What Are The Main Threats To Wireless Security?

As more and more of our daily lives transition online, the need for reliable wireless security becomes increasingly important. Yet many homeowners remain unaware of the main threats to their network security. In this post, we'll take a look at some of the most common dangers to your wireless network and tips for how to protect yourself. Keep reading to learn more!

Common Wireless Network Threats (and How to Protect Against Them)

While deceitful actions commonly occur, there are also many accounts of innocent, yet careless, actions that are often the cause of a major security breach. Below are some of the most common threats to wireless networks.

Configuration Problems (Misconfigurations Or Incomplete Configurations)

Simple configuration problems are often the cause of many vulnerabilities because many consumer/SOHO-grade access points ship with no security configuration at all. Other potential issues with configuration include weak passphrases, feeble security deployments, and default SSID usage.

A novice user can quickly set up one of these devices and gain access or open up a network to external use without further configuration. These acts allow attackers to steal an SSID and connect without anyone being the wiser. 

Configuration issues often result in vulnerabilities and may pose a significant security threat to your business WiFi on the whole.

Such issues usually cropped up when individuals managed standalone APs. Today, the problem is alleviated down to a certain degree of control, thanks to deploying a more centrally-managed WLAN.

Centrally managed WLANs have several security benefits. A few of these are:

• Using periodic audits and coordinated updates to reduce TCO.
• Improved reliability.
• Low risk.
• Prevention

The answer's right there in front of you. DO NOT use individually-managed APs in your business network. A centrally managed WLAN is safer and more effective.

It used a centrally managed WLAN that features periodic audits and coordinated updates to mitigate the risk.

Denial Of Service

Anybody familiar with network security is aware of the concept of denial of service (DoS), also referred to as a "spoiler." It is one of the simplest network attacks to perpetrate because it only requires limiting access to services. This can be done by placing viruses or worm programs on your network or by simply sending a large amount of traffic at a specific target with the intent of causing a slowdown or shutdown of wireless services. This allows attackers to hijack resources, view unauthorised information disclosures, and introduce backdoors into the system.

It can be much easier for wireless networks, as the signal can be interfered with through several different techniques. For example, when a wireless LAN is using the 2.4 GHz band, interference can be caused by something as simple as a microwave oven or a competing access point on the same channel. Because the 2.4 GHz band is limited to only three non-overlapping channels (in the U.S.), an attacker needs to cause enough interference into these to cause service interruption.

A denial of service attack can also be used with a rogue access point. For example, one could be set up in a channel not used by the legitimate access point. Then a denial of service attack could be launched at the channel currently being used, causing endpoint devices to try and re-associate onto a different channel that is used by the rogue access point.

Passive Capturing

Passive capturing (or eavesdropping) is performed simply by getting within range of a target wireless LAN, then 'listening to' and capturing data that can break existing security settings and analyse non-secured traffic. Such information that can be "heard" include SSIDs, packet exchanges, and files (including confidential ones).

Consider the following scenarios that make passive capturing possible:

• Your office building has multiple tenants, including immediately above or below you on different floors.
• You have a lobby just outside your office.
• Your parking lot is close to the building.
• There is a street that passes nearby.
• There are adjacent buildings.

When it comes down to it, passive capturing is possible nearly anywhere. There are also some go-arounds when an attacker can't be within normal broadcast range, such as using a big antenna or a wireless repeater device to extend the range by miles. An attacker can even use a packet sniffer application that captures all the outgoing packets, grabs and analyses them, then reveals its data payload. You can try a packet sniffer yourself to see the depth and breadth of classified information available to anyone who wants to hijack it. 

It is almost impossible to prevent this type of attack because of the nature of a wireless network. What can be done involves implementing high-security standards by using a firewall and setting complex parameters. 

Rogue (Or Unauthorised/Ad-Hoc) Access Points

One method often used by attackers involves setting up a rogue access point within the range of an existing wireless LAN. The idea is to 'fool' some of the authorised devices in the area to associate with the false access point rather than the legitimate one.

This type of attack requires some amount of physical access to be effective. This is required because if a user associates with a rogue access point, they cannot perform any of their normal duties, the vulnerability will be short-lived and not that effective. However, if an attacker can gain access to a physical port on a company network and then hook the access point into this port, it's possible to get devices to associate and capture data from them for an extended period. 

The exception to this barrier is when the wireless LAN being targeted only provides internet access. A rogue access point can also offer simple internet access and leave the user unaware of their vulnerability for an extended amount of time.

Part of the same idea of rogue access points is unauthorised, non-malicious access points and ad-hoc networks. In these situations, a legitimate user sets up an access point or ad-hoc network for their use but does not implement proper security techniques. Again, this provides an opening for watching attackers.

A rogue access point (AP) is a wireless AP installed on a secured network without any authorisation from the network administrator.

The rogue AP is usually set up on business or a government network by a malicious attacker with the possible intention of ruining the organisation for their benefit.

This is a common security threat that attackers often use to trick businesses into believing that they are connecting to a legitimate AP. But, in reality, they are falling into a trap that an unethical hacker has set up to intercept confidential and sensitive data from the business in particular.

Prevention

Businesses can install a WIPS (Wireless intrusion prevention system) to monitor the radio spectrums of unauthorised apps and take actions accordingly.

Some steps you can take to prevent such access points are to:

• Use proper WLAN authentication techniques and encryption methods.
• Establish and communicate a policy prohibiting employees from using their wireless access points. 
• Make it easier for employees to access legitimate (and secured) wireless access points.
• Regularly walk around your office with a wireless-equipped device to search for rogue access points, looking in every network outlet.
• Install a WIPS (wireless intrusion prevention system) to scan radio spectrums, searching for access points with configuration errors.

Evil Twin Attacks

An attacker can gather enough information about a wireless access point to impersonate it with their own, stronger broadcast signal. This fools unsuspecting users into connecting with the evil twin signal and allows data to be read or sent over the internet. 

A rogue access point can easily advertise the same SSID (network name) as a legitimate AP.

This can easily trick nearby WiFi users into connecting to them because they can't distinguish between legitimate and rogue APs at a moment's notice.

Creating an evil twin AP for malicious purposes is not too difficult. Tools like the Karmetasploit have made this as easy as a piece of cake. It allows you to fake APs, capture passwords, gather data and conduct browser-based attacks against clients.

Prevention

Server authentication is the only thing that can act as a defence against the Evil Twins AP threats.

Server authentication and penetration testing are the only tools that will end evil twin attacks.

Hacking Of Lost Or Stolen Wireless Devices

Often ignored because it seems so innocent, but if an employee loses a smartphone, laptop, etc., that is authorised to be connected to your network, it's very easy for the finder or thief to gain full access. All that's necessary is to get past the password, which is quite simple to do.  

Make it a policy and practice to have employees immediately report a misplaced or stolen device so that it can be remotely locked, given a password change, or wiped clean.

This is a lesser-known threat, and hence, is ignored most of the lot.

You might have locked your business WiFi with the most powerful security available in the market, but what happens if you lose the device with which you used to get onto the very same network?

The device can be anything from a smartphone to a laptop to a tablet or even a PC.

Whoever recovers the device might get themselves in a position to access your network based on the saved data on your device, provided she's able to crack open the password of the device itself (If there's no password, it gets a lot easier).

So you can easily see that this is a problem that should never be taken lightly at any possible cost.

Prevention

• If you lose a device that's primarily connected to your business, in particular, be it a mobile or a laptop or even a tablet, try to remotely lock or *wipe out the device without any further ado.
• It is also advisable to change all WiFi passwords in your business network when the loss comes to your notice.

Freeloading

Sometimes unauthorised users will piggyback on your wireless network to gain free access. Usually, this is not done maliciously, but there are still security ramifications. 

Your internet service may slow down.

Illegal content or spam can be downloaded via your mail server.

"Innocent" snooping may take place. 

Additionally, employees sharing files with unrecognised networks or giving permission for a friend or family member to use their login credentials for computer access seriously disrupt security measures.  

The Age-Old WPS Threat Vector

WPS or WiFi protected setup was mainly implemented to make it easier for users to secure their router from major security threats at the simplest click of a button or via a PIN entry.

Unfortunately, WPS security came with several loopholes that the crooks, particularly, were easily exploited.

These loopholes were discovered several years ago, and hence, I can more or less assume that MOST credible vendors have patched this up in the best possible manner.

You see that I have stressed more on the word "MOST." Means, some did, some didn't.

Prevention

It's simple. Turn WPS off.

Securing Wireless Networks

What can you do to minimise the risks to your wireless network?

Change Default Passwords

Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. Unfortunately, these default passwords are easily available to obtain online and provide only marginal protection. Changing default passwords makes it harder for attackers to access a device. The use and periodic changing of complex passwords are your first defence line in protecting your device. (See Choosing and Protecting Passwords.)

Restrict Access

Only allow authorised users to access your network. Each piece of hardware connected to a network has a media access control (MAC) address. You can restrict access to your network by filtering these MAC addresses. Consult your user documentation for specific information about enabling these features. You can also utilise the "guest" account, a widely used feature on many wireless routers. This feature allows you to grant wireless access to guests on a separate wireless channel with a separate password while maintaining the privacy of your primary credentials.

Encrypt The Data On Your Network

Encrypting your wireless data prevents anyone who might be able to access your network from viewing it. There are several encryption protocols available to provide this protection. WiFi Protected Access (WPA), WPA2, and WPA3 encrypt information transmitted between wireless routers and wireless devices. WPA3 is currently the strongest encryption. WPA and WPA2 are still available; however, it is advisable to use equipment that specifically supports WPA3, as using the other protocols could leave your network open to exploitation.  

Protect your Service Set Identifier (SSID). To prevent outsiders from easily accessing your network, avoid publicising your SSID. All WiFi routers allow users to protect their device's SSID, making it more difficult for attackers to find a network. At the very least, change your SSID to something unique. Unfortunately, they are leaving it as the manufacturer's default could allow a potential attacker to identify the router and possibly exploit any known vulnerabilities.

Install a firewall. Consider installing a firewall directly on your wireless devices (a host-based firewall), as well as on your home network (a router- or modem-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer (see Understanding Firewalls for Home and Small Office Use).

Maintain Antivirus Software

Install antivirus software and keep your virus definitions up to date. Many antivirus programs also have additional features that detect or protect against spyware and adware (see Protecting Against Malicious Code and What is Cybersecurity?).

Use File Sharing With Caution

File sharing between devices should be disabled when not needed. It would help if you always chose to only allow file sharing over a home or work network, never on public networks. You may want to consider creating a dedicated directory for file sharing and restricting access to all other directories. In addition, you should password protect anything you share. Never open an entire hard drive for file sharing (see Choosing and Protecting Passwords).

Keep Your Access Point Software Patched And Up To Date

Your wireless access point manufacturer will periodically release updates to and patches for a device's software and firmware. Be sure to check the manufacturer's website regularly for any updates or patches for your device.

Check Your Internet Provider's Or Router Manufacturer's Wireless Security Options 

Your internet service provider and router manufacturer may provide information or resources to assist in securing your wireless network. Check the customer support area of their websites for specific suggestions or instructions.

Connect Using A Virtual Private Network (Vpn)

Many companies and organisations have a VPN. VPNs allow employees to connect securely to their network when away from the office. VPNs encrypt connections at the sending and receiving ends and keep out traffic that is not properly encrypted. If a VPN is available to you, make sure you log onto it whenever you need to use a public wireless access point.

The Best Attitude to Have Toward Wireless Security

The best attitude to have toward wireless security is one of awareness and vigilance. This will ensure a high level of security is always used and constantly adapted as the standards for security change.