AirTight

Show all/Hide all

What is a viral SSID?

Like a virus spreads from an infected host to a healthy host infecting the latter, a viral SSID spreads from an infected wireless-enabled computer to another. Technically, a viral SSID is the network name (SSID) of an ad-hoc or peer-to-peer network connected over WiFi. In contrast, the non-viral SSIDS are the network names of the infrastructure networks (comprising of clients connected via an AP). “Free Public WiFi,” “hpsetup,” and “default” are some examples of viral SSIDs.

What are ad-hoc networks? Do they pose a threat to network security?

An ad-hoc network is formed when clients connect to each other directly without depending on an AP for communication. Ad-hoc networks are a major threat to network security as ad-hoc clients bypass the organization’s security policy control and content filters. Unauthorized users could enter private networks by establishing ad-hoc connections with authorized user devices.

What is a denial-of-service (DoS) attack?

A DoS attack disrupts normal network operation by making network services unavailable for legitimate users. In wireless networks, a DoS attack involves jamming a frequency band by sending high-power noise on that frequency or transmitting frames to disallow medium access to legitimate users.

Are there DoS attacks specific to WiFi networks?

Features in the 802.11 standard can be misused to launch a DoS attack. A malicious user can spoof MAC address of a legitimate device and send fake management messages (e.g., deauthentication, disassociation) to disconnect the device. Alternatively, the 802.11 virtual carrier sensing mechanism can be exploited by reserving the medium for large intervals not allowing legitimate clients to access the medium during this time.

Are there ways to protect WiFi networks against DoS attacks?

802.11 management messages are sent unencrypted allowing malicious user to fake them and launch a DoS attack. IEEE 802.11 working group is developing 802.11w standard for encrypting management frames. When this standard is available, it will protect WiFi networks from some DoS attacks. A more powerful and complete solution is to use an automatic wireless intrusion blocking system that truly prevents all kinds of 802.11 DoS attacks.

What exactly happens in MAC spoofing?

In broadcast environments such as WiFi or Ethernet, MAC addresses are used to uniquely identify devices sharing the medium and deliver frames addressed to them. In MAC spoofing a user alters the MAC address of a device to falsely pose as another device. A malicious user may spoof MAC address for hiding the identity of the attacking device, using the identity of an authenticated legitimate device to enter a network, bypass access control lists and stealthily launch attacks. In wireless LANs, the MAC address of either an AP or client device can be spoofed.

What is Wi-Phishing?

Wi-Phishing is an attack where a malicious user sets up a fake WLAN with a commonly used service set identifier (SSID) and lures clients to connect to the WLAN. Clients probing for these common, vulnerable SSIDs are most likely victims of Wi-Phishing as they automatically connect to the fake WLAN.

What is a Rogue AP?

A Rogue AP is a non-authorized AP connected to an organization’s wired LAN. A rogue AP could be placed maliciously or could be connected inadvertently by employees for wireless access. It is a major threat to network security as it could serve as a wireless backdoor to the private network to which it is connected.

Is the threat from wireless vulnerabilities real?

WiFi networks are everywhere. The plug-and-play nature of WiFi allows users to quickly install and use these networks independently without understanding the associated risks. Wireless malpractices open backdoors to private networks and data. Laptops and handhelds could also be hacked when users access wireless networks on travel, potentially compromising the security of wired networks to which these devices attach.

Show all/Hide all

Is WEP effective in securing over-the-air wireless data?

No. It is well-known that WEP is flawed and can be easily broken. Several WEP cracking techniques can be used to exploit these flaws and steal sensitive data over-the-air. Stronger encryption techniques such as 802.11i or WPA2 with 802.1x authentication should be used instead.

Do I need to worry about wireless threats if I limit access to the WLAN by MAC address filtering?

It’s a myth that Mac filtering provides any security. Bypassing MAC filtering is easy. Freely available software tools can be used to sniff MAC addresses being used by devices in the vicinity. MAC spoofing is one of the easiest attacks to launch, and filtering MAC addresses does not provide any security for your wireless LAN. MAC filtering is not only ineffective, but it is cumbersome to maintain for a reasonable-sized wireless LAN.

Am I following WLAN best practices by turning off the SSID broadcasting on my APs?

No. It is a common misconception that turning off SSID broadcast on an AP will not allow unauthorized users to discover the AP. Freely available software tools exist that actively probe and discover APs that respond to these null probes. Passive sniffing of wireless traffic can also allow hackers to discover wireless APs in the vicinity. Turning off SSID broadcast is not only ineffective, but it in fact leads to another severe vulnerability. Authorized clients that usually connect to enterprise APs, probe for the hidden SSID. A hacker can sniff this information and use it to launch a honeypot attack.

Our organization has not deployed a wireless LAN, so why should we bother about wireless security?

Even if you may not have deployed an official WLAN, your employees may connect rogue APs to your network, or use their laptops to connect to external APs potentially opening wireless backdoors to your private wired network.  Even a single wireless device on your premises, let alone a wireless LAN, can open a wireless backdoor to your corporate backbone network.

Our wired LAN is protected by a firewall and intrusion detection system. Won’t they also protect my wireless devices connected to the wired LAN?

Non-wireless security solutions such as firewall and intrusion detection systems operate at layer 3 (i.e., network layer) and above. Wireless devices present a potential entry point into the wired LAN at layers 1 and 2 (i.e., physical and link layers), circumventing all wired security measures. The invisible radio waves used for transmission make the traditional "harden-the-network-perimeter" security approach obsolete. Radio waves often spill beyond the confines of a building. Malicious hackers in the airspace can use these waves to enter your network and steal sensitive data.

Show all/Hide all

What is 802.11n?

IEEE 802.11n is touted as the next generation wireless LAN standard. Not a ratified standard yet, this emerging technology is creating a lot of buzz with WiFi-certified pre-standard (based on draft 2.0) equipment already in the market. The excitement is driven by the promise of longer range and ten-fold increase in data transmission rate as compared to its predecessors 802.11a and g.

How does 802.11n achieve the multi-hundred megabits throughput and longer coverage range?

IEEE 802.11n brings many new features at both physical (PHY) and medium access control (MAC) layers to deliver these performance gains. At PHY, it uses the multiple-input-multiple-output (MIMO) technology incorporating multiple transceiver chains. MIMO enables spatial diversity and spatial multiplexing for respectively increasing the range and data transmission rate. In addition, 802.11n allows use of wider 40 MHz channels to double the bandwidth as compared to the legacy 20 MHz operation. At the MAC layer, it uses frame aggregation and block acknowledgements for improving the throughput efficiency.

What frequency bands can 802.11n operate in?

802.11n can operate in both the 2.4 GHz and 5 GHz.

Can I use my legacy (802.11a/b/g) clients with 802.11n AP?

802.11n draft standard defines a mixed mode operation that is backward compatible with legacy 802.11a/b/g protocols. So, you can use legacy clients with 802.11n APs and vice versa.

What is 802.11i?

IEEE 802.11i is the amendment to the IEEE 802.11 standard, specifying security mechanisms for WiFi networks. With this amendment, the legacy wired equivalent privacy (WEP), has been replaced with a stronger encryption technique. WPA2 or wireless protected access is the WiFi-certified implementation of 802.11i.

What is 802.11w?

802.11w is the Protected Management Frames amendment to IEEE 802.11 standard. 802.11w extends 802.11i encryption to management frames protecting WiFi networks from some types of DoS attacks.

Can I upgrade my existing AP software to support IEEE 802.11i standard?

IEEE 802.11i encryption requires special hardware, i.e., earlier platforms cannot be upgraded to 802.11i by software patch.