Wireless Network Security Wireless networks in personal homes are becoming more and more popular. With the ease of using no wires and the signal being broadcasted throughout the house, the new printers coming out that are network ready, and along with the new gaming systems like Playstation 3 and Xbox 360 all have wireless network settings. A wireless network is the most vulnerable network out if the precautions of taking time to set up the security properly. Everyone saves personal important information on their computer systems. When there is a wireless network with the settings not set right the computer system is fair game for any, who would like to look at information stored on the computer system. Viruses are not the only thing to protect against. Outsiders or even a neighbor can easily get into a computer’s information though a wireless network. Identity theft can even get implemented with wireless security, if you have a lot of personal information. Credit card information and bank account information can all be stolen from the system and then used for evil. Not only are personal homes affected, but businesses can be too. WarDriving is a big fad among the computer ‘hackers.’ WarDriving came from the movie “WarGames” staring Matthew Broderick. In the movie he did what was called “wardialing”. Wardialing is to keep dialing numbers that would access a computer system’s modem until you find a modem and gain access. WarDriving is where someone can drive around in a vehicle and use GPS software to map out access points (AP). Some people take WarDriving further and start accessing wireless networks using other peoples’ bandwidth and/or stealing information off the computer. There are many different programs out there used to see the wireless networks in range. One of the most popular is NetStumbler. NetStumbler scans areas using the wireless network card to find APs. Once it finds those, a GPS device is used to approximate the coordinates of the AP. This program also informs if there is an encryption on the network or not. Encryption would refer to wired equivalent privacy (WEP), WEP2, WEPplus, Wi-Fi protected Access (WPA), WPA2, and Internet Protocol security (IPsec); which we will get into later. Also many routers come with Media Access Control (MAC) address filtering, which we also will get into. There are many forms of WarDriving: WarWalking, WarSpying, and piggybacking. WarWalking is the same form of WarDriving but what you are doing is walking instead of driving around in a vehicle. With the ease of portability now of all the new technologies; PocketPCs, Nintendo DS, and PSP, WarWalking is doable without the use of a laptop computer. Piggybacking is where the law comes in. With WarDriving comes piggybacking, not always, but most of the time. Piggybacking is where WarDrivers or WarWalkers connect to a wireless network without the consent of the owner’s network. That is also where security issues come in and need to be handled. Where there is no distinct law in the United States saying that WarDriving is illegal, there has never been a lawsuit with WarDriving involved, and they have all been because of hacking into networks with out permission. WarSpying is when a WarDriver gets curious and finds a wireless video camera and hacks into the feeds and watches what the camera is taping or the stored data that the camera has already taped. Now that wireless security is a must, a wired network can be at the same risk a wireless one is. All the new laptops that are being produced come equipped with a wireless network card. Most companies don’t want to deal with the wireless network insecurities, so still have wired networks. But it is possible for a hacker to hack the wireless card on a laptop and gain access to the wired network just as it were a wireless network.

The first thing to start securing a wireless network would be changing the default password to the router and the Service Set Identifier (SSID). That is always the first mistake because the default passwords for every router can be found on the Internet. If the default password wasn’t changed and all the rest of the settings were changed then the WarDriver can reset all the settings on the router then gain access to the computer systems on the network. The WarDriver can also gain access and change all the router settings to where the owner cannot connect to the router or change the settings back on the router. Changing the SSID would make it harder for the outsider to find out what wireless router is being used. Most companies have them set to certain names when shipped out; Linksys has a SSID of “linksys” when it is shipped out. Therefore, giving the outsider a hint you are using a Linksys router and then able to find the default password for the router. Encryption is optional in a wireless network to keep outsiders out. The first in encryption is WEP; it was released in 1997. WEP was created to maintain the privacy like a normal wired network by encrypting every packet sent over the network. WEP uses a “secret” key that is shared between computer systems or anything that might be wireless and a router or AP. The key is used to encrypt the packets being sent over the network; also an integrity check is used to make sure that there weren’t any packets modified while being sent over the network. As routers and receiving network cards became more advanced, the WEP keys became able to but a higher bit. The most common bit size is 128-bit, but some companies offer a 256-bit WEP key to be used. A 128-bit key is 26 hexadecimal characters long key. Each character signify 4 bits of the key, 4 times 26 will give you 104 bits. The WEP encryption always uses 24-bit initialization vector (IV) to finish making the key. So then you add the 24 IV to the 104 bits and would leave you with 128-bit encryption. Unfortunately, WEP is considered the least secure in a wireless network. The reason is that WEP is based on the “Rivest Cipher 4” (RC4) which was created by Ron Rivest in 1987. RC4 is a pseudorandom stream of bits which is paired with plaintext and decryption is used the same way. Since RC4 is a stream cipher, the same traffic key can never be used twice transmitting over the wireless network. The job of the IV is to stop any repeating. The 24-bit IV is not long enough to make sure of this on an active network. But there is a fifty percent chance that the same IV will be repeated after 5000 packets. In 2001 a few guys; Scott Fluhrer, Itzik Mantin, and Adi Shamir published a cryptanalysis of WEP that exploits the way RC4 cipher and IV are used in WEP. Which were implemented into cracking programs which can crack a WEP key in two minutes or less. Depending on the network with data streaming across, enough IV can be gathered to crack the WEP key, if there is a lot of activity enough can be grabbed in ten minutes to forever. The only thing that slows down the process is having a longer bit key and how much data is being transmitted over the network. In 2005, the US Federal Bureau of Investigation gave a display where they cracked a network in three minutes. Since WEP was a failure, WEP2, WEPplus, and WPA were created. WEP2 is based on the same as WEP but has an enlarged IV bit value and an obligatory 128-bit encryption. The only problem is that WEP2 is still vulnerable to WEP attacks and will just slow the attacker down since they key is longer. It isn’t considered anymore secure than WEP. WEPplus (WEP+) was created to be an improvement over WEP to avoid “weak IVs”. It is only successful when WEP+ is used on both ends of the wireless network. It is possible that attacks against WEP+ will be found, but for now remains secure. WPA was intended to take the place of WEP. WPA is created to work with all wireless network cards, but not with the first generation wireless APs. WPA is a build on for WEP which increases the authentication and encryption features of it. It was created for the failing of WEP. One of the key technologies in WPA is the temporal key integrity protocol (TKIP), which addresses the encryption weakness of WEP. TKIP uses a master key at the starting point and then obtain its encryption keys mathematically from the master key, and then TKIP frequently changes the encryption keys so that the same key is never used twice. WPA uses a style called pre-shared key (PSK) that requires only a single password entered to each wireless component. Once the password is entered, the TKIP starts its business and generates and changes the WEP keys automatically. WPA still uses the RC4 stream cipher with a 128-bit key and 48-bit IV. There is a cyclic redundancy check used in WEP which is not secure, it’s possible to alter the payload and update the message cyclic redundancy check without knowing the WEP key. But Message Integrity Code (MIC) is used in WPA, along with the Michael algorithm, which is more secure. MIC includes a frame counter, which stops replay attacks being done. WPA still requires the user to set up the security but makes it easier than setting up a WEP key since there are so many different companies with different mechanisms. Sadly, there are still people who want access a network there for nothing is ever safe. With WPA outsiders can use a brute force dictionary attack. A dictionary attack is a text file with list beyond lists of words that might be a password. The only thing is that it is going to take some time for the whole list to go through and try a password. If your password is nothing of the ordinary, then it may never be cracked and your network is safe. But because of making the size of keys and IVs bigger, dropping the number of packets sent with related keys, and adding a secure message, it makes cracking WPA a lot more work. WPA2 is the final version of IEEE 802.11i and is based on the same technology WPA is but it has a new algorithm, AES-CCMP that considers it fully secure. WPA2 also uses RADIUS (which will be explained later) servers and preshared key based security. All the new aspects of WPA make it choice for wireless encryption. IPsec secures the wireless network by encrypting and authenticating each IP packet. There are two steps of IPsec which are: transport mode and tunnel mode. The transport mode the message of the packet is encrypted which can only be done over a local area network (LAN). Tunnel mode the entire packet of the IP is encrypted but can be used over a LAN or the Internet. IPsec has a few new protocols, which would be Authentication Header (AH), which gives authentication of the sender and Encapsulating Security Payload (ESP) which adds encryption of the data to make sure of confidentiality. IPsec also has a payload compression before it encrypts the data. Usually, encryption doesn’t allow full compression before the data transition. With this, compressing the data before the encryption, IPsec fixes this. IPsec can be used to make virtual private networks (VPN) in either mode. Generally IPsec is included in the kernel of an operating system and needs some setting up. MAC address filtering is one of the best options for a wireless network. Everything on a network has a MAC address. A MAC address is the hardware address used to uniquely identify each device on a network. With the original designers of Ethernet thought to use a 48-bit address space, which mean, 2 to the 48 power which will give you 281,474,976,710,656 different MAC addresses. The addresses can be a “universally administered address” or “locally administered address.” The “universally administered address” is a unique code that is assigned to a device by the manufacturer. The IEEE expects the MAC-48 and EUI-48 space to be beat around the year 2100 and the EUI-64s are not expected to run out in the near future. A MAC address is in hexadecimal and is usually separated by a colon or a dash. Every network card has this address on it somewhere. If a laptop, it’s on the bottom of the laptop somewhere, if you look at a router, it will be on a sticker somewhere on the router. MAC address filtering is used to only keep those on the list access to the network. The way to enable MAC filtering is to gain the MAC addresses of the users going to be connected to the network. Either by looking at each network device and obtaining the address from the bottom or on the sticker, or by enabling the network for the users to connect, then see which MAC addresses are on the list and write them down. Once the list of the systems that access should be allowed has been obtained, the addresses can be placed into the agent that allows access and turn on MAC filtering. Only those who have the MAC address enabled will be able to connect to the network discarding any outsiders that want to break in. If the MAC addresses were written down anywhere, make sure to discard those in a good fashion, like shredding. Nothing is full proof, though manufactures “burn in” the MAC addresses, there are programs and ways to “spoof” the MAC address. So if one wanted access now, all needing to be done is spoofing the MAC address. In Linux there are a couple of commands to change the MAC address. For Apple and Windows, there are programs to do this for you. Since there are so many different possible MAC addresses, one just guessing a MAC address is impossible. Since there are these programs to listen in, guessing doesn’t have to be, the hacker can listen on the network and can sniff out the MAC that has access to the system. There are a few other features to talk about for a wireless network. One is a static IP, if the IP assignment were disabled, then set by hand instead of having it done automatically. It makes getting into a network much harder for an outsider. Also if the subnet size was reduced from one of the standards to something that is absolutely necessary and the unused IP addresses are blocked by the router or APs firewall. The only way an attacker can get in is using a “Man in the Middle Attack.” This attack is where a cracker sets up a virtual AP on its computer and gets the other users to connect to that soft AP. After this is done, the cracker can then connect to the real AP through another wireless card on the network. Then can access important information from the computer systems. The Man in the Middle Attack is becoming easier to be done, with programs that are available on the Internet to automatically drop the users of an AP and make the wireless systems connect directly to the crackers soft AP. Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization and accounting) protocol used for remote network access. RADIUS was made to keep the crackers out, the RADIUS server was made to act as a porter through the use of using usernames and passwords that is set up by the user. The RADIUS server can also be set up to have restrictions and recording what is going on with the network, whether anyone is connecting that shouldn’t be and whatnot. Now that everything is brought out, there are successful steps in creating a secure wireless network. First of all, changing the SSID and log in password to the router or AP, since most crackers know what the default SSID is and the password to pair it with; that is never good. Your second attempt would be turning on the encryption whether it being the best (WPA2) or the weakest (WEP), something is good and going to affect the network. Disabling any file sharing makes it harder for a cracker to get access to files if they aren’t shared over the network. Turning on MAC filtering with the encryption helps a lot, incase the encryption is cracked, then the cracker has to bypass the MAC filtering which would take them longer to gain access and make them want to move to another network possibly. By also disabling the SSID broadcast, would make it harder to connect to a network since the SSID is needed to connect to a network in the first place. Though it won’t help completely, like everything else, it will slow them down which would require more time to find out the SSID, generally if you are targeted for a reason, no one would want to spend that much time to gain access to your network. Some routers and APs come with lots of tools; some can even reduce the range the signal is transmitted, which makes it harder to get a good signal from the base station. If wanted to test the strength of a network, there are a few programs that can be looked at, one is aircrack, which is used to crack WEP and WEP2 encryptions. Finding a dictionary of words to use on a WPA encryption can be found on the Internet then using any kind of brute force software to use the dictionary to crack the WPA password. Looking into MAC spoofing programs to play with and see if one of the other MAC addresses on the network can be duplicated and used with another computer. Along with spoofing, using a program like SMAC to sniff out a MAC address on a wireless network, then to spoof the address onto the wireless card. With these tools, making a secure network should be easy since it can be tested first. If you are up on your technology and are beginning to get those expensive printers that are coming out with the wireless ready, or the new gaming consoles that have the wireless capability then now everything can become secured. If you own a business or are part of a business, these security options might want to be implemented to save personal data for the company. Since there is something personal on every network, the settings for the network need to be set right to stop information leaking into the wrong hands and preventing identity theft. Keeping credit card and bank account information secure and not shared over the network helps out. Teaching employees in companies can greatly help out the security of the company. Like talked about earlier, if the laptop an employee is using on a wired network, has the wireless enabled, it’s potentially putting the company at risk. Most companies carry a lot of personal data on their network, from employee’s personal files, to corporate files that are confidential. So if an employee knows what is at risk, then they might take the precautions to not let out any of their personal information they have stored on their computer. Playing around with all the programs discussed, NetStumbler which can be obtained through the Internet will show you all the secure and insecure wireless networks in the area. Finding the manual for the router or AP will explain where to find the features discussed and how to set them up for that specific router. Then to use the programs discussed for cracking to test the security level of the network. Most people who work from home for a big corporation will discover that a secure wireless network or network is needed before any logging into servers can be done to accomplish work. Now that we know the WarDrivers aren’t the ones to be looked out for, but the ones who are “piggybacking” and doing malicious things to connect to a wireless network without permission. Since how to set up a secure wireless network was explained, now all that needs to be done is action. We know that nothing is completely secure but every little bit helps. But if there happens to be a car with an antenna and maybe dark tinted windows out in front, some abnormal activity going on with the network; a baseball bat might be in order to take care of the rest of the security problems.

Works Cited
Bradley, Tony. “Introduction to Wireless Network Security.” About. 2006. About, Inc. 20 Oct. 2006 .
Conklin, Arthur, Wm., et al. Principles of Computer Security. Burr Ridge: McGraw Hill, 2004.
Enterprise Wireless LAN Security & WLAN Monitoring. 2006. AirDefence. 21 Oct. 2006 .
Flickenger, Rob. Wireless Hacks. Sebastopol: O’Reilly, 2003.
Mitchell, Bradley. “WPA - Wi-Fi Protected Access.” About. 2006. About, Inc. 17 Oct. 2006 .
Outmesguine, Mike. Wi-Fi Toys. Indianapolis: Wiley, 2004.
The Cable Guy. “Wi-Fi Protected Access 2 (WPA2) Overview.” Microsoft. 7 June 2006. Microsoft. 19 Oct. 2006 .
“Wireless security.” Wikipedia. 9 Oct. 2006. Wikipedia. 16 Oct. 2006 .