
























































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Wireless LANs involves a combination of security technologies, and that vulnerability assessment and risk analysis are essential for development of ...
Typology: Exercises
1 / 64
This page cannot be seen from the preview
Don't miss anything!

























































Blekinge Institute of Technology August 2008
Blekinge Institute of Technology School of Engineering Department of Telecommunications Supervisor: Fredrik Erlandsson Examiner: Fredrik Erlandsson
Countermeasures
Nwabude Arinze Sunday ii
Countermeasures
Nwabude Arinze Sunday iv
Countermeasures
Nwabude Arinze Sunday v
ACKNOWLEDGEMENT
I am grateful to God Almighty for his grace and strength that sustained me through out the duration of this work, thereby making it a success.
Special thanks go to my supervisor, Fredrik Erlandsson, for his support and guidance.
I, also, wish to express my profound gratitude to Mikael Åsman, program manager, Master in Electrical Engineering, BTH; Lena Magnusson, Student Administrator, Master in Electrical Engineering, BTH; and May Gulis, Student Nurse, BTH, for their relentless efforts and assistance in getting this thesis work approved.
Finally, I wish to thank my mom, siblings and all my friends in BTH and at home for their prayers all through the period of this work. Thank you all.
Countermeasures
Nwabude Arinze Sunday vii
TABLE OF CONTENTS
ABSTRACT .................................................................................................................. iii
ACKNOWLEDGEMENT ............................................................................................ v
TABLE OF CONTENTS ........................................................................................... vii
LIST OF FIGURES AND TABLES ........................................................................... xi
LIST OF FIGURES ................................................................................................. xi
LIST OF TABLES ................................................................................................... xi
CHAPTER ONE .......................................................................................................... - 1 -
1.0 INTRODUCTION......................................................................................... - 1 -
1.1 PROBLEM STATEMENT .......................................................................... - 1 -
1.2 PREVIOUS STUDIES .................................................................................. - 2 -
1.3 OBJECTIVES OF THE STUDY ................................................................. - 2 -
1.4 RESEARCH QUESTIONS .......................................................................... - 2 -
1.4.0 Research question I ............................................................................... - 2 -
1.4.1 Research question II ............................................................................. - 2 -
1.5 METHOD ...................................................................................................... - 3 -
1.6 SIGNIFICANCE OF THE STUDY ............................................................ - 3 -
1.7 ORGANISATION OF THE STUDY .......................................................... - 3 -
CHAPTER TWO.......................................................................................................... - 5 -
2 BRIEF REVIEW OF WIRELESS LOCAL AREA NETWORK (WLAN) ...... - 5 -
2.0 INTRODUCTION......................................................................................... - 5 -
2.1 BASIC WLAN COMPONENTS ................................................................. - 5 -
2.2 WLAN TRANSMISSION TECHNOLOGIES........................................... - 6 -
2.2.0 INFRARED (IR) LANs ........................................................................ - 6 -
2.2.1 SPREAD SPECTRUM LANs .............................................................. - 7 -
2.2.2 NARROWBAND MICROWAVE LANs ............................................ - 8 -
2.3 WLAN SPECTRUM ALLOCATION ........................................................ - 9 -
2.4 WLAN TOPOLOGIES ................................................................................ - 9 -
Countermeasures
Nwabude Arinze Sunday viii
3.1.0 IEEE 802.11b ....................................................................................... - 13 -
3.1.1 IEEE 802.11a ....................................................................................... - 14 -
3.1.2 IEEE 802.11g ....................................................................................... - 14 -
3.1.3 IEEE 802.11n ....................................................................................... - 14 -
3.2 OTHER IEEE 802.11 WORKING GROUP STANDARDS ................... - 14 -
3.2.0 THE IEEE 802.11i STANDARD ....................................................... - 15 -
3.3 THE 802.1x AUTHENTICATION PROCESS ........................................ - 17 -
CHAPTER FOUR ...................................................................................................... - 23 -
4 WLAN VULNERABILITIES, THREATS AND COUNTERMEASURES .. - 23 -
4.0 INTRODUCTION....................................................................................... - 23 -
4.1 WLAN SECURITY ATTACKS ................................................................ - 24 -
4.1.0 PASSIVE ATTACKS ......................................................................... - 25 -
4.1.1 ACTIVE ATTACKS........................................................................... - 27 -
4.2 PUTTING ATTACKS INTO PERSPECTIVE: RISK ANALYSIS ...... - 32 -
4.3 CONDUCTING A VULNERABILITY ASSESSMENT ......................... - 34 -
4.3.0 WLAN DISCOVERY ......................................................................... - 34 -
4.3.1 VULNERABILITY/PENETRATION TESTING............................ - 35 -
4.3.2 USING WIPS TO MONITOR ACTIVITY ...................................... - 35 -
4.3.3 USING WIRELESS ANALYZERS FOR INVESTIGATION ....... - 36 -
4.4 PUTTING ASSESSMENT RESULTS TO WORK ................................. - 36 -
CHAPTER FIVE ........................................................................................................ - 41 -
5 CONCLUSION, SUMMARY AND FUTURE RESEARCH ......................... - 41 -
5.0 CONCLUSION ........................................................................................... - 41 -
5.1 SUMMARY ................................................................................................. - 42 -
Countermeasures
Nwabude Arinze Sunday x
Countermeasures
Nwabude Arinze Sunday xi
LIST OF FIGURES AND TABLES
Figure 1 Basic components of WLAN ...................................................................... - 6 -
Figure 2 Frequency hopping ..................................................................................... - 7 -
Figure 3 DSSS with CDMA ....................................................................................... - 8 -
Figure 4 WLAN Ad Hoc Mode ............................................................................... - 10 -
Figure 5 WLAN Infrastructure Mode ................................................................... - 11 -
Figure 6 Protocol Structure - IEEE 802.11i: WLAN Security Standards. ......... - 17 -
Figure 7 802.1x Authentication Process (WPA2) .................................................. - 18 -
Figure 8 General Taxonomy of WLAN security attacks ...................................... - 24 -
Figure 9 Security as a process ................................................................................. - 33 -
Table 1 Comparison of WLAN Transmission Technologies.................................. - 9 -
Table 2 Showing 900 MHz, 2.4 GHz and 5 GHz ISM Bands. ................................ - 9 -
Table 3 Showing WLAN Topologies and Application Areas. .............................. - 11 -
Table 4 Organizations/Scenarios, WLAN Applications and Advantages........... - 12 -
Table 5 IEEE 802.11 family of standards .............................................................. - 19 -
Table 6 Sniffing Tools .............................................................................................. - 25 -
Table 7 Wireless Security Attacks .......................................................................... - 29 -
Table 8 Wireless attacks and countermeasures .................................................... - 38 -
Countermeasures
Nwabude Arinze Sunday - 1 -
CHAPTER ONE
1.0 INTRODUCTION
Wireless communication has broken the constraint users used to have with wired technology. The liberty to gain access to corporate network without being bonded, mobility while accessing the Internet, increased reliability and flexibility are some of the factors driving the wireless local area network technology. Other factors that contribute to tremendous growth of Wireless Local Area Networks (WLANs) are reduced installation time, long-term cost savings, and installation in difficult-to-wire areas. Today, Wireless Local Area Network (WLAN) is a choice to reckon in various sectors, including business, education, government, public and individual. IEEE 802.11 dominates the wireless networking technology. This can be attributed to the low cost of the hardware and high data rates that support current applications (from 1 to 54 Mbps) as well as promising future extensions (possibly exceeding 100 Mbps with 802.11n). Increasingly, portable devices (Laptops, PDAs, and Tablet PCs) are being sold with wireless LAN as a standard feature.
However, this technology brings with it important limitations in the field of security. The communication medium of wireless LAN is radio wave, thus it’s more susceptible to eavesdropping than wired networks, and as the wireless market grows, the security issues grow along with it. There have been several works on WLAN security since it was discovered that the 802.11 security architecture is weak. However, most of these works were on the security mechanism enhancement.
For an organization to best protect its information there is need for security risk assessment. This will help to determine the threats its information is prone to, and then develop appropriate security measures to counter it.
This thesis assesses the security risks associated with WLANs that limits its deployment in enterprise environment and proffers countermeasures that should be put in place for secure implementation as integral part of LAN.
1.1 PROBLEM STATEMENT
Information is a valuable asset of an organisation and thus need to be protected against threats, to give the confidence that the business can proceed continuously. The result is reduction in possible losses of business and increase in the rate of return on investment and business opportunities.
Countermeasures
Nwabude Arinze Sunday - 2 -
It is therefore of uttermost importance to assess the security risks associated with the deployment of WLAN in an enterprise environment and evaluate countermeasures to mitigate these risks for information security: Confidentiality, Integrity and Availability.
1.2 PREVIOUS STUDIES
Several works have affirmed the weakness of Wired Equivalent Privacy (WEP) security algorithm in the original IEEE 802.11 standard and suggested how the security mechanism of WLAN can be enhanced - the paper by Borisov, Goldberg, and D. Wagner, for example, demonstrated the weakness of WEP. There are also few works on how external security apparatus can be used to strengthen the WLAN inbuilt security mechanism – James Burrell and others. This study therefore is undertaken in order to add something new to existing knowledge in the globalised and ever-changing world of technology.
1.3 OBJECTIVES OF THE STUDY
1.3.0 To find out the known security holes that limit enterprise deployments of a WLAN
1.3.1 To find out if these known security holes can be fixed.
1.4 RESEARCH QUESTIONS
In accordance with the objective of the study, the following research questions are posed to guide this research.
Are there known inherent insecurities that limit enterprise deployments of a WLAN?
Are there countermeasures that can be put in place to fix these known security holes for secure enterprise deployment of wireless networks?
Countermeasures
Nwabude Arinze Sunday - 4 -
Countermeasures
Nwabude Arinze Sunday - 5 -
CHAPTER TWO
2 A BRIEF REVIEW OF WIRELESS LOCAL AREA
NETWORK (WLAN)
2.0 INTRODUCTION
Wireless local area networks (WLANs) are the same as the traditional LAN but they have a wireless interface, thereby providing location-independent network access. It enables a local network of computers to exchange data or other information by radio waves and without the use of cables. It can either replace or, more usually, extend a wired LAN. Today, wireless LANs have occupied a significant segment in the local area network market. Increasingly, organizations have found that wireless LANs are indispensable attachment to traditional wired LANs, to satisfy the requirements for mobility, relocation, ad hoc networking, and coverage of locations difficult to wire.
This chapter provides a brief survey of wireless LANs. The following subtopics were covered: basic WLAN components, WLAN transmission technology, WLAN spectrum allocation, WLAN topologies and WLAN applications.
2.1 BASIC WLAN COMPONENTS
For one to set up a wireless local area network, two basic components must be available: wireless network cards and wireless access point(s). The third basic component, wireless bridge, is used to link two or more buildings together.
The wireless network cards are attached to mobile computing devices, and they connect to an access point. An access point is essentially a hub that gives wireless clients the ability to attach to the wired LAN backbone. To maintain a coverage area, more than one access points are used as in cell structures, which are used by cell phone providers to maintain a coverage area. Wireless bridges, on the other hand, enable high-speed long- range outdoor links between buildings. Based on line-of-sight, wireless bridges are not affected by obstacles such as freeways, railroads, and bodies of water, which typically pose a problem for copper and fibre-optic cable.
Countermeasures
Nwabude Arinze Sunday - 7 -
The ceiling station broadcasts ominidirectional signals which are received by all the other IR transceivers in the area, and these transceivers in turn transmit a directional beam aimed at the ceiling base station.
In exclusion of very small offices, a spread spectrum wireless LAN makes use of a multiple-cell arrangement. Each of the adjacent cells in the configuration is assigned a different centre frequency within the same band to avoid interference.
With this transmission technology, there are two methods used by wireless LAN products: frequency hopping and direct sequence modulation.
Figure 2 Frequency hopping Source: WLANA 65
Countermeasures
Nwabude Arinze Sunday - 8 -
transmitted by the sender unit. The frequency at which such signals are transmitted is called the ISM (industrial, scientific and medical) band. This frequency band is reserved for ISM devices. The ISM band has three frequency ranges: 902-928, 2400-2483.5 and 5725-5850 MHz.
Figure 3 DSSS with CDMA Source: WLANA 65
This involves the use of relatively narrow bandwidth microwave radio frequency band to transmit signals. Most of the available narrowband microwave LAN products operate at frequencies that require FCC licensing - uses the 18.82 to 19.205GHz of the radio spectrum. It has two bandwidth, they are:
In table 1 shown in the next page, the WLAN transmission technologies are compared relative to range limitation, susceptibility to signal interception, interference, jamming and license requirement.