9th WSEAS Int. Conf.

on MATHEMATICS & COMPUTERS IN BUSINESS AND ECONOMICS (MCBE '08), Bucharest, Romania, June 24-26, 2008

Wireless Networks Auditing

FLOAREA NASTASE
PAVEL NASTASE
Department: Management Information Systems
University: Academy of Economic Studies
Address: Bucuresti, Piata Romana, nr. 6, Sector 1, 010374, OP 22
COUNTRY: ROMANIA

Abstract: Wireless networking increases the flexibility in the home, work place and community to connect to
the Internet without being tied to a single location. Home users have embraced wireless technology and
businesses see it as having a great impact on their operational efficiency. However undeniable the benefits of
wireless networking are, there are additional risks that do not exist in wired networks. It is imperative that
adequate assessment and management of risk is undertaken by businesses and home users. In this paper we
have discussed some of the key concerns surrounding the security of wireless networks. We tray to analyse
some aspects concerning the audit process in order to increase the reliability, availability and security when
using wireless networks.

Keywords: security, WEP, WLAN, WPA, risk assessment, risk management, threat analysis.

1 Introduction can be mobile yet retain high-speed, real-time access

The wireless computing refers to the ability of to the enterprise LAN and network resources;
computing devices to communicate in a form to
establish a local area network without cabling Rapid Installation. The time required for installation
infrastructure (wireless), and involves those is reduced because network connections can be
technologies converging around IEEE 802.11x and made without moving or adding wires or pulling
other wireless standards and radio band services them through walls or ceilings, or making
used by mobile devices. modifications to the infrastructure cable plan. For
example, WLANs are often cited as making LAN
The mobile computing extends this concept to installations possible in buildings that are subject to
devices that enable new kinds of applications and historic preservation rules;
expand an enterprise network to reach places in
circumstances that could never have been done by Flexibility and increased productivity - Enterprises
other means. It is comprised of PDAs (personal can also enjoy the flexibility of installing and
digital assistants), cellular phones, laptops and other removing WLANs in locations as necessary. Users
mobile and mobile-enabled technologies [1] . can quickly install a small WLAN for temporary
needs such as a conference, meeting, or Continuity
Wireless nerworks including the wireless computing of Operations (COOP) activities. Users connected to
and the mobile computing offer (organizations) a wireless network can maintain a nearly constant
business and users many benefits, such as affiliation with their desired network as they move
portability, flexibility, increased productivity, and from place to place. For a business, this implies that
lower installation costs. Wireless technologies cover an employee can potentially be more productive as
a broad range of differing capabilities oriented his or her work can be accomplished from any
toward different uses and needs. convenient location;

Scalability. WLAN network topologies can easily be

2 Advantages of Wireless Nerworks configured to meet specific application and
Wireless nerworks offer users and organizations a
installation needs and to scale from small peer-to-
number of advantages, including:
peer networks to very large enterprise networks that
User Mobility. Users can access files, network
enable roaming over a broad area;
resources, and the Internet without having to
physically connect to the network with wires. Users

ISBN: 978-960-6766-76-3 85 ISSN 1790-5109

9th WSEAS Int. Conf. on MATHEMATICS & COMPUTERS IN BUSINESS AND ECONOMICS (MCBE '08), Bucharest, Romania, June 24-26, 2008

Convenience - The wireless nature of such networks (PDA), mobile phones, and other consumer
allows users to access network resources from electronic devices with wireless capabilities.
nearly any convenient location within their primary - Access Point (AP) connects STAs with a
networking environment (home or office). With the distribution system (DS), which is typically an
increasing saturation of laptop-style computers, this organization’s wired infrastructure. APs can also
is particularly relevant; logically connect wireless STAs with each other
without accessing a distribution system.
Deployment - Initial setup of an infrastructure-based
wireless network requires little more than a single In practice, a STA is authenticated to an AP simply
access point. Wired networks, on the other hand, by providing the following information:
have the additional cost and complexity of actual - Service Set Identifier (SSID) for the AP. The SSID
physical cables being run to numerous locations is a name assigned to a WLAN; it allows STAs to
(which can even be impossible for hard-to-reach distinguish one WLAN from another. SSIDs are
locations within a building); broadcast in plaintext in wireless communications,
so an eavesdropper can easily learn the SSID for a
Expandability - Wireless networks can serve a WLAN. However, the SSID is not an access control
suddenly-increased number of clients with the feature, and was never intended to be used for that
existing equipment. In a wired network, additional purpose.
clients would require additional wiring; - Media Access Control (MAC) address for the STA.
A MAC address is a unique 48-bit value that is
Cost - Wireless networking hardware is at worst a assigned to a particular wireless network interface
modest increase from wired counterparts. This by the network card’s vendor. Many
potentially increased cost is almost always more implementations of IEEE 802.11 allow
than outweighed by the savings in cost and labor administrators to specify a list of authorized MAC
associated to running physical cables. Wi-Fi chipset addresses; the AP will permit devices with those
pricing continues to come down, making Wi-Fi a MAC addresses only to use the WLAN. This is
very economical networking option and driving known as MAC address filtering. However, since
inclusion of Wi-Fi in an ever-widening array of the MAC address is not encrypted, it is simple to
devices. intercept traffic and identify MAC addresses that are
allowed past the MAC filter. Unfortunately, almost
The disadvantages of wireless nerworks include: no all WLAN adapters allow applications to set the
physical control over network connections, weak MAC address, so it is relatively trivial to spoof a
built-in security measures, security complacency, MAC address, meaning attackers can gain
unmonitored, untrusted connection to network core. unauthorized access easily.

Using this advantages wireless nerworks are now There are many types of wireless networking [3]:
becoming a viable alternative to traditional wired - A Wireless personal area network (WPAN) is a
solutions in some cases. For example, hospitals, small-scale wireless network that require little or no
universities, airports, hotels, and retail shops are infrastructure and typically used by a few devices in
using wireless technologies to conduct daily a single room instead of connecting the devices with
business operations. In the same time for a given cables. The common WPAN technologies are: IEEE
networking situation, wireless nerworks may not be 802.15.1 (Bluetooth), IEEE 802.15.3 (High-Rate
desirable for a number of reasons. Ultrawideband; WiMedia, Wireless USB) and IEEE
802.15.4 (Low-Rate Ultrawideband; ZigBee).
- The Wireless local area networks (WLAN) are
2 Wireless Netorks Architecture groups of wireless networking nodes within a
Although there are a number of wireless limited geographic area, such as an office building
technologies and devices available on the market, or building campus, that are capable of radio
the wireless networks include two fundamental communications. WLANs are usually implemented
components: as extensions to existing wired local area networks
- Station (STA) is a wireless endpoint device (client to provide enhanced user mobility and network
devices or base station); typical examples of STAs access. The common WLAN standards are IEEE
are laptop computers, personal digital assistants 802.11, also known as Wireless Fidelity (Wi-Fi) and
High Performance Radio Local Area Network
(HIPERLAN).

ISBN: 978-960-6766-76-3 86 ISSN 1790-5109

9th WSEAS Int. Conf. on MATHEMATICS & COMPUTERS IN BUSINESS AND ECONOMICS (MCBE '08), Bucharest, Romania, June 24-26, 2008

- The Wireless metropolitan area networks organization’s wired LANs and external networks,
(WMAN) can provide connectivity to users located such as the Internet.
in multiple facilities generally within a few miles of
each other. Many WMAN implementations provide
wireless broadband access to customers in
metropolitan areas. The most commonly used
standard for WMANs is IEEE 802.16, better known
as World Interoperability for Microwave Access
(WiMAX).
- The Wireless wide area networks (WWAN)
connect individuals and devices over large
geographic areas. WWANs are typically used for Fig. 2 Wireless network
cellular voice and data communications, as well as infrastructure topology (source:[3])
satellite communications.

There are two types of general wireless network 3 Risks Analysis in Wireless Netorks
topologies, infrastructure and ad hoc. Infrastructure The increasing use of wireless technology and the
based networks encompass WLANs, cellular proliferation of new portable devices with Internet
networks, and other network types. These types of browsing capabilities expand the physical frontiers
networks require the use of an infrastructure device, of organisations and requires the IS auditor to
an AP for example, to facilitate communication understand this technology to identify the associated
between client devices. Ad hoc networks are risks.
designed to dynamically connect devices such as
cell phones, laptops, and PDAs to each other Specific threats and vulnerabilities to wireless
without the use of any infrastructure devices (fig. 1). networks include the following:
These networks are termed ad hoc or peer-to-peer - All the vulnerabilities that exist in a conventional
(P2P) because of the network’s dynamic topology. wired network apply to wireless technologies.
Whereas infrastructure networks use a fixed network - Malicious entities may gain unauthorized access to
infrastructure, ad hoc networks maintain dynamic an organization’s computer network through
network configurations, relying on peer devices to wireless connections, bypassing any firewall
manage network communication; no infrastructure- protections.
based devices are involved in the network. - Sensitive information that is transmitted without
being encrypted (or that is encrypted with weak
cryptographic techniques) may be intercepted and
disclosed.
- DoS attacks may be directed at wireless
connections or devices.
- Malicious entities may steal the identity of
legitimate users and masquerade as them on internal
or external corporate networks.
- Malicious entities may be able to violate the
privacy of legitimate users and be able to track their
movements.
- Malicious entities may deploy unauthorized
Fig. 1 Wireless network ad hoc equipment (e.g., client devices and access points) to
topology (source:[3]) surreptitiously gain access to sensitive information.
- Malware may corrupt data on a wireless device
In infrastructure topology, an IEEE 802.11 WLAN and subsequently be introduced to a wired network
comprises one or more Basic Service Sets (BSS), the connection.
basic building blocks of a WLAN (fig. 2). A BSS - Malicious entities may, through wireless
includes an AP and one or more STAs. The AP in a connections, connect to other organizations for the
BSS connects the STAs to the DS. The DS is the purposes of launching attacks and concealing their
means by which STAs can communicate with an activities.

ISBN: 978-960-6766-76-3 87 ISSN 1790-5109

9th WSEAS Int. Conf. on MATHEMATICS & COMPUTERS IN BUSINESS AND ECONOMICS (MCBE '08), Bucharest, Romania, June 24-26, 2008

- Interlopers, from inside or out, may be able to gain secure transaction (i.e., confirms that both the device
connectivity to network management controls and and the user are authorised agents). Two-factor
thereby disable or disrupt operations. authentication is used to deny network access from
- Malicious entities may use rogue wireless stolen or lost devices.
networks deployed within an organization to gain - Data integrity - Involves the detection of any
access to the organization’s network resources. change to the content of a message during the
- Internal and client device-based attacks may be transmission or while stored on the mobile device
possible via ad hoc transmissions. - Nonrepudiation - A system to prevent users from
denying they processed a transaction.
The major vulnerabilities result from the users of Nonrepudiation requires a successful user
wireless technologies not addressing the following: authentication, and establishes a credible and legally
- Reliance on WEP(Wired Equivalent Privacy) for enforceable record of the user that originated a
encryption; transaction.
- Wireless networks not being segregated from - Confidentiality and encryption - Involves
other networks; transformation of data using algorithms to avoid
- Descriptive SSID or AP names being used; unauthorised users or devices that could eventually
- Hard-coded MAC addresses; read and understand it. Encryption technologies rely
- Weak or nonexistent key management; on keys to encode and decipher pieces of data during
- Beacon packets that have not been disabled or are transmission. Procedures for key distribution and
“enabled”; safekeeping should also be considered.
- Distributed APs; - Unauthorised use of equipment and
- Default passwords/IP addresses; communications, including the risk of using
- WEP weak key avoidance; unauthorised access to the Internet to break into a
- DHCP being used on WLANs; third-party’s networks (subjecting the entity to
- Unprotected rogue access points; potential legal liability)

Wireless technologies typically need to support the

most common security objectives: confidentiality, 4 Auditing Process
integrity, availability and access control. Auditing are an essential for checking the security
Understanding the value of organizational assets and of a wireless network using wireless network
the level of protection required is likely to enable analyzers and other tools and for determining
more cost-effective wireless solutions that provide corrective action. According to the objectives and
an appropriate level of security. Once the risk scope of the audit, prezented in ISACA IS
assessment is complete, the organization can begin Standards, Guidelines and Procedures for Auditing
planning and implementing the measures that it will and Control Professionals, the IS auditor should
put in place to safeguard its systems and lower its include in the review security areas, such as:
security risks to a manageable level. The - Communications (covering risks such as sniffing
organization should periodically reassess the and denial-of-service, and protocols such as
policies and measures that it puts in place because encryption technologies and fault tolerance);
computer technologies and malicious threats are - Network architecture;
continually changing. - Virtual private networks;
- Application delivery;
The risk analysis include: - Security architecture and security awareness;
- Privacy - An important component when sensitive - User and session administration (covering risk
information (such as, credit card numbers, financial such as spoofing, loss of integrity of data);
details and patient records) is transmitted. Privacy - Physical security;
protocols and related procedures are very important - Public key infrastructure;
as wireless transmissions cannot be protected from - Backup and recovery procedures;
hacker access by other means (such as physical - Operations (such as incident response and back-
access controls). office processing);
- Authentication - Can be ensured by using a token - Security software (such as IDS, firewall and
or certificate that can be verified by a recognised antivirus);
certification authority (CA) - Business contingency planning.
- Two-factor authentication - Used to verify both the
device and the identity of the end user during a

ISBN: 978-960-6766-76-3 88 ISSN 1790-5109

9th WSEAS Int. Conf. on MATHEMATICS & COMPUTERS IN BUSINESS AND ECONOMICS (MCBE '08), Bucharest, Romania, June 24-26, 2008

Commonly used types of security controls for security testing. NIST Special Publication 800-40
wireless networks are as follows: provides guidance on patch and vulnerability
- Encryption of communications. Using management.
cryptography to encrypt wireless communications
prevents exposure of data through eavesdropping. In addition to these controls, organizations need to
- Cryptographic hashes for communications. create a wireless network security policy that
Calculating cryptographic hashes for wireless addresses each type of wireless network technology
communications allows the device receiving the of interest. The policy should identify such things as
communications to verify that the received who may or may not use the technology, who may
communications have not been altered in transit, install equipment, where the technology may be
either intentionally or unintentionally. This prevents used, what the physical security requirements are for
masquerading and message modification attacks. the technology, what types of information may or
- Device authentication and data origin may not be sent and received through the
authentication. Authenticating wireless endpoints to technology, how security incidents should be
each other prevents man-in-the-middle attacks and reported, how wireless devices should be protected,
masquerading. how transmissions should be protected (e.g.,
- Replay protection. There are several options to encryption requirements), and how often the security
implement the detection of message replay, of the implementation should be assessed.
including adding incrementing counters, Organizations also need to ensure that all critical
timestamps, and other temporal data to personnel are properly trained on the use of the
communications. wireless technology. Network administrators need to
- Physical security. Limiting physical access within be fully aware of the security risks that the networks
the range of the wireless network prevents some and associated devices pose, and they need to know
jamming and flooding attacks. what steps to take in the event of an incident. Users
- Wireless intrusion detection and prevention also need to be aware of their responsibilities.
systems (IDPS). Wireless IDPSs have the ability to
detect misconfigured devices and rogue devices, and
detect and possibly stop certain types of attacks. 5 Tools for Auditing
Wireless IDPSs are most commonly used for IEEE BlueAuditor is a private area network auditor and
802.11a/b/g WLANs, but they are also available for easy-to-use program for detecting and monitoring
Bluetooth networks, and they can also detect rogue Bluetooth devices in a wireless network. It can
networks that use uncommon frequencies, such as discover and track any Bluetooth device within a
those used in other countries, in an attempt to avoid distance between 1 and 100 meters and display key
detection. information about each device being detected as
well as the services device provided. With the
An assessment procedure in the audit process growing popularity of the Bluetooth technology,
consists in a set of assessment objectives, each with BlueAuditor will enable network administrators to
an associated set of assessment methods and effectively audit their wireless networks against
assessment objects [4]. An assessment objective security vulnerabilities associated with the use of
includes a set of determination statements related to Bluetooth devices. BlueAuditor enables the user to
the particular security control under assessment. save the data of the detected Bluetooth devices in an
.xml file and supports the most Microsoft Bluetooth
For example, the organization scans for drivers available on the market. All the mentioned
vulnerabilities in the information system or when features are provided with a user friendly graphical
significant new vulnerabilities potentially affecting interface.
the system are identified and reported. Vulnerability
scanning is conducted using appropriate scanning NetStumbler (also known as Network Stumbler) is a
tools and techniques. Vulnerability scans are tool for Windows that facilitates detection of
scheduled in accordance with organizational policy Wireless LANs using the 802.11b, 802.11a and
and assessment of risk. The information obtained 802.11g WLAN standards. It runs on Microsoft
from the vulnerability scanning process is freely Windows operating systems from Windows 98 on
shared with appropriate personnel throughout the up to Windows Vista (under compatibility mode). A
organization to help eliminate similar vulnerabilities trimmed-down version called MiniStumbler is
in other information systems. NIST Special available for the handheld Windows CE operating
Publication 800-42 provides guidance on network

ISBN: 978-960-6766-76-3 89 ISSN 1790-5109

9th WSEAS Int. Conf. on MATHEMATICS & COMPUTERS IN BUSINESS AND ECONOMICS (MCBE '08), Bucharest, Romania, June 24-26, 2008

system. The program is commonly used for: Bluetooth (DRAFT), NIST Special Publication
wardriving, verifying network configurations, 800-48r1, 2007
finding locations with poor coverage in a WLAN, [4] Ron Ross, Arnold Johnson, Stu Katzke, Patricia
detecting causes of wireless interference, detecting Toth, Gary Stoneburner, George Rogers, Guide
unauthorized ("rogue") access points, aiming for Assessing the Security Controls in Federal
directional antennas for long-haul WLAN links. Information Systems, NIST Special Publication
800-53A, 2007
[5] Năstase Floarea, Năstase Pavel, Risk
6 Conclusion Management for e-Business, Informatics in
The audit review process provides the closed-loop Knowledge Society, The Eigth International
cycle of continuous improvement that is necessary Conference on Informatics in Economy, ASE
in today’s wireless applications. Auditors must Publishing House, Bucharest, pp. 222-227, 2007,
understand that the solution is not a quick fix and ISBN 978-973-594-921-1
will build over time with the awareness of all [6] Năstase Floarea, Năstase Pavel, Security
employees and the unfettered support of Controls to Protect Information Systems,
management. One should not forget that auditors Proceedings of the 3rd International Conference
provide assurance to various stakeholders, and - Economy and Transformation Management,
client management is one significant stakeholder. Editura Universităţii de Vest, Timişoara, pp.
While wireless networks provide a great number of 826-834, 2006, ISBN 1842-4880
advantages such as: mobility, rapid installation, [7] Năstase Pavel, Năstase Floarea, Şova Robert, IT
flexibility and increased productivity, scalability, Audit Trends within Framework of Balkan
expandability, they also are a source of additional Countries, The Balkan Countries’ 1st
risk exposures. International Conference on Accounting and
Auditing (BCAA), 8-9 March 2007, Edirne -
Strong authentication, wireless intrusion detection Turkey, pp. 41-51, ISBN 978-975-0960-0-2
and prevention systems procedures are likely to keep
intruders out of a system. In the event that
unauthorized users enter the network, compromising
confidential data would be a serious concern for the
organization. The best protection against this
exposure can be obtained using encryption
technology. Several affordable tools are available to
the auditor to verify accessibility of wireless
networks and whether encryption is used in data
transmission.

In looking for assurances in wireless network

security, the auditor should take a defense-in-depth
approach. For example, to the extent possible, the
wireless network should be isolated from other
networks, and the resources (including data)
available to it should be restricted to what is
absolutely required.

References:
[1] http://www.isaca.org, IS Standards, Guidelines
and Procedures for Auditing and Control
Professionals, ISACA, 2008
[2] Pauline Bowen, Joan Hash, Mark Wilson, Nadya
Bartol, Gina Jamaldinian, Information Security
Handbook: A Guide for Managers, NIST, 2006
[3] Karen Scarfone, Derrick Dicoi, Wireless
Network Security for IEEE 802.11a/b/g and

ISBN: 978-960-6766-76-3 90 ISSN 1790-5109