Menu
homeInternet

Wi-Fi security. Proper Wi-Fi protection. Wireless Network Security Analysis

At the moment, most firms and enterprises are paying more and more attention to the use of Wi-Fi networks directly. This is due to the convenience, mobility and relative cheapness of connecting individual offices and the ability to move them within the range of the equipment. Wi-Fi networks use complex algorithmic mathematical models for authentication, data encryption, and control of the integrity of their transmission - which will allow you to be relatively calm about the safety of data when using this technology.

Security Analysis wireless networks.

At the moment, most firms and enterprises are paying more and more attention to the use of Wi-Fi networks directly. This is due to the convenience, mobility and relative cheapness of connecting individual offices and the ability to move them within the range of the equipment. Wi-Fi networks use complex algorithmic mathematical models for authentication, data encryption, and control of the integrity of their transmission - which will allow you to be relatively calm about the safety of data when using this technology.

However, this security is relative if you do not pay due attention to setting up the security wired network. At this point, there is already a list of “standard” features that a hacker can get if they are negligent in setting up a wireless network:

Access to resources local network;

Listening, stealing (meaning Internet traffic directly) traffic;

Distortion of information passing through the network;

Introducing a fake access point;

A little theory.

1997 – the first IEEE 802.11 standard was published. Network access protection options:

1. A simple SSID (Server Set ID) password was used to access the local network. This option does not provide the required level of protection, especially for the current level of technology.

2. Using WEP (Wired Equivalent Privacy) – that is, the use of digital keys to encrypt data streams using this function. The keys themselves are just ordinary passwords with a length from 5 to 13 ASCII characters, which corresponds to 40 or 104-bit encryption at the static level.

2001 - introduction of the new IEEE 802.1X standard. This standard uses dynamic 128-bit encryption keys, that is, periodically changing over time. The basic idea is that a network user works in sessions, upon completion of which they are sent new key- session time depends on the OS (Windows XP - by default the time of one session is 30 minutes).

Currently there are 802.11 standards:

802.11 - The original base standard. Supports data transmission over the radio channel at speeds of 1 and 2 Mbit/s.

802.11a - High-speed WLAN standard. Supports data transmission at speeds up to 54 Mbit/s over a radio channel in the range of about 5 GHz.

I802.11b - The most common standard. Supports data transmission at speeds up to 11 Mbit/s over a radio channel in the range of about 2.4 GHz.

802.11e - Request quality requirement required for all IEEE WLAN radio interfaces

802.11f - A standard that describes the order of communication between peer access points.

802.11g - Establishes an additional modulation technique for the 2.4 GHz frequency. Designed to provide data transmission rates of up to 54 Mbit/s over a radio channel in the range of about 2.4 GHz.

802.11h - A standard that describes the management of the 5 GHz spectrum for use in Europe and Asia.

802.11i (WPA2) - A standard that corrects existing security problems in the areas of authentication and encryption protocols. Affects 802.1X, TKIP and AES protocols.

At the moment, 4 standards are widely used: 802.11, 802.11a, 802.11b, 802.11g.

2003 - The WPA (Wi-Fi Protected Access) standard was introduced, which combines the benefits of dynamic key renewal of IEEE 802.1X with TKIP (Temporal Key Integrity Protocol) encoding, Extensible Authentication Protocol (EAP) and verification technology message integrity MIC (Message Integrity Check).

In addition, many independent security standards from various developers are being developed in parallel. The leaders are such giants as Intel and Cisco.

2004 - WPA2, or 802.11i, appears - the most secure standard at this time.

Technologies for protecting Fi-Wi networks.

WEP

This technology was developed specifically to encrypt the flow of transmitted data within a local network. The data is encrypted with a key of 40 to 104 bits. But this is not the whole key, but only its static component. To enhance security, the so-called initialization vector IV (Initialization Vector) is used, which is designed to randomize an additional part of the key, which provides different variations of the cipher for different data packets. This vector is 24-bit. Thus, as a result, we obtain a general encryption with a bit depth from 64 (40+24) to 128 (104+24) bits, which allows us to operate with both constant and randomly selected characters during encryption. But on the other hand, 24 bits are only ~16 million combinations (2 24 powers) - that is, after the key generation cycle ends new cycle. Hacking is done quite simply:

1) Finding a repeat (minimum time, for a key 40 bits long - from 10 minutes).

2) Hacking the rest of the part (essentially seconds)

3) You can infiltrate someone else's network.

At the same time, there are quite common utilities for cracking the key, such as WEPcrack.

802.1X

IEEE 802.1X is the foundational standard for wireless networks. It is currently supported by Windows XP and Windows Server 2003.

802.1X and 802.11 are compatible standards. 802.1X uses the same algorithm as WEP, namely RC4, but with some differences (greater “mobility”, i.e. it is possible to connect even a PDA device to the network) and corrections (WEP hacking, etc.). P.).

802.1X is based on the Extensible Authentication Protocol (EAP), Transport Layer Security (TLS), and RADIUS (Remote Access Dial-in User Service).

After the user has passed the authentication stage, he is sent The secret key in encrypted form for a certain short time - the time of the currently valid session. Upon completion of this session, a new key is generated and again sent to the user. The TLS transport layer security protocol provides mutual authentication and integrity of data transmission. All keys are 128-bit.

Separately, it is necessary to mention the security of RADIUS: it is based on the UDP protocol (and therefore is relatively fast), the authorization process occurs in the context of the authentication process (i.e., there is no authorization as such), the implementation of the RADIUS server is focused on single-process client servicing (although it is possible and multi-process - the question is still open), supports a fairly limited number of authentication types (cleartext and CHAP), and has an average degree of security. In RADIUS, only cleartext passwords are encrypted, the rest of the package remains “open” (from a security point of view, even the username is a very important parameter). But CHAP is a separate matter. The idea is that no cleartext password in any form would never be transmitted through the network. Namely: when authenticating a user, the client sends the user machine a certain Challenge (an arbitrary random sequence of characters), the user enters a password and with this Challenge the user machine performs certain encrypting actions using the entered password (usually this is ordinary encryption using the MD5 algorithm (RFC-1321). This Response is sent back to the client, and the client sends everything (Challenge and Response) to the 3A server for authentication (Authentication, Authorization, Accounting). side user password) performs the same actions with Challeng and compares its Response with the one received from the client: converges - the user is authenticated, no - refusal. Thus, only the user and the 3A server know the cleartext password, and the cleartext password does not “travel” through the network and cannot be hacked.

WPA

WPA (Wi-Fi Protected Access) is a temporary standard (technology for secure access to wireless networks), which is transitional to IEEE 802.11i. Essentially, WPA combines:

802.1X is the foundational standard for wireless networks;

EAP - Extensible Authentication Protocol;

TKIP - Temporal Key Integrity Protocol;

MIC is a technology for checking message integrity (Message Integrity Check).

The main modules are TKIP and MIC. The TKIP standard uses auto-guessed 128-bit keys that are generated in an unpredictable manner and total number There are approximately 500 billion variations. Complex hierarchical system key selection algorithm and their dynamic replacement every 10 KB (10 thousand transmitted packets) make the system as secure as possible. Message Integrity Check technology also protects against external penetration and changes in information. A fairly complex mathematical algorithm allows you to compare data sent at one point and received at another. If changes are noticed and the comparison result does not converge, such data is considered false and discarded.

True, TKIP is not currently the best at implementing encryption, due to new technology Advanced Encryption Standard (AES), previously used in VPNs.

VPN

VPN (Virtual Private Network) technology was proposed by Intel to provide secure connections between client systems and servers over public Internet channels. VPN is probably one of the most reliable in terms of encryption and authentication reliability.

There are several encryption technologies used in VPN, the most popular of which are described by the PPTP, L2TP and IPSec protocols with algorithms DES encryption, Triple DES, AES and MD5. IP Security (IPSec) is used approximately 65-70% of the time. With its help, almost maximum security of the communication line is ensured.

VPN technology was not designed specifically for Wi-Fi - it can be used for any type of network, but protecting wireless networks with its help is the most correct solution.

A fairly large amount of software (Windows NT/2000/XP, Sun Solaris, Linux) and hardware have already been released for VPN. To implement VPN protection within a network, you need to install a special VPN gateway (software or hardware), in which tunnels are created, one for each user. For example, for wireless networks, the gateway should be installed directly in front of the access point. And network users need to install special client programs, which in turn also work outside the wireless network and decryption is carried out beyond its boundaries. Although all this is quite cumbersome, it is very reliable. But like everything, it has its drawbacks, in this case there are two of them:

The need for fairly extensive administration;

Decrease bandwidth channel by 30-40%.

Other than that, a VPN is a pretty clear choice. Especially recently, the development VPN equipment is happening in the direction of improving safety and mobility. Complete IPsec VPN solution in the series Cisco VPN 5000 serves as a prime example. Moreover, this line currently includes only the only client-based VPN solution today that supports Windows 95/98/NT/2000, MacOS, Linux and Solaris. Besides free license to use the brand and distribute the IPsec VPN client software comes with all VPN 5000 products, which is also important.

Key points about protecting an organization's Fi-Wi networks.

In light of all of the above, you can make sure that the currently available protection mechanisms and technologies allow you to ensure the security of your network, using Fi-Wi. Naturally, if administrators do not rely only on basic settings, but take care of fine-tuning. Of course, it cannot be said that in this way your network will turn into an impregnable bastion, but by allocating sufficiently significant funds for equipment, time for configuration and, of course, for constant monitoring, you can ensure security with a probability of approximately 95%.

Key points when organizing and Wi-Fi settings networks that should not be neglected:

- Selecting and installing an access point:

> before purchasing, carefully read the documentation and currently available information about holes in the software implementation for this class of equipment (all famous example holes in iOS Cisco routers, allowing an attacker to gain access to the config sheet). It may make sense to limit yourself to buying a cheaper option and updating the OS of the network device;

> explore supported protocols and encryption technologies;

> whenever possible, purchase devices that use WPA2 and 802.11i, as they use new technology for security - Advanced Encryption Standard (AES). At the moment, these can be dual-band access points (AP) to IEEE 802.11a/b/g networks Cisco Aironet 1130AG and 1230AG. These devices support the IEEE 802.11i security standard, Wi-Fi Protected Access 2 (WPA2) intrusion protection technology using Advanced Encryption Standard (AES) and guarantee capacity to meet the highest demands of wireless LAN users. The new APs take advantage of dual-band IEEE 802.11a/b/g technologies and remain fully compatible with earlier versions devices running IEEE 802.11b;

> prepare in advance client machines for joint work with purchased equipment. Some encryption technologies may not be supported by the OS or drivers at this time. This will help avoid wasting time when deploying a network;

> do not install an access point outside the firewall;

> Locate antennas inside the building walls and limit radio power to reduce the likelihood of connection from outside.

> use directional antennas, do not use the default radio channel.

- Access point setup:

> if the access point allows you to deny access to your settings using wireless connection, then use this opportunity. Initially, do not allow a hacker to control key nodes via radio when infiltrating your network. Disable radio broadcasting protocols such as SNMP, web administration interface and telnet;

> be sure(!) to use a complex password to access the access point settings;

> if the access point allows you to control client access by MAC addresses, be sure to use this;

> if the equipment allows you to prohibit broadcasting of the SSID, be sure to do this. But at the same time, a hacker always has the opportunity to obtain the SSID when connecting as a legitimate client;

> security policy should prohibit wireless clients make ad-hoc connections (such networks allow two or more stations to connect directly to each other, bypassing access points that route their traffic). Hackers can use several types of attacks against systems using ad-hoc connections. The primary problem with ad-hoc networks is lack of identification. These networks can allow a hacker to conduct man in the middle attacks, denial of service (DoS), and/or compromise systems.

- Selecting a setting depending on the technology:

> if possible, deny access for clients with SSID;

> if there is no other option, be sure to enable at least WEP, but not lower than 128bit.

> if, when installing network device drivers, you are offered a choice of three encryption technologies: WEP, WEP/WPA and WPA, then select WPA;

> if the device settings offer the choice: “Shared Key” (it is possible to intercept the WEP key, which is the same for all clients) and “Open System” (it is possible to integrate into the network if the SSID is known) - select “Shared Key”. In this case (if you use WEP authentication), it is most advisable to enable filtering by MAC address;

> if your network is not large, you can choose Pre-Shared Key (PSK).

> if it is possible to use 802.1X. However, when setting up a RADIUS server, it is advisable to select the CHAP authentication type;

> the maximum level of security at the moment is provided by the use of VPN - use this technology.

- Passwords and keys:

> when using an SSID, adhere to the same requirements as password protection - the SSID must be unique (do not forget that the SSID is not encrypted and can be easily intercepted!);

> always use the longest possible keys. Do not use keys smaller than 128 bits;

> do not forget about password protection - use a password generator, change passwords after a certain period of time, keep passwords secret;

> in the settings there is usually a choice of four predefined keys - use them all, changing according to a certain algorithm. If possible, focus not on the days of the week (there are always people in any organization who work on weekends - what prevents implementation of the network on these days?).

> try to use long, dynamically changing keys. If you use static keys and passwords, change your passwords after a certain period of time.

> instruct users to keep passwords and keys confidential. It is especially important if some people use laptops that they keep at home to log in.

- Network settings:

> use NetBEUI to organize shared resources. If this does not contradict the concept of your network, do not use the TCP/IP protocol on wireless networks to organize folders and printers public access.

> do not allow guest access to shared resources;

> try not to use wireless DHCP networks- use static IP addresses;

> limit the number of protocols within the WLAN to only those necessary.

- General:

> use firewalls on all wireless network clients, or at least activate the firewall for XP;

> regularly monitor vulnerabilities, updates, firmware and drivers of your devices;

> use security scanners periodically to identify hidden problems;

> Determine the tools to perform wireless scanning and how often to perform these scans. Wireless scanning can help locate rogue access points.

> if your organization’s finances allow it, purchase intrusion detection systems (IDS, Intrusion Detection System), such as:

CiscoWorks Wireless LAN Solution Engine (WLSE), which includes several new features - self-healing, advanced tamper detection, automated site inspection, warm standby, client tracking with real-time reporting.
CiscoWorks WLSE is a centralized system-level solution for managing the entire wireless infrastructure based on Cisco Aironet products. The advanced radio and device management features supported by CiscoWorks WLSE simplify ongoing wireless network operations, enable seamless deployment, enhance security, and ensure maximum degree readiness while reducing deployment and operational costs.

The Hitachi AirLocation system uses an IEEE802.11b network and is capable of operating both indoors and outdoors. The accuracy of determining the coordinates of an object, according to the developers, is 1-3 m, which is somewhat more accurate than the similar characteristic of GPS systems. The system consists of a coordinate determination server, a control server, a set of several base stations, a set of WLAN equipment and specialized software. The minimum price of the kit is about $46.3 thousand. The system determines the location of the required device and the distance between it and each access point by calculating the terminal’s response time to signals sent by points connected to the network with a distance between nodes of 100-200 m. For a sufficiently precise location of the terminal, therefore, only three access points are sufficient.

Yes, the prices for such equipment are quite high, but any serious company can decide to spend this amount in order to be confident in the security of their wireless network.

To protect your Wi-Fi network and set a password, you must select the type of wireless network security and encryption method. And at this stage, many people have a question: which one to choose? WEP, WPA, or WPA2? Personal or Enterprise? AES or TKIP? What security settings will best protect your Wi-Fi network? I will try to answer all these questions within the framework of this article. Let's consider all possible authentication and encryption methods. Let's find out which Wi-Fi network security parameters are best set in the router settings.

Please note that the type of security, or authentication, network authentication, security, authentication method - it's all the same thing.

Authentication type and encryption are the main security settings wireless wifi networks. I think that first we need to figure out what they are, what versions there are, their capabilities, etc. After which we will find out what type of protection and encryption to choose. I’ll show you using the example of several popular routers.

I highly recommend setting up a password and protecting your wireless network. Set the maximum level of protection. If you leave the network open, without protection, then anyone can connect to it. This is primarily unsafe. And also an extra load on your router, a drop in connection speed and all sorts of problems with connecting different devices.

Wi-Fi network protection: WEP, WPA, WPA2

There are three protection options. Of course, not counting "Open" (No protection).

  • WEP(Wired Equivalent Privacy) is an outdated and insecure authentication method. This is the first and not very successful method of protection. Attackers can easily access wireless networks that are protected using WEP. There is no need to set this mode in the settings of your router, although it is present there (not always).
  • WPA(Wi-Fi Protected Access) – reliable and modern type security. Maximum compatibility with all devices and operating systems.
  • WPA2– a new, improved and more reliable version of WPA. There is support for AES CCMP encryption. At the moment, this is The best way Wi-Fi network protection. This is what I recommend using.

WPA/WPA2 can be of two types:

  • WPA/WPA2 - Personal (PSK)- This the usual way authentication. When you only need to set a password (key) and then use it to connect to a Wi-Fi network. The same password is used for all devices. The password itself is stored on the devices. Where you can view it or change it if necessary. It is recommended to use this option.
  • WPA/WPA2 - Enterprise– more complex method, which is mainly used to protect wireless networks in offices and various establishments. Allows for a higher level of protection. Used only when a RADIUS server is installed to authorize devices (which gives out passwords).

I think we have figured out the authentication method. The best thing to use is WPA2 - Personal (PSK). For better compatibility, so that there are no problems connecting older devices, you can set the WPA/WPA2 mixed mode. This is the default setting on many routers. Or marked as "Recommended".

Wireless Network Encryption

There are two ways TKIP And AES.

It is recommended to use AES. If you have older devices on your network that do not support AES encryption (but only TKIP) and there will be problems connecting them to the wireless network, then set it to "Auto". Type TKIP encryption not supported in 802.11n mode.

In any case, if you install strictly WPA2 - Personal (recommended), then only AES encryption will be available.

What protection should I install on my Wi-Fi router?

Use WPA2 - Personal with AES encryption. To date, this is the best and most safe way. This is what the wireless network security settings look like on ASUS routers:

And this is what these security settings look like on routers from TP-Link (with old firmware).

More detailed instructions for TP-Link you can look.

Instructions for other routers:

If you don’t know where to find all these settings on your router, then write in the comments, I’ll try to tell you. Just don't forget to specify the model.

Since older devices (Wi-Fi adapters, phones, tablets, etc.) may not support WPA2 - Personal (AES), in case of connection problems, set the mixed mode (Auto).

I often notice that after changing the password or other security settings, devices do not want to connect to the network. Computers may receive the error "The network settings saved on this computer do not meet the requirements of this network." Try deleting (forgetting) the network on the device and connecting again. I wrote how to do this on Windows 7. But in Windows 10 you need .

Password (key) WPA PSK

Whatever type of security and encryption method you choose, you must set a password. He's the same WPA key, Wireless Password, Wi-Fi Network Security Key, etc.

Password length is from 8 to 32 characters. You can use letters of the Latin alphabet and numbers. Also special signs: - @ $ # ! etc. No spaces! The password is case sensitive! This means that "z" and "Z" are different characters.

I do not recommend setting simple passwords. It's better to create strong password, which no one will be able to pick up, even if they try hard.

It is unlikely that you will be able to remember such a complex password. It would be nice to write it down somewhere. It’s not uncommon for Wi-Fi passwords to be simply forgotten. I wrote in the article what to do in such situations: .

If you need even more security, you can use MAC address binding. True, I don’t see the need for this. WPA2 - Personal paired with AES and complex password- quite enough.

How do you protect your Wi-Fi network? Write in the comments. Well, ask questions :)

The main difference between wired and wireless networks

associated with a completely uncontrolled area between network endpoints. In a fairly wide area of ​​networks, the wireless environment is not controlled in any way. Modern wireless technologies offer

a limited set of tools for managing the entire network deployment area. This allows attackers in close proximity to wireless structures to whole line attacks that were impossible in the wired world. We will discuss security threats unique to a wireless environment, equipment that is used in attacks, problems that arise when roaming from one access point to another, shelters for wireless channels And cryptographic protection open communications.

Eavesdropping

The most common problem in open and unmanaged environments such as wireless networks is the possibility of anonymous attacks. Anonymous pests can intercept radio signals and decrypt transmitted data. The equipment used for online eavesdropping may not be more difficult than that, which is used for regular access to this network. To intercept a transmission, an attacker must be close to the transmitter. Interceptions of this type are almost impossible to register, and even more difficult to prevent. The use of antennas and amplifiers gives the attacker the opportunity to be at a significant distance from the target during the interception process. Eavesdropping is carried out to collect information on a network that is subsequently intended to be attacked. The attacker's primary goal is to understand who is using the network, what information is available on it, what are the capabilities network equipment, at what moments it is exploited most and least intensively and what is the territory of network deployment.

All this will be useful in order to organize an attack on the network.

Many public network protocols carry this important information, as username and password, in clear text. An eavesdropper can use the obtained data to gain access to network resources.

Even if the transmitted information is encrypted, the attacker ends up with text that can be remembered and then decoded. Another way to eavesdrop is to connect to a wireless network. Active eavesdropping on a local wireless network is usually based on misuse of the Address Resolution Protocol (ARP).

Initially, this technology was created to “listen” to the network. In reality, we are dealing with a MITM (man in the middle) attack at the data communication level. They can take many forms and are used to destroy the confidentiality and integrity of a communication session.

MITM attacks are more complex than most other attacks, requiring detailed information about the network to carry out. An attacker usually spoofs the identity of one of the network resources.

When the attack victim initiates a connection, the scammer intercepts it and then terminates the connection to the desired resource, and then passes all connections to that resource through his station. In this case, the attacker can send information, change what was sent, or eavesdrop on all conversations and then decrypt them. The attacker sends unsolicited ARP responses to the target station on the local network, which forwards all traffic passing through it to him. The attacker will then send packets to the specified recipients. Thus, wireless station can intercept traffic from another wireless client (or a wired client on the local network).

Institute of Financial and Economic Security

ABSTRACT

Wireless Security

Completed:

Student of group U05-201

Mikhailov M.A.

Checked:

Associate Professor of the Department

Burtsev V.L.

Moscow

2010

Introduction

WEP security standard

WPA security standard

WPA2 security standard

Conclusion

Introduction

Story wireless technologies The transmission of information began at the end of the 19th century with the transmission of the first radio signal and the appearance in the 20s of the 20th century of the first radio receivers with amplitude modulation. In the 1930s, frequency modulation radio and television appeared. In the 70s, the first wireless telephone systems as a natural result of satisfying the need for mobile transmission vote. At first these were analogue networks, and in the early 80s the GSM standard was developed, which marked the beginning of the transition to digital standards, as they provided better spectrum distribution, best quality signal, better security. Since the 90s of the twentieth century, the position of wireless networks has been strengthening. Wireless technologies are firmly entrenched in our lives. Developing at tremendous speed, they create new devices and services.

The abundance of new wireless technologies such as CDMA (Code Division Multiple Access, technology with code division channels), GSM (Global for Mobile Communications, a global system for mobile communications), TDMA (Time Division Multiple Access), 802.11, WAP (Wireless Application Protocol), 3G (third generation), GPRS (General Packet Radio Service, packet data service), Bluetooth (blue tooth, named after Harald Blue Tooth, a Viking leader who lived in the 10th century), EDGE (Enhanced Data Rates for GSM Evolution, increased transmission speeds are given for GSM), i-mode, etc. indicates that a revolution is beginning in this area.

The development of wireless local networks (WLAN), Bluetooth (medium and short distance networks) is also very promising. Wireless networks are deployed at airports, universities, hotels, restaurants, and businesses. The history of the development of wireless network standards began in 1990, when the 802.11 committee was formed world organization IEEE (Institute of Electrical and Electronics Engineers). The World Wide Web and the idea of ​​working on the Internet using wireless devices gave a significant impetus to the development of wireless technologies. At the end of the 90s, users were offered a WAP service, which at first did not arouse much interest among the population. These were basic information services - news, weather, all kinds of schedules, etc. Also, both Bluetooth and WLAN were in very low demand at the beginning, mainly due to the high cost of these means of communication. However, as prices fell, so did public interest. By the middle of the first decade of the 21st century, the number of wireless Internet service users reached tens of millions. With the advent of wireless Internet communications, security issues have come to the fore. The main problems when using wireless networks are interception of messages from intelligence services, commercial enterprises and individuals, interception of credit card numbers, theft of paid connection time, and interference with the work of communication centers.

Like any computer network, Wi-Fi is a source of increased risk of unauthorized access. In addition, it is much easier to penetrate a wireless network than a regular one - you do not need to connect to wires, you just need to be in the signal reception area.

Wireless networks differ from cable networks only at the first two - physical (Phy) and partly channel (MAC) - levels of the seven-level interaction model open systems. More high levels are implemented as in wired networks, and real network security is ensured precisely at these levels. Therefore, the difference in the security of these and other networks comes down to the difference in the security of the physical and MAC layers.

Although today the protection of Wi-Fi networks uses complex algorithmic mathematical models of authentication, data encryption and control of the integrity of their transmission, nevertheless, the probability of access to information strangers is very significant. And if the network configuration is not given due attention, an attacker can:

· gain access to the resources and disks of Wi-Fi network users, and through it to LAN resources;

· eavesdrop on traffic, extract from it confidential information;

· distort information passing through the network;

· introduce fake access points;

· send spam and perform other illegal actions on behalf of your network.

But before you start protecting your wireless network, you need to understand the basic principles of its organization. Typically, wireless networks consist of access nodes and clients with wireless adapters. Access nodes and wireless adapters are equipped with transceivers to exchange data with each other. Each AP and wireless adapter is assigned a 48-bit MAC address, which is functionally equivalent to an Ethernet address. Access nodes connect wireless and wired networks, allowing wireless clients to access wired networks. Communication between wireless clients in ad hoc networks is possible without an AP, but this method is rarely used in institutions. Each wireless network is identified by an administrator-assigned SSID (Service Set Identifier). Wireless clients can communicate with the AP if they recognize the access node's SSID. If there are several access nodes in a wireless network with the same SSID (and the same authentication and encryption parameters), then it is possible to switch mobile wireless clients between them.

The most common wireless standards are 802.11 and its advanced variants. The 802.11 specification defines the characteristics of a network operating at speeds up to 2 Mbit/s. Improved versions provide higher speeds. The first, 802.11b, is the most widely used, but is quickly being replaced by the 802.11g standard. 802.11b wireless networks operate in the 2.4 GHz band and provide data transfer rates of up to 11 Mbps. An improved version, 802.11a, was ratified earlier than 802.11b, but came to market later. Devices of this standard operate in the 5.8 GHz band with typical speeds of 54 Mbps, but some vendors offer higher speeds of up to 108 Mbps in turbo mode. The third, improved version, 802.11g, operates in the 2.4 GHz band, like 802.11b, with a standard speed of 54 Mbit/s and a higher speed (up to 108 Mbit/s) in turbo mode. Most 802.11g wireless networks are capable of handling 802.11b clients due to the backward compatibility built into the 802.11g standard, but practical compatibility depends on the specific vendor implementation. The main part of the modern wireless equipment supports two or more 802.11 variants. A new wireless standard, 802.16, called WiMAX, is being designed with the specific goal of providing wireless access to businesses and homes through stations similar to cellular communications. This technology is not discussed in this article.

The actual range of an AP depends on many factors, including the 802.11 variant and operating frequency of the equipment, manufacturer, power, antenna, external and internal walls, and network topology features. However, a wireless adapter with a high-gain, narrow-beam antenna can provide communication with the AP and the wireless network over a considerable distance, up to about one and a half kilometers depending on conditions.

Due to the public nature of the radio spectrum, there are unique security concerns not present in wired networks. For example, to eavesdrop on messages on a wired network, you need physical access to a network component such as a device's LAN connection point, switch, router, firewall, or host computer. A wireless network only requires a receiver, such as a regular frequency scanner. Due to the openness of wireless networks, standard developers prepared the Wired Equivalent Privacy (WEP) specification, but made its use optional. WEP uses a shared key that is known to the wireless clients and the access nodes with which they communicate. The key can be used for both authentication and encryption. WEP uses the RC4 encryption algorithm. A 64-bit key consists of 40 user-defined bits and a 24-bit initialization vector. In an attempt to improve the security of wireless networks, some equipment manufacturers have developed advanced algorithms with 128-bit or longer WEP keys, consisting of a 104-bit or longer user portion and an initialization vector. WEP is used with 802.11a, 802.11b and 802.11g compatible equipment. However, despite the increased key length, WEP's flaws (particularly weak authentication mechanisms and encryption keys that can be revealed by cryptanalysis) are well documented, and WEP is not considered a reliable algorithm today.

In response to the shortcomings of WEP, the Wi-Fi Alliance decided to develop Wi-Fi standard Protected Access (WPA). WPA is superior to WEP by adding TKIP (Temporal Key Integrity Protocol) and a strong authentication mechanism based on 802.1x and EAP (Extensible Authentication Protocol). WPA was intended to become a working standard that could be submitted to the IEEE for approval as an extension to the 802.11 standards. The extension, 802.11i, was ratified in 2004, and WPA was updated to WPA2 to be compatible with the Advanced Encryption Standard (AES) instead of WEP and TKIP. WPA2 is backward compatible and can be used in conjunction with WPA. WPA was intended for enterprise networks with a RADIUS (Remote Authentication Dial-In User Service) authentication infrastructure, but a version of WPA called WPA Pre-Shared Key (WPAPSK) has received support from some manufacturers and is being prepared for use. in small enterprises. Like WEP, WPAPSK works with a shared key, but WPAPSK is more secure than WEP.

When building wireless networks, there is also the problem of ensuring their security. If in conventional networks information is transmitted over wires, then the radio waves used for wireless solutions, is quite easy to intercept if you have the appropriate equipment. The way a wireless network operates creates a large number of possible vulnerabilities for attacks and intrusions.

Equipment for wireless local networks WLAN (Wireless Local Area Network) includes points wireless access and workstations for each subscriber.

AP access points(Access Point) act as concentrators that provide communication between subscribers and each other, as well as the function of bridges that communicate with the cable local network and the Internet. Each access point can serve several subscribers. Several nearby access points form an access zone WiFi, within which all subscribers equipped with wireless adapters gain access to the network. Such access zones are created in crowded places: airports, college campuses, libraries, shops, business centers, etc.

The access point has a Service Set Identifier (SSID). The SSID is a 32-bit string used as the name of the wireless network that all nodes are associated with. The SSID is required to connect the workstation to the network. To associate a workstation with an access point, both systems must have the same SSID. If work station does not have the required SSID, it will not be able to contact the access point and connect to the network.

The main difference between wired and wireless networks is the presence of an uncontrolled area between the endpoints of the wireless network. This allows attackers in close proximity to wireless structures to carry out a range of attacks that would not be possible in the wired world.

When using wireless access to a local network, security threats increase significantly (Fig. 2.5).

Rice. 2.5.

We list the main vulnerabilities and threats of wireless networks.

Radio beacon broadcasting. The access point includes certain frequency a broadcast beacon to notify surrounding wireless nodes of its presence. These broadcast signals contain basic information about the wireless access point, usually including the SSID, and invite wireless nodes to register in the area. Any workstation in standby mode can obtain the SSID and add itself to the appropriate network. Beacon broadcasting is an “innate pathology” of wireless networks. Many models allow you to turn off the SSID portion of this broadcast to make wireless eavesdropping somewhat more difficult, but the SSID is still sent upon connection, so there is still a small window of vulnerability.

WLAN discovery. To detect wireless WLAN networks, for example, the NetStumber utility is used in conjunction with satellite navigator global system GPS positioning. This utility identifies Network SSID WLAN and also determines whether the system is in use WEP encryption. Using an external antenna on laptop computer makes it possible to discover WLAN networks while walking around the desired area or driving around the city. A reliable method for WLAN detection is to survey the office building with laptop computer in hand.

Eavesdropping. Eavesdropping is carried out to collect information about the network that is supposed to be attacked later. An eavesdropper can use the obtained data to gain access to network resources. The equipment used to eavesdrop on a network may be no more sophisticated than that used for routine access to that network. Wireless networks by their nature allow connection with physical network computers located at some distance from it, as if these computers were directly on the network. For example, a person sitting in a car parked nearby can connect to a wireless network located in a building. An attack through passive eavesdropping is almost impossible to detect.

False network access points. An experienced attacker can create a false access point simulating network resources. Subscribers, unsuspectingly, contact this false access point and provide it with their important details, such as authentication information. This type of attack is sometimes used in combination with direct jamming of the actual network access point.

Denial of service. An attack can cause complete paralysis of the network DoS type(Denial of Service) - denial of service. Its purpose is to interfere with user access to network resources. Wireless systems particularly susceptible to such attacks. The physical layer in a wireless network is the abstract space around the access point. An attacker can turn on a device that fills the entire spectrum at the operating frequency with interference and illegal traffic - this task does not pose any particular difficulties. The very fact of carrying out a DoS attack on physical level in a wireless network is difficult to prove.

Man-in-the-middle attacks. Attacks of this type are carried out much easier on wireless networks than on wired networks, since in the case of a wired network it is necessary to implement certain type access to it. Typically, man-in-the-middle attacks are used to destroy the confidentiality and integrity of a communication session. MITM attacks are more complex than most other attacks and require detailed information about the network to carry out. An attacker usually spoofs the identity of one of the network resources. It uses the ability to eavesdrop and illegally capture a data stream in order to change its contents to serve some of its purposes, such as spoofing IP addresses, changing the MAC address to imitate another host, etc.

Anonymous Internet access. Unsecured wireless LANs provide hackers with the best possible anonymous access for attacks via the Internet. Hackers can use unprotected wireless LAN organizations to access the Internet through it, where they will carry out illegal actions without leaving their traces. An organization with an unprotected LAN formally becomes a source of attack traffic aimed at another computer system, which is associated with a potential risk of legal liability for damage caused to the victim of a hacker attack.

The attacks described above are not the only attacks used by hackers to compromise wireless networks.