Network Security

Priyanka Ojha From R.M.K. Engineering College

[email protected]

Abstract— “SECURITY” in this contemporary scenarios has important new agenda: tackling environmental issues and
become a more sensible issue either it may be in “REAL WORLD” adopting environmentally sound practices. Greening our IT
or in the “CYBER WORLD”. In this world as opposed to the cyber products, applications, services, and practices is both an
world an attack is often preceded by information gathering. economic and an environmental imperative, as well as our
Network security is a complicated subject, historically only tackled social responsibility. Therefore, a growing number of IT
by well-trained and experienced experts. However, as more and vendors and users are moving toward green IT and thereby
more people become “wired”, an increasing number of people need assisting in building a green society and economy.
to understand the basics of security in a networked world. Our
paper covers different kinds of threats & firewalls in the network by The goals of green computing are similar to green
implementation of different security services using various security chemistry; reduce the use of hazardous materials, maximize
mechanisms. The security mechanisms are primarily based on energy efficiency during the product's lifetime, and promote
cryptographic algorithms like symmetric-DES, AES, asymmetric- recyclability or biodegradability of defunct products and
RSA, ECC. Generally, the logical conclusion is to use both kind of factory waste.
algorithms and their combinations to achieve optimal speed and A. APPROACHES TO NETWORK SECURITY
security levels.
1) FIREWALLS
Firewalls can be an effective means of protecting a local
I. INTRODUCTION system or network of systems from network based security
threats while at the same time, a firewall is simply a group
A basic understanding of computer networks is requisite in of components that collectively form a barrier between
order to understand the principles of network security. In this two networks.
section, we'll cover some of the foundations of computer Types of firewalls:
networking, then move on to an overview of some popular
networks. The impressive development of computer networks Application Gateways
has reached the point, where security becomes essential. Users
want to exchange data in a secure way. The problem of Packet Filtering
network security is a complex issue. Network security means a Hybrid systems
protection of the network assets.
Best for me:
II. NETWORK SECURITY
Lots of options are available, and it makes sense to spend
This Green computing or green IT, refers to some time with an expert, either in-house, or an
environmentally sustainable computing or IT. It is "the study experienced consultant who can take the time to
and practice of designing, manufacturing, using, and disposing understand your organization's security policy, and can
of computers, servers, and associated subsystems—such as design and build a firewall architecture that best
monitors, printers, storage devices, and networking and implements that policy.
communications systems—efficiently and effectively with
minimal or no impact on the environment. Green IT also Points of Failure:
strives to achieve economic viability and improved system
Any time there is only one component paying attention to
performance and use, while abiding by our social and ethical
what's going on between the internal and external
responsibilities. Thus, green IT includes the dimensions of
networks, an attacker has only one thing to break in order
environmental sustainability, the economics of energy
to gain complete access to your internal networks.
efficiency, and the total cost of ownership, which includes the
cost of disposal and recycling. It is the study and practice of
using computing resources efficiently."
With increasing recognition that man-made greenhouse gas
emissions are a major contributing factor to global warming, 2) CRYPTOGRAPHY
enterprises, governments, and society at large now have an

Page 1 of 9
 The study of enciphering, encoding and decoding is called Plain text ------------------> cipher text
cryptography. Although the distinction is fuzzy, ciphers are
different from codes. Encryption refers to the transformation of
data in “plain text” form into a form called “cipher text”. The Key
recovery of plain text requires the key, and this process is
known as decryption. This key is meant to be secret
information and the privacy of the text depends on the Cipher text------------------> plain text
cryptographic strength of the key. Ciphers are broken into two Decryption
main categories, substitution ciphers and transposition ciphers.
Substitution cipher An eavesdropper will only see unintelligible data. Some of
Substitution ciphers replace letters in the plain text the secret key cryptography algorithms are - DES, 3-DES,
with other letters or symbols, keeping the order in which the blowfish, IDEA, AES, RC2, RC4, RC5, ECB etc.
symbols fall the same. Advantages of Secret Key Cryptography:
Plaintext letter o Very fast relative to public key cryptography.
ABCDEFGHIJKLMNOPQRSTUVWXYZ o Considered secure, provided the key is relatively strong.
Cipher text letter o The cipher text is compact (i.e., encryption does not add
QWERTYUIOPASDFGHJKLZXCVBNM excess “Baggage” to the cipher text).
A secret message is constructed. o Widely used and very popular.
Transposition cipher
Transposition ciphers keep all of the original letters intact,
but mix up their order. Text chosen in one form can be Disadvantages of Secret Key Cryptography:
enciphered choosing a different route. To decipher, you fill the o The administration of the keys can become extremely
in box following the zigzag route and read the message using complicated.
the spiral route.
o A large number of keys are needed to communicate
securely with a large group of People.
o The key is subject to interception by hackers.

Public key cryptography

Types of Cryptography Public key cryptography sometimes also referred to as
There are three types of cryptographic algorithms: asymmetric cryptography. The public key need not be kept
secret, and, in fact, may be widely available, only its
1. Secret Key Cryptography. authenticity is required to guarantee that A is indeed the only
2. Public Key Cryptography. party who knows the co-responding private key. A primary
advantage of such systems is that providing authentic public
3. Hash Algorithms. keys is generally easier than distributing secret keys securely,
Secret Key Cryptography as required in symmetric key systems. The main objective of
public-key encryption is to provide privacy or confidentiality.
Secret key cryptography involves the use of single key. Given Public-key encryption schemes are typically substantially
a message (Plain text) and the key, encryption produces cipher
text, which is about the same length as the plain text was. slower than symmetric-key encryption algorithms such as
Decryption is the reverse of encryption, and uses the same key DES. The private key and the public key are mathematically
as encryption. linked. Public key cryptography can do anything secret key
cryptography can do like- transmitting the data over an
insecure channel, secure storage on insecure media,
Secret key cryptography is sometimes referred to as authentication purposes and digital signatures. Some Public
symmetric cryptography or conventional cryptography. If key cryptography algorithms are RSA, Elliptic Curve
sender and receiver agree on a shared secret key, then by using
secret key cryptography we can send messages to one another Cryptography (ECC), El Gamal, DH, DSA/DSS etc.
on a medium that can be tapped, without worrying about Encryption
eavesdroppers. All we need to do is have the sender encrypt the Plain text ---------------------------------> cipher text
messages and the receiver decrypt them using the key.
Public key
Encryption

Page 2 of 9
 Private key perform an attack on the cipher text. But, larger keys lead to
lower levels of performance. Thus there are, trade-offs, which
are traditionally made between the level of security and other
CIPHERKEY --------------------------------> PLAIN factors, like performance.
Decryption
Hybrid Systems:
Just one crypto-system will not solve every problem. Most
Advantages of Public key Cryptography
systems in use today employ a hybrid system.
o Considered very secure, and easy to configure these
systems. 3) SECURITY DEVICES
o No form of secret sharing is required, thus reducing key The services are intended to counter security attacks, and they
administration to a Minimum. make use of one or more security mechanisms to provide the
o Supports non-repudiation. service.
o The number of keys managed by each user is much less 1. Confidentiality:
compared to secret key cryptography. Ensure that the information in a computer system and
transmitted information are accessible only for reading by
Disadvantages of Public key Cryptography authorized parties. This type of access includes printing
displaying and other forms of disclosure, including simply
o Much slower compared to secret key cryptography.
revealing the existence of an object.
o The ciphertext is much larger than the plaintext, relative to 2. Authentication:
Ensure that the origin of a message or electronic
secret key Cryptography.
document is correctly with an assurance that the identity
Hash Algorithms is not false.
3. Integrity:
Hash algorithms are also known as message digests or
one-way transformations. A cryptographic hash function is a Ensures that only authorized parties are able to
mathematical transformation that takes a message of arbitrary modify computer systems assets and transmitted
length and computes from it a fixed length number. information. Modification includes writing, changing,
changing status, deleting, creating and delaying or
The following things can be done using hash algorithms. replaying of transmitted messages.
Password Hashing: 4. Non-repudiation:
Requires that neither the sender nor the receiver of a
When a user types a password, the system must store the message is able to deny the transmission.
password encrypted because someone else can use it. To avoid
this problem hashing is used. When a password is supplied, it 5. Access control:
computes the password hash and compares it with the stored Require that access to information resources may be
value if they match; the password is taken to be correct. controlled by or for the target system.
6. Availability:
Message Integrity: Require that computer systems assets be available to
Cryptographic hash functions can be used to protect the authorized parties when needed.
integrity of a message transmitted over insecure media.
Message fingerprint:
Attacks:
We can know whether some data stored has been modified Attacks on the security of a computer system or network are
from one day to the next, if we save that data structure with a best characterized by viewing the function of a computer
hash function. We can compare the hash function data structure system as provided information.
with the message on the message data. If the message digest
has not changed, you can be sure that none of the data is Security threats
changed.
Categorization of these attacks is passive attacks and active
Digital Signatures: attacks.
It can be efficiently implemented using hash functions. Passive attacks:
In this the goal of the attacker is to obtain information that is
Implementation Issues being transmitted. Two types of passive attacks are release of
message contents and traffic analysis.
Key Size:
This has major role for amount of security. If the algorithm is Active attacks:
inherently strong, then it can be assumed that the larger the These attacks involve some modification of the data stream or
key size for the ciphers, the harder it is for a hacker to the creation of false stream and can be sub divided into 4

Page 3 of 9
categories: Masquerade, Replay, Modification of messages, Cracking methods have become much more sophisticated
and denial of service. and innovative with wireless. Cracking has also become much
easier and more accessible with easy-to-
Denial of service: use Windows or Linux-based tools being made available on the
DoS (Denial-of-Service) attacks are probably the nastiest, and web at no charge.
most difficult to address. Such attacks were fairly common in Some organizations that have no wireless access
late 1996 and early 1997, but are now becoming less popular. points installed do not feel that they need to address wireless
Some things that can be done to reduce the risk of being stung security concerns.
by a denial of service attack include
Types of unauthorized access
• Not running your visible-to-the-world servers at a
level too close to capacity Accidental association
• Using packet filtering to prevent obviously forged Violation of security perimeter of corporate network can
packets from entering into your network address come from a number of different methods and intents. One of
space. these methods is referred to as “accidental association”. When
a user turns on a computer and it latches on to a wireless access
• Keeping up-to-date on security-related patches for point from a neighboring company’s overlapping network, the
your hosts' operating systems. user may not even know that this has occurred. However, it is a
security breach in that proprietary company information is
Unauthorized Access : exposed and now there could exist a link from one company to
“Unauthorized access” is a very high-level term that can refer the other. This is especially true if the laptop is also hooked to
to a number of different sorts of attacks. The goal of these a wired network.
attacks is to access some resource that your machine should not Accidental association is a case of wireless vulnerability
provide the attacker. These can take the form of a virus, worm, called as “mis-association”. Mis-association can be accidental,
or Trojan horse. One of the most publicized threats to security deliberateor it can result from deliberate attempts on wireless
is intruder. Generally referred to as a hacker or cracker, and clients to lure them into connecting to attacker's APs.
some other threats are executing commands illicitly,
confidential breaches, destructive behavior. Malicious association
Where do the attacks come from? “Malicious associations” are when wireless devices can be
actively made by attackers to connect to a company network
How, though, does an attacker gain access to your equipment? through their cracking laptop instead of a company access
Through any connection that you have to the outside world. point (AP). These types of laptops are known as “soft APs” and
This includes Internet connections, dial-up modems, and even are created when a cyber criminal runs some software that
physical access. makes his/her wireless network card look like a legitimate
Preventing security disasters: access point. Once the thief has gained access, he/she can steal
passwords, launch attacks on the wired network, or
• Hope you have backups plant trojans. Since wireless networks operate at the Layer 2
level, Layer 3 protections such as network authentication
• Stay current with relevant operating system and virtual private networks (VPNs) offer no barrier. Wireless
patches 802.1x authentications do help with protection but are still
• Don't put data where it doesn't need to be vulnerable to cracking. The idea behind this type of attack may
not be to break into a VPN or other security measures. Most
• Avoid systems with single points of failure likely the criminal is just trying to take over the client at the
Layer 2 level.
• Watch for relevant security advisories
wireless security
Ad-hoc networks
Wireless security is the prevention of unauthorized
access or damage to computers using wireless networks. Ad-hoc networks can pose a security threat. Ad-hoc networks
are defined as peer-to-peer networks between wireless
Wireless networks are very common, both for organizations computers that do not have an access point in between them.
and individuals. Many laptop computers have wireless cards While these types of networks usually have little protection,
pre-installed. The ability to enter a network while mobile has encryption methods can be used to provide security.
great benefits. However, wireless networking has many
security issues. Hackers have found wireless networks The security hole provided by Ad-hoc networking is not the
relatively easy to break into, and even use wireless technology Ad-hoc network itself but the bridge it provides into other
to crack into wired networks As a result, it's very important networks, usually in the corporate environment, and the
that enterprises define effective wireless security policies that unfortunate default settings in most versions of Microsoft
guard against unauthorized access to important resources. Windows to have this feature turned on unless explicitly
Wireless Intrusion Prevention Systems are commonly used to disabled. Thus the user may not even know they have an
enforce wireless security policies. unsecured Ad-hoc network in operation on their computer. If
they are also using a wired or wireless infrastructure network at
the same time, they are providing a bridge to the secured

Page 4 of 9
organizational network through the unsecured Ad-hoc protocols to execute a “de-authentication attack”. This attack
connection. Bridging is in two forms. A direct bridge, which forces AP-connected computers to drop their connections and
requires the user actually configure a bridge between the two reconnect with the cracker’s soft AP. Man-in-the-middle
connections and is thus unlikely to be initiated unless explicitly attacks are enhanced by software such as LANjack and
desired, and an indirect bridge which is the shared resources on AirJack, which automate multiple steps of the process. What
the user computer. The indirect bridge provides two security once required some skill can now be done by script
hazards. The first is that critical organizational data obtained kiddies. Hotspots are particularly vulnerable to any attack since
via the secured network may be on the user's end node there is little to no security on these networks.
computer drive and thus exposed to discovery via the
unsecured Ad-hoc network. The second is that a computer Denial of service
virus or otherwise undesirable code may be placed on the user's A Denial-of-Service attack (DoS) occurs when an attacker
computer via the unsecured Ad-hoc connection and thus has a continually bombards a targeted AP (Access Point) or network
route to the organizational secured network. In this case, the with bogus requests, premature successful connection
person placing the malicious code need not "crack" the messages, failure messages, and/or other commands. These
passwords to the organizational network, the legitimate user cause legitimate users to not be able to get on the network and
has provided access via a normal and routine log-in. The may even cause the network to crash. These attacks rely on the
malfactor simply needs to place the malicious code on the abuse of protocols such as the Extensible Authentication
unsuspecting user's end node system via the open (unsecured) Protocol (EAP).
Ad-hoc connection.
The DoS attack in itself does little to expose organizational
Non-traditional networks data to a malicious attacker, since the interruption of the
Non-traditional networks such as personal network prevents the flow of data and actually indirectly
network Bluetooth devices are not safe from cracking and protects data by preventing it from being transmitted. The usual
should be regarded as a security risk. Even barcode readers, reason for performing a DoS attack is to observe the recovery
handheld PDAs, and wireless printers and copiers should be of the wireless network, during which all of the initial
secured. These non-traditional networks can be easily handshake codes are re-transmitted by all devices, providing an
overlooked by IT personnel who have narrowly focused on opportunity for the malicious attacker to record these codes and
laptops and access points. use various "cracking" tools to analyze security weaknesses
and exploit them to gain unauthorized access to the system.
Identity theft (MAC spoofing) This works best on weakly encrypted systems such as WEP,
where there are a number of tools available which can launch a
Identity theft (or MAC spoofing) occurs when a cracker is dictionary style attack of "possibly accepted" security keys
able to listen in on network traffic and identify the MAC based on the "model" security key captured during the network
address of a computer with network privileges. Most wireless recovery.
systems allow some kind of MAC filtering to only allow
authorized computers with specific MAC IDs to gain access Network injection
and utilize the network. However, a number of programs exist
that have network “sniffing” capabilities. Combine these In a network injection attack, a cracker can make use of
programs with other software that allow a computer to pretend access points that are exposed to non-filtered network traffic,
it has any MAC address that the cracker desires, [5] and the specifically broadcasting network traffic such as “Spanning
cracker can easily get around that hurdle. Tree” (802.1D), OSPF, RIP, and HSRP. The cracker injects
bogus networking re-configuration commands that affect
MAC filtering is only effective for small residential routers, switches, and intelligent hubs. A whole network can be
(SOHO) networks, since it only provides protection when the brought down in this manner and require rebooting or even
wireless device is "off the air". Any 802.11 device "on the air" reprogramming of all intelligent networking devices.
freely transmits it unencrypted MAC address in its 802.11
headers, and it requires no special equipment or software to Caffe Latte attack
detect it. Anyone with an 802.11 receiver (laptop and wireless The Caffe Latte attack is another way to defeat WEP. It is
adapter) and a freeware wireless packet analyzer can obtain the not necessary for the attacker to be in the area of
MAC address of any transmitting 802.11 within range. In an the network using this exploit. By using a process that targets
organizational environment, where most wireless devices are the Windows wireless stack, it is possible to obtain
“on the air” throughout the active working shift, MAC filtering the WEP key from a remote client. By sending a flood of
only provides a false sense of security since it only prevents encrypted ARP requests, the assailant takes advantage of the
“casual” or unintended connections to the organizational shared key authentication and the message modification flaws
infrastructure and does nothing to prevent a directed attack. in 802.11 WEP. The attacker uses the ARP responses to obtain
Man-in-the-middle attacks the WEP key in less than 6 minutes.

A man-in-the-middle attacker entices computers to log into Wireless Intrusion Prevention Systems
a computer which is set up as a soft AP (Access Point). Once A Wireless Intrusion Prevention System (WIPS) is the most
this is done, the hacker connects to a real access point through robust way to counteract wireless security risks. A WIPS is
another wireless card offering a steady flow of traffic through typically implemented as an overlay to an existing Wireless
the transparent hacking computer to the real network. The LAN infrastructure, although it may be deployed standalone to
hacker can then sniff the traffic. One type of man-in-the-middle enforce no-wireless policies within an organization.
attack relies on security faults in challenge and handshake

Page 5 of 9
Large organizations with many employees are particularly WEP has some serious issues. First, it does not deal with
vulnerable to security breaches caused by rogue access points. the issue of key management at all. Either the keys have to be
If an employee (trusted entity) in a location brings in an easily manually given to end users, or they have to be distributed in
available wireless router, the entire network can be exposed to some other authentication method. Since WEP is a shared key
anyone within range of the signals. system, the AP uses the same key as all the clients and the
clients also share the same key with each other. A cracker
WIPS is considered so important to wireless security that in would only have to compromise the key from a single user, and
July 2009, the PCI Security Standards Council published he would then know the key for all users.
wireless guidelines for PCI DSS recommending the use of
WIPS to automate wireless scanning and protection for large In addition to key management, a recently published paper
organizations. describes ways in which WEP can actually be broken
(“Weaknesses in the Key Scheduling Algorithm of RC4” by
Wireless Security Best Practices Fluhrer, Mantin and Shamir). This is due to a weakness in RC4
Though a WIPS is deployed, certain wireless security best as it is implemented in WEP. If enough traffic can be
practices are recommended for every Wireless intercepted, then it can be broken by brute force in a matter of
LAN deployment. Certain practices may not be possible due to an hour or two. If that weren’t bad enough, the time it takes to
deployment constraints. crack WEP only grows linearly with key length, so a 104-bit
key doesn’t provide any significant protection over a 40-bit key
MAC ID filtering when faced against a determined hacker. There are several
freely available programs that allow for the cracking of WEP.
Most wireless access points contain some type of MAC ID WEP is indeed a broken solution, but it should be used as it is
filtering that allows the administrator to only permit access to better than nothing. In addition, higher layer encryption
computers that have wireless functionalities that contain certain (SSL, TLS, etc) should be used when possible.
MAC IDs. This can be helpful, however, it must be
remembered that MAC IDs over a network can be faked. WPAv1
Cracking utilities such as SMAC are widely available, and
some computer hardware also gives the option in the BIOS to Wi-Fi Protected Access (WPA) is a software/firmware
select any desired MAC ID for its built in network capability. improvement over WEP. All regular WLAN-equipment that
worked with WEP are able to be simply upgraded and no new
Static IP addressing equipment needs to be bought. WPA is a trimmed-down
version of the 802.11i security standard that was developed by
Disabling at least the IP Address assignment function of the the Wi-Fi Alliance to replace WEP. The TKIP encryption
network's DHCP server, with the IP addresses of the various algorithm was developed for WPA to provide improvements to
network devices then set by hand, will also make it more WEP that could be fielded as firmware upgrades to existing
difficult for a casual or unsophisticated intruder to log onto the 802.11 devices. The WPA profile also provides optional
network. This is especially effective if the subnet size is also support for the AES-CCMP algorithm that is the preferred
reduced from a standard default setting to what is absolutely algorithm in 802.11i and WPA2.
necessary and if permitted but unused IP addresses are blocked
by the access point's firewall. In this case, where no unused IP WPA Enterprise provides RADIUS based authentication
addresses are available, a new user can log on without using 802.1x. WPA Personal uses a pre-shared Shared Key
detection using TCP/IP only if he or she stages a (PSK) to establish the security using an 8 to 63 character
successful Man in the Middle Attack using appropriate passphrase. The PSK may also be entered as a 64 character
software. hexadecimal string. Weak PSK passphrases can be broken
using off-line dictionary attacks by capturing the messages in
Regular WEP the four-way exchange when the client reconnects after being
WEP stands for Wired Equivalent Privacy. deauthenticated. Wireless suites such as aircrack-ng can crack
This encryption standard was the original encryption standard a weak passphrase in less than a minute. Other WEP/WPA
for wireless. As its name implies, this standard was intended to crackers are AirSnort and Auditor Security Collection. Still,
make wireless networks as secure as wired networks. WPA Personal is secure when used with ‘good’ passphrases or
Unfortunately, this never happened as flaws were quickly a full 64-character hexadecimal key.
discovered and exploited. There are several open There is information, however, that Erik Tews (the man
source utilities like aircrack-ng, weplab, WEPCrack, who created the fragmentation attack against WEP) is going to
or airsnort that can be used by crackers to break in by reveal a way of breaking the WPA TKIP implementation at
examining packets and looking for patterns in the encryption. Tokyo's PacSec security conference in November 2008,
WEP comes in different key sizes. The common key lengths cracking the encryption on a packet in between 12–15
are currently 128- and 256-bit. The longer the better as it will minutes. The announcement of this 'crack' was somewhat
increase the difficulty for crackers. However, this type of overblown by the media, because as of August, 2009, the best
encryption is now being considered outdated and seriously attack on WPA (the Beck-Tews attack) is only partially
flawed. In 2005 a group from the FBI held a demonstration successful in that it only works on short data packets, it cannot
where they used publicly available tools to break a WEP decipher the WPA key, and it requires very specific WPA
encrypted network in three minutes. WEP protection is better implementations in order to work.
than nothing, though generally not as secure as the more
sophisticated WPA-PSK encryption. A big problem is that if a Additions to WPAv1
cracker can receive packets on a network, it is only a matter of
time until the WEP encryption is cracked.

Page 6 of 9
 In addition to WPAv1, TKIP, WIDS and EAP may be WPAv1, WPAv2 may work in cooperation with EAPand
added alongside. Also, VPN-networks (non-continuous secure a WIDS
network connections) may be set-up under the 802.11-standard.
VPN implementations include PPTP, L2TP, IPSec and SSH. WAPI
However, this extra layer of security may also be cracked with This stands for WLAN Authentication and Privacy
tools such as Anger, Deceit and Ettercap for PPTP, and ike- Infrastructure.
scan, IKEProbe, ipsectrace, and IKEcrack for IPSec-
connections. Smart cards, USB tokens, and software tokens
TKIP When combined with some server software, the hardware
or software card or token will use its internal identity code
This stands for Temporal Key Integrity Protocol and the combined with a user entered PIN to create a powerful
acronym is pronounced as tee-kip. TKIP implements per- algorithm that will very frequently generate a new encryption
packet key mixing with a re-keying system and also provides a code. The server will be time synced to the card or token. This
message integrity check. These avoid the problems of WEP is a very secure way to conduct wireless transmissions.
(Wired Equivalent Privacy). Companies in this area make USB tokens, software tokens,
EAP and smart cards. They even make hardware versions that
double as an employee picture badge. Currently the safest
The Extensible Authentication Protocol (EAP) have security measures are the smart cards / USB tokens. However,
initiated an even greater amount of security. This, as EAP uses these are expensive. The next safest methods are WPA2 or
a central authentication server. The newer version of EAP is WPA with a RADIUS server. Any one of the three will provide
now called as Extended EAP and is available in several a good base foundation for security.
versions; these include: EAP-MD5, PEAPv0, PEAPv1, EAP-
MSCHAPv2, LEAP, EAP-FAST, EAP-TLS, EAP-TTLS, RF shielding
MSCHAv2, EAP-SIM, ... It’s practical in some cases to apply specialized wall paint
EAP-versions and window film to a room or building to significantly
attenuate wireless signals, which keeps the signals from
EAP-versions include LEAP, PEAP and other EAP's propagating outside a facility. This can significantly improve
wireless security because it’s difficult for hackers to receive the
LEAP signals beyond the controlled area of an enterprise.
This stands for the Lightweight Extensible Authentication Mobile devices
Protocol. It helps minimize the original security flaws by using
WEP and a sophisticated key management system. This EAP- With increasing number of mobile devices security of such
version is safer than EAP-MD5. This also uses MAC address mobile devices becomes a concern. Security within mobile
authentication. LEAP is not safe from devices fall under three categories:
crackers. . Anwrap and asleap finally are other crackers
capable of breaking LEAP. 1. Protecting against ad-hoc networks
2. Connecting to rogue access points

PEAP 3. Mutual authentication schemes such as WPA2 as

described above
This stands for Protected Extensible Authentication
Protocol. This protocol allows for a secure transport of data, Wireless IPS solutions now offer wireless security for
passwords, and encryption keys without the need of a mobile devices
certificate server. This was developed by Cisco, Microsoft, Implementing network encryption
and RSA Security.
In order to implement network encryption one must first
Other EAPs make sure both that the router/access point(s), as well as all
EAP-TLS offers its mutual authentication. Both the client client devices are indeed equipped to support the network
and the network are authenticated using certificates and per- encryption. If this is done, a server such
session WEP keys. EAP-FAST also offers good protection. as RADIUS, ADS, NDS, or LDAP needs to be integrated. This
EAP-TTLS is more convenient as one does not need to server can be a computer on the local network, an access
distribute certificates to users, yet offers slightly less protection point / router with integrated authentication server, or a remote
than EAP-TLS. server. AP's/routers with integrated authentication servers are
often very expensive and specifically an option for commercial
WPAv2 usage like hot spots. Software includes:
WPA2 is a WiFi Alliance. The primary enhancement over
WPA is the inclusion of the AES-CCMP algorithm as a
mandatory feature. Both WPA and WPA2 support EAP  Cisco Secure Access Control Software
authentication methods using RADIUS servers and preshared  Microsoft Internet Authentication Service
key (PSK).Unlike 802.1X, 802.11i already has most other
additional security-services such as TKIP, PKI, ... Just as with  Meetinghouse Data EAGIS

Page 7 of 9
  Funk Software Steel Belted RADIUS (Odyssey) moving bicycle or motorcycle. This activity is sometimes
facilitated by the mounting of a wifi-capable device on the
 freeRADIUS (open-source) vehicle itself.
Client software comes built-in with Windows XP and may Warwalking is similar in nature to wardriving, except that it
be integrated into other OS's using any of following software: is done on foot rather than conducted from a moving vehicle.
The disadvantages of this approach results in fewer and more
infrequently discovered networks and the absence of a
convenient computing environment. Consequently, handheld
 Intel PROSet/Wireless Software devices such as Pocket PCs, which can perform such tasks
while one is walking or standing, have predominated in this
 Cisco ACU-client area. The inclusion of integrated Wi-Fi (rather than
a CF or PCMCIA add-in card) in Dell Axim,
 Odyssey client Compaq iPAQ and Toshiba Pocket PCs beginning in 2002 —
 AEGIS-client and, more recently, an active Nintendo DS and Sony
PSP enthusiast community possessing Wi-Fi capabilities on
 Xsupplicant (open1X)-project these devices — has expanded the extent of this practice, as has
the newer smartphones which also integrate GPS.
Radius
Warkitting is a combination of wardriving and rootkitting.
This stands for Remote Authentication Dial In User Service. In a warkitting attack, a hacker replaces the firmware of an
This is an AAA (authentication, authorization and accounting) attacked router. This allows them to control all traffic for the
victim, and could even permit them to disable SSL by
protocol used for remote network access. This service provides replacing HTML content as it is being downloaded.
an excellent weapon against crackers. The idea is to have an Warkitting was identified in 2006. The discovery indicated
that 10% of the wireless routers were susceptible to
inside server act as a gatekeeper through the use of verifying WAPjacking (malicious configuring of the firmware settings,
identities through a username and password that is already pre- but making no modification on the firmware itself) and 4.4% of
wireless router were vulnerable to WAPkitting (subverting the
determined by the user. A RADIUS server can also be router firmware). The analysis showed that the volume of
credential theft possible through Warkitting exceeded the
configured to enforce user policies and restrictions as well as estimates of credential theft due to phishing.
recording accounting information such as time connected for Mapping
billing purposes. Many wardrivers use GPS devices to measure the location
of the network and log it on a website to form maps of the
network neighborhood. A popular web-based tool today
is WiGLE[while one of the pioneering mapping applications
was StumbVerter, which used Microsoft MapPoint automation
4) WARDRIVING to draw found networks. For better range,antennas are built or
Wardriving is the act of searching for Wi-Fi wireless bought, and vary from omnidirectional to highly directional.
networks by a person in a moving vehicle, using a portable
computer or PDA. Software for wardriving is freely available Antennas
on the Internet,
notably NetStumbler for Windows, Kismet or SWScanner forL  Cantenna
inux, FreeBSD, NetBSD, OpenBSD, DragonFly BSD,  WokFi
and Solaris, and KisMac for Macintosh. There are also
homebrew wardriving applications for handheld game consoles Wireless access point receivers can be modified to extend
that support Wi-fi, such as sniff_jazzbox/wardive for the their ability for picking up and connecting to wireless access
Nintendo DS, Road Dog for the Sony PSP, WiFi-Where for points. This can be done with an ordinary metal wire, and a
the iPhone, and G-MoN for the Android operating metal dish that is used to form a directional antenna. Other
system andWlanPollution for Symbian NokiaS60 devices. similar devices can be modified in this way too, likewise, not
There also exists a mode within Metal Gear Solid: Portable only directional antennas can be created, but USB-WiFi-stick
Ops for theSony PSP (wherein the player is able to find new antennas can be used as well.
comrades by searching for wireless access points) which can be
used to wardrive. Treasure World for the DS is a commercial Confusion with piggybacking
game in which gameplay wholly revolves around wardriving. Wardrivers are only out to log and collect information
Wardialing in this context refers to the practice of using about the wireless access points (WAPs) they find while
a computer to dial many phone numbers in the hopes of finding driving, without using the networks' services.
an active modem. Connecting to the network and using its services without
Warbiking is essentially the same as wardriving, but it explicit authorization is referred to as piggybacking.
involves searching for wireless networks while on a

Page 8 of 9
 With other types of software, such as NetStumbler, the
wardriver actively sends probe messages, and the access point
responds per design. The legality of active wardriving is less
certain, since the wardriver temporarily becomes "associated"
with the network, even though no data is transferred. Most
access points, when using default settings, are intended to
provide wireless access to all who request it. Liability can be
minimized by setting the computer to a static IP, instead of
using DHCP. This will prevent the network from granting the
computer an IP address or logging the connection.

Page 9 of 9