Security Issues with Wireless LANs by Anthony Sequeira

In the days when dial-up modems were popular, malicious users could run a program on a computer to call all phone numbers in a certain number range. Phone numbers that answered with modem tone became targets for later attack. This type of reconnaissance was known as war dialing. A modern day variant of war dialing is war driving, where potentially malicious user drive around looking for unsecured WLANs. These users might be identifying unsecured WLANs for nefarious purposes or simply looking for free Internet access. Devices such as cell phones, laptops, tablets, and gaming and media devices could act as wireless clients as well as be used in a wireless attack because they have potential WiFi access to the network.

Other WLAN security threats include the following:

• War chalking: Once an open WLAN (that is, a WLAN whose SSID and authentication credentials are known) is found in a public place, a user might write a symbol on a wall (or some other nearby structure) to let others know the characteristics of the discovered network. This practice, which is a variant of the decades-old practice of hobos leaving symbols as messages to fellow hobos, is called war chalking.

• WEP and WPA security cracking: Various security standards are available for encrypting and authenticating a WLAN client with an AP. Two of the less secure standards are Wired Equivalent Privacy (WEP) and WiFi Protected Access (WPA). Although WPA is considered more secure than WEP, utilities are available on the Internet for cracking each of these approaches to wireless security. By collecting enough packets transmitted by a secure AP, these cracking utilities can use mathematical algorithms to determine the preshared key (PSK) configured on a wireless AP with which an associated wireless client must also be configured.

• Rogue access point: A malicious user may set up an AP called a rogue access point to which legitimates users can connect. The malicious user might then use a packet sniffer (which displays information about unencrypted traffic, including the traffic's data and header information) to eavesdrop on communications flowing through the rogue AP. To cause unsuspecting users to connect to the rogue AP, the malicious user could configure the AP with the same service set identifier (SSID) used by a legitimate AP. When a rogue AP is configured with the SSID of a legitimate AP, the rogue AP is commonly referred to as an evil twin.

Note: An SSID is a string of characters identifying a WLAN. APs participating in the same WLAN (that is, in a ESS) can be configured with identical SSIDs. An SSID shared amoung multiple APs is called an extended service set identifier (ESSID).

Approaches to WLAN Security

A WLAN that does not require authentication or provide encryption for wireless devices (for example, a publically available WLAN, such as the ones in many airports) is said to be open authentication. To protect such a WLAN's traffic from eavesdroppers, a variety of security standards and practices have been developed, including the following:

• MAC address filtering: An AP can be configured with a list of MAC addresses that are permitted to associate wit the AP. If a malicious user attempts to connect via a laptop whose MAC address is not on the list of trusted MAC addresses, that user is denied access. One drawback to MAC address filtering is the administrative overhead required to keep an approved list of MAC addresses up to date. Another issue with MAC address filtering is that a knowledgeable user could falsify the MAC address of a wireless network card, making a device appear to be approved.

• Disabling SSID broadcast: An SSID can be broadcast by an AP to let users know the name of the WLAN. For security purposes, an AP might be configured not to broadcast its SSID. However, knowledgeable users could still determine the SSID of an AP by examining captured packets.

• Preshared key: To encrypt between a wireless client and a AP (in addition to authenticating a wireless client with an AP), both the wireless client and the AP could be preconfigured with a matching string of characters (a PSK, as previously described). The PSK could be used as part of a mathematical algorithm to encrypt traffic, such that if an eavesdropper intercepted the encrypted traffic, they would not be able to decrypt the traffic without knowing the PSK. Although using a PSK can be effective in providing security for a small network (such as SOHO network), it lacks scalability. For example, in a large corporate environment, the compromise of a PSK would necessitate the reconfiguration of all devices configured with that PSK. WLAN security based on PSK technology is called Personal mode.

Note: The latest security approach (WPA3) running in Personal mode replaces the PSK approach with a more secure method of authentication called Simultaneous Authentication of Equals (SAE).

• IEEE 802.1X: Rather than having all devices in a WLAN configured with the same PSK, a more scalable approach is to require all wireless users to authenticate using their own credentials (for example, a username and password). Allowing users to have their own credentials prevents the compromising of one password from impacting the configuration of all wireless devices. IEEE 802.1X is a technology that allows wireless clients to authenticate with an authentication server - typically, a Remote Authentication Dial-In User Service (RADIUS) server.

Note: WLAN security based on IEEE 802.1X and a centralized authentication server such as RADIUS is called Enterprise mode.

About The Author

Anthony Sequeira, CCIE No. 15626, is a Cisco Certified Systems Instructor (CCSI) and author regarding all levels and tracks of Cisco Certification. Anthony formally began his career in the information technology industry in 1994 with IBM in Tampa, Florida. He quickly formed his own computer consultancy, Computer Solutions, and then discovered his true passion-teaching and writing about Microsoft and Cisco technologies. Anthony joined Mastering Computers in 1996 and lectured to massive audiences around the world about the latest in computer technologies. Mastering Computers became the revolutionary online training company, KnowledgeNet, and Anthony trained there for many years. Anthony is currently pursuing his second CCIE in the area of Security and is a full-time instructor for the next-generation of KnowledgeNet, Anthony is also a VMware Certified Professional.

CompTIA Network+ N10-008 Cert Guide contains proven study features that allow you to succeed on the exam the first time. Expert instructor Anthony Sequeira shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills, essential for successful completion of the performance-based testing items on the exam. This complete, CompTIA-approved study package includes the following:

A test-preparation routine proven to help you pass the exams
Clearly defined chapter learning objectives covering all N10-008 exam topics
Chapter-ending review questions and exam preparation exercises, which help you drill on key concepts you must know thoroughly
The powerful Pearson Test Prep practice test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
40 performance-based exercises to help you prepare for the hands-on exam questions
A free copy of the CompTIA Network+ N10-008 Simulator Lite software, complete with meaningful lab exercises that enhance your hands-on skills
More than 60 minutes of video mentoring
A final preparation chapter that guides you through tools and resources to help you craft your review and test taking strategies
An Exam Essentials appendix that quickly recaps all major chapter topics for easy reference, both in print and interactive digital format
A key terms Glossary in both print and on the companion website, which acts as an interactive flash-card application
Study plan suggestions and templates to help you organize and optimize your study time
A 10% exam discount voucher (a $33+ value!)

Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this approved study guide helps you master the concepts and techniques that ensure your exam success.

Master the topics on the CompTIA Network+ N10-008 exam, including:

Network topologies and media types
IP addressing
Network services
Data center architectures and cloud concepts
Routing, Ethernet switching, and wireless networking
Network availability and disaster recovery
Network security
Remote access
Network troubleshooting

Reader Paulo Cardoso says, "This is a great book. In addition, it comes with great additional resources."

Learn more about the CompTIA Network+ N10-008 Cert Guide at

Learn more at

More Network Security Articles:
• Overview of IPsec with IKEv1
• Firewall Rules
• Design a Network Security Policy
• Top Ways to Prevent Data Loss
• Domain Name System (DNS) Vulnerabilities
• Wireless Network Security
• The Basics of Network Security
• Man in the Middle Attack
• What is Cross Site Scripting?
• Types of DoS (Denial of Service) Attacks