1 Wireless Network Attacks1. Man in the Middle Attack:It is possible for hackers to trick communicating gadgets into sending their transmissions to the attacker’s device. Here they can file the traffic to view later (like in packet sniffing) or even exchange the contents of files. Numerous kinds of malware may be inserted into these packets, e-mail content could be changed, or the traffic might be dropped in order that communication is blocked (CESCA, 2016). Fig: Man In the Middle Attack2. Encryption Hacking – WEP/WPA Attack: Threats on wi-fi routers may be a big trouble. Older encryption requirements are extraordinarily vulnerable, and it’s clean to gain the access code in this situation.
as soon as someone’s in your network, you’ve misplaced a extensive layer of security. APs and routers are hiding your IP address from the broader internet using network address Translation (except you operate IPv6). This successfully hides your private IP address from the ones outside your subnet and allows save you outsiders from being able to immediately attack you (CESCA, 2016).3.3.2 Proposed Solutions1. EncryptionEncryption can be defined as the process of converting the electronic data to another form which can’t be easily understood by anyone except for authorized people. Data which is encrypted is known as cipher text, and data which is not encrypted is known as plaintext.
The main purpose of utilizing encryption mechanism is to prevent confidentiality of digital data placed on the computer system or transmitted by the network. (Margaret Rouse, 2009).§ Wi-Fi Protected Access 2 – WPA2For the secured wireless internet connection, we recommend the clinic and telecentre to use WPA2, Wi-Fi Protected Access 2. WPA2 (Wi-Fi Protected Access 2) is a network security technology commonly used on Wi-Fi wireless networks.
It’s an upgrade from the original WPA technology, which was designed as a replacement for the older and much less secure WEP. WEP WPA WPA2 Name: Wired Equivalent Privacy Wi-Fi Protected Access Wi-Fi Protected Access 2 Encryption: WEP/RC4 TKIP/RC4 CCMP/AES Data integrity: CRC-32 Michael Algorithm CCM Key Rotation: None Dynamic Session Keys Dynamic Session Keys Main Characteristic: Use Static Key Use Dynamic Key Use Dynamic Key Security Level: Weak Strong Strongest Ø Comparison between different types of Encryption Methods:(Sari and Karay, 2015)WPA2 is used on all certified Wi-Fi hardware since 2006 and is based on the IEEE 802.11i technology standard for data encryption combining this WPA2 with the IEEE 802.1X port-based authenticated protocol for access control should eliminate most security worries. When WPA2 is enabled, it uses, AES (Advanced Encryption Standard) with its strongest encryption option, anyone else within range of the network might be able to see the traffic but it will be scrambled with the most up-to-date encryption standards (Mitchell, 2017). WPA2 includes two authentication modes which is Personal and Enterprise, for the WPA2-Personal it generates a 256-bit key from PSK (Plain-Text Pass) or pre-shared key. The PSK form a mathematical basis for the PMK (Pairwise Master Key) this is used to initiate a four-way handshake and generate PTK (Pairwise Transient Key) or session key between the wireless user device and access point.
For the WPA2-Enterprise, WPA2 used control access on a per-account based on authenticating username and password for credentials. Authentication occurs between the station and central authentication server. To manage this, framework 802.
1x is required which supports user and machine authentication with port based control that works for both wired switches and wireless access points (Information Week, 2006).TP-Link router supports WPA2 encryption standard, and that is why our team has chosen it. With this router encryption protocols, Bario Society will have a strongly secure wireless network.2. AuthenticationIt is a procedural method which it is utilized to identify individuals based on the username and password.
This process would allow authorized users to access to the system objects in term of their level of authorization. Authentication can help for enhancing the security of wireless networks and wired Ethernet networks. It is vital to deploy secure methods for authentication and encryption, so the network can only be accessed by those people and devices which are authorized (Margaret Rouse, 2015).
Wi-Fi Alliance Security Mechanism Authentication Mechanism Cipher Suite Encryption Mechanism 802.11 Standard Open System or Shared Key WEP RC4 WPA Personal WPA Passphrase (WPA Pre-Shared Key) TKIP RC4 WPA Enterprise 802.1x / EAP TKIP RC4 WPA2 Personal 802.11i WPA Passphrase (WPA Pre-Shared Key) CCMP (by default) / TKIP (optional) AES (by default) / RC4 (optional) WPA2 802.11i 802.1x / EAP CCMP (by default) / TKIP (optional) AES (by default) / RC4 (optional) Ø Comparison between different types of Authentication Methods:(Lecture Slides)§ Extensible Authentication Protocol (EAP): EPA is known as a protocol for a wireless network, and it is an extension of (PPP) Point-to-Point Protocol.
EAP provides multiple authentication mechanisms, such as smart cards, token cards one-time password, certificates, and public key authentication. This method of authentication is mostly used by enterprises because it gives the highest level of security to the wireless network. By utilizing the Extensible Authentication Protocol (EAP) to be interacted with an EAP-compatible RADIUS server, the access point associates a wireless user device and the RADIUS server to perform mutual authentication and derive a dynamic unicast WEP key. The RADIUS server transmits the WEP key to the access point that utilizes the key for all unicast data signals which the server transmits to or receives from the user. The access point also encrypts its broadcast WEP key with the user’s unicast key and transmits it to the user (Margaret Rouse, 2005).It works in a way when The RADIUS server will send an authentication challenge to the user, and the user will use a one-way encryption of the user-supplied password to send that message to the RADIUS server.
By utilizing the information from the user database, the RADIUS server will create its own message then compare that with the user message. When the server will authenticate the user, the user will authenticate the server in a reverse process. When mutual authentication will be completed, the server and the user will set a WEP key which will provide the user with the suitable level of network access. How does EAP authentication works? The user will load they key to use it for the logon session. While the logon session, the RADIUS server will encrypt and transmit the WEP key, which is known as a session key, through the wired LAN to the access point. The access point will encrypt its broadcast key via the session key and transmit the encrypted broadcast key to the user, which utilizes the session key to decrypt it.
The user and access point will activate WEP and utilize the session and broadcast WEP keys for all communications while the remainder of the session. In simple words we can say that, when a client sends a request message for connecting to a wireless network, the access point asks the client for identification data, and that will be transmitted to an authentication server. Then, the server will ask for a proof of the validity of the identification data from the access point. When the access point has got the proof from the client, then it will be sent back to the server to complete the authentication (Sean Wilkins, 2011).This type of authentication is commonly used by companies, and we will be implementing on the new wireless network of Bario Society due to its high level of security mechanism.