Different types of vulnerabilities and attacks on wireless networks, AND the tools of the trade and countermeasures.

Introduction

Wireless networks offer many advantages. Productivity is increased due to increased accessibility to information resources. Also, network configuration and reconfiguration are easier, faster, and less expensive. As each coin has two sides, wireless networks also create new threats that alter the current information security risk profile.  

Definition

Wireless network: It is a computer network that uses wireless data connections between network nodes. It is a method by which homes, telecommunications networks, and business installations avoid the costly process of introducing cables into a building or as a connection between various equipment locations. 

Vulnerabilities and Attacks on Wireless Networks

Denial of service: DoS is a common network security problem, and it refers to an attempt to disrupt the function of a service. This attack occurs when an attacker continually bombards a targeted AP (Access Point) or network with bogus requests, premature successful connection messages, failure messages, and other commands.

DOS attacks rely on the abuse of protocols such as the Extensible Authentication Protocol (EAP). Attacks that use the consumer-grade 802.11 cards are much easier to carry out. Several DoS attacks can target particular stations or networks. We can use an adapter that supports the CW Tx mode, with the low-level utility to invoke continuous transmissions. 

Evil Twin Attack: it is a wireless AP that pretends to be a legitimate AP by imitating its SSID. The attacker sets up a rogue AP outside the network perimeter and lures the users to sign in to this AP. This fools unsuspecting users into connecting with the evil twin signal and allows data to be read or sent over the internet. The attacker uses tools such as KARMA that monitors station probes to create an evil twin. 

Rogue (or Unauthorized/Ad-Hoc) Access Points: The idea is to ‘fool’ some of the authorized devices in the area to associate with the false access point rather than the legitimate one. Any group of users agreed on an SSID, and a channel can form a network without an Access Point 

The security implications are potentially serious, as each user can be attacked by any of the other users connected to the network. Many default operating system configurations allow ad-hoc networking. For example, Windows XP allows connections to both AP and ad-hoc networks by default, so a user could inadvertently join an ad-hoc network and be open to attack.  

Man-in-the-middle: it is a type of confidentiality attack. The attacker attempts to intercept the confidential information sent over a wireless network. Attacker entices computers to log into a computer set up as a soft AP (Access Point). Once this is done, the hacker connects to a real access point through another wireless card, offering a steady flow of traffic to the entire network through the transparent hacking computer.

Common tools used include dsniff,ettercap,aLTEr .Further, these attacks can be enhanced by software such as LANjack and AIRjack, which automate multiple steps of the process 

KRACK (Key Reinstallation Attack): exploits the flaws in implementing the four-way handshake in the WPA2 authentication protocol. But not all parts of that handshake are required. To speed up re-connections, the third part is retransmitted. That third part of the handshake may be repeated several times, and it is this step could be used in a wireless network attack. This attack works against all modern protected Wi-Fi networks; any device that runs Android, Linux, Windows, Apple Open BSD, or Media Tek is vulnerable to KRACK. 

Countermeasures

1.     Wireless security has layers that increase the scope of preventing an attack.

·        Wireless signal security: The network and the RF spectrum within the environment must be continuously monitored and managed to identify the threats and awareness capability.

·        Connection security: Per frame/packer authentication protects against MITM attacks.

·        Device security: Vulnerability and patch management are crucial components of security infrastructure.

·        Data protection: Encryption algorithms such as WPA3, WPA2, and AES can be utilized to protect data.

·        Network protection: Strong authentication processes such as passphrases instead of password and alphanumeric ensure that only authorized users gain access to the network.

·        End-user protection: personal firewalls installed on the end-user systems prevents the attacker from accessing the data.

2.     The use of public networks must be avoided. Even if the public network is used, it is necessary to use Trusted VPNs to access the private network to maintain the integrity and confidentiality of the data. 

3.     DNS must be preferred over TLS (Transport Layer Security) and DTLS ( datagram TLS) to encrypt the DNS traffic for integrity protection. This also defends against the ALTEr attacks. 

4.     Implementation of RFC 7858/RFC 8310 to prevent DNS spoofing attacks. It also increases the encryption and intelligent policies for name resolution. 

Conclusion

Wireless networks are the future of the world. It is crucial to secure this network against vicious attacks such as MITM, DOS, KRACK, etc. The primary countermeasure is ‘Encryption’; Encryption helps maintain the integrity and confidentiality of the data over the evil Internet.