WIRELESS NETWORK
S.Dhandayuthapani,First MCA, Excel Business
school,Komarapalayam.
Introduction:
Wireless network refers to any
type of computer network that is not
connected by cables of any kind. It is
a method by which
telecommunications networks and
enterpise (business), installations
avoid the costly process of
introducing cables into to a building,
Types of Wireless network:
Wireless PAN
This implementation takes
place at the physical level, (layer), of
the network structure. Bluetooth radio
and invisible Infrared light provides a
WPAN for interconnecting a headset
to a laptop. ZigBee also supports
WPAN applications. Wi-Fi PANs are
becoming commonplace (2010) as
equipment designers start to integrate
Wi-Fi into a variety of consumer
electronic devices. Intel "My WiFi"
and Windows 7 "virtual Wi-Fi"
capabilities have made Wi-Fi PANs
simpler and easier to set up and
configure.
Wireless LAN
or as a connection between various
equipmentlocations. Wireless
telecommunications networks are
generally implemented and
administered using a transmission
system called Radio waves. This
implementation takes place at the
physical level, (layer), of the network
structure.
A wireless local area network
(WLAN) links two or more devices
using a wireless distribution method,
providing a connection through an
access point to the wider internet. The
use of spread-spectrum or OFDM
technologies also gives users the
mobility to move around within a
local coverage area, and still remain
connected to the network.
 Wi-Fi: "Wi-Fi" is a term used
to describe 802.11 WLANs,
although it is technically a
declared standard of
interoperability between 802.11
devices.
 Fixed Wireless Data: This
implements point to point links
 between computers or networks
at two distant locations, often
using dedicated microwave or
modulated laser light beams
over line of sight paths. It is
often used in cities to connect
networks in two or more
buildings without installing a
wired link.
Wireless MAN
Wireless Metropolitan Area
Networks are a type of wireless
network that connects several
Wireless LANs.
 WiMAX is a type of Wireless
MAN and is described by the
IEEE 802.16 standard
Wireless WAN
 Global System for Mobile
wireless wide area networks are
wireless networks that typically cover
large outdoor areas. These networks
can be used to connect branch offices
of business or as a public internet
access system. They are usually
deployed on the 2.4 GHz band. A
typical system contains base station
gateways, access points and wireless
bridging relays. Other configurations
are mesh systems where each access
point acts as a relay also. When
combined with renewable energy
systems such as photo-voltaic solar
panels or wind systems they can be
stand alone systems.
Mobile devices networks
Further information: mobile
telecommunications
With the development of smart
phones, cellular telephone networks
routinely carry data in addition to
telephone conversations:
Communications (GSM): The GSM
network is divided into three major
systems: the switching system, the
base station system, and the
operation and support system. The
cell phone connects to the base
system station which then connects
to the operation and support station;
it then connects to the switching
station where the call is transferred
to where it needs to go. GSM is the
most common standard and is used
for a majority of cell phones.[6]
  Personal Communications
Service (PCS): PCS is a radio
band that can be used by
mobile phones in North
America and South Asia. Sprint
happened to be the first service
to set up a PCS.
 D-AMPS: Digital Advanced
Mobile Phone Service, an
upgraded version of AMPS, is
being phased out due to
advancement in technology.
The newer GSM networks are
replacing the older system.
Wireless community network
Wireless community
networks or wireless community
projects are the organizations that
attempt to take a grassroots approach
to providing a viable alternative to
municipal wireless networks for
consumers.
Because of evolving technology and
locales, there are at least four different
types of solution:
 Cluster: Advocacy groups
which simply encourage
sharing of unmetered internet
bandwidth via Wi-Fi, may also
index nodes, suggest uniform
SSID (for low-quality
roaming), supply equipment,
dns services, etc.
 Mesh: Technology groups
which coordinate building a
mesh network to provide Wi-Fi
access to the internet
 WISP: A mesh that forwards all
traffic back to consolidated link
aggregation point(s) that have
centralized access to the
internet
 WUG: A wireless user group
run by wireless enthusiasts. An
open network not used for the
reselling of internet. Running a
combination of various off the
shelf WIFI hardware running in
the license free ISM bands
2.4 GHz/5.8 GHz
Wireless access point:
In computer networking,
a wireless access point (WAP)
is a device which allows
wireless devices to connect to a
wired network using Wi-Fi,
Bluetooth or related standards.
The WAP usually connects to a
router (via a wired network),
and can relay data between the
wireless devices (such as
computers or printers) and
wired devices on the network.
Industrial grade WAPs are rugged,
with a metal cover and a DIN rail
mount. During operations they can
tolerate a wider temperature range,
high humidity and exposure to water,
dust, and oil. Wireless security
includes: WPA-PSK, WPA2, IEEE
802.1x/RADIUS, WDS, WEP, TKIP,
and CCMP (AES) encryption. Unlike
home consumer models, industrial
wireless access points can also act as
a bridge, router, or a client.
Common WAP Applications:
A typical corporate use
involves attaching several WAPs to a
wired network and then providing
wireless access to the office LAN.
The wireless access points are
managed by a WLAN Controller
which handles automatic adjustments
to RF power, channels, authentication,
and security. Further, controllers can
be combined to form a wireless
mobility group to allow inter-
controller roaming. The controllers
can be part of a mobility domain to
allow clients access throughout large
or regional office locations. This
saves the clients time and
administrators overhead because it
can automatically re-associate or re-
authenticate.
Wireless Access Point vs. Ad
Hoc Network:
Some people confuse Wireless
Access Points with Wireless Ad Hoc
networks. An Ad Hoc network uses a
connection between two or more
devices without using a wireless
access point: the devices
communicate directly when in range.
An Ad Hoc network is used in
situations such as a quick data
exchange or a multiplayer LAN game
because setup is easy and does not
require an access point. Due to its
peer-to-peer layout, Ad Hoc
connections are similar to Bluetooth
ones and are generally not
recommended for a permanent
installation.
Internet access via Ad Hoc
networks, using features like
Windows' Internet Connection
Sharing, may work well with a small
number of devices that are close to
each other, but Ad Hoc networks don't
scale well. Internet traffic will
converge to the nodes with direct
internet connection, potentially
congesting these nodes. For internet-
enabled nodes, Access Points have a
clear advantage, with the possibility
of having multiple access points
connected by a wired LAN.
Wireless security is the prevention of
unauthorized access or damage to
computers using wireless networks.
Wireless networks are very
common, both for organizations and
individuals. Many laptop computers
have wireless cards pre-installed. The
ability to enter a network while
mobile has great benefits. However,
wireless networking has many
security issues.[1]Crackers have found
wireless networks relatively easy to
break into, and even use wireless
technology to crack into wired
networks [2]. As a result, it's very
important that enterprises define
effective wireless security policies
that guard against unauthorized access
to important resources.[3]Wireless
Intrusion Prevention Systems (WIPS)
or Wireless Intrusion Detection
Systems (WIDS) are commonly used
to enforce wireless security policies.
The risks to users of wireless
technology have increased as the
service has become more popular.
There were relatively few dangers
when wireless technology was first
introduced. Crackers had not yet had
time to latch on to the new technology
and wireless was not commonly found
in the work place. However, there are
a great number of security risks
associated with the current wireless
protocols and encryption methods,
and in the carelessness and ignorance
that exists at the user and corporate IT
level.[4] Cracking methods have
become much more sophisticated and
innovative with wireless. Cracking
has also become much easier and
more accessible with easy-to-use
Windows or Linux-based tools being
made available on the web at no
charge.
Types of unauthorized access
Accidental association
Violation of security perimeter
of corporate network can come from a
number of different methods and
intents. One of these methods is
referred to as “accidental association”.
When a user turns on a computer and
it latches on to a wireless access point
from a neighboring company’s
overlapping network, the user may
not even know that this has occurred.
However, it is a security breach in
that proprietary company information
is exposed and now there could exist a
link from one company to the other.
This is especially true if the laptop is
also hooked to a wired network.
Accidental association is a case
of wireless vulnerability called as
"mis-association".[5]Mis-association
can be accidental, deliberate (for
example, done to bypass corporate
firewall) or it can result from
deliberate attempts on wireless clients
to lure them into connecting to
attacker's APs.
Malicious association
“Malicious associations” are
when wireless devices can be actively
made by attackers to connect to a
company network through their
cracking laptop instead of a company
access point (AP). These types of
laptops are known as “soft APs” and
are created when a cyber criminal
runs some software that makes his/her
wireless network card look like a
legitimate access point. Once the thief
has gained access, he/she can steal
passwords, launch attacks on the
wired network, or plant trojans. Since
wireless networks operate at the Layer
2 level, Layer 3 protections such as
network authentication and virtual
private networks (VPNs) offer no
barrier. Wireless 802.1x
authentications do help with
protection but are still vulnerable to
cracking. The idea behind this type of
attack may not be to break into a VPN
or other security measures. Most
likely the criminal is just trying to
take over the client at the Layer 2
level.
Ad-hoc networks
Ad-hoc networks can pose a
security threat. Ad-hoc networks are
defined as peer-to-peer networks
between wireless computers that do
not have an access point in between
them. While these types of networks
usually have little protection,
encryption methods can be used to
provide security.
The security hole provided by
Ad-hoc networking is not the Ad-hoc
network itself but the bridge it
provides into other networks, usually
in the corporate environment, and the
unfortunate default settings in most
versions of Microsoft Windows to
have this feature turned on unless
explicitly disabled. Thus the user may
not even know they have an
unsecured Ad-hoc network in
operation on their computer. If they
are also using a wired or wireless
infrastructure network at the same
time, they are providing a bridge to
the secured organizational network
through the unsecured Ad-hoc
connection. Bridging is in two forms.
A direct bridge, which requires the
user actually configure a bridge
between the two connections and is
thus unlikely to be initiated unless
explicitly desired, and an indirect
bridge which is the shared resources
on the user computer. The indirect
bridge provides two security hazards.
The first is that critical organizational
data obtained via the secured network
may be on the user's end node
computer drive and thus exposed to
discovery via the unsecured Ad-hoc
network. The second is that a
computer virus or otherwise
undesirable code may be placed on
the user's computer via the unsecured
Ad-hoc connection and thus has a
route to the organizational secured
network. In this case, the person
placing the malicious code need not
"crack" the passwords to the
organizational network, the legitimate
user has provided access via a normal
and routine log-in. The malfactor
simply needs to place the malicious
code on the unsuspecting user's end
node system via the open (unsecured)
Ad-hoc networks.
Non-traditional networks
Non-traditional networks such
as personal network Bluetooth
devices are not safe from cracking
and should be regarded as a security
risk. Even barcode readers, handheld
PDAs, and wireless printers and
copiers should be secured. These non-
traditional networks can be easily
overlooked by IT personnel who have
narrowly focused on laptops and
access points.
Identity theft (MAC spoofing)
Identity theft (or MAC
spoofing) occurs when a cracker is
able to listen in on network traffic and
identify the MAC address of a
computer with network privileges.
Most wireless systems allow some
kind of MAC filtering to only allow
authorized computers with specific
MAC IDs to gain access and utilize
the network. However, a number of
programs exist that have network
“sniffing” capabilities. Combine these
programs with other software that
allow a computer to pretend it has any
MAC address that the cracker desires,
[6]
and the cracker can easily get
around that hurdle.
MAC filtering is only effective
for small residential(SOHO)networks,
since it only provides protection when
the wireless device is "off the air".
Any 802.11 device "on the air" freely
transmits its unencrypted MAC
address in its 802.11 headers, and it
requires no special equipment or
software to detect it. Anyone with an
802.11 receiver (laptop and wireless
adapter) and a freeware wireless
packet analyzer can obtain the MAC
address of any transmitting 802.11
within range. In an organizational
environment, where most wireless
devices are "on the air" throughout the
active working shift, MAC filtering
only provides a false sense of security
since it only prevents "casual" or
unintended connections to the
organizational infrastructure and does
nothing to prevent a directed attack.
Man-in-the-middle attacks
A man-in-the-middle attacker
entices computers to log into a
computer which is set up as a soft AP
(Access Point). Once this is done, the
hacker connects to a real access point
through another wireless card offering
a steady flow of traffic through the
transparent hacking computer to the
real network. The hacker can then
sniff the traffic. One type of man-in-
the-middle attack relies on security
faults in challenge and handshake
protocols to execute a “de-
authentication attack”. This attack
forces AP-connected computers to
drop their connections and reconnect
with the cracker’s soft AP. Man-in-
the-middle attacks are enhanced by
software such as LANjack and
AirJack, which automate multiple
steps of the process. What once
required some skill can now be done
by script kiddies. Hotspots are
particularly vulnerable to any attack
since there is little to no security on
these networks.
Denial of service
A Denial-of-Service attack
(DoS) occurs when an attacker
continually bombards a targeted AP
(Access Point) or network with bogus
requests, premature successful
connection messages, failure
messages, and/or other commands.
These cause legitimate users to not be
able to get on the network and may
even cause the network to crash.
These attacks rely on the abuse of
protocols such as the Extensible
Authentication Protocol (EAP).
The DoS attack in itself does
little to expose organizational data to
a malicious attacker, since the
interruption of the network prevents
the flow of data and actually
indirectly protects data by preventing
it from being transmitted. The usual
reason for performing a DoS attack is
to observe the recovery of the
wireless network, during which all of
the initial handshake codes are re-
transmitted by all devices, providing
an opportunity for the malicious
attacker to record these codes and use
various "cracking" tools to analyze
security weaknesses and exploit them
to gain unauthorized access to the
system. This works best on weakly
encrypted systems such as WEP,
where there are a number of tools
available which can launch a
dictionary style attack of "possibly
accepted" security keys based on the
"model" security key captured during
the network recovery.
Network injection
In a network injection attack, a
cracker can make use of access points
that are exposed to non-filtered
network traffic, specifically
broadcasting network traffic such as
“Spanning Tree” (802.1D), OSPF,
RIP, and HSRP. The cracker injects
bogus networking re-configuration
commands that affect routers,
switches, and intelligent hubs. A
whole network can be brought down
in this manner and require rebooting
or even reprogramming of all
intelligent networking devices.
Caffe Latte attack
The Caffe Latte attack was
discovered by two security
researchers of AirTight Networks-
VivekRamachandaran and Md. Sohail
Ahmad. It is another way to defeat
WEP. It is not necessary for the
attacker to be in the area of the
network using this exploit. By using a
process that targets the Windows
wireless stack, it is possible to obtain
the WEP key from a remote client.[7]
By sending a flood of encrypted ARP
requests, the assailant takes advantage
of the shared key authentication and
the message modification flaws in
802.11 WEP. The attacker uses the
ARP responses to obtain the WEP key
in less than 6 minutes.[8]
Wireless Intrusion Prevention
Systems
A Wireless Intrusion
Prevention System (WIPS) is the most
robust way to counteract wireless
security risks[citation needed]. A WIPS is
typically implemented as an overlay
to an existing Wireless LAN
infrastructure, although it may be
deployed standalone to enforce no-
wireless policies within an
organization.
Large organizations with many
employees are particularly vulnerable
to security breaches[9] caused by rogue
access points. If an employee (trusted
entity) in a location brings in an easily
available wireless router, the entire
network can be exposed to anyone
within range of the signals.
WIPS is considered so
important to wireless security that in
July 2009, the PCI Security Standards
Council published wireless
guidelines[10] for PCI DSS
recommending the use of WIPS to
automate wireless scanning and
protection for large organizations
Security:
Wireless access has special
security considerations. Many wired
networks base the security on physical
access control, trusting all the users
on the local network, but if wireless
access points are connected to the
network, anyone on the street or in the
neighboring office could connect.
The most common solution is
wireless traffic encryption. Modern
access points come with built-in
encryption. The first generation
encryption scheme WEP proved easy
to crack; the second and third
generation schemes, WPA and
WPA2, are considered secure if a
strong enough password or passphrase
is used.
Some WAPs support hotspot
style authentication using RADIUS
and other authentication servers.
Comparison of wireless LAN
clients:
Every wireless LAN network
consists of an access point, such as a
wireless router, and one or more
wireless adapters. Each adapter is
controlled by software known as a
wireless LAN client, or wireless
connection management utility.
There are many wireless LAN clients
available for use. Clients vary in
technical aspects, support of protocols
and other factors. Some clients only
work with certain hardware devices,
while others only on certain operating
systems.
Wireless connection
management utility:
A wireless connection
management utility is a piece of
software that manages the activities
and features of a wireless network
connection.[1][2] It may control the
process of selecting an available
access point, authenticating and
associating to it and setting up other
parameters of the wireless connection.
Wireless Zero Configuration:
Wireless Zero Configuration
(WZC), also known as Wireless Auto
Configuration, or WLAN AutoConfig
is a wireless connection management
utility included with Microsoft
Windows XP and later operating
systems as a service that dynamically
selects a wireless network to connect
to based on a user's preferences and
various default settings This can be
used instead of, or in the absence of, a
wireless network utility from the
manufacturer of a computer's wireless
networking device. The drivers for the
wireless adapter query the NDIS
Object IDs and pass the available
network names (SSIDs) to the service.
The service then lists them in the user
interface on the Wireless Networks tab
in the connection's Properties or in
the Wireless Network Connection
dialog box accessible from the
notification area. A checked build
version of the WZC service can be
used by developers to obtain
additional diagnostic and tracing
information logged by the service.
Wireless Security Best Practices
Though a WIPS is deployed,
certain wireless security best practices
are recommended for every Wireless
LAN deployment. Certain practices
may not be possible due to
deployment constraints.
MAC ID filtering
Most wireless access points
contain some type of MAC ID
filtering that allows the administrator
to only permit access to computers
that have wireless functionalities that
contain certain MAC IDs. This can be
helpful; however, it must be
remembered that MAC IDs over a
network can be faked. Cracking
utilities such as SMAC are widely
available, and some computer
hardware also gives the option in the
BIOS to select any desired MAC ID
for its built in network capability.
Static IP addressing
Disabling at least the IP
Address assignment function of the
network's DHCP server, with the IP
addresses of the various network
devices then set by hand, will also
make it more difficult for a casual or
unsophisticated intruder to log onto
the network. This is especially
effective if the subnet size is also
reduced from a standard default
setting to what is absolutely necessary
and if permitted but unused IP
addresses are blocked by the access
point's firewall. In this case, where no
unused IP addresses are available, a
new user can log on without detection
using TCP/IP only if he or she stages
a successful Man in the Middle
Attack using appropriate software.