The wireless networks have changed the way organizations work and offered a new range of possibilities, but at the same time they introduced new security threats. While an attacker needs physical access to a wired network in order to launch an attack, a wireless network allows anyone within its range to passively monitor the traffic or even start an attack. One of the countermeasures can be the use of Wireless Intrusion Prevention Systems. Keywords: Network security, IDS, IPS, wireless intrusion detection, wireless intrusion prevention.
his paper will focus on the WLAN networks security threats and their protection through wireless intrusion prevention systems. The Wireless Local Area Networks, or WLANs, are defined by the IEEE 802.11 families of standards. An 802.11 WLAN consist of stations (laptops, PDAs, mobile phones etc) and access points (or APs), which logically connect the stations with a distribution system (DS), typically the organization’s wired infrastructure. A WLAN can run in ad-hoc mode, without the use of APs, and involving a direct communication between stations and in infrastructure mode, in which case the station connects to a DS via the access point. The identification of stations and APs is made by the use of 48-bit MAC addresses.
The initial security standard introduced for
WLANs, called Wired Equivalent Privacy, or shortly WEP, is well-known for its security flaws. Introduced in 1999 as part of the 802.11b, its objective was to secure the wireless communication by using the symmetric encryption protocol RC4. However it took a short time for the WEP weaknesses to be discovered and attack tools to be freely available to the public (like AIRSnort and WEPCrack). For example, AirSnort can determine the encryption key in less than a second, provided that a sufficient number of packets have been gathered – usually in the range of 5 to 10 million. Even if the number appears quite big, on a busy WLAN this volume can be generated in a relatively short time. To address the issues with WEP, other newer protocols (like Wi-Fi Protected Access) were introduced, which offer a better protection, but still suffer from different security issues. The adoption of the WLANs in organizations introduced new specific threats for them, and as we will see in this paper some of these issues can be covered by using wireless intrusion prevention systems. The most important threats are presented below. Rogue access points - represent unauthorized access points and can be internal or external. The internal rogue AP is connected to the wired network by an unauthorized user (such as a regular employee), outside the control of the IT personnel. It can behave as a gateway for an attacker who can gain access to the network without the need to be physically inside the organization’s perimeter. Therefore the detection and the removal of such rogue access points must be considered a critical aspect. It can be noted that this threat can affect also organizations which do not use WLAN networks in their activity. The external rogue access point is not connected to the wired organization’s intranet, but emulates a legitimate access point of the network. For example, the attacker can set the rogue access point’s SSID to the same SSID like the legitimate AP, and then increase significantly the signal of the rogue AP. Its purpose is to trick the WLAN clients by connecting to this rogue AP instead of the legitimate AP, since the clients will normally try to connect to the AP with the strongest signal available and to cause the client association to the rogue AP, making it possible to launch other attacks (obtaining user credentials via spoofed web pages etc). MAC addresses spoofing. An access point can be configured so that it keeps a list of the legitimate client stations by MAC address. The attacker has the option of compromising such a client, or by spoofing with a legitimate...