You are on page 1of 5


A Project Submitted in partial fulfillment of the requirements for the Summer Training Program-2011 At


Submitted By:

Udisha Tripathi
(Reg. ID: 2K08EC088)


I consider myself fortunate to have the opportunity to work in a reputed organization HP(Hewlett Packard). It was a learning experience with the technical team of Networking Department which was not only valuable as well as value addition. I am very thankful to my Trainer Mr. Anil Singh and other Mentors for their kind support and guidance. The project would not have been completed without their help and knowledge. I would like to extend my special thanks to Mr. Ashish and Mr. Brijendra for their kind support.

Udisha Tripathi

WLAN devices have a number of vulnerabilities related to the fact that wireless signals are sent over the air rather than through closed wiring paths. In WLANs, network traffic is broadcast into uncontrolled public spaces, which may result in the compromise of sensitive information. Additionally, signals from unauthorized external sources may easily enter the network, allowing attackers to join the network as though they were bonafide users. This creates risks not only for the WLAN but also for any other network to which it is connected. These risks may also arise on traditional wired networks because it is easy and inexpensive for users to install their own WLAN devices without the knowledge or consent of network authorities. The risk of outside attack is very high: activities such as war driving and free, simple-to-use software tools for discovering and exploiting WLANs are readily available and may allow outsiders to penetrate the network. The 802.11 standard originally included provision for a security scheme known as Wired Equivalent Privacy (WEP), which provided some protection against casual interception of network traffic or insertion of unauthorized traffic. However, WEP suffered from serious design weaknesses that made it vulnerable to hacker exploitation tools. Recent 802.11 revisions include improved security mechanisms in the form of Wi-Fi Protected Access (WPA) and 802.11i (also called WPA2). WPA2 addresses the weaknesses in previous schemes and features strong, AES-based encryption (some brands/models of WLAN APs carry FIPS140-2 certification), as well as 802.1X enterprise authentication features allowing WLAN access authentication to be integrated with existing corporate user authentication mechanisms (smart cards, tokens, PKI, biometrics, etc). Practical attacks against WPA2 are few and primarily targeted at Pre-Shared Key (PSK) deployments. Note that these security features are usually turned off by default, and must be enabled to have any effect: WLANs deployed without enabling security features leave the network wide open to discovery and attack. This project provides an overview of how wireless LANs work, while reviewing the risks, vulnerabilities and threats that affect wireless networks differently than their wired brethren.

1. Introduction 1.1. Background 1.2. Purpose 2. WLAN system overview 2.1. Technology 2.1.1. Background 2.1.2. Modulation Techniques 2.2. Architecture 2.2.1. General 2.2.2. Ad-hoc mode 2.2.3. Infrastructure mode 2.2.4. Distribution System mode 2.2.5. Wireless Distribution System mode 2.2.6. Wireless Mesh mode 2.3. WLAN Standards 2.3.1. IEEE 802.11 Standard 2.4. Model of a WLAN network 3. Understanding WLAN Vulnerabilities 3.1. Access control Vulnerabilities 3.1.1. General 3.1.2 SSID 3.1.3. MAC Address control list 3.2. Authentication Mechanism Vulnerabilities 3.2.1. General 3.2.2. Shared Key Authentication flaw 3.2.3. 802.1X/EAP Vulnerabilities 3.3. WEP Vulnerabilities 3.3.1. General 3.3.2. Keystream reuse 3.3.3. Key Management 3.4. WPA/WPA2 Vulnerabilities 3.4.1. General 3.4.2. Key Management 3.4.3. 4-Way Handshake and Weak Passphrase Vulnerability

Page No.
1 1

2 2 2 4 4 4 4 5 6 7 7 8 9

13 13 13 13 13 13 13 14 14 15 15 15 15 16

4. Exploits 4.1. Network Discovery and Access attacks 4.2. Denial of Service attacks 4.3. WEP protocol attack 4.4. WPA/WPA2 attacks 4.5. Monitoring and Interception attack 5. Solutions 5.1. Overview 5.2. Determine Range of Your Network Coverage 5.3. Do Not Broadcast Your SSID 5.4. Do Not Use the Default SSID 5.5. Use WPA2 5.6. Use 802.1X Server-based Authentication 5.7. Change the key frequently 5.8. Use a VPN and Firewall to isolate the WLAN 5.9. Use a personal firewall on every wireless client 5.10. Consider wireless intrusion detection/prevention system 6. Conclusion and Recommendations 7. References 8. Bibliography

17 18 18 19 20

21 21 22 22 22 22 23 23 23 23

24 25 25