Wireless devices security is the prevention of unauthorized access or damage to computers or data using wireless networks. Typically, wireless network security is delivered through wireless devices (usually a router/switch) that encrypts and secures all wireless communication by default. Taking few precautions in the configurations and use of latest firmware in your wireless device also reduces the risks. Another way is by carrying out dynamic wireless network penetration testing on your Wi-Fi device, where a security consultant will try to penetrate on wireless network emulating as a hacker. By doing this exercise, we can conclude whether our wireless networks are secure or not.
Why wireless device security is important?
Consider we have a big corporate building, and we have wireless access points all over the place giving great coverage to the company staff. An attacker can attempt to connect to such wireless devices by coming in its range and if we don’t have that network secured, it’s like putting ethernet port in the parking lot where somebody could drive up and eavesdrop the network traffic.
Insecure wireless networks are susceptible to following attacks:
- Piggybacking
If you fail to secure your wireless network, anyone with a wireless-enabled computer in range of your access point can use your connection. Failure to secure your wireless network could open your internet connection to many unintended users. These users may be able to conduct illegal activity, monitor and capture your web traffic, or steal personal files.
- Wardriving
The broadcast range of a wireless access point can make internet connections available outside your home, even as far away as your street. Hackers know this, and some have made a hobby out of driving through cities and neighbourhoods with wireless equipped computers, sometimes with a powerful antenna searching for unsecured wireless networks. They use your wireless network specifically to carry out illegal activities so that they will not be traced.
- Evil twin attack
In an evil twin attack, an adversary gathers information about a public network access point and then sets up a duplicate system to impersonate it. Here hacker disconnects the actual users from legitimate access point for a specific duration, and tricks the user to connect to fake access point made by the hacker. When user enters the password while connecting to fake access point which is under control of hacker, password of the real access point is revealed to the hacker. Attacker gains access to wireless network and can steal sensitive data of users as well who are connected to their access point. There is another way where attacker will disconnect user from access point and will capture handshake file. A wordlist can be used against this handshake file and if a valid password is present within wordlist then you can guess the exact password of access point.
- Wireless sniffing
Many public access points are not secured and the traffic they carry is not encrypted. All the traffic on such networks can be read as it is not encypted. Ensure that all the access points you connect to use at least WPA2 encryption.
- Denial of service
Denial of service is a simple attack that relies on limiting access to services on a wired or wireless network. This hack is commonly accomplished by routing a tremendous amount of traffic at a specified target. With this approach, the high volume of traffic overwhelms the target machine and disrupts service. It is also possible for hackers to launch a denial of service attack by simply disrupting the signal on the network. This can be achieved by causing enough interference on one channel to interrupt the service.
- Social engineering
Humans are always the weakest link in the security model. As an organization we need to train employees not to share Wi-Fi credentials with unauthorized persons. Only authorized persons should be able to physically access the wireless devices, if an unauthorized person manages to physically access the then he can reset the router and cause denial of service as well.
What are the benefits making a wireless device secure?
Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. A secure wireless network fulfills the requirements of CIA triad..
- Confidentiality
A secure wireless network makes sure only authorized users are allowed to connect to the wireless devices which helps in maintaining confidentiality.
- Integrity
As all the network hardening tests are carried out attacker won’t be able to enter into the network. Which makes wireless network less susceptible to Man In The Middle attacks. Attacker won’t be able to manipulate with the data or traffic.
- Availability
Attacker won’t be able to carry out Denial of Service attacks. So that access points are always available to the authorized used.
Methodology of wireless device security assessment
As there are ways to attack on a wireless network, there are also ways to secure your wireless device. Following type of assessment can be done on a wireless network:
- Check for default credentials: Change default passwords.
Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. These default passwords are easily available to obtain online, and so provide only marginal protection. Changing default passwords makes it harder for attackers to access a device. Use and periodic changing of complex passwords is your first line of defense in protecting your device.
- Verify Restricted access.
Only allow authorized users to access your network. Each piece of hardware connected to a network has a media access control (MAC) address. You can restrict access to your network by filtering these MAC addresses.
- Verify Encryption of the data on your network.
Encrypting your wireless data prevents anyone who might be able to access your network from viewing it. There are several encryption protocols available to provide this protection. Wi-Fi Protected Access (WPA), WPA2, and WPA3 encrypt information being transmitted between wireless routers and wireless devices. WPA3 is currently the strongest encryption. WPA and WPA2 are still available.
- Protection of Service Set Identifier (SSID).
To prevent outsiders from easily accessing your network, avoid publicizing your SSID. All Wi-Fi routers allow users to protect their device’s SSID, which makes it more difficult for attackers to find a network.
- Check firewall Config.
Consider installing a firewall directly on your wireless devices (a host-based firewall), as well as on your home network (a router- or modem-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall with secure configuration will add a layer of protection to the data on your computer.
- Check for latest Patches
Keep your access point software patched and up to date. The manufacturer of your wireless access point will periodically release updates to and patches for a device’s software and firmware. Be sure to check the manufacturer’s website regularly for any updates or patches for your device.
- Check Running Config of Wifi Router
Running automated scan which will find out the vulnerabilities present within wireless devices. Tool like nessus can be used for hardening of wireless device.
- Conduct Wifi Pentesting
Dynamic network penetration testing methodology. Here as a security consultant we try to penetrate wireless device as a hacker by carrying out evil twin attack and uses a word list against handshake file to find the password.