[cs615asa] [CS615] Meetup Notes for a webinar on wifi security

[Dongming Ma]

- Topic: Security of Wi-Fi
- Brief Summary: This webinar starts by introducing the very basic concepts
of wifi. Including the underlayer physical concepts such as how the signals
get transferred in the air, how antennas works, and the spectrum of light.
They also mentioned why wifi sucks sometimes. Then the security part
begins:
1. They introduced some of the common wi-fi encryption strategies such as
WEP and WPA family. Then it seems they powered up a fresh-out-of-the-box
router and...
2. Their lab environment crashed and downed for 5 minutes. lol.
3. They used some kind of spectrum analyzer to show how crowded the
wireless environment is around us and how easy it is to target wifi.
4. They bring up some tools for bringing up the wi-fi interface such as
ipconfig and ifup.
5. After entering the admin console(it's dd-wrt) of the router, they
explain the meaning and role of many configs and why they are relevant to
security.
6. Then the event was over. They started to sell their courses.
- How it related to this class: Managing WLANs is part of sysadmin's daily
work.
- Why I chose it: Because, as it happens, our class does not cover this
part.
- What I learned:
After all, it's only an intro level, so I didn't learn anything new from
it. But I did delve a bit into some of the topics:
1. The presenter said that wired is more reliable than wireless because it
is basically impossible to eavesdrop. This is not really true. Remember
room 641A? There are all kinds of pickup devices for eavesdropping purposes.
2. There are 2 main types of encryption: Wi-Fi Protected Access (WPA) and
Wired Equivalent Privacy (WEP). WPA2 is the most widely used, but this
standard is over a decade old, and it is already susceptible to serious
security vulnerabilities like 2017's KRACK attack. If you are planning to
buy a new router, give priority to the ones that have "WPA3" on the box.
Besides, keep your router's firmware up-to-date.
3. SSID:
In theory, one would think that not broadcasting SSID would make it more
difficult for a hacker to access the network. But in practice, hiding the
SSID makes no difference whatsoever to the security of your network. In
fact, it can create more problems than it solves. Here’s why:
a) Any hacker with a simple network sniffing tool can find out your SSID in
seconds, even if you are not broadcasting it.
b) Your Wi-Fi router publicizes the SSID in the beacon. However, the SSID
and network information also get contained within the data packets. This
process occurs so that the router knows where to send the packets when
transmitted. So, stopping the SSID broadcast does not prevent transmission
of your network data as the router needs it to deliver traffic between
devices.
c) Some legacy computers may have trouble finding and holding networks
without an SSID.
4. If network speeds drop significantly for no reason, look to see if an
unfamiliar device is connecting to your router. Most routers' interface
provides such functionality.
5. WISD(Wireless Intrusion Detection Systems): CISA(Cybersecurity and
Infrastructure Security Agency) advises that businesses apply WISD to
create and enforce wireless security by monitoring, detecting, and
mitigating potential risks.
If an employee (trusted entity) in a location brings in an easily available
wireless router, the entire network can be exposed to anyone within range
of the signals.
WIDS monitors the radio spectrum for the presence of unauthorized, rogue
access points and the use of wireless attack tools. The system monitors the
radio spectrum used by wireless LANs, and immediately alerts a systems
administrator whenever a rogue access point is detected. Conventionally it
is achieved by comparing the MAC address of the participating wireless
devices.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20210506/3bd17986/attachment-0001.html>