Threats and vulnerabilities of wireless networks

When building wireless networks, there is also the problem of ensuring their security. Whereas in conventional networks information is transmitted over wires, the radio waves used for wireless solutions can be easily intercepted with the appropriate equipment. The way a wireless network works creates a large number of potential attack and intrusion vulnerabilities.

Wireless Local Area Network (WLAN) equipment includes wireless access points and workstations for each subscriber.

AP access points (Access Points) act as hubs that provide communication between subscribers and among themselves, as well as the function of bridges that communicate with the cable LAN and the Internet. Each access point can serve several subscribers. Several nearby access points form a Wi-Fi access zone, within which all subscribers equipped with wireless adapters can access the network. Such access zones are created in crowded places: airports, college campuses, libraries, shops, business centers, etc.

The access point has a Service Set Identifier (SSID). SSID is a 32-bit string used as the name of the wireless network to which all nodes are associated. The SSID is required to connect the workstation to the network. To associate a workstation with an access point, both systems must have the same SSID. If the workstation does not have the correct SSID, then it will not be able to communicate with the access point and connect to the network.

The main difference between wired and wireless networks is the presence of an uncontrolled area between wireless endpoints. This allows attackers in close proximity to wireless structures to launch a range of attacks that are not possible in the wired world.

Threats with wireless LAN access

Let’s list the main vulnerabilities and threats of wireless networks.

Radio beacon broadcast. The access point activates a broadcast beacon at a specific frequency to notify nearby wireless nodes of its presence. These broadcast signals contain basic information about the wireless access point, including typically the SSID, and invite wireless nodes to register in the area. Any workstation in standby mode can obtain the SSID and add itself to the corresponding network. Beacon broadcasting is a «congenital pathology» of wireless networks. Many models allow the SSID-containing portion of this broadcast to be disabled to make wireless eavesdropping somewhat difficult, but the SSID is nevertheless sent when connected, so there is still a small window of vulnerability.

WLAN discovery. For the detection of wireless WLAN networks, for example, the NetStumber utility is used in conjunction with a satellite navigator of the global positioning system GPS. This utility identifies the SSID of the WLAN and determines whether it uses WEP encryption. The use of an external antenna on the laptop makes it possible to detect WLAN networks while walking around the area or driving around town. A reliable method of WLAN detection is to survey an office building with a laptop in hand.

Eavesdropping. Eavesdropping is used to collect information about the network that is supposed to be attacked later. An interceptor can use the mined data to gain access to network resources. The equipment used to eavesdrop on a network may not be more sophisticated than that used to routinely access that network. Wireless networks, by their very nature, allow computers to be connected to a physical network at some distance from it, as if these computers were directly on the network. For example, a person sitting in a car in a nearby parking lot can connect to a wireless network located in a building. Passive eavesdropping attacks are nearly impossible to detect.

False network access points. An experienced attacker can set up a fake access point that simulates network resources. Subscribers, not suspecting anything, turn to this fake access point and tell it their important details, for example, authentication information. This type of attack is sometimes used in conjunction with direct jamming of the true network access point.

Denial of service. A Denial of Service (DoS) attack — denial of service — can cause complete network paralysis. Its purpose is to interfere with the user’s access to network resources. Wireless systems are particularly susceptible to such attacks. The physical layer in a wireless network is the abstract space around the access point. An attacker can turn on a device that fills the entire spectrum at the operating frequency with interference and illegal.