ATTACKING WIRELESS AND NETWORK SECURITY

A project report submitted in partial fulfillment of the requirementsfor the award

of the degree of

BACHELOR OF TECHNOLOGY

in

DEPARTMENT OF CSE – CYBER SECURITY

Submitted By

NIDDANI PRABHU JAYA SANTHOSH - 20B21A4689

THUMMOJU RAVI VARMA - 20B21A4690

KOPPISETTI TEJA KUMAR - 21B25A4612

KANDIBOYINA RAVI TEJA - 20B21A4685

DUNGI YASHWANTH - 20B21A4684

Under the Esteemed Guidance of

Mr. V V SUBHASH, M.Tech,

Assistant Professor

DEPARTMENT OF CSE – CYBER SECURITY

KAKINADA INSTITUTE OF ENGINEERING & TECHNOLOGY

(Approved by AICTE & Affiliated to JNT University Kakinada)
Yanam Road, Korangi-533461, E.G. Dist. (A.P) Phone no: 0884-
234050, 2303400 Fax no: 0884-2303869

2020-2024
KAKINADA INSTITUTE OF ENGINEERING & TECHNOLOGY
 (Approved by AICTE & Affiliated to JNT University Kakinada)
Yanam Road, Korangi-533461, E.G. Dist. (A.P) Phone no: 0884-
234050, 2303400 Fax no: 0884-2303869
DEPARTMENT OF CSE – CYBER SECURITY

BONAFIDE CERTIFICATE

This is to certify that the project entitled “ATTACKING WIRELESS

AND NETWORK SECURITY” the Bonafede record of work done by NIDDANI
PRABHU JAYA SANTHOSH, THUMMOJU RAVI VARMA, KOPPISETTI TEJA
KUMAR, KANDIBOYINA RAVI TEJA, DUNGI YASHWANTH, Bearing With
ROLL NO: 20B21A4689, 20B21A4690, 21B25A4612, 20B21A4685, 20B21A4684in
partial fulfillment of the requirement for the award of the degree of BACHELOR OF
TECHNOLOGY in Computer Science & Engineering-CS in Kakinada Institute of
Engineering & Technology, Korangi, affiliated to Jawaharlal Nehru Technological
University, KAKINADA.

INTERNAL GUIDE HEAD OF THE DEPARTMENT

EXTERNAL EXAMINER

ACKNOWLEDGEMENT
 I would like to take the privilege of the opportunity to express my gratitude for
the Project work of “ATTACKING WIRELESS AND NETWORK SECURITY”
which enabled us to express our special thanks to our honorable Chairman of the
institution Sri. P.V. Viswam.
I am thankful to Principal Dr. M. M. S. Prasad, Ph.D, who has shown keen
interest in us and encouraged us by providing all the facilities to complete my project
successfully.
I express my gratitude to our beloved Head of the Department of CSE – CS,
Mr. V V SUBHASH, M.Tech for assisting me in completing my project work.
I am extremely thankful to our Project Review Committee who has been a
source of inspiration for us throughout my project and for their valuable advice in
making my project a success.
I express my sincere thanks to my beloved supervisor Mahalakshmi Rao,
Assistant Professor, Dept. of CSE - CS who has been a source of inspiration for me
throughout my project and for his valuable pieces of advice in making my project a
success.
I wish to express my sincere thanks to all teaching and non-teaching staff of the
CSE – Cyber Secuirty Department. I wish to express my special thanks to all the
faculty members of our college for their concern in subjects and their help throughout
my course.
I am very thankful to my parents, and all my friends who had given me good
cooperation and suggestions throughout this project and helped me in successful
completion.

NIDDANI PRABHU JAYA SANTHOSH - 20B21A4689

THUMMOJU RAVI VARMA - 20B21A4690

KOPPISETTI TEJA KUMAR - 21B25A4612

KANDIBOYINA RAVI TEJA - 20B21A4685

DUNGI YASHWANTH - 20B21A4684

DECLARATION
 I hereby declare that the project work entitled “ATTACKING WIRELESS AND
NETWORK SECURITY” Submitted to the Kakinada Institute of Engineering and
Technology affiliated to JNTU Kakinada, a record of an original work done by me under
the guidance of Mr. B. Mahalakshmi Rao, M.Tech., Assistant Professor in the
Department of CSE - CS and this project work is submitted to the partial fulfillment of
the requirements for the award of the degree of Bachelor of Technology in CSE - CS. The
results embodied in this project have not been submitted to any other University or
Institute for the award of any Degree or Diploma.

NIDDANI PRABHU JAYA SANTHOSH - 20B21A4689

THUMMOJU RAVI VARMA - 20B21A4690

KOPPISETTI TEJA KUMAR - 21B25A4612

KANDIBOYINA RAVI TEJA - 20B21A4685

DUNGI YASHWANTH - 20B21A4684

Place:

Date:
ATTACKING WIRELESS AND NETWORK
SECURITY

Wireless Encryption Protocols (WEP, WPA, WPA2, WPA3):

Describe the different encryption protocols used in wireless networks, including their
strengths and weaknesses. Discuss how vulnerabilities in these protocols can be exploited
by attackers to gain unauthorized access to the network.

Man-in-the-Middle (MITM) Attacks:

Explore how attackers can intercept and manipulate communication between devices on a
wireless network. Discuss techniques such as ARP spoofing and DNS spoofing used in
MITM attacks and their potential impacts.
Denial of Service (DoS) Attacks:
Describe DoS attacks targeting wireless networks, where attackers flood the network with
traffic or exploit vulnerabilities to disrupt normal operations. Discuss the potential
impacts of DoS attacks on network availability and strategies for defending against them.

DoS attacks are not like your typical malware attacks. They don’t require special
programs to run. Instead, they seek to exploit the inherent vulnerability in the target
network.
Let’s say you’re looking to buy your favorite pair of sneakers from your favorite
ecommerce website. Typically, your device sends a small packet of information asking
the server for authentication. Once the server authenticates and your network
acknowledges the approval, you can access the website.
However, in a DoS attack, the process is rigged. Bad actors send several packets of
information asking the server for authentication. The problem is the return address is
faulty, thereby making it impossible for servers to send the authentication approval.
Security Vulnerabilities in Wireless Devices:
Explanation: Investigate common security vulnerabilities found in wireless routers,
access points, and client devices. Discuss how these vulnerabilities can be exploited by
attackers to compromise the security of the entire network.

Social Engineering Attacks:

Explanation: Explore how attackers use social engineering techniques to manipulate users
into revealing sensitive information or performing actions that compromise the security of
the wireless network. Discuss examples of social engineering attacks targeting wireless
networks and how to educate users to recognize and prevent them.
Wireless Network Penetration Testing:
Explanation: Discuss the process of conducting penetration tests on wireless networks to
identify and address security vulnerabilities. Explain the tools and methodologies used in
wireless penetration testing and the importance of regularly assessing network security.

Wireless Intrusion Detection and Prevention Systems (IDS/IPS):

Explanation: Describe how IDS/IPS systems can be used to monitor wireless networks
for suspicious activity and automatically respond to security threats. Discuss the types of
attacks that can be detected and prevented by these systems and their role in overall
network security.
 PSKracker

Introduction to PSKracker:
PSKracker is a powerful tool designed for testing and assessing the security of wireless
networks by attempting to crack their pre-shared keys (PSKs). PSKs are the passwords
used to authenticate users and secure access to WPA/WPA2-protected wireless networks.
This tool is primarily intended for use by security professionals, network administrators,
and ethical hackers to evaluate the strength of their own wireless networks' security
measures and identify potential vulnerabilities. PSKracker utilizes various techniques,
including dictionary attacks, brute force attacks, and rainbow table attacks, to
systematically guess or crack the PSK used to protect a wireless network.
It's important to emphasize that PSKracker should only be used for ethical and legal
purposes, with proper authorization obtained before testing the security of any network.
Unauthorized or malicious use of PSKracker to gain unauthorized access to wireless
networks is illegal and unethical.
This documentation provides comprehensive guidance on installing, configuring, and
responsibly using PSKracker, as well as recommendations for securing wireless networks
against potential attacks. By following the guidelines outlined in this documentation,
users can effectively leverage PSKracker as part of their network security toolkit while
maintaining ethical and legal standards.
Features:
1. Dictionary Attack: PSKracker employs a dictionary attack by attempting to crack
the PSK using a predefined list of commonly used passwords or words.
2. Brute Force Attack: This feature allows PSKracker to systematically try all
possible combinations of characters until the correct PSK is found, providing a
comprehensive method for cracking.
3. Hybrid Attack: PSKracker can combine dictionary and brute force attacks
intelligently, leveraging the advantages of both methods to increase the likelihood
of success.
4. Mask Attack: Users can specify a pattern or mask for the PSK, allowing
PSKracker to focus its cracking efforts on a specific subset of possible passwords,
thereby reducing the search space.
5. Rule-Based Attack: PSKracker supports rule-based attacks, allowing users to
apply custom transformation rules to manipulate dictionary words or brute force
attempts, such as appending numbers or special characters.
6. Custom Wordlists: Users can provide their own custom wordlists or dictionaries
for PSKracker to use during dictionary attacks, enabling tailored password
guessing based on specific criteria or context.
 7. Rainbow Table Attack: PSKracker may incorporate rainbow table attacks, which
use precomputed tables to speed up the cracking process by matching hash values
to plaintext passwords, although this may not be as relevant for WPA/WPA2
PSKs due to the use of salting.
8. Optimized Performance: PSKracker includes optimizations such as parallel
processing, GPU acceleration, or distributed computing to improve performance
and reduce the time required to crack PSKs.
9. Progress Reporting: PSKracker provides real-time feedback on the progress of the
cracking process, including information such as the number of passwords tested,
success rate, and estimated time remaining.
10. Logging and Reporting: PSKracker logs all cracking attempts and results,
allowing users to review and analyze the outcome of the cracking process, as well
as generate reports for documentation purposes.
11. Compatibility: PSKracker is compatible with various wireless network
configurations and encryption protocols, including WPA and WPA2, supporting
both personal (PSK) and enterprise (802.1X/EAP) authentication methods
12. User-Friendly Interface: PSKracker offers an intuitive command-line interface
(CLI) or graphical user interface (GUI) that makes it easy for users to configure
and run cracking operations, as well as adjust settings and parameters as needed.
13. Error Handling: PSKracker includes robust error handling mechanisms to
gracefully handle unexpected errors, interruptions, or failures during the cracking
process, ensuring reliability and stability.
14. Ethical Usage Guidelines: PSKracker promotes ethical usage by providing clear
warnings against using the tool for unauthorized purposes, as well as guidance on
obtaining proper authorization before testing the security of any network.

Install:

git clone https://github.com/soxrok2212/pskracker

cd pskracker/
make
sudo make install
Usage:
Usage: pskracker <arguments>

Required Arguments:

-t, --target : Target model number

Optional Arguments:

-b, --bssid : BSSID of target

-W, --wps : Output possible WPS pin(s) only

-G, --guest : Output possible guest WPA key(s) only

-s, --serial : Serial number

-f, --force : Force full output

-h, --help : Display help/usage

Usage Guide:
Command-line interface overview.
Explanation of optional parameters and flags.
Usage: pskracker <arguments>

Required Arguments:

-t, --target : Target model number

Optional Arguments:
-b, --bssid : BSSID of target
-W, --wps : Output possible WPS pin(s) only
-G, --guest : Output possible guest WPA key(s) only
-s, --serial : Serial number
-f, --force : Force full output
-h, --help : Display help/usage

Usage Example:
pskracker -t <target> -s <serial number> -b <bssid>

Targeted Example:
$ pskracker -t nvg599
...
aaae7uas5wrj
aaae7v3qrvbu
...
$ pskracker -t dpc3941 -b 112233445566
PSK: 5756C3915966657704

Attack Methods Supported:

 Explanation: In a dictionary attack, PSKracker tries to crack the PSK by
systematically testing a predefined list of words, phrases, or passwords commonly
used by users. This list, known as a dictionary, may include common words,
phrases, passwords obtained from data breaches, or customized entries tailored to
the target network or user.
 Usage: Dictionary attacks are effective when the PSK is a commonly used or
weak password. PSKracker iterates through each entry in the dictionary, trying
them as potential PSKs until the correct one is found.
a) Brute Force Attacks:
 Explanation: Brute force attacks involve systematically trying every possible
combination of characters until the correct PSK is found. PSKracker starts with
the shortest possible password length and iterates through all possible
combinations, gradually increasing the length until the PSK is cracked.
 Usage: Brute force attacks are effective against PSKs of any complexity,
including those with random characters or longer lengths. However, they can be
time-consuming and resource-intensive, especially for longer PSKs.
b) Rainbow Table Attacks:

 Explanation: Rainbow table attacks use precomputed tables containing pairs of

plaintext passwords and their corresponding hash values. PSKracker compares the
hash of the PSK being cracked against entries in the rainbow table to find a match.
This can significantly speed up the cracking process compared to traditional brute
force methods.
 Usage: While rainbow table attacks are effective against weak passwords, they are
less practical for cracking PSKs in modern wireless networks, such as those
protected by WPA/WPA2, due to the use of salting and other cryptographic
techniques that make rainbow tables less effective.
c) Hybrid Attacks:
 Explanation: Hybrid attacks combine multiple attack methods, such as dictionary
attacks and brute force attacks, to optimize the cracking process. PSKracker may
start with a dictionary attack using commonly used passwords before switching to
a brute force attack to cover more complex or less common PSKs.
 Usage: Hybrid attacks leverage the strengths of different attack methods to
increase the likelihood of success while minimizing the time and resources
 required. PSKracker intelligently switches between attack methods based on the
characteristics of the target PSK and the progress of the cracking process.

d) Mask Attacks:
 Explanation: Mask attacks allow users to specify a pattern or mask for the PSK,
indicating the possible characters and their positions. PSKracker then iterates
through all possible combinations based on the specified mask, reducing the
search space and speeding up the cracking process.
 Usage: Mask attacks are useful when users have some knowledge or hints about
the structure or format of the PSK, such as the length or the presence of certain
characters. By focusing the cracking efforts on specific patterns, PSKracker can
crack PSKs more efficiently.Description of how each attack method works and its
effectiveness.
Best Practices for Ethical Usage:

1. Transparency: Be transparent about the use of AI. If AI is being used in a product

or service, users should be informed about it.

2. Privacy: Respect user privacy by collecting only the data necessary for the
intended purpose and ensuring it's securely stored and used responsibly.

3. Fairness: Ensure that AI systems are designed and trained to be fair and unbiased,
without discriminating against individuals or groups based on factors like race,
gender, or socioeconomic status.

4. Accountability: Hold individuals and organizations accountable for the decisions

made by AI systems. Establish clear lines of responsibility for the outcomes
produced by AI.

5. Explainability: Make AI systems explainable, so users can understand how

decisions are made and why certain actions are taken. This fosters trust and helps
users make informed choices.

6. Human Oversight: Maintain human oversight of AI systems to prevent them from

making harmful or unethical decisions. Humans should have the ability to
intervene if necessary.

7. Continuous Monitoring: Regularly monitor AI systems for unintended

consequences or biases that may arise over time. Adjust algorithms and processes
as needed to mitigate these issues.

8. Inclusivity: Ensure that AI technologies are accessible to all individuals, including

those with disabilities or from marginalized communities.

9. Societal Impact Assessment: Conduct thorough assessments of the potential

societal impact of AI technologies before deploying them, including their effects
on employment, inequality, and social cohesion.
 10. Collaboration: Foster collaboration between diverse stakeholders, including
technologists, policymakers, ethicists, and community representatives, to address
ethical challenges and develop solutions collaboratively.

11. Education and Awareness: Educate users and stakeholders about the ethical
implications of AI and empower them to make responsible decisions regarding its
development and use.

12. Regulatory Compliance: Adhere to relevant laws, regulations, and industry

standards governing the ethical use of AI, and advocate for the creation of new
regulations where necessary to address emerging challenges.

Security Recommendations:
1. Strong Authentication: Implement strong authentication mechanisms, such as
multi-factor authentication, to ensure that only authorized users can access
PSKRACKER.

2. Secure Communication: Use encryption protocols (e.g., SSL/TLS) to secure

communication between PSKRACKER and other systems or clients, preventing
eavesdropping or data tampering.

3. Access Control: Enforce strict access controls to limit privileges and restrict
access to sensitive functionality or data within PSKRACKER. Use role-based
access control (RBAC) where appropriate.

4. Regular Updates and Patching: Keep PSKRACKER up-to-date with the latest
security patches and updates to address any known vulnerabilities and protect
against potential exploits.

5. Secure Configuration: Ensure that PSKRACKER is configured securely,

following best practices and disabling unnecessary services or features that could
pose security risks.

6. Input Validation: Implement robust input validation mechanisms to prevent

common vulnerabilities such as injection attacks (e.g., SQL injection, XSS) that
could compromise the integrity or confidentiality of data.
 7. Logging and Monitoring: Enable comprehensive logging and monitoring
capabilities within PSKRACKER to detect and respond to security incidents in a
timely manner. Monitor for suspicious activities, unauthorized access attempts,
and unusual patterns.

8. Data Encryption: Encrypt sensitive data at rest and in transit to protect it from
unauthorized access or disclosure. Utilize strong encryption algorithms and key
management practices.

9. Secure Development Practices: Follow secure coding practices and conduct

regular security code reviews to identify and address potential vulnerabilities early
in the development lifecycle.

10. Incident Response Plan: Have an incident response plan in place to effectively
respond to security breaches or incidents involving PSKRACKER. This plan
should include procedures for containing, investigating, and remedying security
incidents.

11. Vendor Security Assurance: If PSKRACKER relies on third-party components or

services, ensure that vendors adhere to stringent security standards and perform
due diligence assessments to evaluate their security posture.

12. User Education and Awareness: Educate users about security best practices, such
as creating strong passwords, recognizing phishing attempts, and reporting
suspicious activities. Foster a security-conscious culture within the organization.
Resources:
Cybersecurity Websites and Forums: Websites like Cybersecurity and Infrastructure
Security Agency (CISA), Krebs on Security, and forums like Reddit's r/cybersecurity can
provide a wealth of information on various cybersecurity topics, including password
security and cracking.
Online Courses and Tutorials: Platforms like Coursera, Udemy, and Cybrary offer
courses on cybersecurity fundamentals, ethical hacking, and password security.
Books: There are numerous books available on cybersecurity and password cracking.
Some notable titles include "Hacking: The Art of Exploitation" by Jon Erickson, "The
Web Application Hacker's Handbook" by Dafydd Stuttard and Marcus Pinto, and
"Password Cracking: A Hands-On Guide to Penetration Testing" by Matt Walker.Open
Source Tools: Tools like John the Ripper, Hashcat, and Hydra are commonly used for
password cracking and can provide insights into the techniques and methodologies
involved.
Conferences and Events: Attending cybersecurity conferences and events, such as DEF
CON, Black Hat, and RSA Conference, can offer opportunities to learn about the latest
trends and developments in password security and cracking.
Online Communities: Engaging with online communities like Stack Exchange's
Information Security community or joining cybersecurity-focused Discord servers can
provide access to experts and enthusiasts who can offer insights and guidance.
References to relevant books, articles, and websites.

License and Acknowledgments:

1. License: The developers of PSKRACKER should specify the license under

which the software is distributed. Common open-source licenses include
MIT License, GNU General Public License (GPL), Apache License, among
others. The license dictates how the software can be used, modified, and
distributed.
 Acknowledgments: If PSKRACKER includes code, libraries, or other resources developed by
Contributor Agreements: If PSKRACKER is a collaborative project involving multiple contri
Copyright Notices: Ensure that proper copyright notices are included in the source code a
Disclaimer of Warranty and Liability: Include a disclaimer of warranty and liability to clari
Documentation: Provide comprehensive documentation for PSKRACKER, including informa

Version History:

1. Release Number: Each release of the software is typically assigned a

version number, such as 1.0, 1.1, 2.0, etc. Version numbers may follow a
semantic versioning scheme (e.g., MAJOR.MINOR.PATCH) to indicate the
significance of changes.
2. Release Date: The date when each version of the software was released is
usually documented to track the timeline of development and updates.
3. Changelog: A changelog accompanies each release and outlines the
changes, improvements, bug fixes, and new features introduced in
that version compared to previous versions.
4. Bug Fixes and Security Patches: Information about any bugs,
vulnerabilities, or security issues addressed in each release, along
with details of the fixes or patches applied.
5. New Features: Descriptions of any new functionality or features added in
each version of the software, along with instructions on how to use them.
6. Performance Enhancements: Documentation of any optimizations or
performance improvements implemented in the software to enhance its
speed, efficiency, or resource usage.
7. Deprecations and Removals: Notices about any features or functionalities
that have been deprecated or removed in a particular version, along with
guidance on migrating or updating existing implementations.
 Compatibility Notes: Information about compatibility with different operating systems, pla
Contributors: Credits and acknowledgments for individuals or organizations that contribut

Types of Wireless Network Attacks

Wireless networks have undoubtedly revolutionized the way we communicate and
conduct business, offering unparalleled convenience and mobility. However, with this
freedom comes the lurking threat of malicious attackers seeking to exploit the
vulnerabilities inherent in wireless technology. Here are some of the common types of
wireless network attacks:

1. Wireless Eavesdropping (Passive Attacks)

Attackers use tools like packet sniffers to intercept and monitor wireless communications
between devices. By capturing data packets transmitted over the air, they can potentially
obtain sensitive information, such as login credentials, financial data, or personal
information.

2. Wireless Spoofing (Man-in-the-Middle Attacks)

In these attacks, the attacker positions themselves between the wireless client and the
legitimate access point, intercepting and manipulating data transmissions. The attacker
may then relay the information back and forth, making it appear as if they are the
legitimate access point. This enables them to snoop on data or perform other malicious
actions unnoticed.

3. Wireless Jamming (Denial-of-Service Attacks)

Attackers flood the wireless frequency spectrum with interference signals, disrupting
legitimate communications between devices and access points. By creating excessive
noise, they can render the wireless network unusable for legitimate users.

4. Rogue Access Points

Attackers set up unauthorized access points, mimicking legitimate ones, to deceive users
into connecting to them. Once connected, the attacker can eavesdrop, capture data, or
launch further attacks on the unsuspecting users.
5. Brute-Force Attacks
Attackers try various combinations of passwords or encryption keys in rapid succession
until they find the correct one to gain unauthorized access to the wireless network.

6. WEP/WPA Cracking
Attackers exploit vulnerabilities in older wireless security protocols like Wired
Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) to gain unauthorized
access to encrypted wireless networks.

7. Evil Twin Attacks

Attackers create fake access points with names similar to legitimate ones, tricking users
into connecting to the malicious network. Once connected, the attacker can intercept
sensitive data or execute further attacks.

8. Deauthentication/Disassociation Attacks
Attackers send forged deauthentication or disassociation frames to wireless devices,
forcing them to disconnect from the network, leading to service disruptions or potential
vulnerabilities when devices automatically reconnect.

Preventing Wireless Network Attacks: Safeguarding Your Digital Domain

Protecting your wireless network from potential threats is paramount, and we have
compiled a comprehensive list of preventive measures to ensure your digital domain
remains secure. Follow these essential tips to fortify your wireless network against
attacks:

1. Update your computer often

Regularly update your operating system and applications to ensure you have the latest
security patches and fixes. Timely updates help address discovered vulnerabilities,
making it harder for attackers to exploit known weaknesses.

2. Use MAC filtering

Enable MAC filtering on your wireless router to control access to your network. By
specifying which devices are allowed to connect based on their unique MAC addresses,
you can prevent unauthorized access and enhance your network’s security.
3. Disable SSID broadcasting
Turn off SSID broadcasting to make your wireless network invisible to casual observers.
This prevents your network from being easily discoverable and adds an extra layer of
obscurity for potential attackers.

4. Use WPA2 encryption

Utilize WPA2 encryption, the latest and most secure protocol, to safeguard your data as it
travels between devices and access points. Encryption ensures that even if intercepted,
your data remains unintelligible to unauthorized entities.

5. Change the default SSID

Customize your router’s SSID to something unique and unrelated to personal
information. Avoid using common names like “Linksys” or “default” to deter attackers
from identifying and targeting your network.

6. Disable file sharing

Turn off file sharing on your network to prevent unauthorized users from accessing your
sensitive files. If file sharing is necessary, ensure you set up secure passwords to limit
access to approved users only.

7. Enable WEP encryption (only if using an older router)

If your router doesn’t support WPA2, use WEP encryption as a fallback option. However,
keep in mind that WEP is less secure than WPA2 and should only be considered if
absolutely necessary.
Network Security tools aim to prevent devices,
technologies, and processes from unauthorized data access,
identity thefts, and cyber threats.
Network security prevents unauthorized access of information or misuse
of the organizational network. It includes hardware and software
technologies designed to protect the safety and reliability of a network
and data.

Network security tools are essential to secure your organization's

network to stop several threats that could damage the system and the
network. It helps to monitor the network and prevent data breaches.

The network security tool can examine all the traffic across a network.
Traffic monitoring helps the organization proactively identify the issues
and threats before it turns into significant damage to the organization.
Network security tools send real-time alerts for any unusual behavior to
prevent any breaches.

Some of the benefits of Network Security Tools are:

 Network security tools will minimize the business and financial

impact of any breach, as they help you stay compliant with
regulations and prevent breaches.

 Network security helps your business stay compliant and

provides multiple levels of security to increase the scope of your
business and offer a better workplace for your employees.

 It ensures the protection of any sensitive information and data

shared across the network.

Now let’s see the top 10 Network Security tools.

Best 10 Network Security Tools

1. Wireshark

Wireshark is an open-source network protocol analyzer that helps

organizations capture real-time data and track, manage, and analyze
network traffic even with minute details.

It allows users to view the TCP session rebuilt streams. It helps to

analyze incoming and outgoing traffic to troubleshoot network
problems.

Features

 Deep inspection of hundreds of protocols

 Capture real-time data and offline analysis

 It runs on multiple operating systems like Windows, Linux,

macOS, etc.
  It provides color codes to each packet for quick analysis.

Pros

 Supports multiple operating systems like Windows, Linux, etc

 Easily integrates with third-party applications

Cons

 Steep learning curve

 Difficult to read the encrypted network traffic

 Lack of support

2. Nexpose
Nexpose is a network security software that provides real-time
information about vulnerabilities and reduces the threats in a network.
In addition, Nexpose permits the users to allot a risk score to the
detected vulnerabilities so that they may be prioritized as per the
security levels.

Nexpose helps IT teams to get real-time scanning of the network and

detect network vulnerabilities. It also continuously refreshes and adapts
to new threats in software and data.

Features

 Nexpose provides real-time network traffic.

 It provides a risk score and helps IT teams prioritize the risk as

per the security levels.

 It shows the IT teams different actions they can take immediately

to reduce the risk.

Pros

 Easy to use

 In-depth scanning of network vulnerabilities.

Cons

 No domain-based authentication for Linux devices

 Lack of customer support

3. Splunk

Splunk is used for monitoring network security. It provides both real-

time data analysis and historical data searches.

It is a cloud-based platform that provides insights for petabyte-scale

data analytics across the hybrid cloud.

Splunk’s search function makes application monitoring easy and user-

friendly.

It contains a user interface to catch, index, and assemble data and

generate alerts, reports, dashboards, and graphs in real-time.

Features

 Splunk attributes risk to users and systems and maps alerts to

cybersecurity frameworks, and trigger alerts when the risk
exceeds the threshold.
  It helps in prioritizing alerts and accelerating investigations with
built-in threat intelligence.

 It helps to get automatic security content updates to stay updated

with the emerging threats.

Pros

 The indexing of data is easy

 Easy to use

Cons

 Steep learning curve

4. Nagios
Nagios is a network security tool that helps to monitor hosts, systems,
and networks. It sends alerts in real-time. You can select which specific
notifications you would like to receive.

It can track network resources like HTTP, NNTP, ICMP, POP3, and SMTP.
It is a free tool.

Features

 Nagios help to monitor IT infrastructure components, including

system metrics, network protocols, application services, servers,
and network infrastructure.

 It sends alerts when an unauthorized network is detected

and provides IT admin with notice of important events.

 It provides reports which show the history of events, notifications,

and alert responses for later review.

Pros

 Great tool for live monitoring

 User friendly

 Data monitoring can be tracked easily

Cons

 Limited reporting capabilities

 The system slows down while monitoring the data

5. Tor

Tor is a network security tool that ensures the privacy of users while
using the internet. It helps in preventing cybersecurity threats and is
useful in safeguarding information security.

Tor works on the concept of onion routing, and the layers are layered one
over the other similar to the onion. All the layers function smartly so that
there is no need to reveal any IP and geographical location of the user.
Therefore, limiting the visibility of any sites, you are visiting.

Features

 Tor software is available for Linux, Windows, as well as Mac

 It helps to block the third-party trackers, and ads can't follow you

 It prevents third-party watching your connection from knowing

what websites you visit

 It aims to make all users look the same and is difficult for trackers
Pros

 It protects the online identity

 Provides a high-level privacy

 User-friendly interface

Cons

 The system gets slower during navigation

 Starting and browsing time is high

6. Nessus Professional

Nessus professional is a network security software that can detect

vulnerabilities like software bugs and general security problems in
software applications, IT devices, and operating systems and manage
them appropriately.

Users can access a variety of security plug-ins as well as develop their

own and scan individual computers as well as networks.

Features

 It provides customization of reports by vulnerability or hosts and

creates a summary for the users.

 Sends email notifications of the scan results

 It helps meet government, regulatory, and corporate requirements

 It scans cloud applications and prevents your organization from

cybersecurity threats

Pros

 It offers flexibility for developing custom solutions

 Nessus VA scan covers all standard network devices like

endpoints, servers, network devices, etc.

 Provide plug-ins for many vulnerabilities

Cons

 The software slows down when you scan a large scope

 Poor customer support

7. Metasploit

Metasploit is security software that contains various tools for executing

penetrating testing services. IT professionals use this tool to reach
security goals such as vulnerabilities in the system, improving the
computer system security, cyber defense strategies and maintaining
complete security assessments.

The penetration testing tools can examine various security systems,

including web-based apps, servers, networks, etc.

It allows the organization to perform security assessments and improve

its overall network defenses and make them more responsive.

Features

 The tools are used to take advantage of system weaknesses

 The module encoders are used to convert codes or information

  Metasploit allows a clean exit from the target system. It has
compromised

Pros

 Good support for penetration testing

 Useful to learn and understand vulnerabilities that exist in the

system

 Freely available and includes all penetration testing tools

Cons

 Software updates are less frequent

 Steep learning curve

8. Kali Linux
Kali Linux is a penetration testing tool used to scan IT systems and
network vulnerabilities. The organization can monitor and maintain its
network security systems on just one platform.

It offers a security auditing operating system and tools with more than
300 techniques to make sure that your sites and Linux servers stay safe.

Kali Linux is used by professional penetration testers, ethical hackers,

cybersecurity experts, and individuals who understand the usage and
value of this software.

Features

 Kali Linux comes with pre-installed tools like Nmap, Aircrack-

ng, Wireshark, etc., to help with information security tasks.

 It provides multi-language support.

 It helps to generate the customized version of Kali Linux.

Pros

 Pre-installed tools are ready to use

 Simple and user-friendly interface

Cons

 Limited customization

 The installation process is complicated

9. Snort

Snort is an open-source network security tool used to scan networks and

prevent any unauthorized activity in the network. IT professionals use it
to track, monitor, and analyze network traffic. It helps to discover any
signs of theft, unauthorized access, etc. After detection, the tool will help
send alerts to the users.

Additionally, Snort is used to perform protocol analysis, detect frequent

attacks on a system, look for data captured from traffic, etc.

Features

 Snort provides a real-time traffic monitor

 It provides protocol analysis

 It can be installed in any network environment

Pros

 Good for monitoring network traffic

 Good for detecting any network intrusions

Cons

 Complicated settings and configuration

 Steep learning curve

10. Forcepoint

Forcepoint is a cloud-based security solution and is used to define

network security, restrict users from accessing specific content and
block various attempts to hack or get your organization's information.

The IT admin can customize Forcepoint to monitor and detect any

unauthorized acts in a network and can take the appropriate action
required. It adds an extra level of security for critical threats.

Forcepoint is majorly for the organizations working in the cloud, and it

will be able to block or provide warnings about any risky cloud servers.
Features

 Forcepoint helps in monitoring any unusual cloud activities.

 It provides tracking of any suspicious behavior and sends alerts to

the IT admins.

 It protects and secures data.

 It helps to limit the access of your employees within the scope of

your organization.

Pros

 Good support

 Easy to set up and user-friendly interface

Cons

 Creating reports is difficult

 Less flexibility in real-time screen monitoring

Wireless Network Security:
Vulnerabilities, Threats and Countermeasures

1) 1) 2)
Min-kyu Choi , Rosslin John Robles , Chang-hwa Hong , Tai-hoon
1)
Kim
School of Multimedia, Hannam University, Daejeon, Korea
puremiroa@naver.com, rosslin_john@yahoo.com, taihoonn@hannam.ac.kr

Abstract

Wireless networking provides many advantages, but it also coupled with

new security
threats and alters the organization’s overall information security risk profile.
Although
implementation of technological solutions is the usual respond to wireless
security threats and vulnerabilities, wireless security is primarily a
management issue. Effective management of the threats associated with
wireless technology requires a sound and thorough assessment of risk given
the environment and development of a plan to mitigate identified threats. We
present a framework to help managers understand and assess the various
threats associated with the use of wireless technology. We also discuss a
number of available solutions for countering those threats.

Keywords : Wireless Network, Wireless Security, Wireless Threats, Signal-

Hiding

1. Introduction
Wireless networking presents many advantages Productivity
improves because of increased accessibility to information
resources. Network configuration and reconfiguration is easier,
faster, and less expensive. However, wireless technology also
creates new threats and alters the existing information security
risk profile. For example, because communications takes place
"through the air" using radio frequencies,
the risk of interception is greater than with wired networks. If the
message is not encrypted, or encrypted with a weak algor ithm, the
attacker can read it, thereby compromising confidentiality.
Although wireless networking alters the risks associated with
various threats to security, the overall security objectives remain
the same as with wired networks: preserving confidentiality,
ensuring integrity, and maintaining availability of the information
and information systems. The objective of this paper is to assist
managers in making such decisions by providing them with a
basic
understanding of the nature of the various threats associated with
wireless networking and available countermeasures.

The popularity of wireless Networks is a testament primarily to their

convenience, cost
efficiency, and ease of integration with other networks and network
components. The majority of computers sold to consumers today come pre-
equipped with all necessary wireless Networks technology. The benefits of
wireless Networks include: Convenience, Mobility, Productivity,
Deployment, Expandability and Cost.

Wireless Network technology, while replete with the conveniences and

advantages
described above has its share of downfalls. For a given networking situation,
wireless
Networks may not be desirable for a number of reasons. Most of these have
to do with the
inherent limitations of the technology. The disadvantages of using a wireless
network are:
Security, Range, Reliability, and Speed.

Wireless Networks present a host of issues for network managers.

Unauthorized access
points, broadcasted SSIDs, unknown stations, and spoofed MAC addresses
are just a few of the problems addressed in WLAN troubleshooting. Most
network analysis vendors, such as Network Instruments, Network General,
and Fluke, offer WLAN troubleshooting tools or functionalities as part of
their product line.

2. Wireless Vulnerabilities, Threats and Countermeasures

The wireless networks consist of four basic components: The
transmission of data using radio frequencies; Access points that
provide a connection to the organizational network and/or the
Client devices (laptops, PDAs, etc.); and Users. Each of these
components provides an avenue for attack that can result in the
compromise of one or more of the three fundamental security
objectives of confidentiality, integrity, and
availability.

2.1 Wireless Network Attacks

2.1.1 Accidental association

Unauthorized access to company wireless and wired networks can
come from a number of different methods and intents. One of
these methods is referred to as “accidental association”. When a
user turns on a computer and it latches on to a wireless access
point from a neighboring comp any’s overlapping network, the
user may not even know that this has occurred. However, it is a
security breach in that proprietary company information is
exposed and now there could exist a link from one company to
the other. This is especially true if the laptop is also hooked to a
wired network.

2.1.2 Malicious association

“Malicious associations” are when wireless devices can be
actively made by crackers to connect to a company network
through their cracking laptop instead of a company access point
(AP). These types of laptops are known as “soft APs” and are
created when
a cracker runs some software that makes his/her wireless network
card look like a
legitimate access point. Once the cracker has gained access,
he/she can steal passwords, launch attacks on the wired network,
or plant trojans. Since wireless networks operate at the Layer 2
level, Layer 3 protections such as network authentication and
virtual private networks (VPNs) offer no barrier. Wireless 802.1x
authentications do help with protection but are still vulnerable to
cracking. The idea behind this type of attack may not be to break
into a VPN or other security measures. Most likely the crac ker is
just trying to take over the client at the Layer 2 level.
2.1.3 Ad-hoc networks
Ad-hoc networks can pose a security threat. Ad-hoc networks are
defined as peer-to-peer networks between wireless computers that
do not have an access point in between them. While these types of
networks usually have little protection, encryption methods can
be used to provide security.

2.1.4 Non-traditional networks

Non-traditional networks such as personal network Bluetooth
devices are not safe from cracking and should be regarded as a
security risk. Even barcode readers, handheld PDAs, and wireless
printers and copiers should be secured. These non-traditional
networks can be easily overlooked by IT personnel who have
narrowly focused on laptops and access points.

2.1.5 Identity theft (MAC spoofing)

Identity theft (or MAC spoofing) occurs wh en a cracker is able to
listen in on network traffic and identify the MAC address of a
computer with network privileges. Most wireless systems allow
some kind of MAC filtering to only allow authorized computers
with specific MAC IDs to gain access and utilize the network.
However, a number of programs exist that have network “sniffing”
capabilities. Combine these programs with other software that
allow a computer to pretend it has any MAC address that the
cracker desires, and the cracker can easily get around that hurdle.

2.1.6 Man-in-the-middle attacks

A man-in-the-middle attacker entices computers to log into a
computer which is set up as a soft AP (Access Point). Once this is
done, the hacker connects to a real access point through another
wireless card offering a steady flow of traffic through the
transparent hacking computer to the real network. The hacker can
then sniff the traffic. One type of man-in-the-middle attack relies
on security faults in challenge and +handshake protocols to
execute a “de-authentication attack”. This attack forces AP -
be done by script kiddies. Hotspots are particularly vulnerable to
any attack since there is little to no security on these networks.

Denial of service:

A Denial-of-Service attack (DoS) occurs when an attacker

continually bombards a targeted AP (Access Point) or network
with bogus requests, premature successful connection messages,
failure messages, and/or other commands. These cause legitimate
users to not be able to get on the network and may even cause the
network to crash. These attacks rely on the abuse of protocols
such as the Extensible Authentication Protocol (EAP).

2.1.8 Network injection

In a network injection attack, a cracker can make use of access
points that are exposed to non-filtered network traffic,
specifically broadcasting network traffic such as “Spanning Tree”
(802.1D), OSPF, RIP, and HSRP. The cracker injects bogus
networking re-configuration commands that affect routers,
switches, and intelligent hubs. A whole network can be brought
down in this manner and require rebooting or even
reprogramming of all intelligent networking devices.

2.1.9 Caffe Latte attack

The Caffe Latte attack is another way to defeat WEP. It is not
necessary for the attacker to be in the area of the network using
this exploit. By using a process that targets the Windows wireless
stack, it is possible to obtain the WEP key from a remote client.
By sending a flood of encrypted ARP requests, the assailant takes
advantage of the shared key authentication and the message
modification flaws in 802.11 WEP. The attacker uses the ARP
responses to obtain the WEP key in less than 6 minutes.

3. Securing Wireless Transmissions

The nature of wireless communications creates three basic threats:
Interception, Alteration and Disruption.

3.1 Protecting the Confidentiality of Wireless Transmissions

Two types of countermeasures exist for reducing the risk of
eavesdropping on wireless transmissions. The first involves
methods for making it more difficult to locate and intercept the
wireless signals. The second involves the use of encryption to
preserveconfidentiality even if the wireless signal is intercepted.

3.1.1 Signal-Hiding Techniques In order to intercept wireless transmissions,

attackers first need to identify and locate wireless networks. There are,
however, a number of steps
organizations can take to make it more difficult to locate their wireless
access points. The
easiest and least costly include the following: Turning offthe service set
identifier (SSID)
broadcasting by wireless access points, Assign cryptic names to SSIDs,
Reducing signal
strength to the lowest level that still provides requisite coverage or Locating
wireless access points in the interior of the building, away from windows
and exterior walls. More effective, but also more costly methods for
reducing or hiding signals include: Using directional antennas to constrain
signal emanations within desired areas of coverage or Using of signal
emanation-shielding techniques, sometimes referred to as TEMPEST, 1 to
block emanation ofwireless signals.

3.1.2 Encryption The best method for protecting the confidentiality of

information
transmitted over wireless networks is to encrypt all wireless traffic. This is
especially
important for organizations subject to regulations.

3.2 Preventing Alteration of Intercepted Communications

Interception and alteration of wireless tr ansmissions represents a

form of "man-in-themiddle" attack. Two types of countermeasures
can significantly reduce the risk of such attacks: strong
encryption and strong authentication of both devices and users.

3.3 Countermeasures to Reduce the Risk of Denial-of-Service Attacks

Wireless communications are also vulnerable to denial -of-service

(Do S) attacks. Organizations can take several steps to reduce the
risk of such unintentional Do S attacks. Careful site surveys can
identify locations where signals from other devices exist; the
results of such surveys should be used when deciding where to
locate wireless access points. Regular periodic audits of wireless
networking activity and performance can identify problem areas;
appropriate remedial actions may include removal of the
offending devices or measures to increase signal strength and
coverage within the problem area.

4. Securing Wireless Access Points

Insecure, poorly configured wireless access points can
compromise confidentiality by allowing unauthorized access to
the network.

4.1 Countermeasures to Secure Wireless Access Points

Organizations can reduce the risk of unauthorized access to
wireless networks by taking these three steps:
1. Eliminating rogue access points;
2. Properly configuring all authorized access points; and
3. Using 802.1x to authenticate all devices.

4.1.1 Eliminate Rogue Access Points

The best method for dealing with the threat of rogue access points is to use
802.1x on the
wired network to authenticate all devices that are plugged into the network.
Using 802.1x will prevent any unauthorized devices from connecting to the
network.

4.1.2 Secure Configuration of Authorized Access Points

Organizations also need to ensure that all authorized wireless access points
are securely
configured. It is especially important to change all default settings because
they are
wellknown and can be exploited by attackers.

4.1.3 Use 802.1x to Authenticate all Devices

Strong authentication of all devices attempting to connect to the network

can prevent rogue access points and other unauthorized devices from
becoming insecure backdoors. The 802.1x protocol discussed earlier
provides a means for strongly authenticating devices prior to assigning them
IP addresses.

5. Securing Wireless Client Devices

Two major threats to wireless client devices are (1 ) loss or theft,
and (2 )
compromise. Loss or theft of laptops and PDAs is a serious
problem. laptops and PDAs often store confidential and
proprietary information. Consequently, loss or theft of the
devices may cause the organization to be in vi olation of privacy
regulations involving the disclosure of personal identifying
information it has collected from third parties. Another threat to
wireless client devices is that they can be compromised so that an
attacker can access sensitive information stored on the device or
use it to obtain unauthorized access to other system resources.

6. Securing Wireless Networks

6.1 Use of Encryption

The most effective way to secure your wireless network from intruders is to

encrypt, or
scramble, communications over the network. Most wireless routers, access
points, and
stations have a built-in encryption mechanism. If your wireless router
doesn’t have an
encryption feature, consider getting one that does. Manufacturers often
deliver wireless
routers with the encryption feature turned off. You must turn it on.

6.2 Use anti-virus and anti-spyware software, and a firewall

Computers on a wireless network need the same protections as any computer

connected
the Internet. Install anti-virus and anti-spyware software, and keep them up-
to-date. If your firewall was shipped in the “off” mode, turn it on.

6.3 Turn off identifier broadcasting

Most wireless routers have a mechanism called identifier broadcasting. It

sends out a
signal to any device in the vicinity announcing its presence. You don’t need
to broadcast
information if the person using the network already knows it is there.
Hackers can use
identifier broadcasting to home in on vulnerable wireless networks. Disable
the identifier
broadcasting mechanism if your wireless router allows it.

6.4 Change the identifier on your router from the default

The identifier for your router is likely to be a standard, default ID assigned

by the
manufacturer to all hardware of that model. Even if your router is not
broadcasting its
identifier to the world, hackers know the default IDs and can use them to try
to access your network. Change your identifier to something only you
know, and remember to configure the same unique ID into your wireless
router and your computer so they can communicate. Use a password that’s at
least 10 characters long: The longer your password, the harder it is for
hackers to break.

6.5 Change your router’s pre-set password for administration

The manufacturer of your wireless router probably assigned it a standard

defaultpassword
that allows you to set up and operate the router. Hackers know these default
passwords, so change it to something only you know. The longer the
password, the tougher it is to crack.

6.6 Allow only specific computers to access your wireless network

Every computer that is able to communicate with a network is assigned its

own unique
Media Access Control (MAC) address. Wireless routers usually have a
mechanism to allow only devices with particular MAC addresses access to
the network. Some hackers have mimicked MAC addresses, so don’t rely on
this step alone.

6.7 Turn off your wireless network when you know you won’t use it

Hackers cannot access a wireless router when it is shut down. If you turn the

router off
when you’re not using it, you limit the amount of time that it is susceptible
to a hack.

6.8 Don’t assume that public “hot spots” are secure

Many cafés, hotels, airports, and other public establishments offer wireless
networks for
their customers’ use.

Training and Educating Users

Notice that Figure 1 also includes users as the fourth basic

component of wireless networking. As is the case with wired
security, users are the key component to wireless networking
security. Indeed, the importance of training and educating users
about secure wireless behavior cannot be overstated. To be
effective, user training and education needs to be repeated
periodically.

8. Network Auditing

Wireless network auditing is an important part of WLAN security policy.

The network
needs to be regularly audited for rouge hardware. In this method the network
is scanned and mapped for all access points and WLAN nodes. Then this is
compared with previous network map. Commonly available network
mapping tools like netstumbler and wavelan-tool can be used to do this.
Specialized tools such as Airsnort can be used for WEP cracking and
auditing the network for weak keys, key reuse and WEP security settings.
These methods include the same tests as those carried out by hackers for
breaking into the network.

Conclusion

Wireless networking provides numerous opportunities to increase

productivity and cut costs. It also alters an organization’s overall
computer security risk profile. Although it is impossible to totally
eliminate all risks associated with wireless networking, it is
possible to achieve a reasonable level of overall security by
adopting asystematic approach to assessing and managing risk.
This paper discussed the threats and vulnerabilities associated
with each of the three basic technology components of
wireless networks (clients, access points, and the transmission
medium) and described various commonly available
countermeasures that could be used to mitigate those risks. It also
stressed the importance of training and educating users in safe
wireless
networking procedures.
1. Why Wireless is Insecure and What can we do about it?
2. IEEE 802.11 Wireless LAN Overview
3. Legacy 802.11 Security: WEP
4. IEEE 802.11i Wireless LAN Security: WPA, WPA2

Wireless Network Threats

1. Accidental Association: Overlapping networks ⇒ unintentionally connect

to neighbors
2. Malicious Association: Malicious access points (Free public WiFi) can steal
passwords
3. Ad-Hoc Networks: Two computers can exchange data
4. Nontraditional Networks: Bluetooth can be used to eavesdrop
5. MAC Spoofing: Change MAC address to match a privileged computer
6. Man-In-The-Middle Attacks: Using rogue access point between the user
and the real access point
7. Denial of Service (DoS): Keep the media busy
8. Network Injection: Spoof routing/management messages.

IEEE 802.11 Architecture

 The IEEE 802.11 standard, commonly known as Wi-Fi, outlines the
architecture and defines the MAC and physical layer specifications for
wireless LANs (WLANs). Wi-Fi uses high-frequency radio waves
instead of cables for connecting the devices in LAN. Given the mobility
of WLAN nodes, they can move unrestricted within the network
coverage zone. The 802.11 structure is designed to accommodate
mobile stations that participate actively in network decisions.
Furthermore, it can seamlessly integrate with 2G, 3G, and 4G networks.
The Wi-Fi standard represents a set of wireless LAN standards
developed by the Working Group of IEEE LAN/MAN standards
committee (IEEE 802). The term 802.11x is also used to denote the set
of standards. Various specifications and amendments include 802.11a,
802.11b, 802.11e, 802.11g, 802.11n etc..

Station: Stations (STA) comprise all devices and equipment that are
connected to the wireless LAN. It can be of two types:
 Wireless Access Point (WAP): WAPs or simply access points
(AP) are wireless routers that bridge connections for base
stations.
 Client: Examples include computers, laptops, printers, and
smartphones.
Access Point: It is a device that can be classified as a station because of its
functionalities and acts as a connection between wireless medium and
distributed systems.
Distribution System: A system used to interconnect a set of BSSs and
integrated LANs to create an ESS.
Frame: It is a MAC protocol data unit.
SSID (Service Set Identifier): It’s the network name for a particular
WLAN. All-access points and devices on a specific WLAN must use the same
SSID to communicate.
SDU: It is a data unit that acts as an input to each layer. These can be
fragmented or aggregated to form a PDU.
PDU: It is a data unit projected as an output to communicate with the
corresponding layer at the other end. They contain a header specific to the
layer.
Network Interface Controller: It is also known as network interface card.
It is a hardware component that connects devices to the network.
Portal: Serves as a gateway to other networks.
IEEE 802.11 Architecture and Services
In the year 1990, IEEE 802.11 Committee formed a new working group, the
IEEE 802.11 standard which defines protocols for Wireless Local Area
Networks (WLANs). Just like how Ethernet provides services for wired
media, IEEE 802.11 architecture is designed to provide features for
wireless networks.
An AP supports both wired and wireless connections. The 802.11 standard
calls the upstream wired network the distribution system (DS). The AP
bridges the wireless and wired L2 Ethernet frames, allowing traffic to flow
from the wired to the wireless network and vice versa. Each wireless
network has a unique SSID.
The 802.11 architecture provides some basic services for WLANs whose
implementation is supported by MAC layer:
Basic Service Set
The Basic Service Set configuration consists of a group of stations and
relies on an Access Point (AP), which serves as a logical hub. Stations from
different BSSs interact through the AP, which functions as a bridge, linking
multiple WLAN cells or channels.
Operating Modes
Depending upon the mode of operation, BSS can be categorized into the
following types:
 Infrastructure BSS: Communication between stations takes
place through access points. The AP and its associated wireless
clients define the coverage area and form the BSS.

 Independent BSS – Supports mutual communication between

wireless clients. An ad-hoc network is spontaneously created and
does not support access to wired networks.
 Independent BSS

Independent Basic Service Set

In the IBSS configuration, also referred to as independent configuration or
ad-hoc network, no single node is required to act as a server. The stations
communicate directly with one another in a peer-to-peer basis. Generally,
IBSS covers a limited area instead of a large network. Typically covering a
specific area, IBSS is used for specific, short-term purposes with a limited
number of nodes.

Extended Service Set

ESS connects multiple BSSs and consists of several BSS cells, which can be
interlinked through wired or wireless backbones known as a distributed
system. Multiple cells use the same channel to boost aggregate throughput
to network. The equipment outside of the ESS, the ESS and all of its mobile
stations comprise a single MAC layer network where all stations are
virtually stationary. Thus, all stations within the ESS appear stationary
from an outsider’s perspective.

Other components include:

 Distribution System (DS): Links APs within the ESS.
 Portal: Serves as a gateway to other networks.
 Architecture for IEEE 802.11 Configuration

 Roaming: In an environment with multiple access points (like a

large office building or campus), a device can move from the
range of one AP to another and still maintain its connection. This
is possible due to the underlying architecture of the IEEE 802.11
standard which allows for roaming between APs.
 Authentication and Association: Before a station can send or
receive data frames on a WLAN, it needs to establish its identity
with an AP. This process is called authentication. After
authentication, the station then establishes a data link-layer
connection with the AP through a process called association.
Services provided by the WLAN
IEEE defines 9 services that need to be provided by the WLAN:
Service Provider Used to Support

Association Distribution System MSDU delivery

Authentication Station LAN access and security

De-authentication Station LAN access and security

Disassociation Distribution System MSDU delivery

Distribution Distribution System MSDU delivery

Integration Distribution System MSDU delivery

MSDU Delivery Station MSDU delivery

Privacy Station LAN access and security

Re-associaction Distribution System MSDU delivery

NOTE:
MSDU: Information that is delivered as a unit between MAC users.
MPDU: The unit of data exchanged between two peer MAC entities using the
services of the physical layer.
Frame Format of IEEE 802.11
IEEE 802.11 MAC layer data frame consists of 9 fields:
Frame Control
It is 2 bytes long and defines type of frame and control information. The
types of fields present in FC are:
 Version: Indicates the current protocol version.
 Type: Determines the function of frame i.e. management(00),
control(01) or data(10).
 Subtype: Indicates subtype of frame like 0000 for association
request, 1000 for beacon.
 To DS: When set indicates that the destination frame is for
DS(distribution system).
 From DS: When set indicates frame coming from DS.
 More frag (More fragments): When set to 1 means frame is
followed by other fragments.
 Retry: If the current frame is a re-transmission of an earlier
frame, this bit is set to 1.
 Power Mgmt (Power Management): It indicates the mode of a
station after successful transmission of a frame. Set to ‘1’ field
indicates that the station goes into power-save mode. If the field
is set to 0, the station stays active.
 More data: It is used to indicate to the receiver that a sender has
more data to send than the current frame.
 WEP: It indicates that the standard security mechanism of 802.11
is applied.
 Order: If this bit is set to 1 the received frames must be
processed in strict order.
Duration / ID
It contains the value indicating the period of time in which the medium is
occupied (in µs).
Address 1 to 4
These fields contain standard IEEE 802 MAC addresses (48 bit each). The
meaning of each address is defined by DS bits in the frame control field.
SC (Sequence Control)
It consists of 2 sub-fields i.e. sequence number (12 bits) and fragment
number (4 bits). Sequence number is used to filter duplicate frames.
Data
It is a variable length field which contains information specific to individual
frames which is transferred transparently from a sender to the receiver.
CRC (Cyclic Redundancy Check)
It contains 32 bit CRC error detection sequence to ensure error free frame.
Note: To know more about the features of IEEE 802.11 MAC frame visit
this article.
Wi-Fi Alliance
Wi-Fi Alliance is a global non-profit organization that performs the task of
monitoring products from different manufacturers which are certified on
the basis of IEEE 802.11 standard. There is always a concern whether
products from different vendors will successfully interoperate. Early
802.11 products suffered from interoperability problems because the
Institute of Electrical and Electronics Engineers (IEEE) had no provision
for testing equipment for compliance with its standards. Hence, Wi-Fi
Alliance’s main objective is to establish a single global standard for high-
speed wireless LANs and ensure interoperability among 802.11 devices.
Before 1999, Wi-Fi Alliance was known as Wireless Ethernet Compatibility
Alliance (WECA). It created a test-suite to certify interoperability for
802.11 products and launched the Wi-Fi CERTIFIED program in March of
2020. This program offers a renowned designation of quality and
interoperability, ensuring that certified products provide the best quality
and user experience.

Advantages and Disadvantages of IEEE 802.11

Architecture

There are some list of Advantages and Disadvantages of IEEE 802.11

Architecture are given below :

Advantages of IEEE 802.11 Architecture

 Fault Tolerance: The centralized architecture minimizes the
bottlenecks and introduces resilience in the WLAN equipment.
 Flexible Architecture: Supports both temporary smaller
networks and larger, more permanent ones.
 Prolonged Battery Life: Efficient power-saving protocols extend
mobile device battery life without compromising network
connections.

Disadvantages of IEEE 802.11 Architecture

 Noisy Channels: Due to reliance on radio waves, signals may
experience interference from nearby devices.
  Greater Bandwidth and Complexity: Due to necessary data
encryption and susceptibility to errors, WLANs need more
bandwidth than their wired counterparts.
 Speed: Generally, WLANs offer slower speeds compared to wired
LANs..

Applications of IEEE 802.11 Architecture

 Home Networking: Connecting devices, laptops, smart TVs,
speakers, gaming consoles etc.
 Wi-Fi Hotspots: Free or paid internet access to visitors in coffee
shops, hotels, airports, malls and restaurants.
 Connectivity in Campus: Provide internet access in university,
colleges, schools or corporate campuses.

Conclusion
IEEE 802.11, widely recognized as Wi-Fi, revolutionized wireless
communication by establishing protocols for WLANs. With an intricate
architecture supporting both localized and expansive networks, it ensures
seamless roaming and secure connections. Despite challenges like potential
interference and marginally slower speeds than wired networks, Wi-Fi’s
broad applications, from home setups to public hotspots, underscore its
transformative impact on modern connectivity, making it indispensable in
today’s digital age.
 Security Problems Addressed

 No MAC address spoofing: MAC address included

in bothMichael MIC and CCMP MAC.

 No replay: Each message has a sequence number (TSC in

TKIand PN in CCMP)

 No dictionary based key recovery: All keys are

computergenerated binary numbers

 No keystream recovery: Each key is used only once in

TKIP.

 No keystream in CCMP.

 No Weak Key Attack: Special byte in IV in TKIP

preventsweak keys. Also, keys are not reused.

 No rouge APs: Mutual authentication optional.

Some APsprovide certificates.

 Not Addressed: DoS attack using disassociation

ordeauthentication attack. Mgmt frames are still not

encrypted.
 Summary
1. Wireless networks and mobile devices are subject to more attacks than
wired network or static devices .

2. 802.11 LANs consist of Basic Service Areas connected via a wired

distribution system into an Extended Service Area.

3. 802.11 originally used Wired Equivalent Privacy (WEP) which used RC4
for encryption and CRC-32 for MAC. Both were trivial to attack.

4. TKIP or WPA provides per-packet key and 64-bit MIC using RC4.

5. RSN or WPA2 provides stronger encryption and authentication using AES.