Wireless Wi-Fi network security tutorial 101 (part 1)
Wireless Wi-Fi network security tutorial 101 (part 1)
Even though wireless or Wi-Fi network security is the bread and butter of today's IT Wi-Fi infrastructure, many networking specialists still fear wireless networks because of horror stories from around the world. However, these horror stories happen only in unprotected and unsecure wireless networks.
Protected and well managed wireless networks can be almost as reliable as physical wired networks, and we hope this wireless network security tutorial can help you to achieve your security goals.
Poorly implemented wireless networks are just about the same thing as removing locks from your office door. But the alternative some organizations have chosen -- simply banning wireless networks from the premises -- is not much better. Wireless security is achievable.
Since wireless communications are transmitted through the air rather than over a closed cable, it is necessary to implement some wireless-specific security measures to ensure that wireless communication is as secure as wired communication. When implementing a wireless network, we can choose from a number of tactics.
Wireless security: MAC addressing
Each network card has a unique hardware identification number, commonly called the MAC address (MAC stands for Media Access Control). The standard (IEEE 802) format for printing MAC-48 addresses in humanly-friendly form is six groups of two hexadecimal digits, separated by hyphens (-) or colons (:), in transmission order, that is for example 01-23-45-67-89-ab, 01:23:45:67:89:ab.
This number stored in your network card configuration should be a globally unique identifier, and it is what identifies your computer in addition to your IP address. The concept of so-called MAC addressing or MAC filtering in the context of wireless security is used to restrict network access to authorized devices. A wireless network access point can be programmed to communicate with approved MAC addresses (that is computers) only, and it maintains these approved addresses in a password-protected table. Log into your wireless access point, and you should find a screen which asks you to enter allowed MACs. See the print screen referenced below.
Is there a problem with MAC addressing? Yes, there is. It is very easy to implement MAC addressing, and it is also very easy to break it. Even though you are configuring your router to allow only certain MAC addresses into your network, information about MAC addresses is not encrypted when the wireless access point sends data to connected devices and receives it back. Since information about your MAC address is not encrypted, a hacker can easily find out MAC addresses of connected and communicating computers and then behave as one of them through injecting one of the allowed MAC addresses into his own data packets. A hacker can get a MAC of an already authenticated client from a few frames and use it to connect his computer to your network.
How can I set up MAC filtering? See the following page:
How can I break MAC filtering? There are utilities available on the web that allow MAC spoofing and MAC alteration in both Windows and Linux based systems. Changing your MAC address is as simple as executing a few lines of code. You can read for example about the Macshift and Macchanger utilities in our Download section. We also wrote two tutorials on MAC filtering attacks: How to break MAC filtering and How to find MAC and IP addresses in network data stream.
WEP encryption (WEP & WEP2)
Once the network is accessed, wireless devices often use so called WEP protocol (Wired Equivalent Privacy or Wireless Encryption Protocol) to keep the data transmission safe from prying eyes. The WEP standard represents software algorithm that scrambles data as it is sent and unscrambles it as soon as it is received, keeping it safe in transit. Encryption comes usually in 40, 64, or 128-bit modifications. The more bits are used to encrypt the data, the safer the encryption.WEP encryption is the basic security measure that is supported by almost every router these days. It is very easy to implement. A network administrator creates a security key in the wireless access point which he then gives to anyone he allows to connect to the network. The client is then prompted for the security key when connecting to the wireless access point for the first time.
Why is WEP not sufficient? The down side to WEP encryption is that both encryption and decryption use the same algorithm and the same static shared security key. Authentication is only a one-way process. The so-called initialization vector which is a very important feature in encryption is too short to provide sufficient security (only 24 bits). These characteristics make WEP-secured wireless networks susceptible to intrusion. There are tools available on the Internet that you can use to basically crack the WEP security through obtaining the security key within minutes. WEP is being replaced nowadays with other more sophisticated wireless protocols.
How can this be set up? See the following page:
Is it possible to break into WEP protected network? Yes it is. We suggest reading these two articles:
WEP encryption - improved
WEP encryption relies on a secret key that is shared between the mobile station and the wireless access point. When enabling access to your network, you have to give the user a key which he or she inputs into his or her laptop wireless configuration. This represents two fundamental flaws:
a) the shared key is static
b) the key is often a meaningful phrase
Having a key that is not being updated for long time and something than can be guessed via a dictionary attack is a great help for an attacker. This leads us to how to improve the security.
Update the security key periodically
You can improve your wireless network security if you devise a schedule in which security keys will be updated in all wireless devices periodically. This may not be easy with large corporations, but smaller networks should consider updating their security keys often. Large corporations may need to invest into more sophisticated and more expensive solutions which take advantage of a security key table (wireless access point is using a number of security keys) or even ideally implement unique security key for each client (per chipset) if needed.
Security key randomization
Another way to improve WEP security is to not use a meaningful phrase for your security key. A security key should not read "my cat is black" but rather be a sequence of randomly generated numbers, letters, and special characters ($, %, @, etc.). You can either make up a random character-number string or use some software to do that for you. Google up the phrase "wep key generator".
Is there more to wireless security?
Yes, you can find out more about how to make your network more secure on the following page: WPA & WPA2 (Wi-Fi security tutorial - part 2).
You can also take a look at our security discussion forum and ask your questions there. Take a look at some of the resources below too.