WiFi refers to wireless local area network (WLAN) works based on IEEE 802.11 standard. It is a widely used technology for wireless communication across a radio channel.
● Personal computers, smartphones, video game console, etc. use WiFi to connect to the internet via a wireless network access point.
● Every network card has a physical static address known as MAC address. This address is unique, and the card manufacturer assigns it.
● This address is used between devices to identify each other and to transfer packets to the right place. Each packet has a source MAC and a destination MAC.
WEP
Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standards ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network. A Standard 64-bit WEP uses a 40-bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 key used for encryption. RC4 is a stream cipher; the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack.
WPA
WPA stands for Wi-Fi Protected Access and is a security technology for Wi-Fi networks. It was developed in response to the weaknesses of WEP (Wired Equivalent Privacy) and therefore improves on WEP's authentication and encryption features.
WPA provides stronger encryption than WEP through use of either of two standard technologies: Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES). WPA also includes built-in authentication support that WEP does not offer. Some implementations of WPA allow for WEP clients to connect to the network too, but the security is then reduced to WEP-levels for all connected devices.
WPA2
Short for Wi-Fi Protected Access 2, WPA2 is the security method added to WPA for wireless networks that provide stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. Based on the IEEE 802.11i standard, WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm and 802.1x-based authentication.
WPA3
WPA3 is the next generation of Wi-Fi security and provides cutting-edge security protocols to the market. Building on the widespread success and adoption of Wi-Fi CERTIFIED WPA2™, WPA3 adds new features to simplify Wi-Fi security, enable more robust authentication, deliver increased cryptographic strength for highly sensitive data markets, and maintain resiliency of mission-critical networks. All WPA3 networks
● Use the latest security methods
● Disallow outdated legacy protocols
● Require use of Protected Management Frames (PMF)
WPA3-Enterprise
WPA3-Enterprise. WPA3-Enterprise builds upon WPA2 and ensures the Enterprise, governments, and financial institutions have greater security with consistent application of security protocols across the network.
WPA3-Enterprise also offers an optional mode using 192-bit minimum-strength security protocols and cryptographic tools to better protect sensitive data:
● Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256)
● Key derivation and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384)
● Key establishment and authentication: Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) using a 384-bit elliptic curve
Finding Open WiFi Networks
War Walking - Attackers walk around with WiFi-enabled laptops to detect open wireless networks.
War Chalking - A method used to draw symbols in public places to advertise open WiFi networks.
War Flying - In this technique, attackers use drones to detect open wireless networks.
War Driving - Attackers drive around with WiFi-enabled laptops to detect open wireless networks.
Countermeasures
● Do not use WEP encryption, as it is easy to crack.
● Use WPA2 with a complex password, make sure the password contains small letters, capital letters, symbols and numbers
● Ensure that the WPS feature is disabled as it can be used to crack your complex WPA2 key by brute-forcing the easy WPS pin.
● Enable MAC address filtering on access point or router.
● Set default router access password and enable firewall protection.
● Personal computers, smartphones, video game console, etc. use WiFi to connect to the internet via a wireless network access point.
● Every network card has a physical static address known as MAC address. This address is unique, and the card manufacturer assigns it.
● This address is used between devices to identify each other and to transfer packets to the right place. Each packet has a source MAC and a destination MAC.
WEP
Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standards ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network. A Standard 64-bit WEP uses a 40-bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 key used for encryption. RC4 is a stream cipher; the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack.
WPA
WPA stands for Wi-Fi Protected Access and is a security technology for Wi-Fi networks. It was developed in response to the weaknesses of WEP (Wired Equivalent Privacy) and therefore improves on WEP's authentication and encryption features.
WPA provides stronger encryption than WEP through use of either of two standard technologies: Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES). WPA also includes built-in authentication support that WEP does not offer. Some implementations of WPA allow for WEP clients to connect to the network too, but the security is then reduced to WEP-levels for all connected devices.
WPA2
Short for Wi-Fi Protected Access 2, WPA2 is the security method added to WPA for wireless networks that provide stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. Based on the IEEE 802.11i standard, WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm and 802.1x-based authentication.
WPA3
WPA3 is the next generation of Wi-Fi security and provides cutting-edge security protocols to the market. Building on the widespread success and adoption of Wi-Fi CERTIFIED WPA2™, WPA3 adds new features to simplify Wi-Fi security, enable more robust authentication, deliver increased cryptographic strength for highly sensitive data markets, and maintain resiliency of mission-critical networks. All WPA3 networks
● Use the latest security methods
● Disallow outdated legacy protocols
● Require use of Protected Management Frames (PMF)
WPA3-Enterprise
WPA3-Enterprise. WPA3-Enterprise builds upon WPA2 and ensures the Enterprise, governments, and financial institutions have greater security with consistent application of security protocols across the network.
WPA3-Enterprise also offers an optional mode using 192-bit minimum-strength security protocols and cryptographic tools to better protect sensitive data:
● Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256)
● Key derivation and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384)
● Key establishment and authentication: Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) using a 384-bit elliptic curve
Finding Open WiFi Networks
War Walking - Attackers walk around with WiFi-enabled laptops to detect open wireless networks.
War Chalking - A method used to draw symbols in public places to advertise open WiFi networks.
War Flying - In this technique, attackers use drones to detect open wireless networks.
War Driving - Attackers drive around with WiFi-enabled laptops to detect open wireless networks.
Countermeasures
● Do not use WEP encryption, as it is easy to crack.
● Use WPA2 with a complex password, make sure the password contains small letters, capital letters, symbols and numbers
● Ensure that the WPS feature is disabled as it can be used to crack your complex WPA2 key by brute-forcing the easy WPS pin.
● Enable MAC address filtering on access point or router.
● Set default router access password and enable firewall protection.
No comments:
Post a Comment