Wireless Security – Best Practices

June 8, 2011, by | Start Discussion

This article is about different kind of Best Practices that should be followed when using Wireless LAN.



What is Wireless LAN?
The Wireless LAN or WLAN is becoming a popular way to connect devices such as computers these days. In offices and homes, WLAN has become an alternative way of communication compared to wired LAN.  The convenience to connect different devices is both cost effective and easily maintainable.
The Wikipedia says: “Wireless LANs have become popular in the home due to ease of installation, and the increasing to offer wireless access to their customers; often for free.”
The other factors why WLANs are becoming more acceptable are:
  1. No need to be connected physically with each other through any medium such as cables. You can roam around freely in office premises, home or around.
  2. WLANs are cost effective. Cabling all the way in the offices, hotels etc are not needed. So its cheap and provide same quality of service.
  3. Unreachable spots where a cable is hardly accessible, WLAN signals can reach out such as big installations like airports. Also surfing outdoors is also convenient. Just install the device called Access Points (AP) and you are done.
  4. Less interruption and easy trouble shooting in case of failures as compared to cabled networks.
  5. More secure as most of APs support best encryption methods which protect them from sniffing and other attacks.
A typical wireless network
A typical Wireless network
Major issues with WLAN
Having said that, WLAN are also as prone to various attacks as their counterpart wired LNAs are. Actually WLANs are easier to hack as compared to wired LANs, if not properly configured, due to its easy accessibility around the installation. No need to be in contact of physical wires to hack, can be done from anywhere. Its convenience can turn into serious risk to the organization if not configured properly. Major attacks include such as, Sniffing, Key cracking, DoS (Denial of Service), Deauthentication attacks, War driving etc. As this paper is not focused on attacks, we shall mainly concentrate on best practices- how to install and use WLAN securely which can thwart a number of above mentioned attacks.

Secure WLAN

Wireless Security mainly depends on these 3 factors:
  • How much is your wireless network secured in terms of encryption being used.
  • Monitoring for suspicious and unusual activities.
  • User awareness and education.
These are the combination of various approaches ranging from corporate to home networks. These are also for users how to remain safe while surfing.

Wi-Fi at home

I believe using a Wi-Fi at home is not a luxury anymore it has become a necessity. However, when the question of security comes into the scene, the first thought that would arise in my mind is how you can protect something which you cannot see, neither can you feel it?
Protecting a home wireless network is altogether a different side of the coin as compared to wired networks. Most of wireless network device vendor’s and Internet Service provider do not provide any security settings by default and leave the customer to fend for herself. So make sure, your network is secured from being maliciously used.
There is no silver bullet that will protect your wireless network infrastructure. These are, however, some
countermeasures listed below that should be used in conjunction with each other to secure your wireless network to the highest level:
1. Use most secure possible encryption:
The first and most necessary step- use industry standard encryptions. The old (however generally used) WEP-Wired Equivalent Privacy, has been known to be broken. Even you use complex passwords it can be broken and decrypted within minutes or hours. WEP uses 40 bit or 128 bits RC4 ciphers to encrypt the channel. Instead use secure protocols such as WPA 2 – Wi-Fi Protected Access -2, which uses strong 128 bits AES ciphers and is typically considered more robust encryption strategy available.
Attacks mitigated: WEP Key cracking, Sniffing, Capturing/Eavesdropping
2. Use Firewall:
All the wireless routers come with built-in firewalls. Enable them with all the security features. You should block any anonymous ping requests and place restrictions on website browsing, if required. Define additional security policies and apply them.
Attacks mitigated: Fingerprinting, System compromise
3. Have a monitoring system in place:
There’s a saying- prevention is better than a cure. If you are able to detect some suspicious activities before it penetrates your network, you can block them or take precautionary measures. Deploy WIPS/WIDS for monitoring suspicious activities.  
Attacks mitigated: Scanning, DoS
4. Don’t use default credentials:
Every wireless router comes with a set of default username/password. Sometimes, people don’t change them and keep using them for long time. Username and passwords are used by computers or other devices to connect to wireless router. If any hacker is able to guess them, he can connect to your network easily. Studies show that majority of users use the same combination of username/passwords as set by manufacturers. Some default username combinations are: admin/admin, admin/password or admin/ “ “.
Attacks mitigated: Unauthorized access, War driving
5. Disable Auto-connect feature:
Some devices or the computers/laptops have ‘Let this tool manage your wireless networks’ or ‘Connect automatically to available network’.  Such users having this auto-connect feature enabled are prone to Phishing attack or Rogue AP attack. Attackers keep their APs alive and kicking for such kind of unsuspecting users. They also use luring names as ‘HotSpot’, ‘SecureConnect’, ’GovtNetworks’ etc. The user will never suspect them and keep surfing the wireless network happily. Also if you have not changed the default password of your router, the attacker will try to use this feature on their machine and automatically connect using the easily guessable default passwords.
Attacks mitigated: Phishing, Sniffing, Rouge AP association
6. Don’t use public Wi-Fi spots to surf sensitive websites: 
Free and open wireless networks available on airports, cafes, railway stations are not very secure by nature. They do not use any encryption to secure the channel between your laptop to the router. So any information which is not by default going on HTTPS from your laptop/smart phone is susceptible to sniffing and even more your session could be hijacked because the unencrypted channel may leak the active session ID used by your website. Recently to demonstrate these types of attacks one researcher developed a tool Firesheep [http://codebutler.github.com/firesheep/]. All the attacker needs to do is to just install this tool in Firefox and start sniffing the communications on a public unencrypted Wi-Fi. Some applications like Facebook encrypts the login page [HTTPS] but internal pages are served on unencrypted [HTTP] channel so your session ID can be leaked. I had blogged about this tool and its countering tool Blacksheep [ZScalar] here: http://nileshkumar83.blogspot.com/2010/11/firesheep-session-hijacking-tool.html.
Attacks mitigated: Sniffing, Session Hijacking
7. Change the default SSID:
Although this will not prevent hackers breaking into a network, using a default SSID acts as an indication that the user is careless. So he may be an obvious target to explore further to see if he still uses the default passwords as well? 
Attacks mitigated: War driving
8. Restrict access by assigning static IP addresses and MAC filtering:
Disable automatic IP assigning feature and use private static IPs to the legitimate devices you want to connect. This will help you in blocking unwanted devices from being connected to your network. Also, enable MAC filtering- router remembers MAC of each and every device connected to it and saves it as list. You can use this facility to restrict access. Only a set of trusted devices can be allowed to connect. However MAC spoofing is still possible but it raises an extra bar for your wireless network.
9. Turn off your router when not in use:
Last but not least, a little obvious, but it will save your network from all the attacks for that time period.

Wi-Fi in a Corporate/Enterprise Network

Due to the nature of activity and criticality of information, it is very important that Corporate / Enterprise networks have a higher degree of security. 
The following are good to have:
  • Defining an adequate organization wide Information Security policy & procedures for wireless network
  • SSID’s should not be associated with the organization, AP vendor or any other related information which would be easy to guess or associate with the current organization
  • Enable WPA2 Enterprise encryption with RADIUS authentication and use of EAP protocol like EAP-TTLS, TLS   etc.
  • Implementation of PKI infrastructure. CA signed certificates to authenticate the server to client and vice versa
  • Filtering of clients based on unique identifier like MAC Address
  • Isolated ‘Guest’ wireless network with no interface / connection to the corporate network
  • Limiting the radius of Wi-Fi network by reducing the power output of the AP
  • Allocating IP Address to the employee and guest machines only after successful authentication
  • Periodically changing the keys & passwords
  • Use of VPN while accessing corporate information from Public Wi-Fi network
  • Client side utilities like DecaffeintIDcan help in detecting changes in ARP table and serve as common man’s IDS to protect against attacks like ‘hole196’ and DoS.
  • Implementation of Wireless IDS. Wireless IDS is a new concept. The key features of Wireless IDS are:
  1. Prevention against Rogue AP’s
  2. Detection & prevention against DoS attacks
  3. Assistance in locating the approximate physical location of the attacker
  4. Assistance in enforcing the Organization’s Information Security policy on wireless networks
  5. Detection of use of scanning tools like Kismet &NetStumbler
Snort-Wireless & WIDZ are examples of the open source Wireless IDS

Nilesh Kumar is working as a Senior Engineer-Security Analyst with Honeywell Technology Solutions Lab, Bangalore, India. He is mainly focused on Application Security, Network Security and Wireless Security. Apart from that he shows interest in Reverse Engineering.

Leave a Reply