WIRELESS LOCAL AREA NETWORK: SECURITY ISSUES AND COUNTERMEASURES IN ORGANISATION

Nor Rasyidah Binti Haminudin2011634444M. Sc. (Information Technology)Faculty Of Computer And Mathematical SciencesUniversity Technology MARA, Malaysianorrasyidah.haminudin@gmail.com | | |

ABSTRACT
Every organisation today is looking to implement Wireless Local Area Network (WLAN) infrastructure to improve its communication capabilities by providing access anywhere for employees, and more importantly, convenient access for customers and other users. WLAN provides users many benefits such as portability, flexibility, reduced hardware need and lower installation cost. Without a doubt, the benefits of WLAN enhance an organisation’s overall productivity. However, WLAN is not without its own security problems. WLAN infrastructures that are not secured would actually affect the security posture of the LAN environment as well. Having an unsecured WLAN can result in a loss of service, or can be used as a staging area to launch attacks against other networks. The significant challenges faced today in securing wireless LANs are maintaining privacy, data confidentiality, and preventing unauthorized access using proper access control mechanisms. This paper will mainly focus on the wireless access points (APs) as devices that act as a central transmitter and receiver or WLAN radio signals. It will begin by introducing the concept of WLAN. The introductory section gives brief information on the WLAN components and its architecture. In order to examine the WLAN security threats and vulnerabilities, this paper will look at Rogue APs, Ad-Hoc Networks, MAC Spoofing, Honeypot APs and Denial of Service.
Keywords: Wireless Local Area Network, WLAN, Wireless Security, Wireless Access Points, Wireless Security Threats, Vulnerabilities

1.0 Introduction
A WLAN is a flexible data communications system that can use either infrared or radio frequency technology to transmit and receive information over the air. WLAN has been widely used in many sectors ranging from corporate, education, finance, healthcare, retail, manufacturing, and warehousing. It has increasingly becoming an important technology to satisfy the needs for installation flexibility, mobility, reduced cost-of-ownership, and scalability ( (Hamid, 2003).

The WLAN connects the computers and other network devices via an access point (AP). The AP acts like a transceiver that provides devices a certain amount of mobility. Access point devices usually have a coverage radius up to 300 feet for indoor and covers the radius of 1800 feet for outdoor networking. (M. Krishnakumar Kappes, 2004). This area of coverage is called a cell and users roam within the cell with their wireless laptops or any hand-held devices such as smart phones, IPad and others. Although the wireless network configuration and reconfiguration is easier, faster and less expensive, wireless network must be efficiently monitored and there are some important security issues to be aware of.

1.1 WIRELESS COMPONENTS
One important advantage of WLAN is the simplicity of its installation. Installing a wireless LAN system is easy and can eliminate the needs to pull cable through walls and ceilings. The basic components of a WLAN are quite simple and it consists of access points (APs) and Network Interface Cards (NICs)/ client adapters.

1.2.1 Access Points

Access Point (AP) is essentially the wireless equivalent of a LAN hub. It is typically connected with the wired backbone through the standard Ethernet cable, and communicates with wireless devices by means of an antenna. An AP operates within a specific frequency spectrum and uses 802.11 standard specified modulation techniques. It also informs the wireless clients of its availability, authenticates and associates wireless clients to the wireless network.

1.2.2 Network Interface Card (NICs)/ Client Adapters

Wireless client adapters connect PC or workstation to a wireless network either in ad hoc peer-to-peer mode or in infrastructure mode with APs. The NIC scans the available frequency spectrum for connectivity and associates it to an access point or another wireless client. It is coupled to the PC/workstation operating system using a software driver. The NIC enables new employees to be connected instantly to the network and enable Internet access in conference rooms.

1.2 WLAN CONFIGURATIONS

The WLAN components mentioned above are connected in certain configurations. There are three main types of WLAN architecture: Independent, Infrastructure, and Microcells and Roaming. (Pulsewan.com, 2002)

1.3.3 Independent WLAN

The simplest WLAN configuration is an independent (or peer-to-peer) WLAN or also be known as ad-hoc mode (Arbaugh, Shankar, & Wan, 2001). It is a group of computers, each equipped with one wireless LAN NIC/client adapter. In this type of configuration, each client communicates directly with the other clients within the network without the use of access point. Each computer in the LAN is configured at the same radio channel to enable peer-to-peer networking. Independent networks is designed such that only the clients within transmission range (within the same cell) of each other can communicate. Figure 1 shows the architecture of Independent WLAN.
Client A
Client C
Client B

Figure 1: Independent WLAN (Pulsewan.com, 2002) 1.3.4 Infrastructure WLAN
In infrastructure WLAN, each client sends all of its communications to a central station, or access point (AP). The access point acts as an Ethernet bridge and forwards the communications onto the appropriate network either the wired or wireless network (see Figure 2). This network configuration satisfies the need of large-scale networks arbitrary coverage size and complexities. Figure 3 shows the architecture of Infrastructure WLAN. Figure 2: Example of Infrastructure Network (Arbaugh, Shankar, & Wan, 2001)

Figure 3: Infrastructure WLAN (Pulsewan.com, 2002) 1.3.5 Microcells and Roaming
The area of coverage for an access point is called a "microcell’. The installation of multiple access points is required in order to extend the WLAN range beyond the coverage of a single access. One of the main benefits of WLAN is user mobility. Therefore, it is very important to ensure that users can move seamlessly between access points without having to log in again and restart their applications.

Seamless roaming is only possible if the access points have a way of exchanging information as a user connection is handed off from one access point to another. In a setting with overlapping microcells, wireless nodes and access points frequently check the strength and quality of transmission. The WLAN system hands off roaming users to the access point with the strongest and highest quality signal, in accommodating roaming from one microcell to another. Figure 4 shows the architecture of Microcells and Roaming.

Figure 4: Microcells and Roaming (Pulsewan.com, 2002) 2.0 WIRELESS NETWORK VULNERABILITIES AND THREATS

Wireless technology sometimes allows threats, attacks and vulnerabilities to enter the wireless space. Malicious people will exploit any known weaknesses through service attacks, worms, spam, malware and man-in-the-middle attacks.

Wireless networks also have three additional aspects that make the security of wireless networks even more challenging than the security of wired networks: (Petajasoka, Makila, Varpiola, Saukko, & Takanen, 2008)

* Wireless networks are always open * Attackers can connect into the network from anywhere and from any distance * Attackers are always anonymous

As wireless communications and Internet become truly interoperable, users may want the communications channel to be secure and available when needed. For a message sent using this wireless communication channel, the user expect assurance of: (Boncella, 2002) * Authentication (the sender and receiver are who they say they are) * Confidentiality (the message cannot be understook except by the receiver); and * Integrity (the message was not altered)
This section explains 5 examples of important threats and vulnerabilities: Unauthorized APs, MAC Spoofing, Denial of Services, Honeypot APs, and Ad-Hoc Networks.

3.1 Unauthorized Access Points
Unauthorized APs are those that are visible to sensors, but not deployed by network administrators as corporate/organisation’s APs. It is also known as a rogue AP (see Figure 5). When a user turns on a computer and it latches on to a wireless access point from a neighboring organisation’s overlapping network, the user may not even know that this has occurred. However, it is a security breach in which the proprietary organisation information’s is exposed and they could obtain a connection from one organisation to the other. (Choi, Robles, & Kim, 2008)

There are possible threats that might occur if users access the Internet through rouge APs:

* External hackers can gain access to the internal network via the rogue AP. * Creates an open access to any users. * Possible confidential data leakage to external hackers.

Figure 5: Connection to Unauthorized Access Point

3.2 MAC SPOOFING

MAC spoofing is also known as ‘man-in-the-middle attack’, that is unlikely to happen by accident. An external AP can copy the User’s AP’s MAC address and SSID in order to appear identical. Users will normally associate with the AP with the stronger signal. Users also may associate initially to the spoofing AP, or even transfer the connection in the middle of a transaction because of a stronger signal. (See Figure 6)
Most wireless systems allow some kind of MAC filtering to only allow authorized computers with specific MAC IDs to gain access and utilize the network. However, there are several existing programs / software that have the ability to conduct network sniffing. Combination of these programs with other software will allow a computer to pretend it has any MAC address that the hackers’ desires and the hackers can easily get around that hurdle. (Choi, Robles, & Kim, 2008)

The possible threats that could happen when users connect to this access points are:

* External hackers can gain access to the internal network via the mis-configured/hacked AP. * Creates an open access to any users. * Possible confidential data leakage to external hackers, data rerouting, data theft and any other attacks.
[Type a quote from the document or the summary of an interesting point. You can position the text box anywhere in the document. Use the Text Box Tools tab to change the formatting of the pull quote text box.]

Figure 6: Connection to MAC Spoofing’s AP

3.3 DENIAL OF SERVICES

A Denial-of-Service attack (DoS) occurs when an attacker continually bombards a targeted access point or network with bogus requests, premature successful connection messages, valid or invalid messages, and/or other commands (See Figure 7). These cause legitimate users unable to get on the network and may even cause the network to crash. Due to the nature of the radio transmission, the WLAN are very vulnerable against denial of service attacks. The relatively low bit rates of WLAN can easily be overwhelmed and leave them open to denial of service attacks. By using a powerful enough transceiver, radio interference can easily be generated that would unable WLAN to communicate using radio path (Boncella, 2002). This will cause the organisation to face the situation of a total shutdown or downtime to the enterprise wireless connectivity.

Figure 7: Denial of Service Attack

3.4 HONEYPOT ACCESS POINTS

A Honeypot access points is a fake access point with the similar service set identifier (SSID) to the organisation’s SSID which can attract users from the organisation network to connect to it. The SSID is the network identifier for a WLAN.(See Figure 8) A user may associate with the wrong WLAN if the SSIDs are identical.

The possible threats that can associate with Honeypot access points are:

* External hackers can gain access to the internal network via the connected wireless host if the host connected to a wired LAN. * Possible confidential data leakage to external hackers, data rerouting, data theft and any other attacks.

Figure 8: Connection to Honeypot Access Point

3.5 AD-HOC NETWORKS

Ad-hoc networks can pose a security threat. Ad-hoc networks are defined as peer-to-peer networks between wireless computers and does not rely on a preexisting infrastructure, such as routers in wired networks or access points in managed (infrastructure) wireless networks. (Choi, Robles, & Kim, 2008) (See Figure 9)
Instead, each node participates in routing by forwarding data for other nodes, and so the determination of which nodes forward data is made dynamically based on the network connectivity. In addition to the classic routing, ad-hoc networks can use flooding for forwarding the data.

If an external/unauthorized user forms an ad-hoc network with a corporate/authorized user, it will be a security breach. Whereas, if an ad-hoc network profile exists on the corporate client, it could potentially join an ad-hoc network automatically, without the end user realizing it.

Figure 9: Ad-Hoc Connection

3.0 SECURING WIRELESS ACCESS POINTS

This section will describe some techniques a network administrator can use to secure 802.11b/g/n wireless network. Securing a wireless network is very important because intruders can not only borrow an organisation’s Internet connection, but also access the files and check up on what the organisation is doing. Even worse, hackers can use the internet connection to upload illegal materials or collect any important and secret information from your organisation’s network.

4.6 CHANGING DEFAULT SSID AND DO NOT BROADCAST IT

Service Set Identifier (SSID) is a unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect to a particular WLAN. The SSID differentiates one WLAN from another, so all access points and all devices attempting to connect to a specific WLAN must use the same SSID. The SSID for the access point is likely to be a standard, default ID assigned by manufacturer to all hardware of the model. It is advisable to change the SSID to a unique name. Not changing the default SSID is one of the most common security mistakes made by WLAN administrators. This is equivalent to leaving a default password in place. (Hamid, 2003)

Most WLAN access points are automatically (and continually) broadcast the network's name, or SSID. This will makes the wireless users extremely convenient since it can locate a WLAN without having to know what it's called, but it will also make an organisation’s WLAN visible to any wireless systems within range of it. It is advisable to disable the identifier broadcasting mechanism for the organization’s network and makes it invisible to the neighbors and passers-by although it will still be detectible by WLAN "sniffers".

4.7 USE STRONG ENCRYPTION

The first line of defense for an organisation’s WLAN is encryption, which encodes the data transmitted between computers or any hand-held devices and wireless access points. Unfortunately, most access point ship with encryption turned off, and many network administrator do not turn it on, leaving themselves completely exposed. It is advisable to enable access point’s encryption, and use the strongest form supported by organisation’s network. The Wireless Protected Access (WPA) protocol and more recent WPA2 have supplanted the older and less-secure Wireless Encryption Protocol (WEP).

Go with WPA or WPA2 if at all possible, since WEP is relatively easy to crack. The keys used by WPA and WPA2 change dynamically, which make them nearly impossible to hack. Use a strong password for the encryption key, such as a combination of letters and numbers of 14 characters or more. (Cisco Systems, 2006)

However, if the organization still using the older access points that support WEP only, it will be safest to use 128-bit WEP keys. Besides, it is also recommended for the network administrator to check the manufacturer's Web site for a firmware update that will add WPA support. If it doesn't look like an update is likely, consider replacing old adapters and routers with newer models that support WPA. Look for a router that supports the hybrid WPA + WPA2 mode, which lets the use of stronger WPA2 encryption with adapters that support it, while still maintaining compatibility with WPA adapters. (Cisco Systems, 2006)

4.8 UTILIZE VPN

Many companies and organisations have a virtual private network (VPN). VPNs allow employees to connect securely to their network when away from the office. A VPN is a much more comprehensive solution in a way that it authenticates users coming from an untrusted space and encrypts their communication so that someone listening cannot intercept it.

A secure method of implementing a wireless AP is to place it behind a VPN server. This type of implementation provides high security for the wireless network implementation without adding significant overhead to the users. If there is more than one wireless AP in the organisation, it is recommended to run them all into a common switch, then connecting the VPN server to the same switch. Then, the desktop users will not need to have multiple VPN dial-up connections configured on their desktops. They will always be authenticating to the same VPN server no matter which wireless AP they have associated with. (Penton Media, Inc, 2002) Figure 10 shows secure method of implementing a wireless AP.

Figure 10: Securing a Wireless AP ( (Penton Media, Inc, 2002)

4.9 UTILIZE STATIC IP

By default, most wireless LANs utilize DHCP (Dynamic Host Configuration Protocol) to more efficiently assign IP addresses automatically to user devices. A problem is that DHCP does not differentiate a legitimate user from a hacker. With a proper SSID, anyone implementing DHCP will obtain an IP address automatically and become a genuine node on the network. By disabling DHCP and assigning static IP addresses to all wireless users, it can minimize the possibility of the hacker obtaining a valid IP address. This limits their ability to access network services. On the other hand, someone can use an 802.11 packet analyzer to sniff the exchange of frames over the network and learn what IP addresses are in use. This helps the intruder in guessing what IP address to use that falls within the range of ones in use. Thus, the use of static IP addresses is not fool proof, but at least it is a deterrent. Also keep in mind that the use of static IP addresses in larger networks is very cumbersome, which may prompt network administrator to use DHCP to avoid support issues. (Hamid, 2003)

4.10 MAC ADDRESS FILTERING

Every computer that is able to communicate with a network is assigned with its own Media Access Control (MAC) address. A MAC address is a unique code to a specific network adapter. Wireless access points usually have a mechanism to allow only devices with particular MAC addresses access to the network. So, by turning MAC address filtering, network administrator can limit network access to only organisation’s systems or legitimate users. In order to use MAC filtering network administrator need to find (and enter into the router or AP) the 12-character MAC address of every system that will connect to the network. It is quite cumbersome, especially if it there are lots of wireless users or if the organisation’s users change a lot.

However, MAC addresses can be "spoofed" (imitated) by a knowledgeable person, so while it's not a guarantee of security, it does add another hurdle for potential intruders to jump in.

4.0 CONCLUSION

Nowadays, computer users are interested in convenience and mobility accessing the Internet wirelessly. Today, business travelers use wireless laptops to stay in touch with the home office; vacationers beam snapshots to friends while still on holiday; and shoppers place orders from the comfort of their couches. A wireless network can connect computers in different parts of your home or business without a tangle of cords and enable you to work on a laptop anywhere within the network’s range.

Besides all the advantages of using wireless network, there are some downsides to be aware of. The downside of a wireless network is that, unless you take certain precautions, anyone with a wireless-ready computer can use your network or even access the information on your computer. And if an unauthorized person uses your network to commit a crime or send spam, the activity can be traced back to your account.

As a conclusion, there is no perfect security solution for wireless network. However, although it is impossible to totally eliminate all risks associated with wireless networking, it is possible to achieve a reasonable level of overall security by adopting a systematic approach to assessing and managing risk.

5.0 REFERENCES

Arbaugh, W. A., Shankar, N., & Wan, Y. J. (2001). Your 802.11 Wireless Network has No Clothes. 4-5.
Boncella, R. J. (2002). Wireless Security: An Overview. Communications of the Associations for Information Systems (Vol. 9, 2002), (pp. 269-271).
Choi, M.-K., Robles, R. J., & Kim, T.-H. (2008). Wireless Network Security: Vulnerabilities, Threats and Countermeasures. International Journal of Multimedia and Ubiquitous Engineering Vol. 3, No. 3, July, 2008 , 78-84.
Cisco Systems. (2006). 5 Steps to Securing Your Wireless LAN and Preventing Wireless Threats. Cisco Systems, Inc.
Hamid, R. A. (2003). GIAC Security Essentials Certification. Wireless LAN: Security Issues and Solutions , 20.
M. Krishnakumar Kappes, A. K. (2004). Estimating Signal Strength Coverage for a Wireless Access Points. Global Telecommunication Conference, 2004, GlobeCom '04.IEEE, (pp. 3264-3269, Vol.5).
Penton Media, Inc. (2002). Use VPN for Wireless Security.
Petajasoka, S., Makila, T., Varpiola, M., Saukko, M., & Takanen, A. (2008). Wireless Security: Past, Present and Future. Codenomicon White Paper Ver. 1.0, 2008, (pp. 3-5).
Pulsewan.com. (2002, Dec. 2). Retrieved from "What is WLAN?" The Wireless Networking Industry's Information Source: http://www.pulsewan.com/data101/wireless_lan_basics.htm