Wireless Security T 01/15/2015 ISSC340 American Public University System Eric Yocam

When it comes to dealing with wireless security, it happens to be a problem for everyone. The rise in devices being made during the last decade has put a strain on the amount of data being requested by users. The statistics show that 64 percent of Americans who have internet service providers that impose a broadband cap, have a meter for the cap that is presented. Recent studies have shown that five out of seven people’s meters don’t count your bits correctly. This allows for the chance of assuming what data is being used and being overcharged for what is not actually used.
Other statistics show that the laptops that were purchased in 2005 and later were equipped with wireless connectivity. This created an issue with wireless laptops connected to the corporate network, it presents a situation where a hacker could sit in the parking lot and receive information through laptops and other devices, or break in using the wireless card-equipped with this wireless connectivity option.
In order to test the strength of most wired and wireless networks the intrusion detection system was implemented. This is a software application that monitors the network activity for malicious activity or privacy violations. The way this works, is that the incidents get reported to a management station. The two different types of intrusion detection system are (NIDS) network based and (HIDS) Host based intrusion detection systems. The next step in security would be to assign a (IDPS) Intrusion detection and prevention system. When applied this tracks and monitors the system being used for hazardous or malicious activity. The purpose is to log and keep track of any activity that may seem like a malicious act in any way.

There are plenty of ways to ensure that you have your wireless security set to where just anyone cannot connect to it and use it. The different types of security that can be placed on your router are, WEP, WPA, and WPA2. WEP is outdated and usually is not used today for security reasons. It is defined as a security algorithm for 802.11 standard. The main purpose of WEP was to provide the data confidentiality of what a wired network would offer. There are two different types of authentication used with WEP, there is open system authentication, and shared key authentication. The general concept of open system authentication is that, the WLAN client has the access point and does not need to provide authentication. In shared key authentication, there is a four step handshake process. First, the client has to send an authentication request, there is a reply with the clear text challenge, the client encrypts the text, and the access point decrypts the response.
WPA is the next step in wireless security. This standard was developed and became available in 2003. The security protocol was developed by the Wi-Fi alliance to secure wireless networks, this was in response to the lacking security of WEP, which brought about concern for more security. WPA include a new feature to include a message integrity check to verify the integrity of packets.
WPA 2 is the most current protection for Wi-Fi available. This is the stronger version of WPA and is also known as “IEEE 802.11i-2004”. The same flaw remains with
WPA and WPA2 with weak passwords and weak passphrase, known as a brute force attack. There are still password cracking attacks, which can mostly be avoided using a

random password of 20 characters. There are programs used for brute force attacks, such as air crack suite.
There are steps that can be taken to ensure that the wireless network you are using is safe and secure. The first step is to verify the wireless network and base it according to your needs. One reason would be to weigh out the pros and cons of a wireless network against a wired and more secure network. One disadvantage is the shared bandwidth on multiple devices throughout your home, seeing how access points have an allotted maximum output. Also, it is known that wireless signals are easier to interrupt and be intercepted that wired networks. Even with the standards improving the security of wireless networks, it is still a means of concern.
The second step is to see what type of coverage you will need and make it custom to the needs of your home. If you have a small apartment, then there will be no need for a long range, but if you are in a big home, with a basement, then there will be a need for more coverage area. One thing to keep in mind is that the further the coverage, the weaker the signal, also in most cases the weaker the coverage, the slower the signal tends to be.
The third step is to plan how much bandwidth is needed. If you are doing your day to day tasks of school, social media, and watching videos on YouTube, then there will be no need to have to plan on how much bandwidth utilization will be accessed. Yet, if you work from home and have a job that requires much more bandwidth, then that is a thing to make sure that you have enough bandwidth for yourself, when sharing

with others. It would be best to contact your ISP and look at different plans according to the bandwidth that suite you the best.
The fourth step is to make a requirement list for the hardware needed. In traditional homes, all is usually needed is a modem/router and you are able to access the internet with the least amount of requirements. In some situations, you will need a switch or hub if you want to connect like a wired network, this seems to be more for people with experience and know how these devices work and want those devices as a just in case situation.
The fifth step is to perform a site survey. This can be used to test your wireless strength throughout your home. You want to make sure your access point is located in the perfect location, so that the signal reaches throughout the house or apartment that you are living in. This is an important step when deal with wireless connectivity, because you do not want a weak signal.
The sixth step is the final step, to make everything come together in one piece. This step is to make sure to implement security. Without this step, all of the other step do not matter. The first step to this is to change the default administrator password that is set up on the device. This is to protect you from anyone else who has that same device, they would be able to access everything, just by having the default password that comes on the device from the factory. The next step is to turn off and change the (SSID) service set identifier, doing this does not allow anyone else to see that you have a wireless signal, there for giving amateurs no reason to attempt to connect to your

network. If you want more control over your network, another means of security is to implement MAC address filtering, this filters out what can connect to your access point by checking the allotted MAC addresses that are assigned to your access point, and not allowing any device that is not assigned to the access point, via a different MAC address. Within this step, another security option that can be used but is not needed is a (VPN) virtual private network. If you are accessing (PII) Personally identifiable information, such as birth certificate, social security card, or banking information, a virtual private network would secure all of that information by tunneling the bits and making it much harder to intercept any of the information provided.
The next topic is (WDS) wireless distribution systems, the definition is enabling the wireless distribution of access points. This allows multiple access points to expand your wireless network without the wired infrastructure. This option saves MAC addresses of clients across access points, this provides access point-to-access point connectivity. There are two modes of WDS, the first is wireless bridging, which allows access point-to-access point to communicate with each other, yet do not allow wireless stations. The second mode of WDS is wireless repeating. This allows access point-to-access point to communicate with wireless stations and each other.
When it comes to mobile wireless security, there are many things that can keep you safe. Currently I have an IPhone 4s, which I keep a passcode on, which is generally not the safest for of security, but I don’t keep important documents or PII on my device, so this is not a huge concern for me. Most other and newer phones provide

different and better forms of security. For example, Apple has come out with the iPhone 5s, equipped with the technology of a fingerprint scanner. The fingerprint scanner was a great idea and provide much more security than the standard passcode/password format. After 5 wrong attempts with the fingerprint scanner, you are asked to provide an additional 4 digit pin code, if you set your device up in that manner. There have been plenty of studies showing how much of a better security option this is opposed to others. “Hackers” can theoretically guess your passcode every 1 in 10,000 tries. With all of the password cracking techniques out, there really isn’t a need to even guess passwords anymore, the application does all of the work for you. With the fingerprint scanner there is a 1 to 50,000 fail rate. There has been talk that some mobile companies are searching around for the benefits of creating kill switches on all cell phones, so far the data that has come up is, this is said to save $2.6 billion dollars a year on lost and stolen phones. This means that if someone steals, or finds a lost phone, there is no more use for it. As of right now, companies without and some with sim cards allow a stolen phone to still be sold. The service is stopped but the phone can still be used by someone else. This idea would most likely stop the theft and sale of stolen cell phones, making the phone useless, and in the end save everyone money. When dealing with mobile wireless security, something to point out is SMS messaging. The standard messaging system through the carrier is not a secure

messenger. None of the data being sent is encrypted in any way, and since all of this information is wireless, it makes it very easy for the information to be stolen. Introduced through applications for smartphones in the past 3 years or so has been IP based peer-to-peer messaging. A current example of peer-to-peer messaging would be the blackberry, in which the blackberry uses the instant messaging type interface to let everyone that has a blackberry contact each other, without any additional costs to them. Another, but different example of peer to peer messaging would be, the applications able to be downloaded on most providers’ application stores. One example of said applications would be “bitmessage”, which allows users to “send secure, encrypted, peer-to-peer instant messages.”(Ravenscraft, 2013).
A different example of peer-to-peer communication would be WhatsApp, Kik, and text me, these are all examples of peer-to-peer applications. All of these applications have the blackberry style interconnected interface, that allows messaging to multiple people, and also you can update your status on other social media websites like Facebook, Myspace, or twitter, while being connected through instant messaging. Apple also has their own peer-to-peer service, called iCloud messaging. This allows everyone with an apple product (IPhone, IPad, and IPod) to communicate with each other through mobile data and Wi-Fi through P2P messaging at no additional cost to the user. This is a very handy feature to have with apple for me, especially being in a different country and having high data rates for SMS messaging someone in the state, this option allows me to bypass the high mobile bill rate.

Information has been released saying that on all of the mobile carriers and cell phone providers come to an agreement, there will be one overall P2P messaging system that supports all platforms and connects everyone together. This would make more sense to be able to have any platform, yet contact anybody, but since there will always be rivalry’s, it is not said to come in to effect anytime soon, unless sells go even for all carriers. It would be a nice way to keep everyone connected.
Since mobile phones have become almost an equivalent to cheap computers, in terms of processing power and RAM, the sales have mobile phones have gone up and the sales of PCs’ have gone down 12%. Since most people use laptops and the mobile industry in a sense taking over, the only use for a PC is for gaming now-a-days. The sales of laptops have also increased, not nearly as much as the tablet sales, which has gone up 20% in the past year. With these numbers, no one see’s the PC lasting much longer.
With all of our newest technology being wireless, this presents the option of implementing Bring your own device (BYOD) to companies. This option from a security standpoint has it pros and cons. For example, using personal devices to access company information, and going home to where this information can be stolen off of most people’s lack of security from their home networks, isn’t a very smart idea. However, if the amount of information is limited to what people can access while under the bring your own device rule, then it may make sense to implement these sort of changes. The positive effect of this is, it boosts company morale, knowing that you can

use your own personal device to get your work done. This is why many companies are looking into implementing this idea into the work place. The thing needed to make this happen is to limit what information everyone can use and store on their own personal equipment, make sure they have all of the security aspects covered on their part, such as passwords and to make sure all of the data being taken is encrypted, and last making sure that if they view these files at home, that they have a secure enough network to do so. After Bring your own device (BYOD) there will be a new implementation called Join our cloud (JOC), this implementation will focus on network, application, and content that will build an workforce that is interconnected, without worrying about what has control over devices. This is a simple way for workers to get an easy understanding of company policies, and also access resources that happen to be shared across the company. With the amount of processing power they already have and rising, I believe that there will soon be a way to implement working on our smartphones. All of the readily available applications pretty much allow our mobile phones to do the same thing as laptops and PCs’, since that is the case, working on your phone to get things accomplished would be and easy way to get work done, without being distracted by opening multiple tabs to surf the internet. I believe that this will be the next role in how companies run businesses, and this may be a promising factor with the younger generation, and them being somewhat attached to their phones.

Conclusion
With the way security is being implemented on our home network, everyone seems to be lacking, yet it doesn’t seem to be a concern in the world for most people. As wireless security becomes more and more unstable, there will be a call for a higher standard for more than WPA2 on our home based networks, and more than just passcodes on our mobile devices. As implemented, the fingerprint scanner is pretty much fool proof, yet only around 20% of users with that secure technology actually use it. It takes the attention of getting information stolen for anyone to realize it is time have more security for all of your devices.

References
Michael, Cooney. (September 21, 2012). 10 Common mobile security problems to attack. Retrieved from http://www.pcworld.com/article/2010278/10-common-mobile-security-problems-to-attack.html

Melanie, Pinola. (n.d.). How to encrypt the data on your android phone or iPhone. Retrieved from http://mobileoffice.about.com/od/mobile-devices/a/How-To-Encrypt-The-Data-On-Your-Android-Phone-Or-Iphone.htm

Unknown (August 15, 2014). Securing smartphones. Retrieved from http://help.unc.edu/help/encrypting-cell-phones/

Ian, Paul. (October 15, 2013). Security to go: Three tips to keep your mobile data safe. Retrieved from http://www.pcworld.com/article/2052810/security-to-go-three-tips-to-keep-your-mobile-data-safe.html

Robert, Baldwin. (October 26, 2013). Don’t be silly. Lock down and encrypt your Smartphone. Retrieved from http://www.wired.com/2013/10/keep-your-smartphone-locked/

It business edge. 2014. Top 10 Strategic Trends for 2014. [ONLINE] Available at:http://www.itbusinessedge.com/slideshows/top-10-strategic-technology-trends-for-2014-04.html. [Accessed 24 May 14].

Sarah Smith. 2014. Telecommunication Electronics. [ONLINE] Available at:http://www.prnewswire.com/news-releases/telecommunication-electronics---global-trends-estimates-and-forecasts-2011-2018-250784571.html. [Accessed 24 May 14].

MDSL BLOG. 2014. World leading Technology Lifestyle. [ONLINE] Available at:http://www.mdsl.com/resources/mdsl-blog/latest?limitstart=0. [Accessed 01 May 14].

Craig Wittington. 2014. 2014 outlook on telecommunications. [ONLINE] Available at:http://www.deloitte.com/view/en_US/us/Industries/industry-outlook/839e85e47142b310VgnVCM2000003356f70aRCRD.htm. [Accessed 16 April 14].

Huawei. 2014. Telecom industry trends in the next decade. [ONLINE] Available at:http://www.huawei.com/en/about-huawei/publications/communicate/hw-080991.htm. [Accessed 15 May 14].

RCR Wireless. 2014. Blackberry moves beyond mobile devices. [ONLINE] Available at:http://www.rcrwireless.com/article/20140523/mobile-minute/blackberry-moves-beyond-mobile-devices-rcr-mobile-minute/. [Accessed 23 May 14].