Wireless Local Area Network (WLAN), Exercises of Local Area Network (LAN)

Wireless LANs involves a combination of security technologies, and that vulnerability assessment and risk analysis are essential for development of ...

Typology: Exercises

2022/2023

Uploaded on 05/11/2023

tylar
tylar 🇺🇸

4.8

(19)

238 documents

1 / 64

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
MEE08:39
Wireless Local Area Network
(WLAN):
Security Risk Assessment
and Countermeasures
Nwabude Arinze Sunday
This thesis is presented as part of Degree of
Master of Science in Electrical Engineering
Blekinge Institute of Technology
August 2008
Blekinge Institute of Technology
School of Engineering
Department of Telecommunications
Supervisor: Fredrik Erlandsson
Examiner: Fredrik Erlandsson
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40

Partial preview of the text

Download Wireless Local Area Network (WLAN) and more Exercises Local Area Network (LAN) in PDF only on Docsity!

MEE08:

Wireless Local Area Network

(WLAN):

Security Risk Assessment

and Countermeasures

Nwabude Arinze Sunday

This thesis is presented as part of Degree of

Master of Science in Electrical Engineering

Blekinge Institute of Technology August 2008

Blekinge Institute of Technology School of Engineering Department of Telecommunications Supervisor: Fredrik Erlandsson Examiner: Fredrik Erlandsson

Countermeasures

Nwabude Arinze Sunday ii

Countermeasures

Nwabude Arinze Sunday iv

Countermeasures

Nwabude Arinze Sunday v

ACKNOWLEDGEMENT

I am grateful to God Almighty for his grace and strength that sustained me through out the duration of this work, thereby making it a success.

Special thanks go to my supervisor, Fredrik Erlandsson, for his support and guidance.

I, also, wish to express my profound gratitude to Mikael Åsman, program manager, Master in Electrical Engineering, BTH; Lena Magnusson, Student Administrator, Master in Electrical Engineering, BTH; and May Gulis, Student Nurse, BTH, for their relentless efforts and assistance in getting this thesis work approved.

Finally, I wish to thank my mom, siblings and all my friends in BTH and at home for their prayers all through the period of this work. Thank you all.

Countermeasures

Nwabude Arinze Sunday vii

TABLE OF CONTENTS

ABSTRACT .................................................................................................................. iii

ACKNOWLEDGEMENT ............................................................................................ v

TABLE OF CONTENTS ........................................................................................... vii

LIST OF FIGURES AND TABLES ........................................................................... xi

LIST OF FIGURES ................................................................................................. xi

LIST OF TABLES ................................................................................................... xi

CHAPTER ONE .......................................................................................................... - 1 -

1.0 INTRODUCTION......................................................................................... - 1 -

1.1 PROBLEM STATEMENT .......................................................................... - 1 -

1.2 PREVIOUS STUDIES .................................................................................. - 2 -

1.3 OBJECTIVES OF THE STUDY ................................................................. - 2 -

1.4 RESEARCH QUESTIONS .......................................................................... - 2 -

1.4.0 Research question I ............................................................................... - 2 -

1.4.1 Research question II ............................................................................. - 2 -

1.5 METHOD ...................................................................................................... - 3 -

1.6 SIGNIFICANCE OF THE STUDY ............................................................ - 3 -

1.7 ORGANISATION OF THE STUDY .......................................................... - 3 -

CHAPTER TWO.......................................................................................................... - 5 -

2 BRIEF REVIEW OF WIRELESS LOCAL AREA NETWORK (WLAN) ...... - 5 -

2.0 INTRODUCTION......................................................................................... - 5 -

2.1 BASIC WLAN COMPONENTS ................................................................. - 5 -

2.2 WLAN TRANSMISSION TECHNOLOGIES........................................... - 6 -

2.2.0 INFRARED (IR) LANs ........................................................................ - 6 -

2.2.1 SPREAD SPECTRUM LANs .............................................................. - 7 -

2.2.2 NARROWBAND MICROWAVE LANs ............................................ - 8 -

2.3 WLAN SPECTRUM ALLOCATION ........................................................ - 9 -

2.4 WLAN TOPOLOGIES ................................................................................ - 9 -

Countermeasures

Nwabude Arinze Sunday viii

2.4.0 AD HOC MODE ................................................................................. - 10 -

2.4.1 INFRASTRUCTURE MODE ............................................................ - 10 -

2.5 WLAN APPLICATIONS ........................................................................... - 11 -

CHAPTER THREE .................................................................................................... - 13 -

3 WIRELESS LAN STANDARDS ...................................................................... - 13 -

3.0 INTRODUCTION....................................................................................... - 13 -

3.1 THE IEEE 802.11 FAMILY OF STANDARDS ...................................... - 13 -

3.1.0 IEEE 802.11b ....................................................................................... - 13 -

3.1.1 IEEE 802.11a ....................................................................................... - 14 -

3.1.2 IEEE 802.11g ....................................................................................... - 14 -

3.1.3 IEEE 802.11n ....................................................................................... - 14 -

3.2 OTHER IEEE 802.11 WORKING GROUP STANDARDS ................... - 14 -

3.2.0 THE IEEE 802.11i STANDARD ....................................................... - 15 -

3.3 THE 802.1x AUTHENTICATION PROCESS ........................................ - 17 -

CHAPTER FOUR ...................................................................................................... - 23 -

4 WLAN VULNERABILITIES, THREATS AND COUNTERMEASURES .. - 23 -

4.0 INTRODUCTION....................................................................................... - 23 -

4.1 WLAN SECURITY ATTACKS ................................................................ - 24 -

4.1.0 PASSIVE ATTACKS ......................................................................... - 25 -

4.1.1 ACTIVE ATTACKS........................................................................... - 27 -

4.2 PUTTING ATTACKS INTO PERSPECTIVE: RISK ANALYSIS ...... - 32 -

4.3 CONDUCTING A VULNERABILITY ASSESSMENT ......................... - 34 -

4.3.0 WLAN DISCOVERY ......................................................................... - 34 -

4.3.1 VULNERABILITY/PENETRATION TESTING............................ - 35 -

4.3.2 USING WIPS TO MONITOR ACTIVITY ...................................... - 35 -

4.3.3 USING WIRELESS ANALYZERS FOR INVESTIGATION ....... - 36 -

4.4 PUTTING ASSESSMENT RESULTS TO WORK ................................. - 36 -

CHAPTER FIVE ........................................................................................................ - 41 -

5 CONCLUSION, SUMMARY AND FUTURE RESEARCH ......................... - 41 -

5.0 CONCLUSION ........................................................................................... - 41 -

5.1 SUMMARY ................................................................................................. - 42 -

Countermeasures

Nwabude Arinze Sunday x

Countermeasures

Nwabude Arinze Sunday xi

LIST OF FIGURES AND TABLES

LIST OF FIGURES

Figure 1 Basic components of WLAN ...................................................................... - 6 -

Figure 2 Frequency hopping ..................................................................................... - 7 -

Figure 3 DSSS with CDMA ....................................................................................... - 8 -

Figure 4 WLAN Ad Hoc Mode ............................................................................... - 10 -

Figure 5 WLAN Infrastructure Mode ................................................................... - 11 -

Figure 6 Protocol Structure - IEEE 802.11i: WLAN Security Standards. ......... - 17 -

Figure 7 802.1x Authentication Process (WPA2) .................................................. - 18 -

Figure 8 General Taxonomy of WLAN security attacks ...................................... - 24 -

Figure 9 Security as a process ................................................................................. - 33 -

LIST OF TABLES

Table 1 Comparison of WLAN Transmission Technologies.................................. - 9 -

Table 2 Showing 900 MHz, 2.4 GHz and 5 GHz ISM Bands. ................................ - 9 -

Table 3 Showing WLAN Topologies and Application Areas. .............................. - 11 -

Table 4 Organizations/Scenarios, WLAN Applications and Advantages........... - 12 -

Table 5 IEEE 802.11 family of standards .............................................................. - 19 -

Table 6 Sniffing Tools .............................................................................................. - 25 -

Table 7 Wireless Security Attacks .......................................................................... - 29 -

Table 8 Wireless attacks and countermeasures .................................................... - 38 -

Countermeasures

Nwabude Arinze Sunday - 1 -

CHAPTER ONE

1.0 INTRODUCTION

Wireless communication has broken the constraint users used to have with wired technology. The liberty to gain access to corporate network without being bonded, mobility while accessing the Internet, increased reliability and flexibility are some of the factors driving the wireless local area network technology. Other factors that contribute to tremendous growth of Wireless Local Area Networks (WLANs) are reduced installation time, long-term cost savings, and installation in difficult-to-wire areas. Today, Wireless Local Area Network (WLAN) is a choice to reckon in various sectors, including business, education, government, public and individual. IEEE 802.11 dominates the wireless networking technology. This can be attributed to the low cost of the hardware and high data rates that support current applications (from 1 to 54 Mbps) as well as promising future extensions (possibly exceeding 100 Mbps with 802.11n). Increasingly, portable devices (Laptops, PDAs, and Tablet PCs) are being sold with wireless LAN as a standard feature.

However, this technology brings with it important limitations in the field of security. The communication medium of wireless LAN is radio wave, thus it’s more susceptible to eavesdropping than wired networks, and as the wireless market grows, the security issues grow along with it. There have been several works on WLAN security since it was discovered that the 802.11 security architecture is weak. However, most of these works were on the security mechanism enhancement.

For an organization to best protect its information there is need for security risk assessment. This will help to determine the threats its information is prone to, and then develop appropriate security measures to counter it.

This thesis assesses the security risks associated with WLANs that limits its deployment in enterprise environment and proffers countermeasures that should be put in place for secure implementation as integral part of LAN.

1.1 PROBLEM STATEMENT

Information is a valuable asset of an organisation and thus need to be protected against threats, to give the confidence that the business can proceed continuously. The result is reduction in possible losses of business and increase in the rate of return on investment and business opportunities.

Countermeasures

Nwabude Arinze Sunday - 2 -

It is therefore of uttermost importance to assess the security risks associated with the deployment of WLAN in an enterprise environment and evaluate countermeasures to mitigate these risks for information security: Confidentiality, Integrity and Availability.

1.2 PREVIOUS STUDIES

Several works have affirmed the weakness of Wired Equivalent Privacy (WEP) security algorithm in the original IEEE 802.11 standard and suggested how the security mechanism of WLAN can be enhanced - the paper by Borisov, Goldberg, and D. Wagner, for example, demonstrated the weakness of WEP. There are also few works on how external security apparatus can be used to strengthen the WLAN inbuilt security mechanism – James Burrell and others. This study therefore is undertaken in order to add something new to existing knowledge in the globalised and ever-changing world of technology.

1.3 OBJECTIVES OF THE STUDY

1.3.0 To find out the known security holes that limit enterprise deployments of a WLAN

1.3.1 To find out if these known security holes can be fixed.

1.4 RESEARCH QUESTIONS

In accordance with the objective of the study, the following research questions are posed to guide this research.

1.4.0 Research question I

Are there known inherent insecurities that limit enterprise deployments of a WLAN?

1.4.1 Research question II

Are there countermeasures that can be put in place to fix these known security holes for secure enterprise deployment of wireless networks?

Countermeasures

Nwabude Arinze Sunday - 4 -

Countermeasures

Nwabude Arinze Sunday - 5 -

CHAPTER TWO

2 A BRIEF REVIEW OF WIRELESS LOCAL AREA

NETWORK (WLAN)

2.0 INTRODUCTION

Wireless local area networks (WLANs) are the same as the traditional LAN but they have a wireless interface, thereby providing location-independent network access. It enables a local network of computers to exchange data or other information by radio waves and without the use of cables. It can either replace or, more usually, extend a wired LAN. Today, wireless LANs have occupied a significant segment in the local area network market. Increasingly, organizations have found that wireless LANs are indispensable attachment to traditional wired LANs, to satisfy the requirements for mobility, relocation, ad hoc networking, and coverage of locations difficult to wire.

This chapter provides a brief survey of wireless LANs. The following subtopics were covered: basic WLAN components, WLAN transmission technology, WLAN spectrum allocation, WLAN topologies and WLAN applications.

2.1 BASIC WLAN COMPONENTS

For one to set up a wireless local area network, two basic components must be available: wireless network cards and wireless access point(s). The third basic component, wireless bridge, is used to link two or more buildings together.

The wireless network cards are attached to mobile computing devices, and they connect to an access point. An access point is essentially a hub that gives wireless clients the ability to attach to the wired LAN backbone. To maintain a coverage area, more than one access points are used as in cell structures, which are used by cell phone providers to maintain a coverage area. Wireless bridges, on the other hand, enable high-speed long- range outdoor links between buildings. Based on line-of-sight, wireless bridges are not affected by obstacles such as freeways, railroads, and bodies of water, which typically pose a problem for copper and fibre-optic cable.

Countermeasures

Nwabude Arinze Sunday - 7 -

The ceiling station broadcasts ominidirectional signals which are received by all the other IR transceivers in the area, and these transceivers in turn transmit a directional beam aimed at the ceiling base station.

  • Diffused: The infrared light transmitted by the sender unit fills the area (e.g. office). Therefore the receiver unit located anywhere in that area can receive the signal.

2.2.1 SPREAD SPECTRUM LANs

In exclusion of very small offices, a spread spectrum wireless LAN makes use of a multiple-cell arrangement. Each of the adjacent cells in the configuration is assigned a different centre frequency within the same band to avoid interference.

With this transmission technology, there are two methods used by wireless LAN products: frequency hopping and direct sequence modulation.

  • Frequency Hopping: Here, the signal jumps from one frequency to another within a given frequency range. The transmitter device "listens" to a channel, if it detects an idle time (i.e. no signal is transmitted), it transmits the data using the full channel bandwidth. If the channel is full, it "hops" to another channel and repeats the process. The transmitter and the receiver "jump" in the same manner.

Figure 2 Frequency hopping Source: WLANA 65

  • Direct Sequence Modulation: This method uses a wide frequency band together with Code Division Multiple Access (CDMA). Signals from different units are transmitted at a given frequency range, and at a very low power. A code is transmitted with each signal so that the receiver can identify the appropriate signal

Countermeasures

Nwabude Arinze Sunday - 8 -

transmitted by the sender unit. The frequency at which such signals are transmitted is called the ISM (industrial, scientific and medical) band. This frequency band is reserved for ISM devices. The ISM band has three frequency ranges: 902-928, 2400-2483.5 and 5725-5850 MHz.

Figure 3 DSSS with CDMA Source: WLANA 65

2.2.2 NARROWBAND MICROWAVE LANs

This involves the use of relatively narrow bandwidth microwave radio frequency band to transmit signals. Most of the available narrowband microwave LAN products operate at frequencies that require FCC licensing - uses the 18.82 to 19.205GHz of the radio spectrum. It has two bandwidth, they are:

  • Licensed Narrowband RF: A typical narrowband scheme makes use of cell configuration in which adjacent cells use nonoverlapping frequency bands within the overall 18 GHz band. One advantage of licensed narrowband LAN is that it guarantees interference-free communication. Also, all communications are encrypted to avoid eavesdropping.
  • Unlicensed Narrowband RF: Operating at ISM spectrum, unlicensed narrowband RF can be used for narrowband transmission at lower power 0.5 watts or less.

In table 1 shown in the next page, the WLAN transmission technologies are compared relative to range limitation, susceptibility to signal interception, interference, jamming and license requirement.