Be Aware of These 7 Common Wireless Network Threats
- select the contributor at the end of the page -
The 7 most common wireless network threats are:
Configuration Problems: Misconfigurations, incomplete configurations.
Denial of Service: Sending large amounts of traffic (or viruses) over the network with the intent of hijacking resources or introducing backdoors.
Passive Capturing: Eavesdropping within range of an access point to capture sensitive information.
Rogue (or Unauthorized/Ad-Hoc) Access Points: Fool devices into connecting with a false access point.
Evil Twin Attacks: Impersonating legit access points with a stronger signal to entice authorized users to sign on.
Hacking of Lost or Stolen Wireless Devices: Bypassing the password to gain access.
Freeloading: Piggybacking on a connection or intercepting file sharing.
The risk of attacks occurring on wireless LANs is high. In fact, two-thirds of small- and medium-sized businesses reported a cyber attack in 2018. And, the average cost of the attack on these businesses was almost $3 million due to the costs of sustained system outages and disruption (40% of servers were down for 8+ hours when a breach occurred).
There are a number of reasons for this great increase in attacks, but the main one is that the nature of a wireless network is to provide easy access to end users, but this ease of access creates a more open attack surface. Unlike a wired network that requires an attacker to physically access part of the network, a wireless network only requires that the attacker be in close proximity (and even this is relative). Also, there is a general lack of knowledge and awareness of wireless networks.
Let’s cover the general basics of wireless security to gain some background information. Then we’ll go over, in greater detail, seven of the most common wireless network threats you need to know so you can better protect yourself against them.
Wireless Security Basics
One of the most important basic fundamentals that a person or company needs to be aware of when deploying a wireless network is the importance of frequencies. Frequencies are used by equipment that is being deployed, and it affects the amount of interference that the network will be subject to, depending on the specific environment.
As has been the case for years, there are two main frequency bands that are used for wireless LANs (802.11): 2.4 GHz and 5 GHz bands. From a security perspective, the choice of frequency does not greatly affect the security risk of the network. What it does affect is the number of available non-overlapping channels that are available on the network. For the most part, this will not affect security. That is, except when an attacker is attempting to jam or block a specific frequency to force wireless endpoints to switch Access Points (AP).
Another fundamental to understand is that endpoint devices identify wireless networks using a service set identifier (SSID) along with a set of security parameters. On most wireless deployments, the SSID is broadcast from the APs, allowing clients the ability to easily associate. It is possible to not broadcast the SSID, which provides a little protection from wireless network attackers who have little operating knowledge. However, for an experienced wireless attacker, this is not a very effective security measure.
The real security for a wireless network comes from the selection of a proven security technique. Currently, the most updated and secure technique is WPA3, which was released in 2018.
This standard provides two different modes of operation:
WPA3-Personal utilizes a 128-bit encryption key that is communicated to both sides (AP and client) before establishing a wireless connection. Its Forward Secrecy protocol improves key exchange security and resists offline dictionary attacks.
WPA3-Enterprise utilizes a 192-bit key-based encryption. It also uses a 48-bit initialization vector that guarantees a minimum level of security.
Now that you know these basics of wireless security, let’s dive into ten of the most common wireless network threats that you may (or will likely) come across at least once in your career.
7 Common Wireless Network Threats (and How to Protect Against Them)
While deceitful actions do commonly occur, there are also many accounts of innocent, yet careless, actions are often the cause of a major security breach. Below are seven of the most common threats to wireless networks.
1. Configuration Problems (Misconfigurations or Incomplete Configurations)
Simple configuration problems are often the cause of many vulnerabilities because many consumer/SOHO-grade access points ship with no security configuration at all. Other potential issues with configuration include weak passphrases, feeble security deployments, and default SSID usage.
A novice user can quickly set up one of these devices and gain access, or open up a network to external use without further configuration. These acts allow attackers to steal an SSID and connect without anyone being the wiser.
To mitigate the risk, use a centrally managed WLAN that features periodic audits and coordinated updates.
2. Denial of Service
Anybody familiar with network security is aware of the concept of denial of service (DoS), also referred to as a “spoiler.” It is one of the simplest network attacks to perpetrate because it only requires limiting access to services. This can be done by placing viruses or worm programs on your network, or by simply sending a large amount of traffic at a specific target with the intent of causing a slowdown or shutdown of wireless services. This allows attackers to hijack resources, view unauthorized information disclosures, and introduce backdoors into the system.
For wireless networks it can be much easier, as the signal can be interfered with through a number of different techniques. When a wireless LAN is using the 2.4 GHz band, interference can be caused by something as simple as a microwave oven or a competing access point on the same channel. Because the 2.4 GHz band is limited to only three non-overlapping channels (in the U.S.), an attacker just needs to cause enough interference into these to cause service interruption.
A denial of service attack can also be used in conjunction with a rogue access point. For example, one could be set up in a channel not used by the legitimate access point. Then a denial of service attack could be launched at the channel currently being used, causing endpoint devices to try and re-associate onto a different channel that is used by the rogue access point.
3. Passive Capturing
Passive capturing (or eavesdropping) is performed simply by getting within range of a target wireless LAN, then ‘listening to’ and capturing data which can be used for breaking existing security settings and analyzing non-secured traffic. Such information that can be “heard” include SSIDs, packet exchanges, and files (including confidential ones).
Consider the following scenarios that make passive capturing possible:
Your office building has multiple tenants, including immediately above or below you on different floors.
You have a lobby just outside your office.
Your parking lot is close to the building.
There is a street that passes nearby.
There are adjacent buildings.
When it comes down to it, passive capturing is possible nearly anywhere. There are also some go-arounds when an attacker can’t be within normal broadcast range, such as using a big antenna or a wireless repeater device to extend range by miles. An attacker can even use a packet sniffer application that captures all the outgoing packets, grabs and analyzes them, then reveals its data payload. You can try a packet sniffer yourself to see the depth and breadth of classified information that is available to anyone who wants to hijack it.
It is almost impossible to totally prevent this type of attack because of the nature of a wireless network. What can be done involves implementing high security standards by using a firewall, and setting complex parameters.
4. Rogue (or Unauthorized/Ad-Hoc) Access Points
One method often used by attackers involves setting up a rogue access point within the range of an existing wireless LAN. The idea is to ‘fool’ some of the authorized devices in the area to associate with the false access point, rather than the legitimate one.
To really be effective, this type of attack requires some amount of physical access. This is required because if a user associates with a rogue access point, then is unable to perform any of their normal duties, the vulnerability will be short-lived and not that effective. However, if an attacker is able to gain access to a physical port on a company network and then hook the access point into this port, it’s possible to get devices to associate and capture data from them for an extended period of time.
The exception to this barrier is when the wireless LAN being targeted only provides internet access. A rogue access point can also offer simple internet access and leave the user unaware of their vulnerability for an extended amount of time.
Part of the same idea of rogue access points is unauthorized, non-malicious access points and ad-hoc networks. In these situations, a legitimate user sets up an access point or ad-hoc network for their own use, but does not implement proper security techniques. This provides an opening for watching attackers.
Some steps you can take to prevent such access points are to:
Establish and communicate a policy prohibiting employees from using their own wireless access points.
Make it easier for employees to gain access to legitimate (and secured) wireless access points.
Regularly walk around your office with a wireless-equipped device to search for rogue access points, looking in every network outlet.
Install a WIPS (wireless intrusion prevention system) to scan radio spectrums, searching for access points with configuration errors.
5. Evil Twin Attacks
An attacker can gather enough information about a wireless access point to impersonate it with their own, stronger broadcast signal. This fools unsuspecting users into connecting with the evil twin signal and allows data to be read or sent over the internet.
Server authentication and penetration testing are the only tools that will aid in ending evil twin attacks.
6. Hacking of Lost or Stolen Wireless Devices
Often ignored because it seems so innocent, but if an employee loses a smartphone, laptop, etc., that is authorized to be connected to your network, it's very easy for the finder or thief to gain full access. All that’s necessary is to get past the password, which is quite simple to do.
Make it a policy and practice to have employees immediately report a misplaced or stolen device so that it can be remotely locked, given a password change, or wiped clean.
Sometimes unauthorized users will piggyback on your wireless network to gain free access. Usually this is not done maliciously, but there are still security ramifications.
Your internet service may slow down.
Illegal content or spam can be downloaded via your mail server.
“Innocent” snooping may take place.
Additionally, employees sharing files with unrecognized networks, or giving permission for a friend or family member to use their login credentials for computer access, both seriously disrupt security measures.
General Tips for Minimizing Your Wireless Network’s Security Threats
Fortunately, there are many things you can do to minimize the seven wireless network threats listed above. Here are several tips, briefly:
Restrict access to only authorized users. For times when a guest requires access, set up a guest account with specific guest privileges on a separate wireless channel (and with a unique password) to maintain privacy of primary credentials.
Protect your SSID by renaming it, changing its default values, and disabling its broadcast to other users.
Encrypt your data with WPA3, which is currently the strongest encryption.
Install a host-based firewall.
Caution against improper file sharing:
Never share files over public networks.
Create a dedicated and restricted sharing directory.
Don’t open an entire hard drive for sharing.
Disable file sharing when it’s not needed.
Periodically update and install patches for all wireless access points.
Use a VPN (Virtual Private Network) to allow out-of-office network connectivity among employees.
Now is the time to start checking these to-do tips off your list before you suffer a breach. Not only will your sensitive data suffer, but your reputation will as well.
The Best Attitude to Have Toward Wireless Security
The best attitude to have toward wireless security is one of awareness and vigilance. This will ensure a high level of security is always used and constantly adapted as the standards for security change.
This article is a starting point, but if you’re interested in learning more about wireless network security, browse and sign up for a course through Pluralsight!