I. Introduction
Now days WLANs are more and more famous due to their reduced price of components, easy to deploy at anytime and anywhere in the world. End clients are in a position to send big files through the communication medium that is air and free to move in the boundary of WLAN, able to access the internet and large bandwidth activities without the need of any cable or connectivity with a switch or a hub. Beside all of these advantages WLANs are facing the problem of security because many companies are transferring their sensible data across the WLANs. So lots of people are doing research on the WLAN security. WLANs are created for a sensible transfer of data. Initially the purpose of creating WLAN as an addition for the already installed wired LAN. The most significant characteristic is to provide the security to the WLAN equivalent to wired LAN.
In the starting, this target is seemed to be impossible but as year passed this target is achievable at some extent and fully now a days. During the overall history of the WLANs it faces only single problem that is of Security. Still lot of research is going on that how to improve the security in order to make the network more secure and reliable then the Wired LAN. The breach in the security of WLAN will automatically harm the wired LAN as a result when RFs started moving in the air than there is a chance of hazard of special attacks which we will discuss in next chapters. Our main goal of the study is to make our network more secure and reliable.
There are five basic predefined goals for WLANs and there are different security solutions available which will help to provide the five basic goals. We are going to analyzed which security solution is fully providing the goals. When any security solution is ready to provide the above 5 goals, security is automatically achieved for the WLANs. We will also analyze that how many different attacks are possible and how to mitigate them as well described further in chapter3 & 4. We are going to configure the different security solution like WEP, WPA/WPA2 & 802.1X using RADIUS Server on WLAN infrastructure mode in a lab environment. Divide the work load in three individual labs. For each lab we have different strategies which are described in the methodology portion & in chapter 5 in detail. From three labs we are going to analyzed which security solution is best amongst all in order to provide the better security and which kind of general attacks are possible and how to mitigate all of them with their solutions in next chapters.
II. Background of the Organization
Before the starting of 21st century WLAN becomes famous and peoples want to use in home as well as for enterprise network due to its scalability, low cost and easy deployment. 802.11 WLAN technologies are introduced like 802.11b, a and g. The popularity of the WLAN is improved after the confirmation of IEEE 802.11b standard. Initially WLANs came with the WEP security, with the passage of time WLANs becomes more popular and the WEP security is failed to provide the security to the network. WLANs faced many drawbacks in the WEP security. The current study of WLAN provides knowledge to the administrator to improve the WLAN technology and approval of some important wireless security solutions like WPA & WPA 2 with AES. More threats and attacks are discovered for WEP security. To solve the problem of WEP, new security solution is introduced i.e. WPA [14] and then WPA2. To provide the security to any WLAN, three things are important to achieve Data confidentiality & Integrity, Authentication & Access Control, Intrusion detection & Prevention.
Now a day’s WPA & WPA2 security are integrated in the WLAN with the combination of 802.1x and RADIUS for providing authentication. Still security is considered to be a major task in the deployment of enterprise network. Joni Wexler’s in his survey report „„State of the market report‟‟ in year 2008 said round about 50% of the commercial customer still worried about the security issues in WLANs, but this is considered to be great achievement for the WLANs in comparison with the year 2006 & 2007 where 70% of the customers are worried for security in WLANs. Current studies proved that WLANs can offer a high level of security even though it can beat the security provided by the wired LAN, until and unless it uses the security solution like WPA/ WPA2 with 802.1X & RADIUS.
WLANS are already going through in the world of IT in majority of the enterprise, government bodies and also in public areas like hotels, cafes, hospitals, schools and airports. Scalability, mobility, flexibility, less cost, fast and easy installation is major benefits provided by the WLANs. Even though some drawbacks are still available that can easily disturb the security of WLANs. Some possible holes are available in the network usually relates with the human mistakes which provide the cause to break the integrity of the WLAN like some stolen laptop, a computer effected by a virus or a give and take of username and password.
Whenever the above five security requirements are achieved for WLAN, the security is automatically achieved. These WLAN security requirements are provided by different security solutions like WEP, WPA &WPA2. We are going to configure these security solutions in a lab environment and analyze which solution is able to provide the above five security requirements fully. In the end we will conclude which security solution is best amongst all from security point of view and we are also going to analyze which general attacks are possible for a different security solution also with their mitigation techniques and test some of the attacks in the lab environment.
This is the fact that after the invention of WLANs the networking becomes easy for the homes, business and in organizational environment because WLAN always used the electromagnetic waves (also known as radio waves) to carry the data signals from one end to another end in the network in order to get rid of from the use of cables in the network and it is implemented on the physical layer. During the earlier days, in wired networks the end nodes are connected through the wire by using the RJ-45 connectors. When WLANs are introduced end nodes are connected wirelessly with each other or through the telecommunication networks (on the other side these wireless nodes are connected through the internet or the backbone wired network). A wireless network is considered to be a type of computer network. Without interfering cabling the Wireless technology helped to make network simpler by enabling several computer users to share the resources in a business or in a home at the same time.
These resources may consist of a network printer, broadband internet connection, data files, and even streaming video and audio. WLAN Technologies are introduced in the end of year 1990, when the companies started to produce the products that usually operate on specific 900 MHz frequency band. These products are considered to be a non-company and proprietary standard that always helps to transfer the data at the rate of 1 Mbps not more than this, but in comparison to the wired network this data rate is considered to be 10 times less. The nonstandard proprietary architecture offers data rate of 1 (Mbps) but WLAN offers data rate up to 10 (Mbps) speed which is provided by a large number of wired LANs at the same period of time. In the beginning of 1992, different companies started to produce different products that usually works on 2.4 GHz ISM (Industrial, scientific and Medical) band.
Even though these products provide maximum transfer rate of data as compare to 900 MHz band products because they were really costly and provide comparatively lower data rates with respect to WLAN products. In addition, these 900 MHz band products also make some interference with other type of proprietary radio frequency technology. IEEE group started work on IEEE 802.11 project in year 1990, in order to design a Medium Access Control (MAC) and Physical layer (PHY) which provides benefits to wireless connectivity to fixed stations, portable stations and moving station within the specific boundary of the network. In 1997, the IEEE approved the first international standard for WLAN which is interoperable between different vendor’s product. Wireless LAN has several benefit, some of them are described below.
III. Analysis
Problems that WLAN Security is facing due to the scalability, easy & large deployment of the network and these characteristics starts a numerous number of problems that need some solutions. If somebody compromise the security, then network is useless. Every AP available in the network is IP based, need some management, supervision and control. This action produces the extra load, creates difficulty for the wireless technologies during the implementation this is because every AP is having the same configuration this similarity between the APs will tend to some misconfiguration and inappropriate action of the WLAN and a big headache to distribute & maintain fast configuration for all APs available in the WLAN.
It‟s very hard to provide the physical security to each AP in the network because their location is always outside from a server room or locked area. The stolen of that AP with its secrets, intruder can make use of those secret resources. To fix the above said problems, different vendors started work together in order to provide the solution by mixing the different network switching techniques, centralized, management and share wireless access in a new design. Hence mixed solution provides a benefit and friendly interface among the AP and a controller to fix all the problems seems undesirable. By use of ACs the threat of stolen IP is completely solved. The different WLANs using the devices for the control network access in order to offer packet delivery among the host to host for the different WLAN which also increased reliability. In order to provide the better security to the WLAN, the APs are installed at any place where there is a less physical security available, so CAPWAP design can decrease the importance of stolen AP. Let suppose all the high value secrets of AP are saved in the AC like the RADIUS shared secrets, after the stolen of AP will not produce any threat for the network. Hence AC is a device that can be place at a position where there is a physical security available.
To provide the security to WLAN, It requires five main security requirements to be achieved which are data integrity, confidentiality, authentication, access control & Non repudiation. This section explains the purpose of each security requirement in terms of the security threats, means which security requirement is used to defend which security threat. In general security threats are Eavesdropping and traffic analysis, Masquerade, Authorization violation, DoS & Modification of forgery of information. So the below table best describes the purpose of each security requirement, means which security requirement is used to mitigate which threat in order to provide the better security to the wireless network.
IV. Evaluation
There are different kinds of security attacks in WLAN network which can harm the network and can exploit it. This report explains the different general attacks with their mitigation techniques and some special attacks on security solutions. Mainly there are two general types of attacks, physical and logical attacks. Here are few attacks in WLAN and also their solutions how to secure from those attacks. Logical Attacks with their mitigation techniques (Spoofing of MAC address, Denial of Service Attack, Man in the Middle Attack., Default Access Point Configuration, Reconnaissance Attacks, Conversation Sniffing, Dynamic Host Configuration Protocol Attack). Physical Attacks with their mitigation techniques (Rogue Access Points, Physical placement of Access Points, Access Points Coverage, Spam Attack). So firstly build simple Wireless Local Area Network (WLAN) in an infrastructure mode by using CISCO equipment’s.
Initially no security to network means network is completely vulnerable to attacks means network is open for the intruder to access the information very easily. Practical work is divided into three experimental labs. (1) For the 1st lab, designed a WLAN in infrastructure mode by using all the CISCO equipment. To provide initial security to the WLAN configure the WEP security solution from both AP and Client perspective in the lab environment although this WEP is comparatively good rather than WLAN having without security. After implementing WEP security, uses the cracking tool backtrack in order to break the WEP (64 and 128 bit) long security key and conclude that how WEP key is easy to break for WLAN and analyze that how WEP security is unreliable for secured network. (2) For the 2nd lab use the same WLAN infrastructure network and configure the WPA and WPA 2 and try to break the WPA encryption key by dictionary attacks using the same cracking software backtrack3 and analyzed how much reliable this security solution with respect to WEP and conclude which one is better. (3) For the 3rd lab there is a need of the RADIUS server, connect RADIUS Server with the AP already build WLAN in infrastructure mode, configure the WPA2 using 802.1X security solution on the AP and try to break the security by using the same cracking software backtrack 3 to break the security of the network. In the end compare all three labs and come up with a conclusions and suggestions, which one is the best security solution for the WLAN and drawbacks over each other.
The main goal of this thesis was to show the attacks on WLAN and test the few of attack in lab environment and finally implement the best solution in lab environment. This thesis implemented the three major security techniques WEP, WPA/WPA2 and WPA2 using 802.1X authentication. First lab implemented the WEP security technique and this lab clearly showed that how much network is vulnerable if it uses the WEP static key regardless of the size of IVs, by using the cracking tool aircrack under Backtrack 3 environment. Second lab implemented the WPA/WPA2 pre-shared key; this lab showed that the dictionary attack and showed that how network is unsecure if it uses the common phrase key. This lab successfully cracked the 8-63 character long key. Third lab implemented the recommended solution for the WLAN security by implementing WPA2 using the 802.1x authentication technique and due to port based security it is impossible to crack the key. Although, it is quite tough to secure wireless network due to RF signals on the air but by using the proper security technique these attacks can be minimized. This thesis recommended the WPA2 security using 802.1X authentication
V. References
1. http://www.usr.com/download/whitepapers/lan-security-wp.pdf
2. http://paper.ijcsns.org/07_book/200605/200605C01.pdf
3. http://documents.iss.net/whitepapers/wireless_LAN_security.pdf
4. (RFC standard 3990)
5. Prasad, A. R., WLANs: Protocols, Security and Deployment, Ph.D. Thesis, Delft University Press (DUP), Delft, The Netherlands, December 2003.
6. Prasad, N. R., Adaptive Security in Heterogeneous Networks, Ph.D. Thesis, University of Roma “Tor Vergata,” Rome, Italy, April 2004.
7. Prasad, N. R., and A. R. Prasad (eds.), WLAN Systems and Wireless IP for Next Generation Communications, Norwood, MA: Artech House, January 2002.
8. Black, U., Internet Security Protocols: Protecting IP Traffic, Upper Saddle River, NJ: Prentice Hall, 2000.
