Secure Building of WI-FI

SECURE BUILDING OF WI-FI

Done by

R. Arun II MCA
P. Sangeetha II M.Sc (IT)
St Joseph’s College of Arts & Science
Cuddalore 607001.
mailtorarun@gmail.com
Mobile No: 8870327927

INTRODUCTION raise the issue of the security due to other

The main objective of this research
paper is to build secure WI-FI connections.
Since every institutions, workplaces &
organizations preferring and switching
over to WI-FI connections we have to
make sure that it is secure.
This research paper is based on the
observations & findings that were made
for the past one year while implementing
the WI-FI connections. Here we listed out
what are all common exploits & probable
solutions to tackle that the problems.
Wireless Internet access is a huge
convenience that we have got used to, but
it is important to secure them. Most
internet users do not even realize that
connecting their system to web through
Wi-Fi routers can make them more
vulnerable to hackers.
SECURITY THREATS TO WI-FI
NETWORKS:
There is no physical protection of
the wireless network. The risk of the data
sharing is high as packets are sent through
the airwaves, and an attacker can easily
use various wireless sniffing tools. Most
wireless devices use a broad spectrum, so
it is very easy to identify the signals,
which makes all the more vulnerable to
hackers. There is no need to re-login and
restart network applications. WLANs do
inherent features such as radio waves
being easier to intercept than physical
wires.
COMMON EXPLOITS OF
WIRELESS NETWORKS
In general, attacks on wireless
networks fall into four basic categories:
 Passive Attacks
 Active Attacks
 War Driving
 Jamming
PASSIVE ATTACKS
A passive attack occurs when
someone eavesdrops on the networks
traffics. Armed with a wireless network
adapter that supports promiscuous mode,
eavesdroppers can capture network traffic
for analysis using easily available tools.
ACTIVE ATTACKS
Once an attacker has gained
sufficient information from passive attack,
they can lunch an active attack against the
network. There are a potentially large
number of active attack can be lunched
against a wireless network. These include,
but are not limited to, unauthorized access,
spoofing, denial of service, and flooding,
as well as the introducing of malware.

R Arun II MCA Page 1

 Secure Building of WI-FI
WAR DRIVING
War driving, also called access
point mapping, is the act of locating and
possibly exploiting connections to wireless
local area networks while driving around a
city or elsewhere. With an omnidirectional
antenna and a geophysical positioning
system (GPS), the war driver can
systematically map the locations of
802.11b wireless access points.
JAMMING
Jamming is one of many exploits
used compromise the wireless
environment. If an attacker truly wanted to
compromise your LAN and wireless
security, the most effective approach
would be to send random unauthenticated
packets to every wireless station in the
network.
HACKERS DO THE FOLLOWING
STEPS FOR HACKING WIRELESS
NETWORKS.
• Analyze network to attack
• Crack WEP key
• Sniff network
• Denial of Service attacks (DoS)
Hacker trying to hack a computer
Wireless networks are extremely
vulnerable to DoS attacks. It can slow the
network to crawling speeds or actually
force it to quit working. In the Brute Force
DoS attack method, a huge flood of
R Arun II MCA
packets can use up all of the network’s
resources and force it to shut down, or a
very strong radio signal that totally
dominates the airwaves can render access
points and radio cards useless.
As wireless networks send information via
radio waves on public frequencies, thus
they are susceptible to vulnerable.
A hacker can initiate a packet-based brute
force DoS attack by using other systems
on the network to send the useless packets
to the server. This adds significant
overhead on the network and takes away
useable bandwidth from legitimate users.
SECURE BUILDING OF WI-FI
NETWORKS
Since wireless is a shared medium,
everything that is transmitted or received
over a wireless network can be
intercepted. Encryption and authentication
are always considered when developing a
wireless networking system. The goal of
adding these security features is to make
wireless traffic as secure as wired traffic.
Here are some simple ways to secure your
Wi-Fi network and prevent its misuse
 Authentication through the open
system and shared key
authentication types.
 Data confidentiality through Wired
Equivalent Privacy (WEP)
USING A JAMMER DEVICE
A Wi-Fi Jammer is designed for
blocking wireless LAN networks and
Bluetooth devices. It could cut off of the
connections with Wireless Routers or
Wireless Access Points. It works on
2.4~2.5GHz, could be used in any secure
and privacy locations The Wi-Fi jammer is
applicable for blocking laptops, desktop
computers, PDAs and so on. It could help
Page 2
 Secure Building of WI-FI
you prevent unauthorized people leak out
confidential information. The Bluetooth
connections will be cut off also after turn
on Wi-Fi jammer.
STOP PUBLICLY BROADCASTING
YOUR (SSID)
The broadcast works like an
invitation to the hackers who’re searching
for just that opportunity. In Wi-Fi
networking, the wireless access point or
router typically broadcasts the network
name (SSID) over the air at regular
intervals. Broadcasting was designed for
mobile hotspots where Wi-Fi clients may
roam in and out of range. In the home, this
feature is unnecessary, and it increases the
likelihood someone will try to log in to
your home network. If you turn off SSID
broadcasting, you can keep casual users
away from seeing your network.
MAC ADDRESS FILTERING
Each piece of hardware connected
to a network has physical address or MAC.
Access points and routers keep track of the
MAC addresses for all devices that
connect to them. You can restrict or allow
access to your network by filtering MAC
addresses.
Turn on WPA / WEP Encryption –
If the information sent back and forth over
your Wi-Fi network isn’t adequately
encrypted, a hacker can easily tap into the
network and monitor your activity. One of
R Arun II MCA
the best ways to secure your Wi-Fi
network is through encryption.
There are primarily two encryption Wi-Fi
standards
 Wireless Equivalent Protocol
(WEP)
 Wi-Fi Protected Access (WPA).
WIRED EQUIVALENT PRIVACY
(WEP)
WEP utilizes a symmetric
algorithm known as a stream cipher,
for encryption. A symmetric algorithm is
one that relies on the concept of a single
shared key (as opposed to a public
key) that is used at one end to encrypt
plaintext (the data) into cipher text (the
encrypted data), and at the other end to
decrypt it - convert the cipher text back to
plaintext. Thus, the sender and the receiver
share the same key, and it must be kept
secret.
WI-FI PROTECTED ACCESS (WPA)
Wi-Fi Protected Access is a
specification of standards-based,
interoperable security enhancements that
strongly increase the level of data
protection and access control for existing
and future wireless LAN systems.
Designed to run on existing hardware as a
software upgrade, Wi-Fi Protected Access
is derived from and will be forward-
compatible with the upcoming IEEE
802.11i standard. When properly installed,
it will provide wireless LAN users with a
high level of assurance that their data will
remain protected and that only authorized
network users can access the network
To meet these goals, security
enhancements needed to be made.
Page 3
 Secure Building of WI-FI
WPA
It’s more secure and alternative to
WEP. However, since it is newer, it is not
as widely supported.
WPA2
It’s newest type of wireless
encryption; it provides the highest level of
encryption available. WPA2 encryption
should be your first choice if your wireless
router, all of your wireless computers and
devices support it.
Jammer device
VIRTUAL PRIVATE NETWORKS
(VPN)
Virtual Private Network
technology (VPN) has been used to secure
communications among remote locations
via the Internet since the 1990s. A
familiar and already widely used
technology in the enterprise, it can readily
be extended to Wi-Fi WLAN segments on
existing wired networks. Although VPNs
were originally developed to provide
point-to-point encryption for long Internet
connections between remote users and
their corporate networks, they have
recently been deployed in conjunction with
Wi-Fi WLANs. When a WLAN client
uses a VPN tunnel, communications
data remains encrypted until it reaches
the VPN gateway, which sits behind
the wireless AP. Thus, intruders are
effectively blocked from intercepting all
network communications. Since the VPN
R Arun II MCA
encrypts the entire link from the PC to the
VPN gateway in the heart of the
corporate network, the wireless network
segment between the PC and the AP is
also encrypted. This is why VPNs have
been recommended to help secure Wi-Fi
While VPNs are generally considered
an enterprise solution, integrated products
that offer VPN pass-through
connections, firewalls and routers are
available to accommodate
telecommuters who work from home.
Although they provide excellent security,
VPNs are not self-managing. User
credentials and, often, VPN software
must be distributed to each client.
However, when properly installed, VPNs
extend the high level of security they
provide on wired networks to WLANs. In
fact, some Wi-Fi vendors themselves have
utilized VPNs in networks to secure their
own internal Wi-Fi networks
TEMPORAL KEY INTEGRITY
PROTOCOL (TKIP)
It is an enhanced data encryption.
Wi-Fi P r o t e c t e d Access utilizes i t s
Temporal K e y I n t e g r i t y P r o t o c o l
( TKIP). TKIP provides important data
encryption enhancements including a
per-packet key mixing function
WEP VULNEBERALITIES:
WEP is the original wireless
encryption standard, which is now
outdated. The main problem with it is that
it can be easily cracked. Cracking a
wireless network means defeating the
encryption so that you can establish a
connection without being invited. If you
use WEP encryption, change your
encryption key regularly.
DO NOT AUTO-CONNECT TO OPEN
WI-FI NETWORKS
Page 4
 Secure Building of WI-FI
If you connect to every available
Wi-Fi network automatically, you will
inevitably end up connecting to dummy
Wi-Fi networks designed specifically to
catch unsuspecting users. Most computers
provide a Wi-Fi setting that will configure
your computer to automatically connect to
any open Wi-Fi network without notifying
you. Never select the ‘connect to available
Wi-Fi networks automatically’ setup
option under your Network Connections
window.
ASSIGNING STATIC IP ADDRESSES
TO DEVICES
Dynamic IP allocation also works
to the advantage of attackers, who can
easily obtain valid IP addresses from
network’s DHCP pool. Turn off DHCP on
the router or access point, set a fixed IP
address range instead and then configure
each connected device to match. Using a
private IP address range (like 10.0.0.x)
prevents computers from being directly
reached from the Internet.
ENSURE ACCESS POINTS ARE
PLACED SECURELY
The performance of a Wi-Fi home
network greatly depends on signal strength
of the wireless router or wireless access
point (base station). In the Centre of a
room/office etc. to minimize its signal
strength outside the office.
R Arun II MCA
ADVANTAGES
There are real and measurable
benefits to using a wireless network
versus a standard wired network. For a
home installation customer, the greatest
benefit is that there are no wires needed:
you don’t need to drill holes in walls and
floors; you don’t need to drag cables or
hide them under rugs. One Wi-Fi access
point can provide network access for
any typically sized home. And if you
live in a rental or a historical building,
you may not be allowed to drill holes-
that makes wireless your only solution
It’s flexible: With a wireless network
you and your staff can have
uninterrupted access to people,
information and tools as you and they
move through the workplace with your
mobile PC
It’s Mobility: As you change your
business operations your wireless network
can change with you
It’s fast: From 11 to 54 Mbps throughput
and advanced roaming capabilities
provide reliable access to e-mail, the
Internet, file sharing and other network
resources away from the desk
It’s cost-effective: Expand and extend
your existing network by simply
adding more adapters and access points.
Planning is a no brainier as you need to
buy only what you need
LIMITATIONS
HIGH CONSUMPTION OF
ELECTRICITY
Wi-Fi technologies are power
hungry and suck out your electricity like
water. This presents a clear disadvantage
for users of laptops and other battery
dependent devices. The battery industry is
still grappling with technology which will
Page 5
 Secure Building of WI-FI
enable them to manufacture long lasting,
compact sized and light weight batteries.
RADIO WAVE CONFLICTS
If you are using your Wi-Fi near
other radiation emitting devices such as
microwave ovens, cordless phones, the
resulting conflicts between devices and
networks tend to slow down your Wi-Fi
device. In older versions of Wi-Fi the
conflicts were so high that if the user were
to go near the microwave the data transfer
would immediately stop
DATA SAFETY
The greatest challenge faced by Wi-Fi
providers today is how to prevent outsiders
from accessing your data. Before investing
in Wi-Fi check with the hardware guys
about precautions to save your data.
Currently the Wi-Fi Protected Access
technology is used to secure data transfer
and encryption over networks.
FUTURE TRENDS
IEEE 802.11a
The 802.11a supplement to 802.11
was published in 1999. It uses Orthogonal
Frequency Division Multiplexing (OFDM)
to provide data rates to 54 Mbps in the 5
GHz U-NII bands.
IEEE 802.11g
The 802.11g task group is
working on a supplement to the 802.11
standard that defines a technology for
operation at 2.4 GHz that offers higher
data rates (up to 22 Mbps) using
OFDM, while remaining backwards
compatible to 802.11b.When
compared to 802.11a, 802.11g offers the
advantages of lower cost, backwards
R Arun II MCA
compatibility to existing 802.11b
equipment, and less path loss than
802.11a. This translates into higher data
rates for a given range, or increased range
for a given data rate
CONCLUSION
Our future depends on what we do
in the present - Mahatma Gandhi
Wi-Fi provides freedom: freedom
to physically move around your home
or business and still stay connected to
the Internet or local network; freedom to
grow and move an office or business
without having to install new cables and
wires; Plus, it is cool, and it is fun – as
those in the know say, “Once you go
wireless, you will never want to use a
cable again.”
Wi-Fi use is growing fast in homes,
public access areas and businesses- both
large and small. The Wi-Fi Alliance is
active with many industry organizations
and is working closely with
manufacturers to make sure that
existing Wi-Fi gear is compatible
with wireless technologies developed in
future.
REFERENCES
“Overview of IEEE 802.11 Security”,
www.techonline.com
www.lib-asc.ekm.org
www.wi-fi.org
www.howstuffworks.com
www.about.com
Page 6