How to make Wi-Fi Security strong
How to make a secure communication in a Wi-Fi network, it is necessary to
equip the environment with a certain numberof functions that can be achieved either by the infrastructure by itself that is used to build the network or by adding new elements to it.
Attacks on wireless networks
While listening on the wireless radio link is the obvious attack, other attacks also exist. This section summarizes some of these attacks. We also introduce the main methods that can be brought into wireless networks, algorithms and security protocols in order to stop such attacks.Normally, network security attacks are divided into passive and active attacks.
An attack is called passive when an unauthorized person obtains access to a
resource without changing its content. Attacks may be passive eavesdropping or traffic analysis, sometimes called analysis of traffic flow.
Since transmissions are broadcast on a radio wave, it is necessary to introduce a mechanism to protect communications frommalicious eavesdropping. WEP is based on a symmetric cipher RC4 stream and was created to satisfy access control, privacy, authentication and integrity.
Access control is designed to control access and not to permit users without authorization access to the medium. Generally, access control has two functions: authentication and authorization.Authentication makes it possible to check the identity of the client who wants to be connected, while authorization gives him the permission to enter the network. It is possible to be authenticated but not authorized.
The network identifier or SSID (Service Set ID) is the first mechanism of
security offered by WEP for network access control. The SSID is the name given to a network or domain. The term “network name” is primarily used at the network configuration.
Wi-Fi manufacturers implement
Some Wi-Fi manufacturers implement the ACL on MAC addresses of the
terminals. In this case, an access point performs the combination of a terminal only if the MAC address of the terminal is in its ACL. The MAC address is a unique address of every Wi-Fi or Ethernet card. According to this address, WLAN stations can be recognized in the network.
The ACL is an optional mechanism and can be configured only by the
administrator of the access point. This option is rarely used because it is unreliable, as we shall observe.
Two types of authentication procedures are available in WEP: open
authentication and shared key authentication, which is a method of
Open authentication is the default process. It contains no explicit authentication: a terminal can associate with the access point which is broadcasting its SSID and listen to all the data in transit within the BSS
The original standard defines a key size of 40 bits, which is much too short to counter attacks by brute force, which would take no less than a dozen hours to break.
Since then, all manufacturers identified a key size of 104 bits, for what is called WEP 2, which is much more resistant to brute force attacks. In WEP, the key management is static, one secret key is shared by all stations in the network and the access point. If all the stations use the same key, it is even easier for an attacker to retrieve the data, hence the role of the IV in the WEP, which make it possible to define different encryption flows for the same shared secret key.
The SSID is used to access the wireless Wi-Fi network. It is sent periodically in clear text by the access point in beacon frames. It is quite easy to recover the SSID, either through a sniffer tool, which makes it possible to retrieve all the data on a network, or software such as NetStumbler.