improve performance
• Disable unnecessary services and features on the WAP (remote management, WPS)
• Implement network segmentation to separate wireless networks from critical wired resources
• Use a dedicated guest wireless network with limited access to internal resources for visitors

Wireless Network Monitoring and Analysis

• Wireless network monitoring involves continuously observing and analyzing wireless network activity to detect security threats and performance issues
• Wireless intrusion detection systems (WIDS) monitor wireless networks for unauthorized access attempts, rogue access points, and other suspicious activities
  • Can be host-based or network-based
• Wireless intrusion prevention systems (WIPS) actively prevent and mitigate detected wireless threats in real-time
• Wireless packet analyzers (Wireshark, Kismet) capture and analyze wireless network traffic to identify security vulnerabilities and troubleshoot issues
• Wireless network monitoring tools (inSSIDer, WiFi Analyzer) provide insights into wireless signal strength, channel usage, and nearby access points
• Rogue access point detection tools (Airwave, Cisco Prime) help identify and locate unauthorized WAPs on the network
• Spectrum analyzers (Wi-Spy, MetaGeek Chanalyzer) assess the wireless environment for interference and channel congestion
• Regular wireless network audits and penetration testing help identify security weaknesses and ensure compliance with security policies

Mobile Device Security

• Mobile devices (smartphones, tablets) introduce unique security challenges due to their portability and connectivity
• Implement strong device passcodes or biometric authentication (fingerprint, facial recognition) to prevent unauthorized access
• Enable device encryption to protect stored data in case of device loss or theft
• Keep mobile devices updated with the latest operating system and application patches to address security vulnerabilities
• Install and maintain reputable mobile security apps (antivirus, VPN) to enhance device protection
• Use mobile device management (MDM) solutions to enforce security policies, remotely wipe lost or stolen devices, and control application access
• Educate users about mobile security best practices (avoiding public Wi-Fi, downloading apps from trusted sources)
• Implement network access control (NAC) to ensure mobile devices meet security requirements before granting network access
• Regularly back up mobile device data to prevent data loss in case of device failure or loss
• Develop and enforce a mobile device security policy that outlines acceptable use, security requirements, and consequences for non-compliance

Emerging Wireless Technologies and Security Challenges

• Internet of Things (IoT) devices introduce new security risks due to their limited computing power, memory, and security features
  • Ensure IoT devices are properly configured and updated with the latest security patches
• Bluetooth Low Energy (BLE) is a wireless technology used for short-range communication in IoT devices
  • BLE devices can be vulnerable to eavesdropping, MitM attacks, and unauthorized access
• Zigbee and Z-Wave are low-power wireless protocols used in home automation and IoT applications
  • Implement strong encryption and authentication mechanisms to secure Zigbee and Z-Wave networks
• 5G wireless networks offer faster speeds and lower latency but also present new security challenges
  • Ensure 5G networks are properly secured using encryption, authentication, and network slicing techniques
• Wi-Fi 6 (802.11ax) is the latest Wi-Fi standard that improves speed, capacity, and efficiency
  • Implement WPA3 security to take advantage of its enhanced security features in Wi-Fi 6 networks
• Millimeter wave (mmWave) technology is used in 5G networks for high-speed, short-range wireless communication
  • Secure mmWave links using encryption and physical layer security techniques
• Wireless security in industrial control systems (ICS) and critical infrastructure is crucial to prevent cyber attacks and ensure safe operations
  • Implement robust wireless security measures in ICS environments (encryption, authentication, network segmentation)

Hands-On Wireless Security Labs

• Set up a virtual wireless network environment using tools like VirtualBox or VMware
  • Configure virtual wireless access points and clients
  • Experiment with different wireless security configurations (WEP, WPA, WPA2)
• Perform wireless network reconnaissance using tools like Airodump-ng or Kismet
  • Capture and analyze wireless network traffic
  • Identify nearby wireless networks and their security settings
• Conduct wireless network attacks in a controlled environment
  • Attempt to crack WEP and WPA/WPA2-PSK keys using tools like Aircrack-ng
  • Perform evil twin attacks and observe the impact on wireless clients
• Implement and test wireless security measures
  • Configure WPA2-Enterprise with a RADIUS server for 802.1X authentication
  • Enable MAC address filtering and observe its effectiveness
  • Set up a wireless intrusion detection system (WIDS) and monitor for threats
• Analyze wireless network vulnerabilities using wireless penetration testing tools (Wifite, Fern WiFi Cracker)
  • Identify and exploit common misconfigurations and weaknesses
  • Develop mitigation strategies based on the findings
• Experiment with mobile device security features
  • Enable device encryption and test its impact on data protection
  • Configure and test mobile device management (MDM) policies
  • Assess the security of mobile applications using tools like MobSF or Drozer
• Explore IoT and wireless protocol security
  • Set up and secure a small IoT network using Zigbee or Z-Wave devices
  • Analyze the security of Bluetooth Low Energy (BLE) devices using tools like GATTacker or BtleJuice
  • Investigate the security implications of 5G and Wi-Fi 6 technologies using simulation tools or research papers