WIRELESS SECURITY
AAFREEN SINGH
STUDENT
C.S.E DIET
ABSTRACT
The document addresses wireless
technologies that agencies are most
likely to employ: wireless local area
networks (WLAN) and ad hoc or—more
specifically—Bluetooth networks. The
document also addresses the use of
wireless handheld devices. The
document does not address technologies
such as wireless radio and other WLAN
standards that are not designed to the
Institute of Electrical and Electronics
Engineers (IEEE) 802.11 standard.
These technologies are out of the scope
of this document.
Wireless technologies are changing
rapidly. New products and features are
being introduced continuously. Many of
these products now offer security
features designed to resolve long-
standing weaknesses or address newly
discovered ones. Yet with each new
capability, a new threat or vulnerability
is likely to arise. Wireless technologies
are evolving swiftly. Therefore, it is
essential to remain abreast of the current
and emerging trends in the technologies
and in the security or insecurities of
these technologies. Again, this guideline
does not cover security of other types of
wireless or emerging wireless
technologies such as third-generation
(3G) wireless telephony.
INTRODUCTION
Wireless communications offer
organizations and users many benefits
such as portability and
flexibility,increased productivity, and
7
SHILPI
STUDENT
C.S.E DIET
lower installation costs. Wireless
technologies cover a broad range of
differing capabilities oriented toward
different uses and needs. Wireless local
area network (WLAN) devices, for
instance, allow users to move their
laptops from place to place within their
offices without the need for wires and
without losing network connectivity.
Less
wiring
means
greater
flexibility,
increased
efficiency,
and reduced
wiring
costs. Ad
hoc
networks, such as those enabled by
Bluetooth, allow data synchronization
with network systems and application
sharing between devices. Bluetooth
functionality also eliminates cables for
printer and other peripheral device
connections. Handheld devices such as
personal digital assistants (PDA) and
cell phones allow remote users to
synchronize personal databases
and provide access to network services
such as wireless e-mail, Web browsing,
and Internet access. Moreover, these
technologies can offer dramatic cost
savings and new capabilities to diverse
applications ranging from retail settings
to manufacturing shop floors to first
responders. However, risks are inherent
in any wireless technology. Some of
these risks are similar to those of wired
networks; some are exacerbated by
wireless connectivity; some are new.
Perhaps the most significant source of
risks in wireless networks is that the
technology’s underlying
communications medium, the airwave, is
open to intruders, making it the logical
equivalent of an Ethernet port in the
parking lot. The loss of confidentiality
and integrity and the threat of denial of
service (DoS) attacks are risks typically
associated with wireless
communications. Unauthorized users
may gain access to agency systems and
information, corrupt the agency’s data,
consume network bandwidth, degrade
network performance, launch attacks
that prevent authorized users from
accessing the network, or use agency
resources to launch attacks on other
networks.
Wireless Standards
Wireless technologies conform to a
variety of standards and offer varying
levels of security features. The principal
advantages of standards are to encourage
mass production and to allow products
from multiple vendors to interoperate.
For this document, the discussion of
wireless standards is limited to the IEEE
802.11 and the Bluetooth standard.
WLANs follow the IEEE 802.11
standards. Ad hoc networks follow
proprietary techniques or are based on
the Bluetooth standard, which was
developed by a consortium of
commercial companies making up the
Bluetooth Special Interest Group (SIG).
These standards are described below.
Wireless LANs
WLANs allow greater flexibility and
portability than do traditional wired local
area networks (LAN). Unlike a
traditional LAN, which requires a wire
8
to connect a user’s computer to the
network, a WLAN connects computers
and other components to the network
using an access point device. An access
point communicates with devices
equipped with wireless network
adaptors; it connects to a wired Ethernet
LAN via an RJ-45 port. Access point
devices typically have coverage areas of
up to 300 feet (approximately 100
meters). This coverage area is called a
cell or range. Users move freely within
the cell with their laptop or other
network device. Access point cells can
be linked together to allow users to even
“roam” within a building or between
buildings.
Bluetooth
Bluetooth has emerged as a very popular
ad hoc network standard today. The
Bluetooth standard is a computing and
telecommunications industry
specification that describes how mobile
phones, computers, and PDAs should
interconnect with each other, with home
and business phones, and with
computers using short-range wireless
connections. Bluetooth network
applications include wireless
synchronization, e-mail/Internet/intranet
access using local personal computer
connections, hidden computing through
automated applications and networking,
and applications that can be used for
such devices as hands-free headsets and
car kits. The Bluetooth standard
specifies wireless operation in the 2.45
GHz radio band and
supports data rates up to 720 kbps.5 It
further supports up to three simultaneous
voice channels and employs frequency-
hopping schemes and power reduction to
reduce interference with other devices
operating in the same frequency band.
The IEEE 802.15 organization has
derived a wireless personal area
networking technology based on
Bluetooth specifications v1.1.
Wireless Security Threats
The NIST handbook An Introduction to
Computer Security generically classifies
security threats in nine categories
ranging from errors and omissions to
threats to personal privacy. 6 All of these
represent potential threats in wireless
networks as well. However, the more
immediate concerns for wireless
communications are device theft, denial
of service, malicious hackers, malicious
code, theft of service, and industrial and
foreign espionage. Theft is likely to
occur with wireless devices because of
their portability. Authorized and
unauthorized users of the system may
commit fraud and theft; however,
authorized users are more likely to carry
out such acts. Since users of a system
may know what resources a system has
and the system’s security flaws, it is
easier for them to commit fraud and
theft. Malicious
hackers, sometimes called crackers, are
individuals who break into a system
without authorization, usually for
personal gain or to do harm. Malicious
hackers are generally individuals from
outside of an agency or organization
(although users within an agency or
organization can be a threat as well).
Such hackers may gain access to the
wireless network access point by
eavesdropping on wireless device
communications. Malicious code
involves viruses, worms, Trojan horses,
logic bombs, or other unwanted software
that is designed to damage files or bring
down a system. Theft of service occurs
when an unauthorized user gains access
9
to the network and consumes network
resources. Industrial and foreign
espionage involves gathering proprietary
data from corporations or intelligence
information from governments through
eavesdropping. In wireless networks, the
espionage threat stems from the relative
ease with which eavesdropping can
occur on radio transmissions.
Attacks resulting from these threats, if
successful, place an agency’s systems—
and, more importantly, its data—at risk.
Ensuring confidentiality, integrity,
authenticity, and availability are the
prime objectives of all government
security policies and practices. The
information must be protected from
unauthorized, unanticipated, or
unintentional modification. Security
requirements include the following:
• Authenticity—A third party must be
able to verify that the content of a
message has not been changed in
transit.
• Non repudiation—The origin or the
receipt of a specific message must be
verifiable by a third party.
• Accountability—The actions of an
entity must be traceable uniquely to
that entity.
Network availability is “the property of
being accessible and usable upon
demand by an authorized entity.”
Risks in wireless networks are equal to
the sum of the risk of operating a wired
network (as in operating a network in
general) plus the new risks introduced by
weaknesses in wireless protocols. To
mitigate these risks, agencies need to
adopt security measures and practices
that help bring their risks to a
manageable level.
To date, the list below includes some of
the more salient threats and
vulnerabilities of wireless systems
• Malicious entities may gain
unauthorized access to an agency’s
computer or voice (IP telephony)
network through wireless
connections, potentially bypassing
any firewall protections.
• Sensitive information that is not
encrypted (or that is encrypted with
poor cryptographic techniques) and
that is transmitted between two
wireless devices may be intercepted
and disclosed.
• Denial of service (DoS) attacks may
be directed at wireless connections
or devices.
• Malicious entities may steal the
identity of legitimate users and
masquerade as them on internal or
external corporate networks.
• Sensitive data may be corrupted
during improper synchronization.
• Malicious entities may be able to
violate the privacy of legitimate
users and be able to track their
physical movements.
• Malicious entities may deploy
unauthorized equipment (e.g., client
devices and access points) to
surreptitiously gain access to
sensitive information.
• Handheld devices are easily stolen
and can reveal sensitive information.
• Data may be extracted without
detection from improperly
configured devices.
• Viruses or other malicious code may
corrupt data on a wireless device and
be subsequently introduced to a
wired network connection.
• Malicious entities may, through
wireless connections, connect to
other agencies for the purposes of
10
launching attacks and concealing
their activity.
• Interlopers, from inside or out, may
be able to gain connectivity to
network management controls and
thereby disable or disrupt operations.
• Malicious entities may use a third
party, untrusted wireless network
services to gain access to an agency’s
network resources.
• Internal attacks may be possible via
ad hoc transmissions.
SECURITY MEASURES: Networks
to be protected
Wireless networks are very common,
both for organisations and individuals.
Many laptop computers have wireless
cards pre-installed for the buyer. The
ability to enter a network while mobile
has great benefits. However, wireless
networking has many security issues.
Crackers have found wireless networks
relatively easy to break into, and even
use wireless technology to crack into
non-wireless networks. Network
administrators must be aware of these
risks, and stay up-to-date on any new
risks that arise. Also, users of wireless
equipment must be aware of these risks,
so as to take personal protective
measures.
(a) Home Wireless Threats
The need to secure traditional wired
Internet connections was felt long
before. However, there is a growing
trend of shifting to a wireless connection
at homes. This involves a process where
the user connects a device to his DSL or
cable modem that broadcasts the Internet
connection through the air over a radio
signal to his computer. If traditional
wired connections are susceptible to
security tribulations, there is a great risk
of security breach that may arise when a
user opens his Internet connection to the
airwaves. An unsecured wireless
network coupled with unsecured file
sharing can be disastrous. There are,
however, steps one can take to protect
the wireless network.
The following are some of the possible
security steps:
(i) Make the wireless network invisible
by disabling identifier broadcasting,
(ii) Rename the wireless network and
change the default name.
(iii) Encrypt the network traffic,
(iv) Change administrator’s password
from the default password. If the
wireless network does not have a default
password, create one and use it to protect
the network,
(v) Use file sharing with caution. If the
user does not need to share directories
and files over his network, he should
disable file sharing on his computers.
(vi) Keep the access point software
patched and up to date,
11
(vii) Check internet provider’s wireless
security options as it may provide
information about securing your home
wireless network,
(viii) Do not auto-connect to open Wi-Fi
(wireless fidelity) networks
(ix) Turn off the network during
extended periods of non-use, etc.
(b) Public Wireless Threats
The risks to users of wireless technology
have increased exponentially as the
service has become more popular.
Currently, however; there are a great
number of security risks associated with
wireless technology. Some issues are
obvious and some are not. At a corporate
level, it is the responsibility of the
Information Technology (IT) department
to keep up to date with the types of
threats and appropriate counter measures
to deploy. Security threats are growing
in the wireless arena. Crackers have
learned that there is much vulnerability
in the current wireless protocols,
encryption methods, and in the
carelessness and ignorance that exists at
the user and corporate IT level. Cracking
methods have become much more
sophisticated and innovative with
wireless. Cracking has become much
easier and more accessible with easy-to-
use Windows-based and Linux-based
tools being made available on the web at
no charge. IT personnel should be
somewhat familiar with what these tools
can do and how to counteract the
cracking that stems from them.
Accessing the internet via a public
wireless access point involves serious
security threats. These threats are
compounded by the inability to control
the security setup of the wireless
network. The following steps can be
taken to protect oneself at public places:
(a) Be careful while dealing in an online
environment if the network is not
properly secured. Avoid online banking,
shopping, entering credit card details,
etc,
(b) Connect using a virtual private
network (VPN) as it allows connecting
securely. VPNs encrypt connections at
the sending and receiving ends, and keep
out traffic that is not properly encrypted,
(c) Disable file sharing in public wireless
spaces as it is more dangerous than it is
on your home wireless network,
(d) Be aware of your surroundings while
using a public wireless access point. If
an internet connection is not essential,
disable wireless networking altogether.
proprietary company information is
exposed and now there could exist a link
from one company to the other. This is
especially true if the laptop is also
hooked to a wired network.
(b) Malicious Association: “Malicious
associations” are when wireless devices
can be actively made by crackers to
connect to a company network through
their cracking laptop instead of a
company access point (AP). These types
of laptops are known as “soft APs” and
are created when a cracker runs some
software that makes his/her wireless
network card look like a legitimate
access point. Once the cracker has
gained access, he/she can steal
passwords, launch attacks on the wired
network, or plant trojans.

III. Corporate security

The network of companies are equally
vulnerable to various cyber attacks and if
not properly secured may cost the
company tremendous loss of information
and money. The following are the types
of unauthorised access generally found
(c) Ad-Hoc Networks: Ad-hoc networks
at companies networks:
can pose a security threat. Ad-hoc
networks are defined as peer to peer
(a) Accidental Association: Unauthorised
networks between wireless computers
access to company wireless and wired
that do not have an access point in
networks can come from a number of
between them. While these types of
different methods and intents. One of
networks usually have little security,
these methods is referred to as
encryption methods can be used to
“accidental association”. This is when a
provide security.
user turns on their computer and it
latches on to a wireless access point
(d) Non-Traditional Networks: Non-
from a neighboring company’s
traditional networks such as personal
overlapping network. The user may not
network Bluetooth devices are not safe
even know that this has occurred.
from cracking and should be regarded as
However, this is a security breach in that
a security risk. Even bar code scanners,

12
handheld PDAs,and wireless printers
and copiers should be secured. These
non-traditional networks can be easily
overlooked by IT personnel that have
narrowly focused on laptops.
(e) Identity Theft (MAC Spoofing):
Identity theft occurs when a cracker is
able to listen in on network traffic and
identify the MAC address of a computer
with network privileges. Most wireless
systems allow some kind of MAC
filtering to only allow authorised
computers with specific MAC IDs to
gain access and utilize the network.
However, a number of programs exist
that have network “sniffing” capabilities.
Combine these programs with
capabilities. Combine these programs
with other software that allow a
computer to pretend it has any MAC
address that the cracker desires, and the
cracker can easily get around that hurdle.
(f) Man-In-The-Middle Attacks: A man-
in-the-middle attack is one of the more
sophisticated attacks that have been
cleverly thought up by crackers. This
attack revolves around the attacker
enticing computers to log into his/her
computer which is set up as a soft AP.
Once this is done, the cracker connects
to a real access point through another
wireless card offering a steady flow of
traffic through the transparent cracking
computer to the real network. The
cracker can then sniff the traffic for user
names, passwords, credit card
numbers...etc. One type of man-in-the-
middle attack relies on security faults in
challenge and handshake protocols. It is
called a “de-authentication attack”. This
attack forces AP-connected computers to
drop their connections and reconnect
with the cracker’s soft AP. Man-in-the-
middle attacks are getting easier to pull
13
off due to freeware such as LANjack and
AirJack automating multiple steps of the
process. What was once done by cutting
edge crackers can now be done by less
knowledgeable and skilled crackers
sitting around public and private
hotspots. Hotspots are particularly
vulnerable to any attack since there is
little to no security on these networks.
(g) Denial of Service: A Denial-of-
service attack occurs when an attacker
continually bombards a targeted AP or
network with bogus requests, premature
successful connection messages, failure
messages, and/or other commands.
These cause legitimate users to not be
able to get on the network and may even
cause the network to crash. These
attacks rely on the abuse of protocols
such as the Extensible Authentication
Protocol (EAP).
(h) Network Injection: The final attack
to be covered is the network injection
attack. A cracker can make use of AP
points that are exposed to non-filtered
network traffic. The cracker injects
bogus networking re-configuration
commands that affect routers, switches,
and intelligent hubs. A whole network
can be brought down in this manner and
require rebooting or even
reprogramming of all intelligent
networking devices.
Conclusion
The growing penetration of Internet in
the day to day affairs of Indian society
has both positive and negative effects.
The positive side of this is the advent of
e-governance and e-commerce in India.
The use of e-governance will provide a
transparent, accountable and hassle free
citizen and Government interaction.
Similarly, e-commerce is also facilitated
with the use of ICT. The e-commerce is
a well known phenomenon of the global
trade that is gaining momentum in India.
However, neither e-governance nor e-
commerce can be a success in India till
we also secure these infrastructures. Any
ICT infrastructure is ineffective till we
are capable of securing and protecting it.
It must be appreciated that the ICT
infrastructure of a nation can exist only
to the extent it can be protected from
internal and external online attacks. This
“need” becomes a “compulsion” due to
the provisions of IT Act, 2000 that fixes
both civil and criminal liability for
failure to act diligently. Both the citizens
and companies are required to establish a
sound and secure ICT infrastructure to
escape the accusation of lack of “due
diligence”. The need of the hour is to
secure both home based and publicly
situated wireless networks. The same
cannot be a reality in India till we take
immediate steps in this direction. Every
base needs time to mature and its
deficiencies can be removed only after it
is established and analysed. It is futile to
wait for several years and then adopt and
14
establish a base that is unsuitable to
Indian conditions. The ICT strategy of
India must be “futuristic” in nature that
must anticipate and adopt future
developments and trends. We are
following those trends that have been
discarded long before by developed
countries. We must concentrate on
“originality” and devote our time, money
and energy to security and forensics
researches rather than blindly following
foreign standards. It is high time for
“innovation” and “futuristic efforts” and
giving a final farewell to dependence
upon standards and technology left by
developed nations.
REFERENCES
1. http://www.zdnetindia.com (ZDNet
India Magazine Web site provides
white papers, surveys, and reports on
wireless network security)
2. Wireless Network Security 802.11,
Bluetooth and Handheld Devices
Tom Karygianni ,Les Owens
3. Norton, P., and Stockman,
M.Peter Norton’s Network Security
Fundamentals.