Menu

US Region

Grandmetric LLC
Brookfield Place Office
200 Vesey Street
New York, NY 10281
EIN: 98-1615498
Phone: +1 302 691 94 10

info@grandmetric.com

EMEA Region

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

Security for wireless network - how do hackers get in?

Security for wireless network – how do hackers get in? 

Author:


08.08.2022

When dealing with networks, both wired and wireless, we can’t fail to mention the security issue. In the case of wireless networks, many users are unaware of the hazards lurking when switching between networks and using unprotected, unverified wireless networks. This article will answer your questions on securing the Wi-Fi network and making it resistant to unauthorized access attempts. 

Rogue Access Point 

First, the hazards that you should know about are related to the occurrence of the so-called Rogue Access Points, which are access points that are not a part of the infrastructure. The attacker can plant a rogue access point and broadcast an SSID network that is identical or very similar to the one being broadcast by our company. A trick like this gives the attacker the ability to bait unaware users and devices into connecting to the untrusted access points. Then, by skillfully analyzing traffic going through this access point, he can perform a Man in the Middle attack, with which he’ll eavesdrop on the end user’s conversations. 

Rogue Access Point

Evil Twin 

The so-called Evil Twin attack is a very similar threat. The attacker uses a rogue access point with a doctored SSID or a planted login website, like HotSpot, to imitate a known network. There are various techniques of forcing equipment to connect to such points. One of them is deliberately introducing interference near known and authorized APs, and then propagating the stronger signal of the attacker’s device.  

Evil Twin

How to protect a Wi-Fi network from attacks with Rogue Access Points? It would be good to use mechanisms like RAPD (Rogue Access Point Detection) that analyze the radio environment in the vicinity of authorized APs. They predominantly detect devices emitting suspicious Wi-Fi networks. 

Rogue AP detection

These solutions are quite often based on access points cooperating with the wireless network controller. Using this, events picked up by the access points located in our network are analyzed centrally, and then identified within the network. Such mechanisms can point to a location, and even automatically neutralize rogue access points. 

How does Wardriving work? 

Another instance of an attack on a wireless network is the so-called Wardriving. In this case, the attacker approaches a wireless network, amplifies the signal, and attempts to connect to the network or forward it to other users or attackers, using tools like network cards in promiscuous mode. The way to get rid of such practices is to provide adequate training to your employees, remain vigilant, and use an image analysis monitoring system.  

Wardriving

Wardriving is an attack on networks that use Open Authentication mechanisms.  

That’s why you should avoid leaving Wi-Fi networks in the Open Authentication mode. An exception could be a situation, where it’s justified by, for example, a desirable Guest Access functionality and sharing the Internet access to a specific user group. However, even then it’s worth keeping other protection methods in mind, such as Guest Portal or Captive Portal with a log-in function. 

Using the initialization vector  

One more type of attack, aiming specifically to compromise the wireless network’s protection system, is an initialization vector attack, occurring in, e.g. networks that still use WEP. This standard is used less and less often, and the attack method based on it can lead to a security key breach in a matter of minutes. That’s why standards based on a pre-shared key and WEP are recommended for some time now. In addition, solutions provided by some manufacturers outright disable that option as wireless network protection. 

Security for WiFi – tips 

802.1x mechanism 

To secure a wireless network, it’s worth it to consider the use of more sophisticated mechanisms than a pre-shared key. An example of such would be 802.1x, for example. The network makes use of the end-user and device authentication on the basis of central authentication and authorization server.  

The authentication server, like the Radius server, is able to query our Active Directory for correct login credentials, and even inclusion in a specific functional group within the organization. On this basis Radius, often called a NAC (Network Admission Control) server, can authorize the user, meaning grant him appropriate access permissions as defined in our security policy. 

802.1x

Authentication with 802.1x is recommended in large-scale networks, as its operation is very granular, authenticating each user separately using their individual passwords. A completely different approach to WiFi security can be found in PSK solutions (pre-shared key), where, as the name suggests, the shared key is known to all users of a given wireless network. In the case of PSK, it’s a matter of time when the key falls in the hands of undesirable people, allowing the connection to the corporate network. 

Encryption and communication integrity verification 

Further challenges include problems arising from the nature of the medium, i.e. Eavesdropping and Packet Sniffing. The possibility of traffic being eavesdropped on is a potential hazard for company data. However, to minimize the consequences of such attacks leading to Man in the Middle attacks, we should provide next-level communications security. Encryption and verification of communication integrity on the upper layer could be the solution. This operation will prevent the mentioned attack. 

Wi-Fi network stability 

Another important factor, that you should always keep in mind, is the stability of the radio network itself. In the projects that we run, we often encounter the problem of Wi-Fi instability. The bulk of it stems from the presence of radio interference, too high signal attenuation in difficult environments, or collisions. Very often these phenomena are also directly related to the nature of the transmission medium, like radio.  

In this case, we may be dealing with deliberate action, which has its own name – it’s the so-called jamming. It’s when the attacker intentionally interferes with and drowns out radio waves, or it can happen unintentionally, for example, as a result of improper network planning, wrong configuration of many access points, mutual interference, and operation on the same channel. The causes may vary, sometimes the culprit is frequency interference caused by Bluetooth devices, like mice or keyboards working in the 2.4 GHz channel. 

Jamming / Interferences

Wi-Fi network controller 

Depending on the manufacturer, the controllers can be located on a physical device, like Cisco Catalyst c9800-L, work in virtual appliance mode, like Catalyst 9800-CL, or even on the access point itself. The controller is a key component of large wireless networks. 

It has two basic and crucial functions in networks built in accordance with good practices. 

The first one is the so-called Radio Resource Management RRM.  

This function automatically minimizes the radio problems described above. 

An example would be operating in specific radio channels of multiple access points located over the open space, or on a building floor with high user density. The wireless network controller is able to collect radio data from the connected access points. Then, it sets their radio parameters, channel numbers in particular, so that channel overlapping will not occur. 

Another example of Radio Resource Management is automatic AP strength adjustment. As a result, the signal propagated by the access point does not leave a specified area of the radio environment, or it’s faint enough to enable users connected to the adjacent access points to work without hindrance. 

The second key task of the wireless network controller is the centralization of the entire network’s configuration and data exchange with external systems, like Radius servers. 

This approach makes it possible to manage a large number of access points located throughout the company in conditions that would render handling the radio network impossible. 

We should emphasize that a wireless network is a dynamic network that is vulnerable to changing radio conditions. Its functioning can be affected by, e.g. home appliances, peripheral devices, movement of terminals and users, among others. 

Summary 

As the 2021 study by Grandmetric shows, the stability and speed of the Wi-Fi network are crucial for the operations of manufacturing businesses. The runners-up are scalability and security. As we learned from this article, stability and security are closely interconnected. 

Modern network access control measures combined with an easily manageable access point controller are a must-have duo for stable and scalable Wi-Fi networks. 

Download Grandmeric whitepaper to learn how to configure and measure wireless networks in enterprise environments.

Enterprise Wireless

Author

Marcin Bialy

Marcin Biały is Network and Security Architect with over 14 years of experience, with Service Provider and Enterprise networking background. He used to work for large service providers, global vendors and integration services companies as Network Architect, Leading Architect and Techincal Solution Manager positions. He designed, implemented and supported dozens large scale projects and infrastructure migrations, solved hundreds of tickets and spent hours with CLI and GUI of many flavors. Marcin is also holding industry recognizable certificates such as CCNP, CCNA, CCSI #35269, FCNSP #7207, FCNSA and more.

Leave a Reply

Your email address will not be published.

Sign up to our newsletter!


Grandmetric