Problems of security of wireless networks. Purpose of Bluetooth, general principles of building Bluetooth networks, Data transfer in Bluetooth, protocols

SECURITY ISSUES OF WIRELESS NETWORKS.
METHODS AND WAYS TO PROTECT WI-FI NETWORKS.
REALITIES AND PROSPECTS.

Andrushka Igor, Design Engineer of the Department of Applied System Research of the Information Society Development of the Center for Applied System Research of the Information Society Development SE “Registru”

Introduction

Over the past few years, wireless networks have become widespread throughout the world. And, if earlier it was mainly about the use of wireless networks in offices and hot spots, now they are widely used both at home and for the deployment of mobile offices (on business trips). Wireless access points and wireless routers are sold specifically for home users and small offices, and pocket wireless routers for mobile users. However, when deciding to switch to a wireless network, one should not forget that at the current stage of their development, they have one weak spot. It's about wireless security.

General description of the problem

The security of a wireless network includes two aspects: it is protection against unauthorized access and encryption of transmitted information. We note right away that it is impossible to solve them today with a 100% guarantee, but it is possible and necessary to protect yourself from all kinds of "amateurs". After all, wireless equipment and software by default contain certain security features, it remains only to use them and configure them correctly. However, before proceeding to the evaluation of these funds, we present several facts confirming the acuteness of the problem.
If you look at the results of a survey of top managers of IT companies, conducted by Defcom, an interesting picture emerges. About 90% of respondents are confident in the future of wireless networks, but they postpone it for an indefinite period due to the weak security of such networks at the present stage. The equilibrium, in terms of security between wired and wireless networks, will come, in their opinion, only in 3-5 years. And more than 60% claim that insufficient security seriously hinders the development of this direction - there is no trust, respectively, many do not risk abandoning time-tested wired solutions.
So, let's go directly to the methods and means of ensuring the security of wireless connections.
Every wireless network has at least 2 key components: a base station and an access point. Wireless networks can operate in two modes: ad-hoc (per-to-per) and infrastructure. In the first case, network cards communicate directly with each other, in the second, with the help of access points that serve as Ethernet bridges.
The client and the "point" must establish a connection before transmitting data. It is not difficult to guess that only three states can exist between the point and the client:

- "authentication failed and the point is not recognized";
- "authentication passed, but the point is not recognized";
- "authentication accepted and point attached".

It is clear that data exchange can only take place in the third case. Before the connection is established, the parties exchange control packets, the “access point” transmits identification signals at a fixed interval, the “client”, having received such a packet, starts authentication by sending an identification frame, after authorization, the “client” sends an attachment packet, and the “point” sends an attachment confirmation packet wireless "client" to the network.

Protection Mechanisms

The fundamental standard for building this type of network is the 802.1 standard. This standard for wireless networks provides several mechanisms to ensure network security. Among them, the most used are the following:
- Wired Equivalent Protocol, or WEP, developed by the author of the 802.1 standard. The main function of WEP is to encrypt data during transmission over the radio and prevent unauthorized access to the wireless network. By default, WEP is disabled, but you can easily enable it and in this case it will begin to encrypt every outgoing packet. WEP uses the RC4 algorithm for encryption.
- WEP 2 - introduced in 2001 after the discovery of many holes in the first version, WEP 2 has an improved encryption mechanism and support for Cerberus V.
- Open System Authentication is the default authentication system used in the 802.11 protocol. Actually, there is no system as such - anyone who requests passes authentication. In the case of OSA, even WEP does not help, because in the course of experiments, it was found that the authentication packet is sent unencrypted.
- Access Control List - not described in the protocol, but used by many as an addition to standard methods. The basis of this method is the client Ethernet MAC, which is unique for each card. The access point restricts access to the network according to its list of MAC addresses, there is a client in the list and access is allowed, no means no.
- Closed Network Access Control - it's not much more complicated: either the administrator allows any user to join the network, or only the one who knows her name, SSID can enter it. The network name in this case serves as a secret key.

Types of attacks on Wi-Fi networks.

Access Point Spoofing & Mac Sniffing - The access list is quite usable in conjunction with the correct identification of users in this list. In the case of the MAC address, the Access Control List is very easy to overcome, because. such an address is very easy to change (wireless network cards allow you to programmatically change the MAC address) and even easier to intercept, since it is transmitted in the clear even in the case of WEP. Thus, it is elementary to break into a network protected by the Access Control List and use all its advantages and resources.
If the intruder has his own access point in the stash, there is another possibility: an Access Point is installed next to the existing network: if the hacker's signal is stronger than the original one, then the client will connect to the hacker, and not to the network, transmitting not only the MAC address, but also password and other data.
- WEP Attacks - clean data is integrity checked and a checksum is issued (integrity check value, ICV). The 802.11 protocol uses CRC-32 for this. The ICV is added to the end of the data. A 24-bit initialization vector (IV) is generated and a secret key is "attached" to it. The resulting value is the source for generating a pseudo-random number. The generator produces a key sequence. The data is XORed with this key sequence. An initialization vector is added to the end and the whole thing is broadcast.
- Plaintext attack - in such a hack, the attacker knows the original message and has a copy of the encrypted response. The missing link is the key. To obtain it, the attacker sends a small piece of data to the "target" and receives a response. Having received it, the hacker finds the 24-bit initialization vector used to generate the key: finding the key in this case is just a brute force task.
Another option is the usual XOR. If a hacker has sent plain text and its encrypted version, then he simply XORs the cipher and receives a key at the output, which, together with the vector, makes it possible to “load” packets into the network without authentication at the access point.
- Reuse of the cipher - the attacker extracts the key sequence from the packet. Since the WEP encryption algorithm allocates quite a bit of space per vector, an attacker can intercept the keystream using different IVs, creating a sequence of them for himself. Thus, a hacker can decrypt messages using the same XOR; when the encrypted data goes over the network using the previously generated key streams, they can be decrypted.
- Fluther-Mantin-Shamir attack - a hacker can use vulnerabilities and with the help of specialized software, you can get both a 24-bit WEP key and a 128-bit WEP 2 key.
- Low-Hanging Fruit - this type of attack is designed to extract unprotected resources from unprotected networks. Most wireless networks are completely unsecured, do not require authorization, and do not even use WEP, so a person with a wireless network card and a scanner can easily connect to an Access Point and use all the resources it provides. Hence the name - low-hanging fruits that are easy to pick.
How do you secure networks? The main ways to protect networks include the following:
1. MAC address filtering: in this case, the administrator makes a list of MAC addresses of clients' network cards. In the case of several APs, it is necessary to provide that the MAC address of the client exists on all, so that he can freely move between them. However, this method is very easy to defeat, so it is not recommended to use it alone.
2. SSID (Network ID) - use of the system of network identifiers. When a client tries to connect to the AP, a seven-digit alphanumeric code is transmitted to it; using the SSID tag, you can be sure that only clients who know it can connect to the network.
3. Firewall: Network access must be done using IPSec, secure shell or VPN, the firewall must be configured to work with these network connections.
4. AccessPoint - the access point must be configured to filter MAC addresses, in addition, the device itself must be physically isolated from others. It is also recommended to configure the point via telnet only, disabling browser or SNMP configuration.

Attack of a client device on Wi-Fi networks

Despite the fact that all the same, methods of protection in wireless networks exist, and administrators of such networks should take preventive measures. It should be noted right away that hacking "on the forehead" of such networks is practically impossible, except for denial-of-service (DoS) attacks at the first and second levels of the OSI model. However, there is still some type of attack that wireless networks can be exposed to. The most threatening type of such "bypass attacks" are attacks against unassociated client hosts.
The general idea is as follows:
1. An unassociated client device is found, or the network is flooded with deassociation or deauthentication frames to obtain it.
2. An access point is specifically emulated to connect this host.
3. An IP address is issued, as well as the IP addresses of the fake gateway and DNS server via DHCP.
4. The device is attacked.
5. If it is necessary and remote access to the device has been successfully obtained, the host is “released” back to the “native” network, the “trojan” is previously launched on it.
Starting next year, all laptops and notebooks will have built-in Wi-Fi support. Even now, many client devices already have built-in support for an enabled and constantly searching network for associations, often without the knowledge of their owner. This fact is ignored by most system administrators. Often, IT security professionals look exclusively for rogue access points and ad-hock networks, without paying enough attention to Probe Request frames from “lost” clients.
It would seem, at first glance, that "catching" such clients is not difficult. But a person engaged in this kind of activity needs to have some information. What kind of this information - we will try to disclose.
First, he needs to know according to which algorithm client devices automatically search for networks to connect to. Will they associate with any discovered 802.11 network with a strong enough signal? And if there are several such networks? What will be the basis of their choice? What about networks with a "closed" ESSID and networks secured with WEP or WPA? The answers to these questions depend both on the operating system of the client host and on the wireless hardware it uses, its drivers, and user settings. Consider one of the most used operating systems of the Windows family today.
Windows XP and Windows Server 2003 use the "Wireless Plug and Play Algorithm" (ABS) to establish a wireless connection. This algorithm operates on two lists of 802.11 networks: a list of available networks (ANL) and a list of preferred networks (PLN). The SDS is a list of networks that responded to broadcast Probe Request frames during the last active scan. SPS has a list of networks to which a full connection has been established in the past. The last networks with which the device was associated come first in this list. The description of the network in both lists contains its ESSID, channel and encryption method - "clear text", WEP or WPA. These lists are used as follows in the ABS operation:
1. The client device constructs the RTS by sending broadcast Probe Request frames with an empty ESSID field, one for each of the 802.11 channels in use, and processing the responses to these frames in parallel.
2. If networks are found that are in the SPS, then there is an association with such networks in the order of their location in this list. That is, the client device is associated with the uppermost LMS network that is present in the SDN.
3. If no such networks are found, or successful association with them has not occurred due to differences in 802.11 standards or authentication problems, the ABS "goes around" by sending Probe Request frames specifically to search for networks listed in the MTP. In practice, this means that these frames are sent on the channels of the PCS networks and contain their ESSID. At the same time, the sending of these frames does not depend on the content of the SDS at all. The point of having a "second circle" of the ABS is to look for networks with a "closed" ESSID.
4. If suitable Infrastructure networks are not found, the next step in the search is to find ad hoc networks. To do this, a comparison of ad-hoc networks of SDS and SPS is carried out.
5. If there is at least one ad-hoc network in the SNS, but it is not found in the SDN, the ABS sets the client device to the ad-hoc mode and assigns an IP address belonging to the 169.254.0.0/16 range (RFC 3330) to the wireless interface. Thus, the host becomes the first node of a potential new ad-hoc network and the algorithm finishes its work.
6. If there are no ad-hoc networks in the SNS, then the ABS checks the "Connect To Nonpreferred Networks" flag. If this flag is equal to one, then the client device will attempt to associate with each VTS network in the order in which they appear in the list. For attackers, this flag is zero by default.
7. If the above flag is not enabled by the user, then the wireless card is "parked" as a client with a pseudo-random 32 digit ESSID set. In this state, it functions for 60 seconds, after which the network search algorithm is restarted.
Basically, hacker attacks are always directed at the ABS algorithm itself. Consider the obvious weaknesses of this algorithm. First of all, during the "second round" of the ABS (point 3), the client device actually discloses the content of the PCA. If we imagine a situation where such a host is out of reach of its "native" network. For example, a corporate laptop is taken by an employee at home or on a business trip (and is used at the airport, plane, hotel, and so on). It will not be difficult for an attacker who has discovered such a laptop to determine the first network in the SPS by the ESSID of the frames sent by the Probe Request device, and set exactly this ESSID value on its access point. The same applies to the search for ad-hawk SPS networks. If the first SPS network is secure and requires a WEP or WPA key to connect, the attacker moves down the list and looks for an open network, including ad-hoc WLANs. The probability of finding such a network is quite high. For example, most Wi-Fi hotspots use wireless data protection methods at higher levels of the OSI model, usually at the seventh. Connecting to such networks will leave a description of the "unprotected" (at the 2nd layer) network in the SPS, which can be easily used by an attacker.
This description leads to a second weakness. In the absence of such an ad hoc network nearby (a highly likely scenario, given that ad hock connections are usually established for short periods of time and often with a new ESSID each time), the Windows client will set itself up permanently as an ad hock node, waiting for other clients (point 5). An attacker can easily become such a client, take one of the RFC 3330 addresses, and not broadcast ping or send ARP requests to find the victim's IP address and carry out further attacks. Moreover, such a connection does not require any interaction from the user. It is fully automatic.
Finally, in the absence of non-secure and ad-hock networks in the MTS and the "Connect to Non-Preferred Networks" flag is enabled, the algorithm will achieve setting the client card to "idle mode" with sending Probe Request frames with a long pseudo-random ESSID (item 7). The problem is that these "mysterious" ESSID values ​​are quite "working". That is, it is enough to install an access point with such an ESSID in the neighborhood, and the “client” will safely “bite” on it in order to obtain an IP address via DHCP and be subjected to further attacks. It should be said that this problem has already been fixed in Longhorn, but it is still far from a total transition to this operating system. And now the most important thing: since a network with a long pseudo-random ESSID is not in the SPS, connecting to such a network not only does not require any interaction from the attacked user, but it will not even be shown as existing by the Windows XP wireless indicator. This indicator will indicate that the device is not associated with any Wi-Fi network, and only the Windows network options control panel will show the presence of a connection and an assigned IP address. It should be mentioned that the latest versions of drivers for 802.11a/b/g cards with Atheros chipset, although they send Probe Request frames with pseudo-random ESSIDs, do not support automatic connection to access points configured with such ESSID values.
What should an attacker do if, as was just mentioned, automatic association using pseudo-random ESSIDs is impossible, and the MTN does not contain networks that are not protected at the second level? If the networks to which the attacked device was connected are protected using WPA-PSK or WPA-802.1x using EAP-TLS, which is not matched by the dictionary, then at the moment there are no prospects for successful hacking. If at least one such network has been protected with WPA-802.1x using EAP-TTLS or EAP-PEAP, then it is possible to carry out attacks on these protocols according to the algorithms described by the Shmoo hack group "The Radical Realm of Radius, 802.1x , and You".
Speaking of outdated security mechanisms for 802.11 networks, it is impossible not to mention WEP, beaten by everyone. Attacks on it can also be used against individual client devices whose networks in the PCS are "protected" using WEP. If all ad-hoc networks in the PCA have WEP in their settings, then an arbitrary ad-hoc configuration with an RFC 3330 address, as described in point 5 above, will use WEP. The problem is that such an ad-hock node will not "keep silence" - just remember sending NetBIOS HELLO packets every 2 seconds. Accordingly, this kind of traffic can be successfully utilized to crack the WEP key using various methods, from simple dictionary search using WepAttack to acceleration of cracking by packet injection using Christopher Devine's aireplay (a modified false authentication attack or interactive packet reinjection, with which you can force a single ad-hoc client to send an encrypted ARP packet for subsequent ARP reinjection).
An even more interesting example are clients with a pseudo-random ESSID (item 7) and WEP, which "arise" when all the networks listed in the SPS are secure. The very fact that even if there are WPA-protected networks in this list, WEP is still used - this is already a vulnerability. But, moreover, since the settings of such a network are not defined anywhere and are "self-configured" without user intervention, an attacking access point is able to impose an insecure 802.11 authentication method using a shared WEP key on such clients. By imposing this method, the cracker can send a string with known text to the challenge client device and receive back the same string XORed with the RC4 part of the stream. Thus, by XORing it with the original text, the attacker will know 144 bytes of the RC4 stream for the given initialization vector (IV). This attack has many possible uses. In particular:
- you can send more and more challenge requests until the RC4 cipher stream is opened for all initialization vectors of the 24-bit WEP IV space
- you can attack the received answer with dictionary search using WepAttack and similar utilities
- you can use the known 144 bytes of the stream to reinject packets to the client device using Anton Rager's WepWedgie. A successful reinjection will cause the attacked host to send an encrypted ARP packet, which is easy to intercept and use with aireplay.
In any of the above cases, a single client device requiring a WEP-secured connection is hardly invulnerable.

Conclusion

The security of wireless networks should be given special attention. After all, the wireless network has a large range. Accordingly, an attacker can intercept information or attack the network while at a safe distance. Fortunately, nowadays there are many different ways to protect and, with the right settings, you can be sure of providing the necessary level of security.
In conclusion, I would like to note that the author of the article does not encourage readers to take "active actions" and attacks on the wireless resources of various companies. In this case, the purpose of this article was different, namely: to help system administrators of IT companies secure company resources as reliably as possible from any type of unauthorized access and intrusions.

Bibliography

1. http://www.ferra.ru
2. http://www.denet.ru
3. http://www.cnews.ru
4. Andrey Vladimirov "Attacking client devices on Wi-Fi networks", "Hacking and protection", 2006

Today, it is enough to go to any cafe and start searching for active Bluetooth devices - and immediately there will be two or three phones and PDAs that have access to all files and services without any password. You can also steal a phone book, connect to the Internet via GPRS, and even open a Vietnamese call center from someone else's phone.

The proliferation of wireless networks has led to a host of new information security challenges. Getting access to poorly protected radio networks or intercepting information transmitted over radio channels is sometimes not difficult at all. Moreover, if in the case of Wi-Fi wireless local networks (the IEEE 802.11 family of standards) this problem is somehow solved (special devices have been created to protect these networks, access mechanisms, authentication and encryption are being improved), then in Bluetooth networks (IEEE 802.15.1 standard ) poses a serious threat to information security.

And although Bluetooth is designed to establish communication between devices at a distance of no more than 10-15 m, today many Bluetooth-enabled portable mobile devices are used all over the world, the owners of which often visit places with a large crowd of people, so some devices accidentally end up in close proximity to others. In addition, many of these devices are not configured accurately enough (most people leave all the settings by default), and information from them can be easily intercepted. Thus, the weakest link in Bluetooth technology is the user himself, who does not want to deal with ensuring his own safety. Sometimes, for example, he gets tired of typing a PIN code and other identification mechanisms too often, and then he simply turns off all the protective functions.

Meanwhile, tools have already been created to find vulnerable Bluetooth-enabled devices, and security experts believe that soon the search for vulnerable Bluetooth connections will become as common practice as searching for open Wi-Fi networks. The first Redfang hacking tool to target Bluetooth devices appeared back in June 2003. Redfang bypasses the defenses by launching a powerful aggressive attack to determine the "identity" of any Bluetooth device within the attacker's range. After that, the issue of the security of this technology became even more relevant.

At the same time, if wireless local Wi-Fi networks containing confidential information are in most cases still quite reliably protected by system administrators and information security specialists, then Bluetooth devices are poorly protected. But the rapid spread of the Bluetooth interface raises security issues more and more acutely, and not only users, but also administrators of companies whose employees use the Bluetooth interface should pay close attention to this problem. And the more Bluetooth devices interact with a computer on a corporate network, the greater the need for specific security measures, since the loss or theft of such a device will give an attacker access to sensitive company data and services.

In the meantime, Bluetooth technology shows us an example of how the entire burden of ensuring security falls on the shoulders of the user, regardless of his desire and qualifications.

General principles of Bluetooth operation

Unlike Wi-Fi, Bluetooth is designed to build so-called personal wireless networks (Wireless Personal Area Network, WPAN). Initially, it was planned to develop a standard that allows you to create small local networks and get wireless access to devices within a home, office or, say, a car. Currently, the group of companies involved in the work on the free open Bluetooth specification has more than 1,500 members. According to many experts, Bluetooth has no equal in its niche. Moreover, the IEEE 802.15.1 standard has become a competitor to technologies such as Wi-Fi, HomeRF and IrDA (Infrared Direct Access - infrared direct access). Prior to this, infrared access (IrDA) was the most common technology for wirelessly connecting computers and peripherals. But, unlike IrDA, which operates on a point-to-point basis in the line-of-sight zone, Bluetooth technology was created both to work on the same principle and as a multipoint radio channel.

Initially, Bluetooth transmitters had a short range (up to 10 m, that is, within the same room), but later a wider coverage area was defined - up to 100 m (that is, within the house). Such transmitters can either be built into the device or connected separately as an additional interface.

But the main advantage of Bluetooth, thanks to which it is gradually replacing IrDA, is that direct visibility of devices is not necessary for communication - they can be separated even by such “radio-transparent” obstacles as walls and furniture; in addition, interacting devices can be in motion.

The main structural element of the Bluetooth network is the so-called piconet (piconet) - a collection of two to eight devices operating on the same template. In each piconet, one device operates as a master (master), and the rest are slaves. The master device determines the template on which all slave devices of its piconet will work, and synchronizes the network operation. The Bluetooth standard provides for the connection of independent and even unsynchronized piconets (up to ten) into the so-called scatternet. To do this, each pair of piconets must have at least one common device, which will be a master in one and a slave in another network. Thus, within a single scatternet, a maximum of 71 devices can be connected to the Bluetooth interface at the same time.

Bluetooth security depends on setting

To protect the Bluetooth connection, encryption of transmitted data is provided, as well as the execution of a device authorization procedure. Data encryption occurs with a key, the effective length of which is from 8 to 128 bits, which allows you to set the level of strength of the resulting encryption in accordance with the legislation of each country. Therefore, it should be noted right away that correctly configured Bluetooth devices cannot spontaneously connect, so there are no accidental leaks of important information to unauthorized persons. In addition, nothing limits protection at the level of specific applications.

Depending on the tasks performed, the Bluetooth specification provides for three protection modes that can be used either individually or in various combinations:

1. In the first mode - minimal (which is usually used by default) - no measures are taken to safely use the Bluetooth device. The data is encoded with a shared key and can be received by any device without restrictions.
2. In the second mode, protection is performed at the device level, that is, security measures based on the processes of identification / authentication (authentication) and permission / authorization (authorization) are activated. This mode defines different trust levels for each service offered by the device. The access level can be specified directly in the chip, and in accordance with this, the device will receive certain data from other devices.
3. The third mode is protection at the communication session level, where data is encoded with 128-bit random numbers stored in each pair of devices participating in a particular communication session. This mode requires authentication and uses data encryption/encryption.

The second and third modes are often used simultaneously. The main purpose of the authentication process is to verify that the device initiating the communication session is the one it claims to be. The device initiating communication sends its ID address (Bluetooth Device Address, BD_ADDR). The triggered device sends back a random number as a request. At this time, both devices calculate an authentication response by combining the identifier address with the received random number. As a result of the comparison, either the continuation of the establishment of the connection, or the disconnection (if the recognition answers do not match), occurs.

If someone is eavesdropping on the connection over the air, in order to steal the authentication key, he needs to know the algorithm for deriving the key from the challenge and response, and deriving such an inverse algorithm would require considerable computer power. Therefore, the cost of extracting the key by simply eavesdropping on the authentication procedure is unreasonably high.

As for authorization, it is intended for a recognized Bluetooth device to allow access to certain information or services. There are three levels of trust between Bluetooth devices: trusted, non-trusted, and unknown. If the device has a trust relationship with the initiator, then the latter is allowed unrestricted access to resources. If the device is not trusted, then access to resources is limited to the so-called protective service layers (layer security service). For example, the first protective layer requires identification and permission to open access to the service, the second - only identifications, the third - only encodings. An unknown device that has not been recognized is considered unverified.

Finally, 128-bit data encryption helps protect sensitive information from being viewed by unwanted visitors. Only the recipient with the private decryption key has access to this data.

The device decryption key is based on the communication key. This simplifies the process of generating the key, since the sender and the recipient share secret information that will decrypt the code.

The Bluetooth encryption service, in turn, has three modes:

Mode without coding;

A mode where only the establishment of communication with devices is encoded, and the transmitted information is not encoded;

The mode in which all types of communication are encoded.

So, the protective functions of Bluetooth must ensure secure communication at all connecting levels. But in practice, despite the security provided by the standard, this technology has a number of significant flaws.

For example, a weakness in protecting Bluetooth devices is that manufacturers tend to give users broad powers and control over devices and their configuration. At the same time, modern Bluetooth technology has insufficient means to identify users (that is, the Bluetooth security system does not take into account the identity or intentions of the user), which makes Bluetooth devices especially vulnerable to so-called spoofing attacks (radio disinformation) and the misuse of authentication devices.

In addition, the reliability of device identification is considered a priority, rather than their safe maintenance. Therefore, service discovery is a critical part of the whole Bluetooth scheme.

An extremely weak point of the Bluetooth interface can also be considered the process of primary pairing of devices (pairing), in which keys are exchanged in unencrypted channels, which makes them vulnerable to third-party listening. As a result of intercepting the transmission at the time of the pairing process, one can obtain an initialization key by calculating these keys for any possible password choice and then comparing the results with the intercepted transmission. The initialization key, in turn, is used by the hacker to calculate the communication key and is compared to the intercepted transmission for verification. In this regard, it is recommended to perform the pairing procedure in a familiar and safe environment, which greatly reduces the threat of eavesdropping. In addition, the risk of interception can be reduced by using long passwords that make it difficult to determine them from intercepted messages.

In general, the possibility of using short passwords allowed by the standard is another reason for the vulnerability of the Bluetooth connection, which, as in the case of the use of simple passwords by system administrators of computer networks, can lead to their guessing (for example, when automatically compared with a database of ordinary / common passwords) . Such passwords greatly simplify initialization, but make communication keys very easy to extract from intercepted transmissions.

In addition, for the sake of simplicity, users tend to use paired communication keys rather than more secure dynamic ones. For the same reason, instead of combinatorial keys, they choose modular ones. A device with a modular key uses it to connect with all devices that communicate with it. As a result, any device with a modular key can use it to eavesdrop on secure connections where the same communication key is used and from trusted devices (that is, those with which communication has already been established at some point). When using modular keys, there is no protection.

However, any Bluetooth device with a private decryption key is perfectly safe. So the security measures of Bluetooth technology can only protect connections if properly configured and when using the services correctly. And this is the only way to keep personal data and confidential information from falling into the wrong hands.

Virus attacks over Bluetooth

Today, as part of the general trend of increasing complexity of telephones, a relatively new type of handheld device called a smartphone is rapidly gaining popularity, which is essentially the result of a synthesis of cell phones and PDAs.

Analysts estimate the smartphone market as the most promising segment of mobile telephony. Some even argue that smartphones and communicators will eventually displace both traditional cell phones and PDAs from the market, and this may happen in the very near future. The argument for such a prediction is ironclad: every person wants to see in his palm the most multifunctional device for the same money. And modern smartphones are getting cheaper right before our eyes.

As a result, modest mobile phones, designed only to make calls, under the pressure of progress, are gradually giving way to complex multi-functional devices with computer functions. In addition, according to the Mobile Data Association (MDA), an analytics company, the number of mobile phones supporting new technologies should double by the end of this year.

However, few users are aware of what threatens them with the transition from primitive "dialers" to complex communication devices that run operating systems and software. Meanwhile, already in the middle of last year, the first virus for smartphones running the Symbian operating system was discovered (the share of smartphones with this OS, if we exclude PDAs and communicators, is 94%).

So, the first mobile virus in history, or rather a network worm called Cabir, began to spread over cellular networks and infect smartphones running Symbian. However, almost simultaneously with Cabir, another virus called Duts hit Windows Mobile. Although both of these viruses have not yet caused much harm to users (they even asked phone owners for permission to infect their mobile phones, and unsuspecting users gave them such permission!), however, viruses for smartphones are improving much faster than their older brothers - computer viruses. Less than a year after the appearance of the first viruses, another anonymous malware creator showed an important achievement - he blocked anti-virus software.

Experts do not yet have a unanimous opinion on whether the appearance of such worms can be considered a harbinger of mobile virus epidemics, however, there is nothing technically difficult in creating such "evil spirits", so in the near future we will definitely encounter hackers' attempts to launch something more malicious. Theoretically, a mobile virus can, for example, erase names and phone numbers from the address book and other data stored in the handset, as well as send out SMS messages allegedly written by the owner of the infected device. It should be noted that both the distribution of such messages itself and the availability of paid SMS services can greatly undermine the budget of the owner of an infected phone.

As for the first viruses and their clones, it is enough for smartphone owners to turn off Bluetooth functionality when it is not needed, or put the device in inaccessible mode for detection by other Bluetooth gadgets.

Anti-virus software vendors have already begun to take mobile phone protection seriously, and if you are experiencing virus attacks on your mobile phone, you can turn to anti-virus software vendors who have developed tools to protect smartphones for help. Mobile Anti-Virus is currently the most popular anti-virus program for cleaning mobile phones from viruses and is released by F-Secure (http://mobile.f-secure.com).

Kaspersky Lab, in turn, reported that Russia became the ninth state in whose territory the Cabir network worm penetrated smartphones, and suggested that users install a special program on their mobile phones to search for and remove it. The application is available for free download on the Wap site of Kaspersky Lab (http://www.kaspersky.ru).

The New Zealand company Symworks (http://www.simworks.biz) also produces anti-virus programs for PDAs and mobile phones. With their help, you can already detect a dozen malicious programs that are distributed under the guise of useful software for these devices. One of the viruses even specifically states that it is fighting against the Symworks anti-virus program.

Antivirus developer Trend Micro also offered free antivirus protection to mobile device users. This new product not only destroys known viruses, but also removes SMS spam. Trend Micro Mobile Security can be downloaded and used until June of this year. The anti-virus package is compatible with all popular mobile devices based on Windows Mobile for Smartphone, Windows Mobile 2003 for Pocket PC and Symian OS v7.0 with UIQ v2.0/2.1 interface. You can download the program at: http://www.trendmicro.com/en/products/mobile/tmms/evaluate/overview.htm .

The latest virus found, Drever-C, operates in the best traditions of the genre: it infiltrates the phone under the guise of an updated version of the antivirus (this technique is often used by PC viruses as well). At the same time, all common protection systems against F-Secure, SimWorks and Kaspersky Lab are powerless against it.

Conclusion

As a rule, buyers of mobile phones and Bluetooth gadgets are more concerned about their own health than about the condition of their devices. Therefore, we will immediately reassure them - since the IEEE 802.15.1 standard was developed with the expectation of low power, its impact on human health is negligible. The radio channel provides a speed of 721 Kbps, which is quite a bit compared to other standards. This fact determines the use of Bluetooth in the connections of only those components whose transmission volume (traffic) is insignificant.

Over time, all the weaknesses of this technology will undoubtedly be revealed. It is possible that the Bluetooth Special Interest Group (SIG) will update the specifications of the standard when flaws are identified. Manufacturers, for their part, are upgrading products, taking into account all safety recommendations.

Note that today a modified communication standard has already been developed, which is the next generation of Bluetooth - IEEE 802.15.3. It is also designed for small networks and local data transmission, but provides higher data transfer rates (up to 55 Mbps) and longer distances (up to 100 m). Up to 245 users can work simultaneously on such a network. Moreover, in the event of interference from other networks or household appliances, the communication channels will automatically switch, which will provide the 802.15.3 standard with high reliability and stability of the connection. It is possible that the new standard will be used in areas where high data transfer speeds are required and a greater transmission distance is needed, while the previous one will be used for simple computer peripherals (keyboards, mice, etc.), telephone headsets, headphones and music players. In any case, the competition of these standards will be determined by their price and energy efficiency.

As for mobile phones, Microsoft and Symbian Limited are preparing new additional protections. It's no secret that mobile phones are used today not only as a means of communication, but also as an actively used computer peripheral (GPRS modem and storage device), which places high demands on their protection.

This article focuses on the issue of security when using wireless WiFi networks.

Introduction - WiFi Vulnerabilities

The main reason for the vulnerability of user data when this data is transmitted over WiFi networks is that the exchange takes place over a radio wave. And this makes it possible to intercept messages at any point where a WiFi signal is physically available. Simply put, if the signal of the access point can be caught at a distance of 50 meters, then the interception of all network traffic of this WiFi network is possible within a radius of 50 meters from the access point. In the next room, on the other floor of the building, on the street.

Imagine such a picture. In the office, the local network is built via WiFi. This office's access point signal is picked up outside the building, such as in a car park. An attacker, outside the building, can access the office network, that is, unnoticed by the owners of this network. WiFi networks can be accessed easily and discreetly. Technically much easier than wired networks.

Yes. To date, WiFi network protection tools have been developed and implemented. Such protection is based on the encryption of all traffic between the access point and the end device that is connected to it. That is, an attacker can intercept the radio signal, but for him it will be just digital "garbage".

How does WiFi security work?

The access point includes in its WiFi network only the device that sends the correct (specified in the settings of the access point) password. In this case, the password is also sent encrypted, in the form of a hash. The hash is the result of irreversible encryption. That is, the data that is converted into a hash cannot be decrypted. If an attacker intercepts the password hash, he will not be able to get the password.

But how does the access point know if the password is correct or not? If she also receives a hash, but cannot decrypt it? It's simple - in the access point settings, the password is specified in its pure form. The authorization program takes a clean password, generates a hash from it, and then compares this hash with the one received from the client. If the hashes match, then the client's password is correct. The second feature of hashes is used here - they are unique. The same hash cannot be obtained from two different data sets (passwords). If two hashes match, then they are both created from the same dataset.

By the way. Thanks to this feature, hashes are used to control the integrity of data. If two hashes (created over a period of time) match, then the original data (over that period of time) has not changed.

However, despite the fact that the most modern method of securing a WiFi network (WPA2) is reliable, this network can be hacked. How?

There are two methods for accessing a WPA2 protected network:

1. Password guessing based on the password database (the so-called dictionary search).
2. Exploitation of a vulnerability in the WPS function.

In the first case, the attacker intercepts the hash of the password to the access point. Then, a hash comparison is performed against a database containing thousands or millions of words. A word is taken from the dictionary, a hash for this word is generated, and then this hash is compared with the hash that was intercepted. If a primitive password is used on the access point, then cracking the password of this access point is a matter of time. For example, an 8 digit password (8 characters long is the minimum password length for WPA2) is one million combinations. On a modern computer, one million values ​​can be sorted out in a few days or even hours.

In the second case, a vulnerability in the first versions of the WPS function is exploited. This feature allows you to connect a device that cannot be entered with a password, such as a printer, to the access point. When using this function, the device and the access point exchange a digital code, and if the device sends the correct code, the access point will authorize the client. There was a vulnerability in this function - the code was of 8 digits, but the uniqueness was checked only by four of them! That is, to hack WPS, you need to enumerate all the values ​​\u200b\u200bthat give 4 digits. As a result, hacking an access point via WPS can be done in just a few hours, on any, the weakest device.

Configuring WiFi Network Security

The security of the WiFi network is determined by the access point settings. Several of these settings directly affect network security.

WiFi access mode

The access point can operate in one of two modes - open or protected. In the case of open access, any device can connect to the access point. In the case of secure access, only the device that transmits the correct access password connects.

There are three types (standards) for protecting WiFi networks:

• WEP (Wired Equivalent Privacy). The very first security standard. Today, it actually does not provide protection, since it is hacked very easily due to the weakness of the protection mechanisms.
• WPA (Wi-Fi Protected Access). Chronologically the second standard of protection. At the time of creation and commissioning, it provided effective protection for WiFi networks. But at the end of the 2000s, opportunities were found to crack the WPA protection through vulnerabilities in the protection mechanisms.
• WPA2 (Wi-Fi Protected Access). The latest security standard. Provides reliable protection subject to certain rules. To date, there are only two known ways to crack the WPA2 security. Dictionary password brute force and workaround via WPS service.

Thus, to ensure the security of the WiFi network, you must select the WPA2 security type. However, not all client devices may support it. For example, Windows XP SP2 only supports WPA.

In addition to choosing the WPA2 standard, additional conditions are required:

Use the AES encryption method.

The password for accessing the WiFi network must be composed as follows:

1. Use letters and numbers in the password. An arbitrary set of letters and numbers. Or a very rare, meaningful only for you, word or phrase.
2. Not use simple passwords like name + date of birth, or some word + some numbers, for example lena1991 or dom12345.
3. If it is necessary to use only a numeric password, then its length must be at least 10 characters. Because an eight-character digital password is selected by brute force in real time (from several hours to several days, depending on the power of the computer).

If you use complex passwords in accordance with these rules, then your WiFi network cannot be hacked using dictionary password guessing. For example, for a password like 5Fb9pE2a(arbitrary alphanumeric), maximum possible 218340105584896 combinations. Today it is almost impossible for selection. Even if the computer compares 1,000,000 (million) words per second, it will take almost 7 years to iterate through all the values.

WPS (Wi-Fi Protected Setup)

If the access point has the WPS (Wi-Fi Protected Setup) function, you need to disable it. If this feature is needed, you need to make sure that its version is updated to the following features:

1. Using all 8 pincode characters instead of 4, as it was at the beginning.
2. Enabling a delay after several attempts to transmit an incorrect pincode from the client.

An additional option to improve WPS security is the use of an alphanumeric pincode.

Public WiFi Security

Today it is fashionable to use the Internet via WiFi networks in public places - in cafes, restaurants, shopping centers, etc. It is important to understand that the use of such networks can lead to the theft of your personal data. If you access the Internet through such a network and then authorize on a site, then your data (login and password) can be intercepted by another person who is connected to the same WiFi network. Indeed, on any device that has been authorized and connected to an access point, you can intercept network traffic from all other devices on this network. And the peculiarity of public WiFi networks is that anyone can connect to it, including an intruder, and not only to an open network, but also to a secure one.

What can you do to protect your data when you connect to the Internet through a public WiFi network? There is only one possibility - to use the HTTPS protocol. Within this protocol, an encrypted connection is established between the client (browser) and the site. But not all sites support the HTTPS protocol. Addresses on a site that supports the HTTPS protocol begin with the https:// prefix. If the addresses on the site have the http:// prefix, this means that the site does not support HTTPS or it is not used.

Some sites do not use HTTPS by default, but have this protocol and can be used if you explicitly (manually) specify the https:// prefix.

As for other uses of the Internet - chats, skype, etc., free or paid VPN servers can be used to protect these data. That is, first connect to the VPN server, and only then use the chat or open site.

WiFi password protection

In the second and third parts of this article, I wrote that in the case of using the WPA2 security standard, one of the ways to hack a WiFi network is to guess the password from a dictionary. But for an attacker, there is another opportunity to get the password to your WiFi network. If you keep your password on a sticker taped to the monitor, this makes it possible for an outsider to see this password. Also, your password can be stolen from a computer connected to your WiFi network. This can be done by an outsider, if your computers are not protected from access by outsiders. This can be done with malware. In addition, the password can also be stolen from a device that is taken out of the office (home, apartment) - from a smartphone, tablet.

Thus, if you need reliable protection for your WiFi network, you need to take measures to store the password securely. Protect it from access by unauthorized persons.

If you found this article useful or just liked it, then don't be shy - support the author financially. This is easy to do by throwing money on Yandex Wallet № 410011416229354. Or on the phone +7 918-16-26-331 .

Even a small amount can help writing new articles :)

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Hosted at http://www.allbest.ru/

Federal State Budgetary Educational Institution of Higher Professional Education

Department: Informatics and Information Technologies

Specialty: Applied Informatics

COURSE WORK

WIRELESS SECURITY

Completed by a student

Kozlova S.K.

Work manager:

Mityaev V.V.

OREL, 2013

Introduction

Conclusion

Bibliographic list

Appendix

Introduction

Most modern computers support wireless Internet access. In other words, they can connect to the internet (and other wireless devices) without a network cable. The main advantage of wireless connections is the ability to work with the Internet anywhere in your home or office (if the distance between your computer and the wireless network access device allows). However, if you do not take steps to ensure the security of your wireless network, the following potentially dangerous situations are possible, as a result of which an attacker could:

1. Intercept transmitted or received data;

2. Get access to the wireless network;

3. Capture the Internet access channel.

Let us turn to the definition of information security. Information security - means the protection of information and information systems from unauthorized access, use, detection, distortion, destruction, modification.

Information security ensures the availability, integrity and confidentiality of information. Information security tools and mechanisms are used to implement the information security of wireless networks.

Therefore, if the wireless network is not secure, an attacker can intercept the data transmitted over it, gain access to the network and files on the computer, and access the Internet using the connection. Thus, the data transmission channel is busy and Internet access slows down.

The topic of wireless network security is still relevant, although there have been reliable methods for protecting these networks for quite a long time, such as WPA (Wi-Fi Protected Access) technologies.

The purpose of the work is a practical study of security issues and security features of wireless networks.

The object of this course work is network security.

The subject is the security of wireless networks.

The tasks to be solved in this work are as follows:

1. Consider the concept of a wireless network;

3. Study the main provisions of the wireless security policy;

4. Analyze solutions to ensure the security of wireless networks;

5. Assess the need to secure the wireless network;

6. Develop an algorithm for carrying out work to assess the effectiveness of wireless network protection.

1. The concept of a wireless network and a description of the categories of main attacks

1.1 Concept and description of a wireless network

A wireless network is the transmission of information over a distance without the use of electrical conductors or "wires".

This distance can be as small (a few meters, as in television remote control) or very large (thousands or even millions of kilometers for telecommunications).

Wireless communication is usually considered as a branch of telecommunications.

The popularity of wireless communications is exploding, opening up new markets for operators - from network games on cell phone screens to emergency services.

This is due to the proliferation of notepad computers, paging systems and the emergence of personal secretary class systems (Personal Digital Assistant (PDA)), expanding the functionality of cell phones.

Such systems should provide business planning, timing, document storage and communication with remote stations. The motto of these systems has become anytime, anywhere, i.e., the provision of communication services regardless of place and time. In addition, wireless channels are relevant where it is impossible or expensive to lay cable lines and significant distances.

Until recently, most wireless computer networks transmitted data at rates between 1.2 and 14.0 Kbps, often only short messages, as large file transfers or long interactive database sessions were not available. New wireless transmission technologies operate at speeds of several tens of megabits per second.

Alan S. Cohen, Senior Director of Mobility Solutions at Cisco Systems, talks a lot about the future of the wireless market.

He says that wireless technology is rapidly becoming the accepted standard, which has a comprehensive impact on our lives.

There are two important factors driving the transition to wireless ubiquity in the market. The first factor is the "democratization" of wireless technology, which has become noticeable in the mobile market with the advent of the 802.11 standard or Wi-Fi.

The rapid growth in the number of mobile devices and mobile networks in homes, apartments, businesses and cities is very noticeable. Today it is easy and simple to build a wireless network and provide broadband mobility for the benefit of large corporations and individual users.

He also highlighted another interesting area of ​​application of mobile technologies - urban mesh networks, which make Wi-Fi technology truly ubiquitous.

Providing access to all residents of the city throughout its territory is a wonderful example of the democratization of wireless technology. Network architecture and Unified Communications technology not only integrates wired and wireless communications, but also brings indoor and outdoor networking services together. As a result, you can stay connected to the network wherever you are, inside or outside the building, which is very important for city communications.

Wireless is becoming ubiquitous. It allows you to provide user connectivity where cabling is difficult or full mobility is needed. In this case, wireless networks interact with wired networks. Nowadays, wireless solutions must be taken into account when designing any network - from a small office to an enterprise. This will possibly save both time and money.

There are many cases and reasons why wireless networks are the only or most convenient option for organizing access to a communication network or the Internet:

1) If you want to organize the possibility of nomadic access to the network and the Internet to random users in cafes, airports, railway stations, shops and other public places;

2) If it is necessary to organize a local network in buildings that do not have the ability to lay cable wiring (for example, in historical buildings) or in buildings in which laying cables is a very difficult, time-consuming and difficult task;

3) When organizing a temporary local area network, including a local area network for general access, for example, for holding any events, conferences, and the like;

4) When expanding the local area network in the event that it is necessary to connect any remote isolated segment containing a small number of workstations;

5) If you need mobile access to network resources, for example, when moving around an apartment or organization with a laptop, when visiting various patients by a doctor in a hospital to communicate with a central database, or to communicate and coordinate mechanics in large buildings saturated with modern means of providing them life;

6) To organize additional communication channels that can be provided by alternative communication operators that create wireless local networks in different areas.

Depending on the technologies and transmission media that are used, the following classes of wireless networks can be defined:

Networks on radio modems;

Networks on cellular modems;

infrared systems;

VSAT systems;

Systems using low orbit satellites;

Systems with SST technology;

radio relay systems;

Laser communication systems.

WI-FI is a modern wireless technology for transmitting data over a radio channel (wireless, wlan wifi).

Any equipment that complies with the IEEE 802.11 standard can be tested by the Wi-Fi Alliance and receive the appropriate certification and the right to display the Wi-Fi logo.

Wireless Fidelity, which is translated from English - wireless accuracy. There is also a longer term name: EEE 802.11b. Wi-Fi was born in 1985, in the USA, after the frequency part of the radio channel was opened for use without special permission.

The very first standard that received the most widespread use was the IEEE 802.11b standard.

802.11b-compliant equipment appeared back in 2001, and to this day, most wireless networks still operate using this standard, and many wireless Wi-Fi devices with 802.11b support are also being released.

The radio waves used for Wi-Fi communications are very similar to the radio waves used in walkie-talkies, receivers, cell phones, and other devices. But Wi-Fi has a few notable differences from other radios.

Communication is carried out at frequencies of 2.4-5 GHz. This frequency is much higher than the frequencies available for mobile phones, portable radios and televisions.

The higher the frequency of the signal, the more information is transmitted. A wireless network uses radio waves just like radios, mobile phones, and televisions. In fact, Wi-Fi wireless is more like a two-way radio.

In Russia, the use of Wi-Fi without permission to use frequencies from the State Commission on Radio Frequencies (SCRF) is possible to organize a network inside buildings, closed warehouses and industrial areas.

For legal use outside the office Wi-Fi network, for example, a radio channel between two neighboring houses, you must obtain permission to use the frequencies. There is a simplified procedure for issuing permits for the use of radio frequencies in the band 2400-2483.5 MHz (standards 802.11b and 802.11g, channels 1-13), a private decision of the SCRF is not required to obtain such a permit. To use radio frequencies in other bands, in particular 5 GHz (802.11a standard), you must first obtain a private decision of the SCRF. In 2007, the situation changed with the release of the document: “Decree of July 25, 2007, No. 476 “On Amendments to the Decree of the Government of the Russian Federation” of October 12, 2004.

The sixteenth paragraph of the resolution excluded from the list of equipment subject to registration - wireless access user equipment in the radio frequency band 2400-2483.5 MHz with a radiation power of transmitting devices up to 100 mW inclusive.

Also, in pursuance of the protocol entry to the decision of the State Committee for Radio Frequencies of August 19, 2009, No. 09-04-09, the State Committee for Radio Frequencies decided: to allocate the radio frequency bands 5150-5350 MHz and 5650-6425 MHz for use on the territory of the Russian Federation, with the exception of the cities specified in the Appendix No. 2, fixed wireless access by citizens of the Russian Federation and Russian legal entities without issuing separate decisions of the SCRF for each individual or legal entity.

The indicated frequency bands correspond to 802.11a/b/g/n standards and channels with numbers from the ranges 36-64 and 132-165. However, Appendix 2 lists 164 largest cities in Russia where the indicated frequencies cannot be used to create wireless networks.

For violation of the procedure for the use of radio electronic means, liability is provided for under Articles 13.3 and 13.4 of the Code of Administrative Offenses of the Russian Federation.

By decision dated July 15, 2010, the SCRF of Russia canceled the issuance of mandatory private decisions of the SCRF for the use of fixed wireless access systems in the 5150-5350 MHz and 5650-6425 MHz bands. The restriction on these frequency ranges has been lifted for the entire territory of Russia.

There are the following types and varieties of compounds:

1. Ad-Hoc connection (point-to-point). All computers are equipped with wireless cards (clients) and are connected directly to each other via a radio channel operating according to the 802.11b standard and providing an exchange rate of 11 Mbps, which is quite enough for normal operation;

2. Infrastructure connection. This model is used when more than two computers need to be connected. A server with an access point can act as a router and independently distribute the Internet channel;

3. Access point, using a router and a modem. The access point is included in the router, the router - in the modem (these devices can be combined into two or even one). Now on every computer in the Wi-Fi coverage area that has a Wi-Fi adapter, the Internet will work;

4. Client point. In this mode, the access point acts as a client and can connect to an access point operating in infrastructure mode. But only one MAC address can be connected to it. Here the task is to combine only two computers. Two Wi-Fi adapters can work with each other directly without central antennas;

5. Bridge connection. Computers are connected to a wired network. Access points are connected to each group of networks, which connect to each other via a radio channel. This mode is designed to combine two or more wired networks. Wireless clients cannot connect to an access point in bridge mode.

Thus, the concept and classes of wireless networks were considered, the reasons for the appropriate use of a wireless connection were identified. The regulatory framework for Wi-Fi networks is analyzed. The wireless network has been described by giving a typology and a variety of connections.

During the operation of wireless networks, various problems often arise. Some are due to someone else's oversight, and some are the result of malicious actions. Either way, it does damage. These events are attacks, regardless of the reasons for their occurrence.

There are four main categories of attacks:

1. Access attacks;

2. Modification attacks;

3. Denial of service attacks;

4. Disclaimer Attacks.

An access attack is an attempt to obtain information that an attacker does not have permission to view, and which is aimed at violating the confidentiality of information.

This attack requires information and the means to transmit it.

An access attack is possible wherever there is information and the means to transmit it.

Access attacks can also include spying, eavesdropping and interception.

Peeping is the viewing of files or documents in order to find information of interest to the attacker.

Eavesdropping - when someone listens in on a conversation that they are not a part of (often using electronic devices).

Interception - the capture of information in the process of its transmission to its destination.

Information is stored electronically:

workstations;

Servers;

In laptop computers;

CDs.

With CDs, the situation is clear, since an attacker can simply steal them. The first two are different. With legal access to the system, the attacker will analyze the files by simply opening one by one. With unauthorized access, the hacker will try to bypass the control system and gain access to the necessary information. It is not difficult to do this. It is necessary to install a network packet analyzer (sniffer) in the computer system. To do this, the attacker must elevate his authority in the system or connect to the network. The analyzer is configured to capture any information passing through the network, but especially user IDs and passwords.

Eavesdropping is also carried out in global computer networks such as leased lines and telephone connections. However, this type of interception requires appropriate equipment and special knowledge. In this case, the best place to place the listening device is a closet with electrical wiring.

And with the help of special equipment, a qualified cracker can intercept in fiber-optic communication systems. However, to be successful, he must place his system in the transmission line between the sender and receiver of the information. On the Internet, this is done by changing the resolution of the name, which translates the computer name into an invalid address. Traffic is redirected to the attacker's system instead of the real destination. With the appropriate configuration of such a system, the sender will never know that his information has not reached the recipient.

A modification attack is an attempt to unlawfully change information. It is aimed at violating the integrity of information and is possible wherever information exists or is transmitted.

There are three types of modification attack:

1. Replacement;

2. Addition;

3. Removal.

Substitution - Replacing existing information is directed against both classified and publicly available information.

Addition attack - adding new data.

A delete attack means moving existing data.

All three types of modification attacks exploit system vulnerabilities, such as server security "holes" that allow the home page to be replaced. And even in this case, it is necessary to thoroughly work in the entire system to prevent detection. Since transactions are numbered sequentially, deletion or addition of incorrect transaction numbers will be noticed.

In the event that a modification attack is performed during the transmission of information, then it is necessary to first intercept the traffic of interest, and then make changes to the information before sending it to the destination.

Denial-of-service (DoS) attacks are attacks that prevent a legitimate user from using a system, information, or computer capabilities. In other words, this attack is "Vandalism" because the attacker is.

As a result of a DoS attack, it usually does not gain access to a computer system and cannot operate on information.

A DoS attack directed against information destroys, distorts or transfers the latter to an inaccessible place.

A DoS attack directed at applications that process or display information, or at the computer system on which these applications are running, makes it impossible to perform tasks performed using such an application.

A common type of DoS attack (denial of access to the system) aims to disable computer systems, as a result of which the system itself, the applications installed on it, and all stored information becomes inaccessible.

Denial of access to communication facilities consists in disabling communication facilities that deprive access to computer systems and information.

DoS attacks that target a computer system directly are implemented through exploits that exploit vulnerabilities in operating systems or internet protocols.

With the help of these "gaps", the attacker sends a certain set of commands to the application, which it is not able to process correctly, as a result of which the application crashes. A reboot restores its functionality, but it becomes impossible to work with the application for the duration of the reboot.

A disclaimer attack is directed against the possibility of identifying information, or misrepresenting a real event or transaction.

This type of attack includes:

Masquerade is the performance of actions under the guise of another user or another system.

The denial of an event is the denial of the fact of the transaction.

Internet DoS attacks are an attack on the Internet's root name servers.

To ensure the security of your wireless access device and, accordingly, to minimize the risk associated with this type of access, you can use the following simple steps:

1. Change the administrator password on your wireless device. It's easy for a hacker to figure out what the manufacturer's default password is and use that password to access a wireless network. Avoid passwords that are easy to pick up or guess;

2. Disable network identifier broadcasting (SSID broadcasting, SSID - Service Set Identifier, network identifier) ​​so that the wireless device does not broadcast information that it is turned on;

3. Enable traffic encryption: it is best to use the WPA protocol if the device supports it (if not, use the WEP cipher);

4. Change the network identifier (SSID) of the device. If you leave the default identifier set by the device manufacturer, an attacker, knowing this identifier, can easily identify the wireless network. Don't use names that are easy to guess.

As a result of solving this problem, four main categories of attacks and three types of modification attacks were identified and studied. Denial of Service attacks and Denial of Commitment attacks were also subject to consideration. Based on this analysis, steps were developed to ensure the security of wireless access devices.

Thus, summing up, we can say with confidence that wireless connections are now widely used, mainly due to their ability to work with the Internet anywhere in the home or office.

However, if you do not take measures to ensure the security of the wireless network, then an attacker can intercept the data transmitted over it, gain access to the network and files on the computer, and also access the Internet using the connection.

2. Overview of means and methods for ensuring information security of wireless networks

2.1 Wireless security policy

The specificity of wireless networks means that data can be intercepted and changed at any time. For some technologies, a standard wireless adapter is sufficient, for others, specialized equipment is required. But in any case, these threats are implemented quite simply, and effective cryptographic data protection mechanisms are required to counter them.

When building a security system, it is important to determine the threat model, that is, to decide what the protection itself will resist. In fact, there are two threats in wireless networks: unauthorized connection and listening, but their list can be expanded by highlighting and summarizing the following main threats associated with wireless devices in addition to those listed in the first chapter:

Uncontrolled use and violation of the perimeter;

Unauthorized connection to devices and networks;

Interception and modification of traffic;

Violation of accessibility;

Device positioning.

The proliferation of wireless devices and their low cost lead to gaps in the network security perimeter. Here we are talking not only about intruders who connected a PDA with Wi-Fi support to the company's wired network, but also about more trivial situations. An active wireless adapter on a laptop connected to a corporate network, an access point brought from home for testing - all this can become convenient channels for penetrating the internal network.

Insufficient authentication, errors in the access control system allow unauthorized connection.

By their nature, wireless networks cannot provide high availability. Various natural, technogenic and anthropogenic factors can effectively disrupt the normal functioning of the radio channel. This fact should be taken into account when designing the network, and wireless networks should not be used for channeling with high availability requirements.

Wi-Fi stations can be easily detected by passive methods, which allows you to determine the location of a wireless device with fairly high accuracy. For example, the Navizon system can use GPS, GSM base stations, and wireless access points to determine the location of a mobile device.

A wireless security policy can be presented as a separate document or as part of other components of regulatory security. In most cases, there is no need for a separate document, since the provisions of the wireless network policy have a lot of overlap with the traditional content of such documents. So, for example, the requirements for the physical protection of access points are completely covered by the physical security issues of active network equipment. In this regard, the wireless security policy is presented as a separate document during the implementation of WLAN, after which, at the next revision of documents, it harmoniously merges into others.

If wireless networks are not used, then the security policy should include a description of protective mechanisms aimed at reducing the risks associated with unauthorized use of radio networks.

The best world practices in the field of information security management are described in the international standard for information security management systems ISO/IEC 27001 (ISO 27001). ISO 27001 specifies requirements for an information security management system to demonstrate an organization's ability to protect its information resources.

The standard is authentic GOST RISO/IEC 27001-2006. It establishes requirements for the development, implementation, operation, monitoring, analysis, maintenance and improvement of a documented information security management system, for the implementation of information security management and control measures.

The main advantages of the ISO/IEC 27001 standard:

Certification allows you to show business partners, investors and customers that the organization has established effective information security management;

The standard is compatible with ISO 9001:2000 and ISO 14001:2007;

The standard does not impose restrictions on the choice of software and hardware, does not impose technical requirements on IT tools or information protection tools, and leaves the organization complete freedom in choosing technical solutions for information protection.

The concept of information security is interpreted by the international standard as ensuring the confidentiality, integrity and availability of information.

Based on this standard, recommendations can be formulated to reduce the likelihood of violating an organization's wireless network security policy:

1. Training of users and administrators. ISO|IEC 27001 A.8.2.2. As a result of the training, users should know and understand the limitations of the policy, and administrators should have the necessary skills to prevent and detect violations of the policy;

2. Control network connections. ISO|IEC 27001 A.11.4.3. The risk associated with the connection of an unauthorized access point or wireless client can be reduced by disabling unused switch ports, MAC filtering (port-security), 802.1X authentication, intrusion detection systems, and security scanners that monitor the appearance of new network objects;

3. Physical security. ISO|IEC 27001 A.9.1. The control of devices brought into the territory allows you to limit the likelihood of connecting wireless devices to the network. Restricting user and visitor access to network ports and computer expansion slots reduces the likelihood of connecting a wireless device;

4. Minimization of user privileges. ISO|IEC 27001 A.11.2.2. If the user works on a computer with the minimum necessary rights, then the probability of unauthorized changes in the settings of wireless interfaces is reduced;

5. Security policy control. ISO|IEC 27001-6, A.6.1.8. Security analysis tools, such as vulnerability scanners, allow you to detect the appearance of new devices on the network and determine their type (functions for determining OS versions and network applications), as well as track deviations in client settings from a given profile. The terms of reference for conducting audit work by external consultants should take into account the requirements of the policy regarding wireless networks;

6. Inventory of resources. ISO|IEC 27001 A.7.1.1. The presence of an up-to-date updated list of network resources facilitates the discovery of new network objects;

7. Attack detection. ISO|IEC 27001 A.10.10.2. The use of attack detection systems, both traditional and wireless, makes it possible to timely detect unauthorized access attempts;

8. Incident investigation. ISO|IEC 27001 A.13.2. Incidents involving wireless networks do not differ much from other similar situations, but procedures for their investigation must be defined. For networks where wireless networks are being implemented or used, the policy sections may need to be amended;

9. Regulatory support. ISO|IEC 27001 A.15.1.1. The use of wireless networks may be subject to both Russian and international regulations. So, in Russia, the use of the 2.4 GHz frequency range is regulated by the decision of the State Committee for Radio Frequencies of November 6, 2004 (04-03-04-003). In addition, since encryption is heavily used in wireless networks, and the use of cryptographic protection tools in some cases falls under fairly strict legal restrictions, this issue also needs to be worked out;

10. Internal and external audit. ISO|IEC 27001-6, A.6.1.8. Security assessment work should take into account the requirements of the wireless network policy. In more detail, the possible scope of work on WLAN security assessment is described in the last chapter of this book;

11. Separation of networks. ISO|IEC 27001 A.11.4.5. Due to the specifics of wireless networks, it is desirable to allocate wireless access points to a separate network segment using a firewall, especially when it comes to guest access;

12. Use of cryptographic means of protection. ISO|IEC 27001 A.12.3. The protocols and traffic encryption algorithms used in the wireless network (WPA or 802.11i) must be defined. When using 802.1X technology, the requirements for digital signature protocols and the length of the signing key of certificates used for the purposes are determined;

13. Authentication. ISO|IEC 27001 A.11.4.2. Requirements for the storage of authentication data, their change, complexity, security during transmission over the network should be defined. The EAP methods used, the RADIUS server public key protection methods can be explicitly defined;

14. Control of changes in the information system. ISO|IEC 27001 A.12.5.1. Wireless technologies should be taken into account in the IS;

15. Permissibility of using software and hardware. ISO|IEC 27001 A.12.4.1 This clause addresses requirements for access points, wireless switches, and wireless network clients;

16. Attack detection. ISO|IEC 27001 A.10.10.2. Requirements for wireless attack detection systems should be defined, responsibility for event analysis should be assigned;

17. Logging and analysis of security events. ISO|IEC 27001 A.10.10.1. This section can be extended by adding wireless specific events to the list of monitored events. May include the previous section;

18. Remote access to the network. ISO|IEC 27001 A.11.7.2. In most cases, wireless network users are logically referred to as users of remote access systems. This is due to similar threats and, as a result, countermeasures specific to these IS components. In addition, after completing all the stages in one form or another, the following documents should be generated:

Instructions for users considering the use of a wireless network;

Basic settings of access points, wireless switches, workstations;

Procedures for monitoring the security of wireless networks;

Profiles of intrusion detection systems;

Wireless Incident Response Procedures.

Thus, the ISO/IEC 27001 standard was analyzed. Based on this standard, recommendations were formulated to reduce the likelihood of violating the security policy of a wireless network in an organization. There is also a list of documents that must be generated after completing all the stages of the wireless network security policy.

A well-designed and enforced security policy is the foundation of a secure wireless network. As a result, it is worth paying sufficient attention to it, both at the stage of network implementation and during its operation, reflecting the changes taking place in the network in regulatory documents.

2.2 Wireless Security Solutions

An important element of the security of any network, not just wireless, is access control and privacy. One secure way to control access to a WLAN is through authentication, which prevents unauthorized users from accessing data transmission over access points. Strong WLAN access control measures help define the range of allowed client stations and associate them only with trusted access points, excluding rogue or dangerous access points.

The confidentiality of WLAN networks means that the transmitted data will be correctly decrypted only by the party for which it was intended. The privacy status of data transmitted over a WLAN is considered secure if the data is encrypted with a key that can only be used by the intended recipient of the data. Encryption implies that the integrity of the data is not violated during the entire process of transmission - sending and receiving.

Today, companies using WLAN networks are implementing four separate solutions for WLAN security and access and privacy control:

Open access;

Basic security;

Increased security;

Remote access security.

As with any security deployment, it is wise to conduct a network risk assessment before selecting and implementing any of the WLAN security solutions:

1. Open access. All WLAN products certified to comply with the Wi-Fi specification are shipped in public mode with security features turned off. Open access or lack of security may suit and satisfy the requirements of public hotspots such as coffee shops, college campuses, airports or other public places, but this option is not suitable for enterprises. Security features must be enabled on wireless devices during installation. However, some companies do not include WLAN security features, thus seriously increasing the level of risk for their networks;

2. Basic security: SSIDs, WEP and MAC address authentication. Basic security consists of using SSIDs (Service Set Identifiers), open or pre-shared key authentication, static WEP keys, and optionally MAC address authentication. With this combination, you can set up basic access and privacy controls, but every single element of such protection can be hacked. The SSID is a common network name for devices in a WLAN subsystem and serves to logically identify that subsystem. The SSID prevents access by any client device that does not have an SSID. However, by default, the access point broadcasts among its signals and its SSID. Even if you turn off the transmission of the SSID, an intruder or hacker can find the desired SSID using the so-called "sniffing", or "sniffing" - inconspicuous network monitoring. The 802.11 standard, a group of specifications for WLAN networks developed by the IEEE, supports two means of client authentication: open authentication and authentication using shared keys. Open authentication is only slightly different from providing the correct SSID. With pre-shared key authentication, the access point sends a test text packet to the client device, which the client must encrypt with the correct WEP key and return to the access point. Without the correct key, authentication will fail and the client will not be allowed into the access point's user group. Authentication using shared keys is not considered secure, because an attacker who has received the initial test text message and the same message encrypted with the WEP key can decrypt the WEP key itself. With open authentication, even if the client is authenticated and gains access to the access point's user group, the use of WEP security prevents the client from transmitting data from that access point without the correct WEP key. WEP keys can be 40 or 128 bits long and are usually statically defined by the network administrator on the access point and each client that communicates through the access point. When using static WEP keys, the network administrator must spend a lot of time entering the same keys into every WLAN device. If a device using static WEP keys is lost or stolen, the owner of the missing device may be able to access the WLAN. The administrator will not be able to determine that an unauthorized user has entered the network until the loss is reported. The administrator must then change the WEP key on each device that uses the same static WEP key as the missing device. In a large enterprise network with hundreds or even thousands of users, this can be difficult. Even worse, if a static WEP key is decrypted using a tool like AirSnort, the administrator will have no way of knowing that the key has been compromised by an unauthorized user. Some WLAN solution providers support authentication based on the physical address or MAC address of the client network card (NIC). The access point will only allow a client to associate with the access point if the client's MAC address matches one of the addresses in the authentication table used by the access point. However, MAC address authentication is not an adequate security measure because the MAC address can be spoofed and the NIC can be lost or stolen;

3. Basic Security using WPA or WPA2 Shared Keys. Another form of basic security available today is WPA or WPA2 using Pre-Shared Key (PSK). The pre-shared key verifies users with a password or identification code (also called a "passphrase") on both the client station and the access point. The client can access the network only if the client's password matches the access point's password. The shared key also provides data for generating an encryption key, which is used by the TKIP or AES algorithms for each packet of transmitted data. More secure than a static WEP key, a shared key is similar to a static WEP key in that it is stored on the client station and can be compromised if the client station is lost or stolen. It is recommended that you use a strong generic passphrase that includes a variety of letters, numbers, and non-alphanumeric characters;

4. Summary of basic security. Basic WLAN security based on a combination of SSIDs, open authentication, static WEP keys, MAC authentication, and WPA/WPA2 pre-shared keys is only sufficient for very small businesses or those that do not trust vital data to their WLANs. All other organizations are encouraged to invest in robust enterprise-class WLAN security solutions;

5. Increased security. Enhanced security is recommended for customers who require enterprise-class security and security. This requires advanced security that fully supports WPA and WPA2 with the building blocks of 802.1X two-way authentication and TKIP and AESB encryption, including the following features:

802.1X for strong two-way authentication and dynamic encryption keys per user and per session;

TKIP for RC4-based encryption extensions such as per-packet key caching, message integrity checking (MIC), initialization vector (IV) changes, and broadcast key rotation;

AES for state-level data encryption, maximum security;

Intrusion Prevention System (IPS) and subscriber tracking capabilities provide a transparent, real-time network view.

6. Wireless LAN security and remote access. In some cases, comprehensive security may be required to protect applications. Using secure remote access, administrators can set up a virtual private network (VPN) and allow mobile users to communicate with the corporate network from public hotspots such as airports, hotels, and conference rooms. When deployed in an enterprise, the advanced security solution covers all WLAN security requirements, making it unnecessary to use VPNs in a corporate WLAN. Using a VPN on an internal WLAN can impact WLAN performance, limit roaming, and make logging in more difficult for users. Thus, the additional overhead and limitations associated with overlaying a VPN over an internal WLAN do not appear to be necessary.

As a result, we can conclude that in order to ensure the information security of any network, not only wireless, it is important to have high-quality access and privacy management. To do this, four separate solutions are being actively implemented today: open access, basic security, advanced security, and remote access security.

With proper construction of network protection and compliance with all requirements, network security will be at a high level, which will significantly complicate intruders' access to the wireless network.

3. Assess the need and effectiveness of a wireless security solution

3.1 Assessing the need to secure a wireless network

While most companies already have some form of wireless network deployed, professionals typically have many questions about the security of their chosen solutions, and executives who shy away from adopting wireless technologies worry about missed opportunities to improve productivity and reduce infrastructure costs.

Leaders in many organizations understand that wireless technologies can improve productivity and collaboration, but are hesitant to start implementing them, fearing the vulnerabilities that can appear in the corporate network due to the use of wireless networks. The variety of proposed methods for securing wireless communications and the controversy over their effectiveness only exacerbate these doubts.

With the introduction of wireless technologies in a mid-sized company, there are many problems that make you think not only about protecting your wireless network, but also about whether it is even needed.

Common problems that good security policy implementation, discussed in Chapter 2, can help you deal with:

Deciding whether to deploy a wireless network;

Understanding and reducing the risk associated with the introduction of wireless technologies;

Defining an approach to securing a wireless network;

Selection of optimal wireless network protection technologies;

Checking the level of security of the deployed wireless network;

Integrate existing assets into a wireless network security solution;

Detect and prevent unauthorized wireless network connections.

The benefits provided by wireless networking technologies can be divided into two categories: functional and economic.

Functional benefits include reduced management costs and reduced capital expenditures, while economic benefits include increased labor productivity, improved business process efficiency, and more opportunities to create new business functions.

Most of the significant economic benefits associated with the use of wireless networks are the result of increased flexibility and mobility of employees. Wireless technology removes the restrictions that keep employees at their desks, allowing them to move relatively freely around an office or office building.

But, despite all the advantages, there are also disadvantages, mainly technological ones, which are expressed in the vulnerability of the wireless network through various attacks by intruders (Section 1.2 of this work was devoted to this).

As soon as such technological shortcomings of first generation wireless networks were discovered, active work began to eliminate them. While some companies worked to improve wireless standards, many analyst firms, network security vendors, and so on, tried to get around the shortcomings inherent in the old standards.

As a result, several approaches have been developed to secure wireless networks.

There are many factors to consider when evaluating how you can secure a wireless network. When performing this assessment, you need to take into account a variety of indicators: from the costs of implementing and administering the solution to its overall security. All of the above approaches have their advantages and disadvantages, so you need to become more familiar with each one in order to make an informed decision.

The latest wireless security standards, namely WPA and WPA2, have eliminated serious shortcomings in the WEP standard and thus made workarounds for these shortcomings, such as using IPsec or VPN technology, unnecessary. The use of static or dynamic WEP is now deprecated in any form, and leaving out security is only beneficial in a few situations. Thus, when developing a comprehensive effective solution for protecting a wireless network, it is enough to consider only two approaches.

The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) protocols are specifically designed to block threats to wireless networks based on the IEEE 802.11 standard. However, there are some differences between them.

The WPA protocol was developed in 2003 to address the shortcomings of the WEP standard. The designers of WPA did a good job of implementing mutual authentication support, data encryption using the TKIP protocol, and signed message integrity checking, which provides protection against packet spoofing or replay attacks.

WPA2 provides an even higher level of security because it uses the AES standard to secure network traffic rather than TKIP. Therefore, it should always be preferred over WPA.

WPA and WPA2 are significantly more secure than WEP, and with proper security settings, neither the former nor the latter have any known vulnerabilities. However, WPA2 is considered more secure than WPA, and if the infrastructure supports it and the additional overhead associated with administering a WPA2 solution is acceptable, it should be chosen.

Most access points in production today and the latest OS versions are WPA2 certified. If some access points or client computers in your environment do not support WPA2, wireless devices and client systems that support WPA2 may use the older WPA standard.

Also, one should not forget about such an option for the company's development as the refusal to deploy a wireless network. There is a saying in the security community that goes like this: “The best protected system is the one that no one ever turns on.” Thus, the most reliable way to protect against the vulnerabilities inherent in wireless networks or any other technologies is to refuse to implement them. The disadvantage of this approach is obvious: a company that refuses to implement any technology may be uncompetitive in today's economic conditions, when any advantage, including technological, can be a decisive success factor.

As already mentioned, before implementing any new technology in a particular company, it is necessary to assess the needs of the company, its risk tolerance and actual risk. Wireless technology is no exception. Wireless networks have a number of benefits, but for a particular organization, these benefits may not be as important or not important at all.

When choosing a secure wireless solution, you need to take into account all possible options, including the elimination of wireless technologies. If it is concluded that the organization is not ready to deploy a wireless network, this decision should be reflected in the current corporate policy to prevent the weakening of the protection of the corporate network environment due to unauthorized creation of wireless networks by end users.

3.2 Development of an algorithm for carrying out work to assess the effectiveness of wireless network protection

In order to determine the advantage of one or another method of protecting a wireless network, it is advisable to assess its security.

This is especially important due to the fact that often, wireless networks are deployed for company management. Accordingly, an attacker who has gained access to the wireless segment has the opportunity not only to use the company's resources for their own purposes, but also to gain access to confidential information and block the work of high-priority users.

Similar Documents

Wireless technology of information transfer. Development of wireless local area networks. WEP security standard. WEP encryption procedure. Hacking a wireless network. Hidden network ID mode. Types and protocols of authentication. Hacking a wireless network.

abstract, added 12/17/2010


Development of information security technology for wireless networks, which can be used to increase the protection of a user's computer, corporate networks, small offices. Threat analysis and wireless network security. Setting up the WPA program.

thesis, added 06/19/2014


Feature of the IEEE 802.11 standard. The main directions of application of wireless computer networks. Methods for constructing modern wireless networks. Base service areas of the BSS. Types and varieties of compounds. Overview of the mechanisms for accessing the environment.

abstract, added 12/01/2011


The evolution of network security systems. Firewalls as one of the main ways to protect networks, the implementation of access control mechanisms from the external network to the internal one by filtering all incoming and outgoing traffic. Network security management.

term paper, added 12/07/2012


Classification of network attacks by the level of the OSI model, by type, by the location of the attacker and the attacked object. The problem of security of IP-networks. Threats and vulnerabilities of wireless networks. Classification of IDS attack detection systems. XSpider concept.

term paper, added 11/04/2014


Determination in the process of research of an effective way to protect information transmitted over a Wi-Fi network. Principles of the Wi-Fi network. Methods of unauthorized access to the network. Wireless network security algorithms. The non-fixed nature of the connection.

term paper, added 04/18/2014


Periods of development and basic standards of modern wireless networks. The history of the emergence and scope of Bluetooth technology. Technology and principle of operation of Wi-Fi wireless data transmission technology. WiMAX is the urban wireless network standard.

presentation, added 01/22/2014


Selection and justification of technologies for building local area networks. Analysis of the data transmission environment. Calculation of network performance, layout of premises. Choice of network software. Types of standards for wireless access to the Internet.

term paper, added 12/22/2010


Use of computer networks for data transmission. The main advantages of using corporate networks that are protected from outside access physically or with the help of network protection hardware and software. Firewall and encryption algorithms.

thesis, added 09/25/2014


The need to develop a security policy for the use of network resources for the enterprise. Analysis of its basic elements. Hardware and software security of computer networks. Ways to improve security, tips for users.

Wireless security

The availability of equipment and ease of organization make wireless LANs increasingly popular. The use of wireless networks is not limited to small offices and home systems. Large firms use Wi-Fi to connect to corporate network resources in places where cabling is technically impossible.

However, the decision on the design of a wireless network is far from always justified, especially since in many cases too little attention is paid to the security of such networks. Experts estimate that almost 70 percent of successful hacker attacks over wireless networks are due to incorrect configuration of access points and client software.

For some inexplicable reason, wireless network organizers often assume that when they are turned on, an appropriate level of security is automatically provided. Equipment manufacturers, in turn, set low security settings "by default", or completely disable them, so that when deploying a network, clients do not accidentally encounter inability to access. With minimal security settings, hardware is best compatible with the widest range of other devices and virtually any modern software. Therefore, after the network is configured and tested for compatibility with the existing infrastructure, the system administrator must change the security settings in order to prevent unauthorized entry into the corporate network.

Unlike wired networks, wireless networks require increased attention to security, as they are much easier to break into because it does not require physical access to the channel. Radio waves can be received on any compatible device, and if the data is not protected, then anyone can intercept it. Of course, you should not abandon passwords and other traditional means of authorization, but they are clearly not enough to protect against unauthorized access. Let's briefly consider several ways to increase the security of wireless networks.

A sequence of numbers and letters called SSID (Service Set Identifier) ​​is a unique identifier for your wireless network. Network ID transmission is a built-in security feature included by default in most equipment sold today, and it makes it easy to discover available access points during network deployment. The transmission of the SSID is required in order for your equipment to be able to connect to the network.

Access points, which are base stations for computers connected to the network, are a potential weak point through which an attacker can penetrate the network. At the access point level, there is no default authorization system, which makes internal networks insecure, so system administrators must implement an existing corporate system in wireless base stations.

For enhanced security, you can prevent access points from broadcasting the network ID. At the same time, the ability to connect to the network remains only for those who know the correct SSID, that is, for employees of your company, and random users who discover your network using scanning simply cannot access it. Disabling SSID transmission is possible in the vast majority of devices from leading manufacturers, which allows you to actually hide your network from strangers. If your network does not transmit identifiers, and if you do not advertise the use of wireless technology, then this will complicate the task of intruders. Detailed instructions for disabling the SSID are usually found in the manuals of your wireless access points or routers.

Long used in the transmission of important electronic correspondence, data encryption has found its way into wireless networks. Various cryptographic algorithms are implemented in wireless communications equipment to protect data. When buying equipment, it is important to make sure that it supports not only low-level 40-bit encryption, but also a 128-bit high-strength cipher.

To enable cryptographic protection, you can use the systems: "wired equivalent security" WEP (Wired Equivalent Privacy) or "Wi-Fi Protected Access" WPA (Wi-Fi Protected Access). The first system is less secure because it uses static (permanent) keys. Networks protected by this protocol are easily hacked by hackers - the corresponding utilities are easy to find on the Internet. Nevertheless, according to experts, even this protocol is not used in more than half of the operating corporate wireless networks. One way to increase the effectiveness of WEP is to regularly rekey automatically, but even then the network is not 100% secure. Attempts to penetrate such a network will be left only by random people who discovered it, but WEP will not stop malicious specialists, therefore this protocol cannot be used to fully protect corporate networks.

In the recent past, wireless network organizers had no choice but to use the WEP protocol, which is still supported in modern devices, both to ensure equipment compatibility and to provide at least a minimum level of security in the event that more modern protocols cannot be used. Today, WEP is implemented in two versions: with 64-bit and 128-bit encryption. However, it would be more correct to talk about keys with a length of 40 and 104 bits, since 24 bits from each key contain service information and do not affect the security of the code in any way. However, this is not so important, since the main disadvantage of WEP is static keys, for the selection of which attackers only need to scan the network for a certain time, intercepting the transmitted information.

You can get a more or less acceptable level of security only with the help of regular key changes and using 128-bit encryption. The frequency of rekeying depends on the frequency and duration of connections, and it is necessary to provide a well-established secure procedure for transferring new keys to those employees who use access to the wireless network.

More efficient encryption is provided by the WPA protocol, which implements dynamic key generation, which eliminates the possibility of interception or key selection, as well as an identification system (login-password) when connecting to a network based on the EAC protocol (Extensible Authentication Protocol - "extensible authentication protocol") . In the WPA protocol, 128-bit keys are generated automatically every ten kilobytes of data transferred, and the number of these keys reaches hundreds of billions, which makes it almost impossible to select using scanning even with a proven method of intercepting information. In addition, this protocol implements the MIC (Message Integrity Check) data integrity check algorithm, which prevents the possibility of malicious modification of transmitted data. But the choice of passwords should be given special attention: according to experts, to ensure a high level of security, the length of the password should be at least 20 characters, and it should not be a set of words or some kind of phrase, since such passwords are easily opened by dictionary selection.

The problem with WPA is that it was officially introduced into the IEEE 802.11 specification only in mid-2004, so not all wireless equipment is capable of supporting this standard. Moreover, if there is at least one device on the network that does not support WPA, simple WEP encryption will be applied, even if WPA is enabled in the settings of all other equipment.

However, equipment is constantly being improved and modern devices support a new, even more secure version of WPA2, which works with dynamic keys of 128, 192 and 256 bits. Wireless technology itself is inherently less protected from outside interference, therefore, when organizing such networks, it is especially important to make it as difficult as possible for unauthorized penetration into them. Among purely technical methods, the most effective is to reduce the power of the transmitted signal, because radio waves easily overcome the walls of buildings, and in rural flat areas they can travel very long distances. Attackers can park their car next to the building where your office is located and leisurely pick up the key to your network in a comfortable environment. Therefore, it is important to adjust the signal strength so that it does not penetrate the boundaries of your territory.

802.11i wireless security provides guidance on authentication, user authorization to access the network, and data privacy through encryption.

In conclusion, here are the main advantages and disadvantages of wireless networks in comparison with their wired competitor. Advantages of a wireless network:

Wireless networks allow you to save money when laying a cable network; if it is impossible to organize wired access, they are practically uncontested.

Wireless networks provide a high degree of user mobility, free movement within the same domain is possible. Another advantage is the ability to quickly deploy and relocate the network. The connection speed is quite high and comparable to wired solutions; with proper design, it is possible to provide the necessary bandwidth for data, video, and telephony transmission.

Disadvantages of a wireless network:

Wireless network security is significantly lower than wired, modern standards such as WEP, 802.11i, etc. although they increase it, the physical nature of the wireless network is such that the use of this technology for critical applications is not recommended.

The operation of the wireless network depends on the environment. Any objects that are in the path of the radio signal reduce its power, interference in the operating range from household appliances, the most typical of which are microwave ovens, is possible.