SECURITY THREATS AND RISKS

   Low deployment costs make wireless networks attractive to users. However, the easy availability of inexpensive equipment also gives attackers the tools to launch attacks on the network. The design flaws in the security mechanisms of the 802.11 standard also give rise to a number of potential attacks, both passive and active. These attacks enable intruders to eavesdrop on, or tamper with, wireless transmissions.

"PARKING LOT" ATTACK

     Access points emit radio signals in a circular pattern, and the signals almost always extend beyond the physical boundaries of the area they intend to cover. Signals can be intercepted outside buildings, or even through the floors in multi-storey buildings. As a result, attackers can implement a "parking lot" attack, where they actually sit in the organisation’s parking lot and try to access internal hosts via the wireless network.
If a network is compromised, attacker has achieved a high level of penetration into the network. They are now through the firewall, and have the same level of network access as trusted employees within the corporation.
An attacker may also fool legitimate wireless clients into connecting to the attacker’s own network by placing a unauthorised access point with a stronger signal in close proximity to wireless clients. The aim is to capture end-user passwords or other sensitive data when users attempt to log on these rogue servers.

SHARED KEY AUTHENTICATION FLAW

      Shared key authentication can easily be exploited through a passive attack by eavesdropping on both the challenge and the response between the access point and the authenticating client. Such an attack is possible because the attacker can capture both the plaintext (the challenge) and the ciphertext (the response).
WEP uses the RC4 stream cipher as its encryption algorithm. A stream cipher works by generating a keystream, i.e. a sequence of pseudo-random bits, based on the shared secret key, together with an initialisation vector (IV). The keystream is then XORed against the plaintext to produce the ciphertext. An important property of a stream cipher is that if both the plaintext and the ciphertext are known, the keystream can be recovered by simply XORing the plaintext and the ciphertext together, in this case the challenge and the response. The recovered keystream can then be used by the attacker to encrypt any subsequent challenge text generated by the access point to produce a valid authentication response by XORing the two values together. As a result, the attacker can be authenticated to the access point.
SERVICE SET IDENTIFIER FLAW
Access points come with default SSIDs. If the default SSID is not changed, it is comparatively attract more attacks from attackers since these units are regarded as poorly configured devices. Besides, SSIDs are embedded in management frames that will be broadcasted in clear text regardless access point is configured to disable SSID broadcasting or enabled encryption. By conducting analysis on the captured network traffic from the air, attacker is able to obtain the network SSID and performs further attacks


THE VULNERABILITY OF WIRED EQUIVALENT PRIVACY PROTOCOL

    Data passing through a wireless LAN with WEP disabled (which is the default setting for most products) is susceptible to eavesdropping and data modification attacks. However, even when WEP is enabled, the confidentiality and integrity of wireless traffic is still at risk because a number of flaws in WEP have been revealed, which seriously undermine its claims to security. In particular, the following attacks on WEP are possible:
1. Passive attacks to decrypt traffic based on known plaintext and chosen ciphertext attacks;
2. Passive attacks to decrypt traffic based on statistical analysis on ciphertexts;
3. Active attacks to inject new traffic from unauthorised mobile stations;
4. Active attacks to modify data; or
5. Active attacks to decrypt traffic, based on tricking the access point into redirecting wireless traffic to an attacker’s machine


ATTACK ON TEMPORAL KEY INTEGRITY PROTOCOL (TKIP)

   The TKIP attack uses a mechanism similar to the WEP attack that trying to decode one byte at a time by using multiple replays and observing the response over the air. Using this mechanism, an attacker can decode small packets like ARP frames in about 15 minutes. If Quality of Service (QoS) is enabled in the network, attacker can further inject up to 15 arbitrary frames for every decrypted packet. Potential attacks include ARP poisoning, DNS manipulation and denial of services.
Although this is not a key recovery attack and it does not lead to compromise of TKIP keys or decryption of all subsequent frames, it is still a serious attack and poses risks to all TKIP implementations on both WPA and WPA2 network.

14 comments:

  1. Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely because of the wide variety of potential physical, software, Serious Security Alarms

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Great Information !!!!!
    Thanks Publisher to publish this Topic,it's very clearly define about Network Security and Compliancy Services. I also want to recommend one another Expert in this field.

    ReplyDelete
  4. I really liked your Information. Keep up the good work. Dangers Network Dangers

    ReplyDelete
  5. Serve just safe protocols, such as HTTPS and POP3s to come the e-mail.

    wifi security

    ReplyDelete
  6. Securium Solutions is the best Network Security Devices in Abu Dhabi to be known, you can contact us here at support@securiumsolutions.com to get optimal solutions to your problems.

    ReplyDelete
  7. In the healthcare industry, cybersecurity will remain a major focus. It's critical to have the required security in place without disrupting employee and network productivity. We get it. We do. When it comes to healthcare, lives and personal data are on the line. If things keep on like this, there will be a disaster. It’s only a matter of time. Do something about your cyber security today. Best Cyber security company in India. Reach IARM. iarminfo.com
    ISO 27001 Compliance
    Cybersecurity Consulting firm
    Vulnerability Assessment and Management
    Penetration Testing Company In India
    SIEM Solutions and Service Provider

    ReplyDelete
  8. Security Threats And Risks ~ Wireless Network Security >>>>> Download Now

    >>>>> Download Full

    Security Threats And Risks ~ Wireless Network Security >>>>> Download LINK

    >>>>> Download Now

    Security Threats And Risks ~ Wireless Network Security >>>>> Download Full

    >>>>> Download LINK

    ReplyDelete
  9. Security Threats And Risks ~ Wireless Network Security >>>>> Download Now

    >>>>> Download Full

    Security Threats And Risks ~ Wireless Network Security >>>>> Download LINK

    >>>>> Download Now

    Security Threats And Risks ~ Wireless Network Security >>>>> Download Full

    >>>>> Download LINK 0r

    ReplyDelete

  10. This is the perfect webpage for everyone who hopes to understand this topic. You know a whole lot its almost tough to argue with you (not that I personally would want to…HaHa). You definitely put a brand new spin on a topic that's been written about for ages. Excellent stuff, just wonderful! Best Digital Marketing Company in Durgapur

    ReplyDelete
  11. Security Threats And Risks ~ Wireless Network Security >>>>> Download Now

    >>>>> Download Full

    Security Threats And Risks ~ Wireless Network Security >>>>> Download LINK

    >>>>> Download Now

    Security Threats And Risks ~ Wireless Network Security >>>>> Download Full

    >>>>> Download LINK in

    ReplyDelete