Wireless Computing
[an error occurred while processing this directive]

Introduction to Wireless

Wireless Technologies

Interference

Network Security

Glossary

Bibliography


Valid XHTML 1.0!

Network Security Basics

Security Basics - 802.11 - 802.11 Solutions - Bluetooth

Security needs

  1. Authentication: Authentication is the process by which a client device must prove its identity to the access point (AP) before access to the rest of the network is granted. This ensures that only authorized users are permitted to access the network.
  2. Integrity: The integrity of the information is the means by which the receiving end of the data transmission can verify that the data has not been modified en route between the client device and the AP.
  3. Confidentiality: The goal of confidentiality is to protect data transmitted over the network from being viewed by unintended recipients. Thus “eavesdroppers” over the network should not be able to actually decode the data that they might gain access to.

Common security attacks:

  • Eavesdropping is considered a passive form of attack, as it merely consists of tapping into the network and gathering information without modifying data or making changes. Utilities to make it easy for attackers to accomplish this are readily available, and coupled with WEP’s encryption weaknesses, it is a relatively easy task for attackers to intercept sensitive data and decrypt it.
  • Traffic analysis is another form of the passive attack, where the attacker is merely observing the patterns of the data coming through the network and monitoring the flow of communication.
  • Insertion attacks occur when attackers configure a device to gain unauthorized access to a network. This can be done in two ways: by inserting an unauthorized client device or an unauthorized base station, which could then allow intruders more easily into the rest of the network.
  • Man-in-the-middle attacks confuse a transmission between an access point and a client device by fooling each side into thinking that it is communicating directly with the other side, when in reality, all of the data is being run through the attacker’s computer first. A common example of this is when an attacker succeeds in intercepting network packets, is able to modify them, and then puts them back into the network without the receiving end realizing that the integrity of the data has been compromised.
  • Brute-force password attacks are attempts to gain access to a network by using a dictionary and repeatedly testing passwords to try to break through the password authentication process.
  • Hijacking the session occurs when an attacker is able to intersperse false traffic in with a legitimate user’s traffic, thereby gaining control of the session.
  • Denial of service attacks do not actually give network access to the attacker; instead, the attacker prevents the network from providing legitimate service to all its users. The attacker can achieve this by overloading the network’s resources to disrupt its regular activities.

Top of page