Wireless Network Hardening


Threats to Wi-Fi Implementations
Radio waves can penetrate through walls there is a great chance of unauthorized access to the network and data. Because of its broadcasting nature, anybody can sniff the network for valuable credentials. If the network is not properly secured the attacker will get sufficient data to launch an attack.
In brief the following cases may happen.
i) The attacker may search for available wireless networks in the close proximity. If the Access Point( AP) is open the attacker can avail the network without any effort.
ii) The attacker can directly log in to the Access Point using default credentials and configure the device in whatever way he wants.
iii) The attacker can sniff the network for configuration details such as SSID(Service Set Identifier) , BSSID(Basic Service Set Identification ), encryption used, channel used etc. He can capture sufficient packets to launch an attack.
iv) The attacker can install a fake Access Point and lure(like advertising free internet access) users to connect to the rogue AP.
v) The attacker can disrupt the normal functioning of the network.

Securing AP/ Router
As far as a user is concerned, securing Access Point ensures the primary level of security. In this document configuration settings of an AP/Router that is installed in a typical home network is discussed. We have used ‘Linksys’ WAP 54G and ‘beetel’ Router for this purpose. The configuration settings as explained below will secure the AP.
1.       Change Administrator Password
An attacker can easily find out the default password. It must be changed. Ensure that the admin password is strong enough.
Password editing interface of Administrator

2.       Prefer Wi-Fi Protected Access(WPA2 Preferably) instead of Wired Equivalent Privacy(WEP).
WPA’s salient features are strong encryption algorithm, user authentication and support for IEEE 802.1X . Use Wi-Fi Protected Access (WPA) or WPA2 with Pre-Shared Key (PSK) authentication and AES as the encryption standard. The pass phrase should be strong enough.

Interface for configuring Security Mode.

3.       MAC Address Filtering
Access of the clients can be permitted or prevented by providing a list of MAC Addresses in the “MAC Address filter” configuration parameter. This is known as MAC Address filtering. Together with SSID this can also used as a security measure. Select the MAC Address of all the wireless Network interface cards used in the network. The list can be used to permit or prevent the wireless access .
Configuring MAC filter

4.  Best Practices
There are certain best practices explained below which should be followed for enhancing security of wireless Access Point / Routers.
i) Restrict the Access
SSID (Service Set Identifier) is used to identify a wireless network which a user wants to attach. All wireless devices that want to communicate on the WLAN need to have their SSID set to the same string as the AP. Even though the attacker can get the SSID simply by sniffing the network it is preferable to change the default SSID. Avoid SSID which shows name or other information. Name the access point such that it can be easily traceable during trouble shooting. Physical security of access point is also important.
ii) Disable Management via Wireless
It is recommended to disable management of the router via wireless devices associated with the access point. If someone manages to associate with the access point and login to the router , they can change the configuration of the router. Prefer wired interface with AP/Router to configure the device.
iii) Disable Remote Management
Remote Router Access permits web-based management of the wireless router from external networks such as the Internet. By default this feature opens port 8080/TCP on the external side of the router. This feature provides significant risk to the device, permitting an attack vector and more importantly significant risk to internal network. It should be disabled unless remote management is absolutely required. Universal Plug and Play may also be disabled.
iv) Turn off the AP when not in use
This is also advisable since it minimizes the risk of unauthorized access.
v) Configure Network Mode
Select the wireless mode which is depending upon the protocols. The possible options are.
_ Disabled – disables AP.
_ Mixed – permits both 802.11 b and 802.11g.
_ B-Only – 8.2.11 b only.
_ G-Only – 8.2.11 g only.
vi) Disable SSID Broadcast.
This can protect the AP from a naive attacker . By disabling SSID broadcast, the easy availability of SSID can be restricted. But the attacker can still sniff the SSID from frames that devices use when associating with an AP. According to some vendors disabling SSID broadcast may restrict or invite the chance of exploitation.
vii) Set Wireless Channel from default
Changing the default wireless channel used by the AP is a good practice.It may avoid automatic association of the wireless interface to the network.
viii ) Maximize the Beacon Interval
Beacon frames are used for connection establishment and management by IEEE 802.11 networks. These frames from AP to wireless clients ,transmitted at regular intervals are used for configuration matching. It is recommended to set the beacon interval to the maximum number. This will reduce the transmission frequency of SSID so that the attacker will get less number of opportunities to sniff the beacons containing SSID. But there is a problem here. The attacker can probe the network using some specific SSID which is known as active scanning.
ix) Prefer Static IP instead of DHCP.
Since DHCP is automatically assigning IP addresses, an attacker can utilize this feature to get an IP. So it is recommended to use static IP on wireless networks.
 Configuring Static IP

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...