WLAN Threats
Wireless Security Overview
Aw we all know, a WLAN is open to anyone within its range and the proper credentials to associate to it. With a simple wireless network card and some hacking techniques, an actor may not have to physically enter the building to gain access to a WLAN.
WLANS are susceptible to multiple threats, like for example:
| Data Interception |
| All Wireless data should always be encrypted to prevent access to eavesdroppers. |
| Wireless Intruders |
| Unauthorized users can be denied access by effective authentication techniques. |
| DoS Attacks |
| Multiple solutions exist depending on the source of the DoS Attack. |
| Rogue Access Points |
| Unauthorized APs installed by either a threat actor by a well-intentioned user can be detected and blocked using specialized management software. |
DoS Attacks
Wireless Dos Attacks can come from:
| Improperly Configured Devices |
| If devices are improperly configured, such devices can disable the WLAN completely. A network admin can change a configuration and disable the network accidentally. An intruder with administrator privileges can also disable a WLAN. |
| An Actor interfering with wireless communication on purpose |
| Threat Actors can either disable the WLAN entirely or deny access to legitimate devices from accessing the medium. |
| Accidental Interference |
| WLANs, especially 2.4GHz are really vulnerable to interference from other wireless devices like for example Cordless phones and Microwave ovens. |
Rogue Access Points
A rogue Access Points is simply an AP or a Wireless Router that has been connected to the corporate network without any authorization. As long as a person has access to the premises, even a simple inexpensive wireless router will allow access to secure network resources.
Once connected, the rogue AP can be used by a threat actor to capture MAC Addresses, data packets and gain access to network resources. A threat actor will also be able to trigger a Man in the Middle Attack.
To prevent the installation of rogue APs, the organization must configure WLCs with Rogue AP policies.
Man in the Middle Attack
By the term “Man in the Middle”, we understand that the threat actor is positioned in between two legit entities in order to read, modify or scrub the data that passes between the two legit entities.
One of the most popular wireless MITM attacks is known as the “Evil Twin AP“. This is when a threat actor installs a Rogue AP and configures it with the same SSID to look like a legit Access Point. Such an attack is popular at locations offering free WiFI such as cafes, airports, restaurants, and other public locations since they usually opt for open authentication.
Clients attempting to connect to a WLAN will obviously see two APs listed with the same SSID. Those persons near the Rogue AP of course decides to associate with it since it offers a much stronger signal. Their traffic will be then sent to the Rogue AP, which in turn captures the data, and forwards it to the legit AP. Afterward, the traffic returning from the legit AP is sent to the Rogue AP, captured, and forwarded to the unsuspecting user. in such a way, the threat actor will be able to sniff user’s data including passwords and other personal information, gain access to their devices and eventually even compromise them.
To counter MITM Attacks, it totally depends on how the WLAN infrastructure is configured and how well monitored it is. The process to mitigate an MITM attack begins with identifying legit devices on the WLAN. After all of the legit devices are known, the network can be easily monitored for unusual devices and/or data traffic.