Chapter 24 - Wireless Network Security

Attack Surfaces

• channel - broadcast communication subject to risk (eg. eavesdropping, jamming)

  • THINK: crowd in public

• mobility (portability) subject to risk (eg. theft)

• resources - sophisticated OSs but limited resources to process

• accessibility - unattended sensors subject to risk (eg. targeting the weakest link)

  • access points connect devices to the network

    • THINK: a station/hub for stops

• Accidental association - automatically connecting to an incorrect network and doing tasks unknowing on an unsafe network

• MAC spoofing / Identity theft

• Network injection - injecting malicious code onto the network

Security

• Wireless Transmissions

  • eavesdropping → encryption

  • → signal hiding (halting broadcast of SSID)

• Wireless Networks

  • standard IEEE 802.1X - provides authentication mechanism to devices wishing to access a network

  • Security methods

    • encryption

    • firewalls

    • identifier broadcasting/signal hiding

    • change pre-set password (as it is vulnerable to brute force)

    • MAC filtering/whitelist of allowed computers

• Mobile Phones

  • must account for new devices possibly being vulnerabilities

  • cloud-based applications subject to security

  • de-perimeterization - perimeter around devices creating islands must be accounted for

• Threats:

  • untrusted networks, devices, apps, or content

  • yinteraction between systems

• Wireless Fidelity (Wi-Fi) Alliance/Wireless Ethernet Compatibility Alliance (WECA) - facilitates inter-operation

• 802.11b broadly accepted

• Wireless Protected Access (WPA) - first protocol by Wi-Fi Alliance lining standards

IEEE 803.11 Terms

• access point (AP) - station that provides access to the distribution system

• basic service set (BSS) - stations operating under the same operation

• coordinating function - function within a BSS that permits transmission or data transfer

• distribution system (DS) - connects BSS with each other + the respective hosts

• extended service set (ESS) - interconnected BSS + hosts that appear as a single BSS

• Media Access Control (MAC) - protocol that determines how data is transmitted between two networks

  • Not to be confused with Message Authentication Code (MAC)

• MAC Protocol Data Unit (MPDU) - data unit transfered between via the physical layer MACs

• MAC Service Data Unit (MSDU) - unit-based information delivered between MACs

Summary

• attack surfaces + attacks

• security

  • over wireless transmissions

  • over wireless networks

  • over mobule phones

• Wi-Fi Alliances

• IEEE 803.11

Don’t know → write related knowledge (eg definitions)