772062, 7788921How will the wireless network impact you?UP772062, UP778892Abstract — As technology continues to grow, Wireless local area network (WLAN) has gained more popularity for many reasons. For example, easy to install, reduced costs, scalability and many more. However, besides all the advantages, WLAN has many security threats and everyone should be aware of the potential implication of security vulnerabilities. This is important because if you increase the network security it decreases the chance of network being breached by hackers.
This paper aims to portray the impacts of wireless network securities and the existing ways to solve them which will make the user more aware of the security exposures. The research was conducted to explore more about network security and the findings are presented in the form of a report. From the findings it shows that there are not any effective solutions towards network security, however, there are precautions that you can put forth to prevent it from happening. Index Terms DDoS, Distributed Denial of Service, Denial of services, DoS, Local Area Network (LAN), Metropolitan Area Network(MAN), Network security, Passive monitoring, Personal Area Network(PAN), Security in wireless network, Unauthorised access, Wide Area Network(WAN). ———————————————— UP778892, E-mail: [email protected]
ukUP772062, E-mail [email protected]——————————?——————————1 INTRODUCTIONWhy is there a demand for effective technology? As agrowing population, everything is done online, therefore the world expects nothing less. The Internet provides the most influential tools in our lives and the importance of them is becoming more evident as we step into the future; in fact, it is impossible to imagine a contemporary society without them. With the rise in wireless networking, it is becoming more popular day by day, as well as leading to increasing number of security vulnerabilities. Although, Wireless local area networks (WLANs) offer huge benefits, however, users are not aware of possible issues such as security weaknesses, radio signal interference, multipath propagation etc.
Therefore, there is a need for users to be fully aware of how wireless networks affects them.In this report, we’ll explain the impacts of security vulnerability and ways to solve them as well as explaining in depth on how to combat the implications by exploring secondary research that are available on the internet, books, magazine and articles etc. From the secondary research, we have gathered all the findings and have given our recommendation on securing the network. By doing this we have produced a qualitative report.2RELATED TO WORK2.1 Background According to (Hope, 2017) a network is a collection of computers, servers, mainframes and network devices that are connected to one another in order to share the data. A wired or wireless network connection can be established.
Radio communication is used as a main source of medium for communication in the wireless network. Depending onthe geographic location it will require a different range ofradio frequency for communication. This is shown in the table (below).Type of the applicationRangePAN – Personal Area NetworkAvailable in the range of a personLAN – Local Area NetworkAvailable in a buildingAvailable within the cityMAN – Metropolitan Area NetworkAvailable worldwideWAN – Wide Area Network2As wireless protocols and technology are constantly changing, this affects how we communicate. The table above shows, the wireless network can be accessed within the range of a person or even to worldwide. Therefore there is an increasing need to manage and distribute the information in a secure way. Personal Area Network (PAN) PAN is a short-range network that works over 10 metres. There are 2 types of PAN technologies;1.
Cordless products – Radio or infrared used in keyboards and mouse.2.Bluetooth – phones, mobiles, mouse devices and handsets that connect wirelessly within 10 metres.
Local Area Network (LAN) LAN is used within the range of a building where a group of computers are connected to the same server, e.g. office network. LAN network can be established using Ethernet or Wi-Fi.
Metropolitan Area Network (MAN) MAN will allow to connect the users that are in a region bigger than LAN and smaller than WAN. Wide Area Network (WAN) WAN network is used for worldwide. It’s either private or public to connect larger or smaller networks together.2.
2 CURRENT PROBLEMS AND THE EXISTING SOLUTIONSNetwork security is introduced to protect access to files on acomputer network against hacking, misuse and unauthorised changes to the system. With this in mind, security vulnerabilities in WLANs fall within the following areas shown in (Figure 1).Figure 1. WLAN security vulnerabilities include; Unauthorised access, Denial-of-Service (DoS) attacks and Passive Monitoring (Geier, 2015). a. Unauthorised accessIf any of the users access to the WLAN, they can retrieve anything from the network for example: client device, servers and application (US Patent No. 7702309 B2, 2010) This raises complications as WLAN is not secured which means hacker or hackers can access the vital information ofthe organisation.UP772062, UP778892Figure 2.
(Olzak, 2012) General view on how the devices are connected to the network.Figure 2, shows how unauthorised access takes place, the hacker can get connected to the access point (AP) and can be achieved using the TCP scanner. Once the hacker access the TCP port it will then allow them to directly access any valuable information stored in that network e.g. sensitive information.
According to (Mazelabs, 2013) unauthorised access can be prevented by ensuring that only the authorised users will gain access to the network. By doing this, the users will have to enter a unique username and a password in order to access the host. As well as the authentication privileges can be implemented in place. This means the admin will be able to set privileges to the users according to the needs and they only be allowed access to a particular area of the network. Another approach to this solution will be to have a centralised database, especially if there is a large number of devices within the network.
Centralised database security will allow to establish a remote access and policies through the organisation. b. Denial of service (DoS)An article written by (John M.Bellardo, 2017) established the vulnerabilities on denial services based on 802.11. As a part of this research, they found that there are vulnerabilities among the MAC protocols that can lead to the deauthentication, disassociation and virtual carrier-sense attacks.
MAC layer usually has 12-byte address globally, however, the standard 802.11 network does not allow users to include any method to verify the self-reported identity. For example, the hacker could spoof other nodes and request various MAC layer, this leads to cause distinct vulnerabilities. WLAN is intensely vulnerable to DoS attack even using the latest security mechanism this is because DoS attack can lead to disabling the wireless local area network.
If DoS attack happens on the web applications then it can overload the application which fails to serve the web page meaning that attacks by DoS will affect the following services; server memory, application exception handling the mechanism, network bandwidth, CPU usage, hard drive space.3Although, DoS and DDoS attack cannot be avoided, there are different approach towards protecting the network to minimise the attack (Lough, 2001). These can include;1.Having firewalls which will keep everything out except legal traffic.2.Implementing router filters will lessen the exposure to certain DoS attacks.
3.Anti-viral software up to date to prevent the site becoming a home for DDoS.4.To lessen the exposure of the attacks. By installing patches will lookout for TCP/IP attacks.?Data encryption, so only authorised users canaccess information over the wireless network.?User authentication, which identifies computerstrying to access the network?Secure access for visitors and guests?Control systems, which protect the laptops andother devices that use the network.
Figure 3. Attack packets send per second (David Moore,2003)c. Passive monitoringPassive monitoring is a technique that can be used to capturethe data that is passed through the buildings, campuses andcities.
Hackers can be outside a company capturing 802.11transmissions. This could be achieved by packet sniffer as itis free of cost e.
g. WireShark(Vincent F.Mancuso, 2015).The data captured by the hacker, can re-capture email anduser’s passwords to get access to the company’s server whichcan lead to place company’s security at risk. However,(Buddhikot, 2008) demonstrates there are methods of to solvethe problem with passive monitoring having encryptionimplemented between all devices and the AP, Access point.
By doing this, encryption modifies the information ineach frame according to the encryption key. This will ensurethat no one can understand the data that has been capturedvia passive monitoring.2.3 LIMITATION ON THE CURRENT SOLUTIONSNetwork security can be put in place to prevent anyunauthorised users accessing the network. However, if thereis a breach in security then the hackers will be able to accessthe network as well as the confidential data. As networks arebecoming a captivating target of cyber-attacks, there is ademand to ensure that the network security is implementedin order to prevent any harm that can cause to the network.DoS attacker can attempt to prevent legitimate users fromaccessing information or services. The attacker can target theuser’s computer and the network of the sites the user is trying touse and prevent it from accessing email, website and onlineaccount etc.
Therefore, the limitation of DoS attack is that itwill not enable to use any application.During the passive monitoring, it is only one aspect ofthe network is taken into consideration. This is also alimitation of passive monitoring as it can cause a majordrawback on the methodology as the monitoring tool maybe incorrectly judged which will cause false alarms.3 PROPOSED SOLUTIONAs the wireless network continues to grow, the flawedsecurity of the network has become more problematic.
Awireless network means that the radio frequency might becorrupted as it is available to everyone within the network.Thus, precautions must be put in forth to prevent thesevulnerabilities. This can be implemented using a staticshared key as it will offer more secure access withinthe network by ensuring that the client and the Access Point(AP) must know the PSK before disclosing any of theinformation.Another issues with wireless security is authentication, thisinvolves attack against the confidentiality of the data that isbeing transmitted across the network. This happens by theirnature, as WLAN radiates network traffic into space.
It isimpossible to control the signal that you receive from theWLAN. Third parties in the WLAN can be seen as a threatdue to the attacker because it can intercept the transmissionover the air from a distance, away from the premiseof the company.Security is so vital to the wireless networking therefore, theseare the security methods to consider for wireless networkincludes:UP772062, UP778892This causes a WLAN to slow down the speeds or evenstop working.An example of DoS attack is shown below in figure 3. Thenumber of attacks are non-stoppable as 50,000 packets aresent per/seconds SYN flood yields 20Mbits/seconds of theInternet traffic in each direction.4Denial of service attacks are ever growing but also it’s becoming the complexity and more sophisticated while security methods are still playing catch-up.
With every new implementation of an attack. Security needs more time to come up with countermeasure which means that they are always effectively behind. At the moment, there is no certain strategy that fits all approach to prevention going forward.
It is recommended to use WPA2 because it has a secure access control over the network, it protect the network with various types of attacks (Passive or active) as well as having data encryption using the IEEE 802.11i technology standard. It is the latest method as it uses AES (advantages Encryption Standard) algorithm and CCMP (Counter Cipher Mode with Block-Chaining Message Authentication Code) which can be adopted to tighten the security for any of the network. 4 EVALUATION OF THE SOLUTIONSFigure 4: A model for securing the network.The above diagram shows User 1 sending a message to UserUsing asymmetric/ Public-key Cryptography (PKC) bothsender and the receiver will share the private key (KA-, KB -) and public key (KA+, KB +) and these key are 30 digitsare more.
2.Symmetric EncryptionUsing the symmetric means that they agree on a secret (shared) key algorithm. In this case (KAB) both sender and the receiver will share the same private key. This plan text will be then scrambled into cipher text KAB(M). Only the user 2 who has got the private key will be able to read the message read the message after decryption KAB(KAB(M)) = M.
5 CONCLUSIONAs the world of computer networks continues to grow there is a strong need to increase the network security mechanism. 68% of the population are now using wireless local area network (WLAN) (Boost, 2017), this is because it offers cheap set-up costs, able to connect multiple devices without the need for extra hardware and it’s not tied down to a specific location. Network security has become one of the most important factors to consider for everyone.
By increasing network security, it will decrease the chance of privacy spoofing, identity/information theft and so on (Popescu, 2013). Through this paper, we aimed tomake the users aware of security vulnerabilities of using wireless network such as eavesdropping attack, unauthorised access, DoS attack, passive monitoring attack and many others. Even though there are many possible solutions from a deeper research and analysis it evidences that there are no perfect solutions, as “Allwifi network are vulnerable to hacking security expert discovers” (Hern, 2017). 6 ACKNOWLEDGMENT The authors wish to thank Mo Adda for all the help and support. REFERENCES1Boost. (2017, Febuary 1).
10 WI-FISTATS AND FACTS YOUR COMPANY SHOULDKNOW. Retrieved from Boostansco:https://boostandco.com/news/wi-fi-stats-and-facts/2Buddhikot, M. (2008, Spetember 214-24).Radio Transmitter Fingerprinting: A Steady StateFrequency Domain Approach.
Retrieved fromIEEE Xplore:http://ieeexplore.ieee.org/document/4657123/3David Moore, C. S. (2003, December 11).Offline from Denial-of-Service Attack.
Retrievedfrom SCO:http://www.caida.org/research/security/sco-dos/4Geier, J. (2015, June 15). Wireless LANimplications, problems and solutions. Retrieved2. The system must encrypt the data or ‘Systematicallyscramble information’ therefore only the authorised userswill have the confidentiality, integrity and availability of themessage.
This is achieved using encryption and decryptionmethod. To overcome threads cryptograph devise techniquescan be used such as cipher text, this will allow to scramblethe messages. When the message is received by user 2,crypto-analysts will be used to break cipher texts. There aretwo data encryption categories depending on the type ofsecurities keys used:1. Asymmetric EncryptionUP772062, UP778892Other wireless security solutions as follow:1. WPA, Wi-Fi Protect Access2. WPA2, Wi-Fi Protect Access23. VPN, Virtual Private Networkingfrom CISCO: http://www.
ciscopress.com/articles/article.asp?p=23511315Hern, A. (2017, October 16). ‘All wifi networks’are vulnerable to hacking, security expertdiscovers.
Retrieved from The Guardian:https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns6Hope, C. (2017, May 05). Network. Retrievedfrom ComputerHope:https://www.
Bellardo, S. S. (2017, December 19).802.11 Denial-of-Service Attacks: RealVulnerabilities and Practical Solutions.
Retrievedfrom Researchgate:https://www.researchgate.net/publication/234818629_80211_Denial-of-Service_Attacks_Real_Vulnerabilities_and_Practical_Solutions8Lough, D. L.
(2001, April 12). A Taxonomy ofcomputer attacs with applications to wirelessnetwroks. Retrieved from vTech:https://vtechworks.lib.vt.
(2013, October 21). Unauthorizedaccess attack. Retrieved from Telelink:http://itsecurity.
telelink.com/unauthorized-access-attack/10Olzak, T. (2012, April 18). VLAN NetworkSegmentation and Security- Chapter 5. Retrievedfrom infosecinstitute:http://resources.infosecinstitute.com/vlan-network-chapter-5/#gref11Stefano Faccin, J. K.
(2010). US Patent No.7702309 B2.12Vincent F.
Mancuso, G. F. (2015, July 10).
Augmenting Cyber Defender Performance andWorkload through Sonified Displays. Retrievedfrom ScienceDirect:http://www.sciencedirect.com/science/article/pii/S2351978915005909UP772062, UP778892 5