Professional Documents
Culture Documents
CHAPTER II
This chapter presents the relevant literature and studies that the researcher
considered in strengthening the claim and importance of the present study. This part
demonstrates the penetration testing in the security of a wireless local area network
within a specific location. This part aims to cite and discuss the writings of accepted
RELATED LITERATURE
security settings, which might be used as an attack vector to access internal resources.
Due of its accessibility and simplicity, wireless technology has become a crucial
component of modern business. There are only waves of information going to your
choice device; there are no connections or cords. Consequently, wireless technology, like
all other types of technology, is susceptible to malevolent assaults. There are several
potential problems, ranging from poor wi-fi security configurations to picking a weak
encryption method.
approach used by businesses to uncover, test, and highlight security flaws. Ethical
hackers are frequently used to conduct these penetration testing. To assess the hackability
10
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
personnel or third parties simulate the techniques and behaviors of an attacker. Pen
Since it can be customized for every company or organization, pen testing differs from
other cybersecurity evaluation methods. A certain set of hacking methods or tools may be
efficiently if you do not have the equipment necessary for your penetration testing.
However, just because you apply the right tools does not ensure that you will identify all
of the right problems in the system. Be aware of the limitations imposed by your tools.
There are several vulnerability scanners available, and many of them produce false
positives and negatives (incorrectly identifying vulnerabilities). There are many tools,
and each one is designed to perform a particular test; nevertheless, there is no tool that
According to (Robb, 2020)[22], a variety of Wi-Fi testing tools are available due to
the potential of Wi-Fi as well as the security risks it poses. Many are free or open source,
but there are also paid tools for individuals with more complex requirements. These tools
scanning, site surveys, Wi-Fi spectrum analysis, audits, traffic analysis, packet sniffing,
testing tools on the market today, and with so many alternatives, each with its own set of
WI-FI PINEAPPLE
and networking organizations. It is an easy-to-learn and use application that also delivers
thorough information regarding network security. The tool is also very simple to
construct and use. The ability to spoof Wi-Fi networks is one function of the Wi-Fi
Pineapple. This enables Pineapple to disguise itself as a recognized wi-fi network and
convince wi-fi users to join to the Pineapple wi-fi. This therefore enables the user of the
Pineapple to target the users connected to the faked network (Hautzinger, 2021)[23].
Engineers working with Hak5 came up with the idea for the Pineapple initially in
order to conduct pen tests and assist network managers with auditing network security.
The AP, which some people believe looks more like a spider than a pineapple, gives
network engineers the ability to hack their own network in order to find flaws and set
defenses in place to make the network more resistant to future attackers. Honeypot is the
term used to describe what is known as a Pineapple when it is used in penetration testing.
utilized as a rogue access point (AP) to carry out security vulnerabilities via a MitM
attack (Lutkevich, 2022)[24]. For man-in-the-middle attacks, the wi-fi Pineapple serves as
intercept and transmit private communications between users of public wireless networks
and the website they are accessing (NI Cyber Guy, 2021)[25].
12
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
processors with multiple role-based radios and the PineAP suite, which is protected by a
Hak5 patent. Designed specifically to withstand the toughest conditions after being
hardened and put through extensive testing. Incredible performance is available from a
simple and direct web interface on the brand-new WiFi Pineapple Mark VII, which also
includes an extensive ecosystem of apps, automated pentest campaigns, and Cloud C2 for
remote access from any location in the world (Hak5, 2019) [26]. The wi-fi Pineapple
capabilities for reporting, logging, tracking, and surveillance for performing MitM attack
Pineapple makes use of the fundamental aspects of how the Internet works. This hacking
tool may be purchased by anyone for a little price in order to steal data. A widely used
and widely available gadget called Wi-fi Pineapple can give numerous possibly
kiddies). The Wi-fi Pineapple is a strong and versatile tool that, depending on the user's
intention, may be useful or deadly. While wifi Pineapple has the potential to be abused, it
also has a far greater chance of preventing those who have malicious intentions (NI
13
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
RASPBERRY PI
The Raspberry pi is a computer about the size of a credit card. When it was first
made, creator Eben Upton wanted to make a low-cost device that would help pre-
university students learn how to code and understand hardware. It is a powerful little
computer that can be used in electronics projects and for many of the same things as a
desktop computer, like spreadsheets, word processing, browsing the internet, and playing
games. HD video can also be played on it. The Raspberry Pi is slower than a modern
laptop or desktop, but it is still a full Linux computer that can do everything you'd expect
Many individuals think of Raspberry Pi as the next step up from Linux. Raspberry
Pi is a low-level device the size of a credit card or a computer system that can be built
into a monitor. It is usually a small device that is connected to the monitor with an HDMI
(High-Definition Multimedia Interface) cable. One of the newest platforms used for
penetration testing is Raspberry Pi. Even though it has to be bought, it costs less and is
cannot be used with other operating systems, such as Windows. This is suitable for those
who want a device they can personalize to suit their needs and tastes, not for those who
simply want to do a task fast (Pantech ELearning, 2021)[29]. The raspberry pi needs a
14
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
micro-SD card to function as internal storage because it lacks any internal storage. Users
are all aware of the slow speed of SD cards. Due to its underwhelming performance, the
board's startup time and the Raspberry Pi's read/write speed have been increased. The
Raspberry Pi board does not come with heatsinks or cooling fans pre-installed. If used
continually for 6-7 hours without air conditioning or a heat sink, it will eventually reach
temperatures that are significantly higher than 70 degrees Celsius (MACFOS, 2020)[30].
KALI LINUX
The well-known Linux operating system has a variant based on Debian called
Kali Linux. Penetration testing is made considerably simpler using Kali. Advanced users
may use Kali to execute information security tests to find and patch any potential
program vulnerabilities. The fact that Kali Linux has been ported to the ARM
smartphones may also have Kali installed in addition to desktop computers and laptops
(aid, 2019)[31]. Kali Linux is a free operating system made for security analytics and
focused on security and forensics. Kali is used by both attackers and people who work in
security. Kali is used because it gives a lot of support by being scalable, stable, and easy
to use. These are the parts of the operating system that any professional would want to
see so they could analyze, audit, test, check, and evaluate security networks (N. Balaji,
2020)[28].
available in Kali Linux. Every software has a different level of flexibility and application.
15
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
These helpful tools are expertly divided into the following categories by Kali Linux:
testing, forensics tools, sniffing & spoofing, password attacks, maintaining access,
reverse engineering, reporting tools, and hardware hacking are some of the techniques
used in cybercrime (Williams, 2019)[32]. Users can modify and customize Kali Linux ISO
images using the live-build functionality of Kali Linux. Kali Linux is a completely free
and open-source operating system. It does not include any proprietary software or drivers.
Kali Linux is available for VirtualBox, VMware, Raspberry Pi, ARM images, and cloud
instances, among other platforms. With the ability to operate a variety of hardware and
connect to a number of USB and other wireless devices, Kali Linux is made to function
package intended for advanced users. It will be challenging to use if you are new to
Linux. Additionally, the operating system is devoid of a graphical user interface (GUI).
This implies that all tasks must be completed via the command line. There is relatively
little documentation on Kali Linux available. This can make learning how to use all of the
available tools challenging. Kali Linux is not intended to be your primary operating
When it comes to Wi-Fi hacking and pen testing, Alfa's AWUS036NHA is one of
the greatest wireless adapters they've ever produced. With its Atheros AR9271 chipset, it
will work flawlessly with most Linux distributions (Cyberpunk, 2018). Alfa
16
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
AWUS036NHA is one of the most well-known monitor mode wi-fi adapters. It's an IEEE
802.11 b/g/N-compatible Wi-Fi USB adapter. In the 2.4 GHz band, it's possible to set up
networks with speeds of up to 150 Mbps. It's also compatible with IEEE 802.11 b/g,
which lets you connect wireless devices at speeds of up to 54 Mbps (KaliTut, 2021)[34].
The Alfa AWUS036HHA USB Wi-Fi adapter is one of the best things you can
use with Kali Linux for wireless pen testing (very popular among Kali Linux users). It's
small, has a great range, and costs very little. Setting up is easy because the drivers are
already built in. You just have to plug the USB Wi-Fi adaptor into your device to use it
(Kali Linux & some other Linux distros). The AWUS036NHA is different from most of
its predecessors in that it supports all six wireless modes. This is important for
monitoring mode. You can capture a valid WPA2-PSK hash, the WPA 4-way handshake,
a hidden SSID, generate ARP frames for a WEP replay attack, perform man-in-the-
The unfortunate fact about USB adapters is that they do not have an external
antenna, making them less powerful. Most people complain about slower speeds while
using USB adapters. In the case of a USB adapter, the finest feature might also be its
largest disadvantage. Anyone may use the Wi-Fi USB adapter because it does not require
any installation. It implies that your data can be utilized by anyone without restriction.
Aside from that, anyone may easily unplug the gadget and take it away from you. If you
unplug your device from your PC or laptop, the USB port may be damaged (Chahal,
2018)[36].
17
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
Wi-Fi is one of those things that most of us would find difficult to live without.
Unfortunately, there are a number of flaws in the underlying 802.11 standards that might
be exploited (By, 2021)[37]. This system features an all-purpose tool for the ESP32
platform for carrying out different Wi-Fi cyberattacks. It includes some basic
functionality that is often used in Wi-Fi attacks and simplifies the implementation of new
attacks. It also covers Wi-Fi attacks such as obtaining PMKIDs from handshakes or
passively listening for devices connecting to the target network or by performing a de-
auth attack and then monitoring for device reconnections. By examining the initial
message of a WPA handshake, PMKIDs are obtained from APs that have the roaming
functionality enabled. The ESP32 Wi-Fi Penetration Tool will also format the recorded
data into PCAP and HCCAPX files, which may then be analyzed with Wireshark and
Hashcat. To manage the tool, it generates a management access point from which the
target and attack type may be selected, and the subsequent data downloaded. When you
combine the ESP32 with a battery, you can accomplish anything on the go. In addition,
the ESP32 only supports Wi-Fi networks with a frequency range of 2.4 GHz; it will not
The LAN Turtle is a covert systems administration and penetration testing tool
and stealth remote access through a straightforward visual shell. The LAN Turtle can
blend into many IT environments because to its discrete design, which is housed inside a
generic "USB Ethernet Adapter" case. The LAN Turtle has a ton of functions for remote
access, and network recon. If all modules are turned off, it may function as a
straightforward and convenient USB ethernet adapter, but it also lets you operate
surveillance operations and communicate with the device from anywhere. LAN Turtle
In addition, LAN Turtle is a tiny device that may be placed discreetly on a target
computer to poison DNS, offering potential phishing endpoints. With the LAN Turtle's
various modules, people may simply sniff (listen) to every data transferred across the
network. After little configuration and reconnecting it to the server, anyone will be able
to access the target's network and collect usernames/passwords from a closed PC without
even needing to join to the network. One may use it to intercept and log web traffic by
installing it between a target machine and a LAN. Hackers will be able to get access to
the target's network and steal usernames and passwords from a closed PC without the
appropriate for institutional settings with a large number of desktop PCs and minimal
19
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
worry about such devices. Even highly skilled IT experts may be unconcerned with LAN
safe. When a person or device tries to connect, they need a password or network key. If
your wireless network isn't secure, people who aren't supposed could connect to it and get
people use your network without your knowledge, it could slow down or work less well
Wireless networks and security are critical today for studying, having fun, and
remaining alive. Authorization and authentication are two of the most crucial steps to
privacy. The forms of encryption that may be utilized are determined by the
provide you with the default encryption key or place it on the router's bottom. Wireless
(GeeksforGeeks, 2022)[44].
home routers offer various security settings with varying levels of protection. While they
20
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
are all distinct, they are not all equal; as such, it is critical to discover what type of
security your Wi-Fi employs. For the security of residential wireless networks, many
wireless security protocols have been created. Nowadays, the most used wireless security
protocol types are WEP, WPA, and WPA2. To improve network security, each protocol
employs a unique type of encryption. The most recent protocols, including the latest
WPA3 protocol, have proven to be quite strong, making hacking considerably more
The Wired Equivalent Privacy (WEP) security protocol is the first and most used
provide security comparable to that of a wired local area network (WLAN) (LAN), the
privacy feature was introduced. WEP has been approved as a security standard by the
Wi-Fi Alliance. Although WEP was formerly marketed as providing the same security
benefits as a wired connection, it has had a variety of security problems over time. These
flaws have gotten worse as computational power has expanded. Despite efforts to
improve it, WEP still has security problems, hence the Wi-Fi Alliance formally
wireless computer networks. It was initially established in 2003, and it was intended to
replace the wired equivalent privacy (WEP), which had several known security flaws. To
guarantee that Wi-Fi networks are secure, WPA requires users to enter a password during
21
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
WEP. WPA-secured wireless computer networks employ the TKIP protocol and a pre-
shared key. For encryption, TKIP employs the RC4 cipher (BasuMallick, 2022)[47].
wireless computer networks. The Wi-Fi Alliance created it to take the place of the old
Wired Equivalent Privacy (WEP) encryption standard. WPA uses the Advanced
Encryption Standard (AES) encryption and Temporal Key Integrity Protocol (TKIP) to
encrypt data transferred over the wireless network, offering greater data security and
network access control than WEP (Kuhn et al., 2018) [48]. WPA2 and AES-CCMP, on the
other hand, did not remain safe indefinitely; the well-publicized KRACK assault drove
AES/CCMP to its knees in late 2017. KRACK cannot be patched in WPA2 because it
leverages a flaw in the 802.11i standard itself, rather than a specific implementation of it.
The attack can be avoided to a great extent by blocking EAPOL-Key frame re-
transmission during key installation, which results in possibly longer timeframes for
WPA3, which came out in June 2018, is the replacement for WPA2, which
experts in security claim can be "compromised." The goal of making WPA3 was to make
it easier to use and make it stronger in terms of encryption. It comes in both Personal and
Enterprise editions, just like WPA2, but this version is better than WPA2 because it has
stronger authentication and encryption features and a fix for KRACK, a flaw that was
built into WPA2. It also has features that make it easier to connect IoT wi-fi devices and
WIRELESS FIDELITY
22
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
technology. Wi-Fi is the most often used technology for connecting a router to the
internet, and it is configured as follows. The term "access point" refers to wireless control
points. A router and an access point are often seen in a home. In an organizational context
where a large region must be secured, many access points are necessary, or more routers
and APs must be utilized to create a mesh network. The IEEE supports and develops, and
preserves the IEEE 802.11 standards, the fundamental framework for all networks. To
speed up its expansion, the standards firm has utilized frequencies like 2.4 GHz, 5 GHz,
and some of the standard's newest revisions. Also, because there is so much Wi-Fi in the
2.4GHz area, the 2.4GHz spectrum is typically employed in older or new Wi-Fi levels.
Wireless N is the standard version of the 802.11 standards that are utilized in most
houses. The standards have been accessible since 2009, and most Internet Service
Providers (ISPs) have had wireless networks as standard for years. Wireless N can
operate at both the 2.4 and 5 GHz bands. The more modern and faster wireless AC
standard, which operates on the 5 GHz band, is becoming more common, and the current
routers offered by the Philippines' largest ISPs all include wireless AC as standard, as
well as legacy wireless N to support older devices that operate on the 2.4 GHz frequency
(Chua, 2019).
The Wi-Fi Alliance has just introduced a new consumer categorization system to
simplify customers' different wireless service options. Prior to the new design, existing
specifications. However, when new hardware is released, the new designations will be
23
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
widely noticed as early as with 802.11AX devices since Wi-Fi 6 is currently in use, and
future goods will follow that example. The new standard also involves the release of the
improved Wi-Fi version known as Wi-Fi 6. (802.11AX). It also plays a more major role
in larger networks with several devices connecting at the same time, such as airports or
concert halls (Wi-Fi Alliance, 2018). The Wi-Fi Alliance stated the distinct designations
24
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
RELATED STUDIES
Levels in Wireless Local Area Network," (Ali Alsahlany, et al., 2019) [53]. The researchers
investigated the risks of different security levels used to secure WLANs, such as SSID,
MAC filter, and WPA2. According to the researchers, it is preferable to configure the
address filter, and WPA2 AES encryption). The researchers also recommend disabling
the WPS protocol to prevent an attacker from exploiting protocol weaknesses and
determining the default PIN number. Furthermore, the researchers used complex WPA2
passes with compound lengths larger than 16 alphanumeric characters that included small
letters, capital letters, special characters, and digits while avoiding the use of consecutive
study by discussing penetration testing and outlining its advantages and difficulties. They
then give a thorough analysis of the various penetration testing methods, including
25
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
wireless and social engineering methods. The wireless penetration testing section in their
study discusses the different types of wireless networks and identifies the risks associated
with each. The researchers also describe the tools and techniques used to assess the
security of wireless networks, including sniffing tools, rogue access point detection, and
Moreover, in the study by (F. Fikriyadi et al., 2020)[55], entitled "Security Analysis
of Wireless Local Area Network (WLAN) Network with the Penetration Testing
Method," the researchers did their study by examining at how WLAN network security
works and assessing WLAN network security through penetration testing. Due to the fact
that wireless networks lack the same level of security as wired networks. Most of the
time, security holes in wireless networks are caused by how they are set up or by how
they encrypt data. The setup is vulnerable in part because it is so easy to set up a wireless
network these days. Since many manufacturers add features that make the lives of users
and network administrators easier, many wireless networks stick to the settings that are
wireless networks: A survey," (Sudhakar et al., (2018) [56], the researchers wanted to give
a broad overview of the advanced in wireless network security analysis and penetration
testing at that time. The researchers analysis centered on the methods, resources, and
26
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
networks. Even though wireless networks are getting more and more common, security is
still a significant issue since there aren't enough effective security measures in place. In
order to address this issue, the researchers looked at current wireless network security
that every organization should take into consideration. Cybercrime is on the rise as a
divide his testing into four stages. The four steps include information collection,
covered in their study the procedures and stages (from information collecting to target
Unconventional Penetration Testing Practices,” the company and government have lost a
lot of money and privacy because of a cyberattack, and the privacy of information that
isn't important has been put at risk. Thus, the researchers state that it is more important to
have thorough penetration testing, assessment techniques, and tools for analyzing and
presenting the unconventional penetration techniques and tactics that are currently
27
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
available, testing and examining their key features and role in supporting cybersecurity,
and measuring how well they work. Considering those unconventional ways to test for
vulnerabilities don't require as much time-consuming code writing, they are easier to
manage and add more to the security assessment. The issue with traditional ways of
testing for security holes is that they don't always solve security problems. Because
technology is always changing and never stays the same for very long. This means that
there will always be weaknesses, security holes, and threats, even if new methods for
penetration testing are developed that aren't what people are used to. When figuring out
how safe a system is, people often use non-traditional ways to test it. This is done to save
time and make sure the system is safe. The researchers presume that future penetration
testing is expected to be scalable so that it can adapt to any changes that may happen in
The table below shows the summary of the related studies to the study of the
researchers of the Penetration Testing for Wireless Local Area Network (WLAN) of
City Campus. The table shows the features on our system that is also available to some
28
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
address these
challenges.
Efficacy of S. Mishra 2021 Social The study may not
Unconventional engineering: The be sufficient to
Penetration paper examines the detect all potential
Testing Practices use of social vulnerabilities in
engineering in WLANs, especially
penetration testing, with the increasing
including phishing complexity of
attacks and baiting. WLAN architectures
and attack
techniques.
SYNTHESIS
Wireless Local Area Network (WLAN) gave the researchers additional knowledge in
organizations to uncover, test, and highlight security flaws. Pen testing varies from other
organization. Depending on the structure and actions of the organization, a certain set of
As stated by Kevin Beaver (2018)[21], having the essential tools for penetration
testing will make it easier to perform the task efficiently. Nevertheless, there are many
tools intended to be used to penetrate the Wireless Local Area Network (WLAN). And
according to Robb, D. (2020)[22], there is a variety of Wi-Fi testing tools that are available
in the market today. Many are open source or free, and there are several alternatives, each
with its own set of features, benefits, and pricing points. Connecting to our study, the
31
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
researchers investigate the different tools that might be used in pen-testing the Wireless
device used by several cybersecurity and networking organizations. It has the ability to
imitate Wi-Fi networks, disguise itself as a recognized wi-fi network and convince wi-fi
users to join to the Pineapple wi-fi. As per (Hak5, 2019)[26], there is a brand-new Wi-Fi
Pineapple Mark VII with a simple and direct web interface because of the
processors with many role-based radios and the PineAP suite. However, according to (NI
Cyber Guy, 2021)[25], wi-fi Pineapple is one of the most dangerous services accessible. It
is a powerful and adaptable equipment that, depending on the user's goal, may be both
beneficial and lethal. Although wi-fi Pineapple has the potential to be misused, it also
In accordance with (N. Balaji, 2020)[28], one of the newest platforms for
Windows. According to (Pantech ELearning, 2021)[29], it also has a slower CPU, which
made multitasking impossible. Additionally, (MACFOS, 2020)[30] stated that because the
raspberry pi lacks internal storage, it must utilize a micro-SD card as internal storage. The
Raspberry Pi board does not come with heatsinks or cooling fans pre-installed. Without
cooling or a heat sink, it will ultimately reach temperatures that are substantially higher
According to (N. Balaji, 2020)[28], Kali Linux is a free operating system made for
security analytics and penetration testing. Kali is a tool that advanced users may use to do
information security tests to identify and fix any potential software flaws. As per
programs available in Kali Linux. Every software has a different level of flexibility and
application. Nevertheless, (Khanna, 2022)[33], stated that Kali Linux is not for complete
beginners. It is a penetration testing package intended for advanced users. The operating
system is devoid of a graphical user interface (GUI). This implies that all tasks must be
wireless adapters they've ever made for Wi-Fi hacking and pen testing. It is among the
greatest tools for wireless pen testing with Kali Linux. It is compact, affordable, and has a
wide range. The fact that the drivers are already included makes setup simple. With this
tool, you may execute man-in-the-middle (MITM) attacks, produce ARP frames for a
WEP replay attack, record a valid WPA2-PSK hash, the WPA 4-way handshake, and a
disguised SSID, among other things. The negative thing with Alfa's AWUS036NHA,
according to (Chahal, 2018)[36], is that they lack an external antenna, which reduces their
power. Most individuals who use USB converters lament the decreased speeds they
experience. The Wi-Fi USB adapter doesn't need to be installed, so anybody may use it.
As per (Son, 2021)[38], ESP32 wi-fi penetration tool features an all-purpose tool
for carrying out different Wi-Fi cyberattacks. It covers Wi-Fi attacks including getting
PMKIDs from handshakes or from the handshakes itself utilizing a variety of techniques
33
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
others. According to (Expert, 2021)[39], the captured data will also be formatted by the
ESP32 Wi-Fi Penetration Tool into PCAP and HCCAPX files, which may subsequently
be examined with Wireshark and Hashcat. It creates a management access point from
which the target and attack type may be chosen and the following data downloaded in
order to control the tool. However, according to (Federov, 2022) [40], the ESP32 only
supports Wi-Fi networks with a frequency range of 2.4 GHz; it will not connect to a
straightforward visual shell. The LAN Turtle has a ton of functions for remote access,
MITM, and network recon. Moreover, with the LAN Turtle's various modules, people
may simply sniff (listen) to every data transferred across the network. However,
(Tatianna, 2018)[42] stated that this application is appropriate only for institutional settings
with a large number of desktop PCs and minimal worry about such devices. Even highly
skilled IT experts may be unconcerned with LAN turtles or are entirely unaware of their
existence.
The study by (Ali Alsahlany, et al., 2019) [53], entitled "Experimental Evaluation of
modify the security mode of the Access Points. The researchers investigate the
vulnerabilities associated with the various security levels utilized to secure WLAN. As
well as our study, the researchers will pen-test a certain WLAN to expose the
34
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
vulnerabilities of the security protocols. Another study by (F. Fikriyadi et al., 2020)[55]
entitled "Security Analysis of Wireless Local Area Network (WLAN) Network with the
Penetration Testing Method,” they examine how does the security works on WLAN.
Since wireless networks lack security, researchers evaluate the WLAN network through
penetration testing.
different types of wireless networks and identifies the risks associated with each. The
researchers also describe the tools and techniques used to assess the security of wireless
attacks.
(Sudhakar et al., (2018)[56], entitled “Penetration testing and security analysis of wireless
networks: A survey," the researchers intended to determine the current wireless network
security assessment tools and penetration testing techniques. They also looked at a
35
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
Penetration Testing Practices,” intends to utilized an easier way to penetrate the network.
code writing, they are easier to manage and add more to the security assessment. And
since technology is always evolving and never remains the same for long. People are not
used to new methods of penetration testing being established. This study allowed us, the
researching Penetration Testing-related materials, we, the researchers, gained some useful
insights for furthering our research. These materials helped us in better understanding
CONCEPTUAL FRAMEWORK
proposed project. The research is divided into three phases: input, process, and output.
The input phase will encompass the WLAN pen-testing software suite Aircrack-ng, a pre-
installed module in Kali Linux designed for monitoring, attacking, and testing. As well as
the Alfa AWUS036HHA USB Wi-Fi adapter and the Wi-Fi Pineapple Mark VII + AC
Tactical, which are the commonly used hardware for WLAN pen-testing. The process
phase will be the integration. The last phase is output which is the Wireless Local Area
36
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
Pen-testing
software for
WLAN
WLAN
Integration pen-testing
methods
Commonly used
hardware for pen-
testing WLAN
Research Paradigm
Design Science
System Development
37
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
This research paradigm was adopted by Dr. Napoleon Meimban, a former PSU
Urdaneta City Campus faculty and a former Dean of PSU-Graduate Studies. It was
adapted and revised by Dr. Kenneth Oliver S. Lopez of PSU-UCC to fit the needs of the
protocols claim to provide security solutions such as wired networks; they are still of
interest until today. However, such protocols are not fully secure and can be target of key
recovery attacks in the real world. In this paper, the researchers explain how Wireless
Local Area Network attacks work and show that they seem harder in practice than they
do in theory. Their chances of success have often been miscalculated, and their success
depends on the test environment, which is different for each contribution. As a basis to
determine the security strength of a wireless network, the researchers decided to perform
PSU-UCC. Grounded Theory the researchers will determine what is the suitable
equipment to be used in penetration testing. The researchers will utilize the versatility and
conveniency of the equipment to pen-test the said WLANs. Action Research the
researchers’ penetration testing has two phases the reconnaissance phase and the
penetration testing phase. System Development the researchers will discuss the step-by-
38
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
39