Wireless security: some measures
The advent of Information and Communication Technology (ICT) and its adoption has made the wireless networking readily available, affordable, and easy to use. Many users are using wireless technology for domestic as well as commercial purposes. This use has to take care of certain security threats that may be encountered. This article is trying to analyse those threats and suggesting the necessary measures so that both home based and publically situated wireless networks can be safely used in India.
I. Introduction
The advancement in science and technology has empowered us with tremendous power to deal with various segments of human life. These advancements have, however, also given rise to certain deviances and criminal tendencies. The same equally applies in the present era of ICT. The ICT has conferred tremendous control over the information we generate and disseminate. So much is the benefit of ICT that the traditional means and modes of human interactions have been substituted by ICT. The same has resulted in use of e-governance, e-commerce, etc that have drastically reduced the face to face human interaction. The instrument or tool that made all this possible is a computer connected with an Internet. Initially, the Internet was used for computers connected through cables and routers.[1] Routers in a home network are generally connected to a broadband cable or DSL[2] modem. But with the advancement of technology even wireless communication and interaction is possible. Wireless routers perform the same job as wired routers, only they convert network traffic to a radio signal. This convenience has to be enjoyed with caution otherwise it may be a costly affair in every sense. The use of Internet has changed the entire platform of crime and criminal perpetuating the same. The crimes like hacking, pornography, privacy violations, spamming, phishing, pharming, identity theft, cyber terrorisms, etc are increasing day by day. The modus operendi[3] adopted for these cyber crimes and contraventions is different from the traditional crimes that make it very difficult to trace the culprits. This is because of the anonymous nature of Internet. The Internet is boundary less and that makes the investigation and punishment very difficult. This is more so if an unsecured wireless connection is involved in any transaction. The need of the hour is to set priority for a secure and safe electronic environment so that its benefits can be reaped to the maximum possible extent.[4] The wireless security must be accepted and adopted for both home based and publicly placed wireless networks.
II. Networks to be protected
Wireless networks are very common, both for organisations and individuals. Many laptop computers have wireless cards pre-installed for the buyer. The ability to enter a network while mobile has great benefits. However, wireless networking has many security issues. Crackers have found wireless networks relatively easy to break into, and even use wireless technology to crack into non-wireless networks. Network administrators must be aware of these risks, and stay up-to-date on any new risks that arise. Also, users of wireless equipment must be aware of these risks, so as to take personal protective measures.[5] ** (a) Home Wireless Threats**
The need to secure traditional wired Internet connections was felt long before. However, there is a growing trend of shifting to a wireless connection at homes. This involves a process where the user connects a device to his DSL or cable modem that broadcasts the Internet connection through the air over a radio signal to his computer. If traditional wired connections are susceptible to security tribulations, there is a great risk of security breach that may arise when a user opens his Internet connection to the airwaves. An unsecured wireless network coupled with unsecured file sharing can be disastrous. There are, however, steps one can take to protect the wireless network. The following are some of the possible security steps:
(i) Make the wireless network invisible by disabling identifier broadcasting,
(ii) Rename the wireless network and change the default name.
(iii) Encrypt the network traffic,
(iv) Change administrator’s password from the default password. If the wireless network does not have a default password, create one and use it to protect the network,
(v) Use file sharing with caution. If the user does not need to share directories and files over his network, he should disable file sharing on his computers.
(vi) Keep the access point[6] software patched and up to date,
(vii) Check internet provider’s wireless security options as it may provide information about securing your home wireless network,
(viii) Do not auto-connect to open Wi-Fi (wireless fidelity) networks
(ix) Turn off the network during extended periods of non-use, etc.
** (b) Public Wireless Threats**
The risks to users of wireless technology have increased exponentially as the service has become more popular. There were relatively few dangers when wireless techonology was first introduced. Currently, however; there are a great number of security risks associated with wireless technology. Some issues are obvious and some are not. At a corporate level, it is the responsibility of the Information Technology (IT) department to keep up to date with the types of threats and appropriate counter measures to deploy. Security threats are growing in the wireless arena. Crackers have learned that there is much vulnerability in the current wireless protocols, encryption methods, and in the carelessness and ignorance that exists at the user and corporate IT level. Cracking methods have become much more sophisticated and innovative with wireless. Cracking has become much easier and more accessible with easy-to-use Windows-based and Linux-based tools being made available on the web at no charge. IT personnel should be somewhat familiar with what these tools can do and how to counteract the cracking that stems from them.[7]Accessing the internet via a public wireless access point involves serious security threats. These threats are compounded by the inability to control the security setup of the wireless network. The following steps can be taken to protect oneself at public places:
(a) Be careful while dealing in an online environment if the network is not properly secured. Avoid online banking, shopping, entering credit card details, etc,
(b) Connect using a virtual private network (VPN) as it allows connecting securely. VPNs encrypt connections at the sending and receiving ends, and keep out traffic that is not properly encrypted,
(c) Disable file sharing in public wireless spaces as it is more dangerous than it is on your home wireless network,
(d) Be aware of your surroundings while using a public wireless access point. If an internet connection is not essential, disable wireless networking altogether. ** III. Corporate security**
The network of companies are equally vulnerable to various cyber attacks and if not properly secured may cost the company tremendous loss of information and money. The following are the types of unauthorised access generally found at companies networks:
(a) Accidental Association: Unauthorised access to company wireless and wired networks can come from a number of different methods and intents. One of these methods is referred to as “accidental association”. This is when a user turns on their computer and it latches on to a wireless access point from a neighboring company’s overlapping network. The user may not even know that this has occurred. However, this is a security breach in that proprietary company information is exposed and now there could exist a link from one company to the other. This is especially true if the laptop is also hooked to a wired network.
(b) Malicious Association: “Malicious associations” are when wireless devices can be actively made by crackers to connect to a company network through their cracking laptop instead of a company access point (AP). These types of laptops are known as “soft APs” and are created when a cracker runs some software that makes his/her wireless network card look like a legitimate access point. Once the cracker has gained access, he/she can steal passwords, launch attacks on the wired network, or plant trojans.
(c) Ad-Hoc Networks: Ad-hoc networks[8] can pose a security threat. Ad-hoc networks are defined as peer to peer networks between wireless computers that do not have an access point in between them. While these types of networks usually have little security, encryption methods can be used to provide security.
(d) Non-Traditional Networks: Non-traditional networks such as personal network Bluetooth devices are not safe from cracking and should be regarded as a security risk. Even bar code scanners, handheld PDAs,[9] and wireless printers and copiers should be secured. These non-traditional networks can be easily overlooked by IT personnel that have narrowly focused on laptops.
(e) Identity Theft (MAC Spoofing): Identity theft occurs when a cracker is able to listen in on network traffic and identify the MAC[10] address of a computer with network privileges. Most wireless systems allow some kind of MAC filtering to only allow authorised computers with specific MAC IDs to gain access and utilize the network. However, a number of programs exist that have network “sniffing” capabilities. Combine these programs with other software that allow a computer to pretend it has any MAC address that the cracker desires, and the cracker can easily get around that hurdle.
(f) Man-In-The-Middle Attacks: A man-in-the-middle attack is one of the more sophisticated attacks that have been cleverly thought up by crackers. This attack revolves around the attacker enticing computers to log into his/her computer which is set up as a soft AP. Once this is done, the cracker connects to a real access point through another wireless card offering a steady flow of traffic through the transparent cracking computer to the real network. The cracker can then sniff the traffic for user names, passwords, credit card numbers…etc. One type of man-in-the-middle attack relies on security faults in challenge and handshake protocols. It is called a “de-authentication attack”. This attack forces AP-connected computers to drop their connections and reconnect with the cracker’s soft AP. Man-in-the-middle attacks are getting easier to pull off due to freeware such as LANjack and AirJack automating multiple steps of the process. What was once done by cutting edge crackers can now be done by less knowledgeable and skilled crackers sitting around public and private hotspots.[11] Hotspots are particularly vulnerable to any attack since there is little to no security on these networks.
(g) Denial of Service: A Denial-of-service attack occurs when an attacker continually bombards a targeted AP or network with bogus requests, premature successful connection messages, failure messages, and/or other commands. These cause legitimate users to not be able to get on the network and may even cause the network to crash. These attacks rely on the abuse of protocols such as the Extensible Authentication Protocol (EAP).
(h) Network Injection: The final attack to be covered is the network injection attack. A cracker can make use of AP points that are exposed to non-filtered network traffic. The cracker injects bogus networking re-configuration commands that affect routers, switches, and intelligent hubs. A whole network can be brought down in this manner and require rebooting or even reprogramming of all intelligent networking devices.[12] ** IV. Conclusion**
The growing penetration of Internet in the day to day affairs of Indian society has both positive and negative effects. The positive side of this is the advent of e-governance and e-commerce in India. The use of e-governance will provide a transparent, accountable and hassle free citizen and Government interaction. Similarly, e-commerce is also facilitated with the use of ICT. The e-commerce is a well known phenomenon of the global trade that is gaining momentum in India. However, neither e-governance nor e-commerce can be a success in India till we also secure these infrastructures. Any ICT infrastructure is ineffective till we are capable of securing and protecting it. It must be appreciated that the ICT infrastructure of a nation can exist only to the extent it can be protected from internal and external online attacks. This “need” becomes a “compulsion” due to the provisions of IT Act, 2000 that fixes both civil and criminal liability for failure to act diligently. Both the citizens and companies are required to establish a sound and secure ICT infrastructure to escape the accusation of lack of “due diligence”.[13] The need of the hour is to secure both home based and publically situated wireless networks. The same cannot be a reality in India till we take immediate steps in this direction. Every base needs time to mature and its deficiencies can be removed only after it is established and analysed. It is futile to wait for several years and then adopt and establish a base that is unsuitable to Indian conditions. The ICT strategy of India must be “futuristic” in nature that must anticipate and adopt future developments and trends. We are following those trends that have been discarded long before by developed countries. We must concentrate on “originality” and devote our time, money and energy to security and forensics researches rather than blindly following foreign standards. It is high time for “innovation” and “futuristic efforts” and giving a final farewell to dependence upon standards and technology left by developed nations.
© Praveen Dalal. All rights reserved with the author.
- Arbitrator, Consultant and Advocate, Supreme Court of India. Managing Partner-Perry4law (Legal Firm) Ph.D –Cyber Forensics (Pursuing). Contact at: [email protected], [email protected]
[1] A router is a device that processes traffic entering and exiting a network. It examines individual bits of network traffic, known as packets, and determines where to send the packet. [2] DSL stands for digital subscriber line. This is a dedicated, high-bandwidth telecommunications line provided by a telecommunications or telephone company. [3] Modus Operendi is the manner and style of committing the crime or contravention. [4] Praveen Dalal, “Cyber security in India: An ignored world”, http://cyberforensicsinindia.blogspot.com/2006/08/cyber-security-in-india-ignored-world.html [5] http://en.wikipedia.org/wiki/Wireless_security [6] An access point is a station that transmits and receives data. An access point connects users to other users within the network. [7] http://en.wikipedia.org/wiki/Wireless_security [8] A local area network in which computers and network devices are in close proximity to others on the network. These devices are connected temporarily or for specific purposes. [9] Personal Digital Assistant. [10] Medium Access Control. [11] A hotspot is a wireless network node that provides an internet connection. More and more hotspots are becoming available in public locations such as airports, coffee shops, and hotels. [12] http://en.wikipedia.org/wiki/Wireless_security [13] Praveen Dalal, “The need of techno-legal compliance in India”, http://perry4law.blogspot.com/2006/06/need-of-techno-legal-compliance-in.html