Wireless Security Awareness
Wireless security is actually a weak sauce and despite the fact of how Wi-Fi evolved in the past few years, it still considered a new technology which we know only a little about.
Important facts for you to consider
1) WEP Encryption is very easy to crack and it only takes a few minutes to bypass, in my personal Opinion if I will had to use this one I will use it as a Honey-Pot !
2) MAC Address Filtering is a good idea but it will only tackle the attacker for a few minutes before he spoofs your MAC address, inject you out of the network and simply be you.
3) Disabling SSID Broadcasting seems smart but it’s actually not because it can give you a big headache when configuring your network and causes an increase in network traffic.
4) MITM Attacks are easily achievable in the above scenario and before you know you’l
Tackle The Attacker Procedures:
1) Use a Wi-Fi honey-pot to tackle the attacker till you collect some useful information about him/ her and his/her attacking techniques to report or punish him/her.
2) Consider WPA2 Enterprise encryption with a complex password chars “Numbers, Letters and Special Characters” and this way you’ll make it harder on the attacker.
3) MAC Address filtering can be used to make it a little hard on the attacker but not too much actually and you already know the reason.
4) Depending on your network size make sure to monitor your network activity using any professional software and if you noticed any unusual activity get a packet analyzer software.
Wi-Fi is the next communication evolution with no doubt but till now we didn’t find any workarounds for its security design flaws, it’s too new and needs more time to evolve even more that’s why starting from now you should put an extra eye on your wireless access points.
Some Definitions Explained:
We’re working hard to make our articles friendly for both experts and beginners that’s why the following approach is only for beginners:
1) WEP Encryption: short for Wired Equivalent Privacy and was designed to provide the same level of security as that of a wired LAN but it simply failed.
2) Honey-Pot: Fake vulnerable system deployed by network administrator to attract attackers and analyze their attacking mechanisms to achieve better security for the real system.
3) MAC Address Filtering: allows network administrator to permit specific devices to connect to the network while denying all other devices, this filtration is based on devices MAC Address.
4) SSID: short for Service Set Identifier and is a token that identifies a 802.11 Wi-Fi network which without no-one will be able to connect to the network.
5) MITM: short for Man in the Middle and it happens when an attacker inserts himself between two Communicating parties, both believe they’re talking to each other when they’re not.
6) WPA2 Enterprise: short for Wi-Fi Protected Access 2 and it provides government grade security by implementing the (NIST) AES encryption algorithm and 802.1 x-based authentications.
About The author
Mohamed Bedewi, Owner of Dark-Hack Network and Senior Penetration Testing Consultant at DTS Solution