Before we move onto forensic investigation of wireless security breaches, we need to understand the various facets of wireless protection and the elements of security therein.
Let's start with a bit of a walk down memory lane.
During September, 1999, the WEP security algorithm was created. Wired Equivalent Privacy (WEP), as the name suggests, was supposed to be as secure as wired Ethernet networks. At one point of time, it was the most used security algorithm. This was due to the fact that it was backwards compatible and was the first choice in the early router control options.
The early versions of WEP were particularly weak as the US Government had restrictions on the export of cryptographic technology that used greater than 64-bit encryption. This led the manufacturers to restrict themselves to the 64-bit encryption.
Once the US Government lifted the restrictions, 128-bit and 256-bit encryptions were introduced. However, most deployments of WEP happened with 128-bit decryption. While both 128 bit and 256 bit encryptions increased the key space and supposedly enhanced the security, the actual fact was that WEP was found to have numerous security holes and flaws. WEP networks were extremely vulnerable and easy to exploit with freely available software. In 2004, WEP was officially retired by the Wi-Fi Alliance.
WEP was formally replaced with Wi-Fi Protected Access (WPA) in 2003 (a year before WEP was finally phased out) due to the increasing vulnerabilities and security flaws being discovered in the WEP standard.
While WEP used 64-bit and 128-bit keys, the keys used by WPA-PSK are 256-bit, which is a significant increase over the previous protocol.
Since WPA was born out of the need to implement stronger security, significant additional changes were implemented. To find out whether an man-in-the-middle (MITM) attack has compromised the integrity of the data being transmitted, message integrity checks and Temporal Key Integrity Protocol (TKIP) were added. WEP used a fixed key system; TKIP employed a per-packet key system thus, really increasing the security quite dramatically. Further security enhancements led to the Advanced Encryption Standard (AES) in addition to or superseding TKIP. TKIP was actually designed to be set up via firmware upgrades on the existing WEP devices, therefore, it had certain elements for compatibility purposes, which led to its exploitation.
While a number of attacks have been demonstrated against WPA, one of the most common ways that WPA has been breached is via the supplementary Wi-Fi protected system. The Wi-Fi protected system is essentially provided on Wi-Fi devices for the purpose of making connectivity to wireless access points (WAPs) easy.
WPA was officially superseded by WPA2 in 2006.
WPA was significantly changed to its new avatar, WPA2, by including the mandatory use of the more secure AES algorithm.
WPA2 still has some obscure vulnerabilities (however, a lot less than WPA), which requires an intruder to have insider access to the secured network in order to gain access to the security keys.
That said, the biggest vulnerability for WPA2 networks remains the same as that of WPA networks, namely, the Wi-Fi Protected Setup (WPS) implementation. Though it does take between 2-10 hours (depending upon your infrastructure) to break into a WPA/WPA2 network, the security risk is real and cannot be ignored. Ideally, WPS should be disabled on the device and if possible, the firmware flashed to eliminate WPS altogether.
The various iterations of the WEP, WPA, and WPA2 are shown in the following table. This table sums up their security rankings in a nutshell (as of now) for quick reference:
Sr. No. |
Description |
Security rank (1 is best) |
---|---|---|
1 |
WPA2 + AES |
1 |
2 |
WPA + AES |
2 |
3 |
WPA + TKIP/AES |
3 |
4 |
WEP |
4 |
5 |
Open network |
5 |
The best options to implement, from a security perspective, are WPA2 + AES, along with disabling WPS. Everything else is on a sliding scale after that, with WEP being just a single step above a completely open network.
Wi-Fi security isn't as straightforward as that of a normal network. Essentially, this is because every device that is a part of the network is also accessible from both within and outside the network.
Thus, any compromised device can open the gate to the complete network. That is definitely not a bridge you want an outsider to cross.
Wi-Fi security is not a small affair and requires serious thought and planning on the part of the implementation team.
Let's outline some of the following important security aspects to consider:
18.220.125.100