WIRELESS NETWORK

S.Dhandayuthapani,First MCA, Excel Business

school,Komarapalayam.

Introduction: or as a connection between various

equipmentlocations. Wireless
Wireless network refers to any telecommunications networks are
type of computer network that is not generally implemented and
connected by cables of any kind. It is administered using a transmission
a method by which system called Radio waves. This
telecommunications networks and implementation takes place at the
enterpise (business), installations physical level, (layer), of the network
avoid the costly process of structure.
introducing cables into to a building,

Types of Wireless network: A wireless local area network

Wireless PAN (WLAN) links two or more devices
This implementation takes using a wireless distribution method,
place at the physical level, (layer), of providing a connection through an
access point to the wider internet. The
the network structure. Bluetooth radio
use of spread-spectrum or OFDM
and invisible Infrared light provides a
technologies also gives users the
WPAN for interconnecting a headset
mobility to move around within a
to a laptop. ZigBee also supports local coverage area, and still remain
WPAN applications. Wi-Fi PANs are connected to the network.
becoming commonplace (2010) as
equipment designers start to integrate  Wi-Fi: "Wi-Fi" is a term used
Wi-Fi into a variety of consumer to describe 802.11 WLANs,
electronic devices. Intel "My WiFi" although it is technically a
and Windows 7 "virtual Wi-Fi" declared standard of
capabilities have made Wi-Fi PANs interoperability between 802.11
simpler and easier to set up and devices.
configure.  Fixed Wireless Data: This
Wireless LAN implements point to point links
 between computers or networks wireless wide area networks are
at two distant locations, often wireless networks that typically cover
using dedicated microwave or large outdoor areas. These networks
modulated laser light beams can be used to connect branch offices
over line of sight paths. It is of business or as a public internet
often used in cities to connect access system. They are usually
networks in two or more deployed on the 2.4 GHz band. A
buildings without installing a typical system contains base station
wired link. gateways, access points and wireless
bridging relays. Other configurations
Wireless MAN are mesh systems where each access
point acts as a relay also. When
Wireless Metropolitan Area combined with renewable energy
Networks are a type of wireless systems such as photo-voltaic solar
network that connects several panels or wind systems they can be
Wireless LANs. stand alone systems.

 WiMAX is a type of Wireless Mobile devices networks

MAN and is described by the Further information: mobile
IEEE 802.16 standard telecommunications

With the development of smart

phones, cellular telephone networks
Wireless WAN routinely carry data in addition to
telephone conversations:

 Global System for Mobile

Communications (GSM): The GSM
network is divided into three major
systems: the switching system, the
base station system, and the
operation and support system. The
cell phone connects to the base
system station which then connects
to the operation and support station;
it then connects to the switching
station where the call is transferred
to where it needs to go. GSM is the
most common standard and is used
for a majority of cell phones.[6]
  Personal Communications mesh network to provide Wi-Fi
Service (PCS): PCS is a radio access to the internet
band that can be used by  WISP: A mesh that forwards all
mobile phones in North traffic back to consolidated link
America and South Asia. Sprint aggregation point(s) that have
happened to be the first service centralized access to the
to set up a PCS. internet
 D-AMPS: Digital Advanced  WUG: A wireless user group
Mobile Phone Service, an run by wireless enthusiasts. An
upgraded version of AMPS, is open network not used for the
being phased out due to reselling of internet. Running a
advancement in technology. combination of various off the
The newer GSM networks are shelf WIFI hardware running in
replacing the older system. the license free ISM bands
2.4 GHz/5.8 GHz
Wireless community network
Wireless access point:
Wireless community
networks or wireless community In computer networking,
projects are the organizations that a wireless access point (WAP)
attempt to take a grassroots approach is a device which allows
to providing a viable alternative to wireless devices to connect to a
municipal wireless networks for wired network using Wi-Fi,
consumers. Bluetooth or related standards.
The WAP usually connects to a
Because of evolving technology and router (via a wired network),
locales, there are at least four different and can relay data between the
types of solution: wireless devices (such as
computers or printers) and
 Cluster: Advocacy groups wired devices on the network.
which simply encourage
sharing of unmetered internet Industrial grade WAPs are rugged,
bandwidth via Wi-Fi, may also with a metal cover and a DIN rail
index nodes, suggest uniform mount. During operations they can
SSID (for low-quality tolerate a wider temperature range,
roaming), supply equipment, high humidity and exposure to water,
dns services, etc. dust, and oil. Wireless security
 Mesh: Technology groups includes: WPA-PSK, WPA2, IEEE
which coordinate building a 802.1x/RADIUS, WDS, WEP, TKIP,
and CCMP (AES) encryption. Unlike
home consumer models, industrial require an access point. Due to its
wireless access points can also act as peer-to-peer layout, Ad Hoc
a bridge, router, or a client. connections are similar to Bluetooth
ones and are generally not
Common WAP Applications: recommended for a permanent
installation.
A typical corporate use
involves attaching several WAPs to a Internet access via Ad Hoc
wired network and then providing networks, using features like
wireless access to the office LAN. Windows' Internet Connection
The wireless access points are Sharing, may work well with a small
managed by a WLAN Controller number of devices that are close to
which handles automatic adjustments each other, but Ad Hoc networks don't
to RF power, channels, authentication, scale well. Internet traffic will
and security. Further, controllers can converge to the nodes with direct
be combined to form a wireless internet connection, potentially
mobility group to allow inter- congesting these nodes. For internet-
controller roaming. The controllers enabled nodes, Access Points have a
can be part of a mobility domain to clear advantage, with the possibility
allow clients access throughout large of having multiple access points
or regional office locations. This connected by a wired LAN.
saves the clients time and
administrators overhead because it Wireless security is the prevention of
can automatically re-associate or re- unauthorized access or damage to
authenticate. computers using wireless networks.
Wireless Access Point vs. Ad Wireless networks are very
Hoc Network: common, both for organizations and
individuals. Many laptop computers
Some people confuse Wireless have wireless cards pre-installed. The
Access Points with Wireless Ad Hoc ability to enter a network while
networks. An Ad Hoc network uses a mobile has great benefits. However,
connection between two or more wireless networking has many
devices without using a wireless security issues.[1]Crackers have found
access point: the devices wireless networks relatively easy to
communicate directly when in range. break into, and even use wireless
An Ad Hoc network is used in technology to crack into wired
situations such as a quick data networks [2]. As a result, it's very
exchange or a multiplayer LAN game important that enterprises define
because setup is easy and does not effective wireless security policies
that guard against unauthorized access from a neighboring company’s
to important resources.[3]Wireless overlapping network, the user may
Intrusion Prevention Systems (WIPS) not even know that this has occurred.
or Wireless Intrusion Detection However, it is a security breach in
Systems (WIDS) are commonly used that proprietary company information
to enforce wireless security policies. is exposed and now there could exist a
link from one company to the other.
The risks to users of wireless This is especially true if the laptop is
technology have increased as the also hooked to a wired network.
service has become more popular.
There were relatively few dangers Accidental association is a case
when wireless technology was first of wireless vulnerability called as
introduced. Crackers had not yet had "mis-association".[5]Mis-association
time to latch on to the new technology can be accidental, deliberate (for
and wireless was not commonly found example, done to bypass corporate
in the work place. However, there are firewall) or it can result from
a great number of security risks deliberate attempts on wireless clients
associated with the current wireless to lure them into connecting to
protocols and encryption methods, attacker's APs.
and in the carelessness and ignorance
that exists at the user and corporate IT Malicious association
level.[4] Cracking methods have
become much more sophisticated and “Malicious associations” are
innovative with wireless. Cracking when wireless devices can be actively
has also become much easier and made by attackers to connect to a
more accessible with easy-to-use company network through their
Windows or Linux-based tools being cracking laptop instead of a company
made available on the web at no access point (AP). These types of
charge. laptops are known as “soft APs” and
are created when a cyber criminal
Types of unauthorized access runs some software that makes his/her
wireless network card look like a
Accidental association legitimate access point. Once the thief
has gained access, he/she can steal
Violation of security perimeter passwords, launch attacks on the
of corporate network can come from a wired network, or plant trojans. Since
number of different methods and wireless networks operate at the Layer
intents. One of these methods is 2 level, Layer 3 protections such as
referred to as “accidental association”. network authentication and virtual
When a user turns on a computer and private networks (VPNs) offer no
it latches on to a wireless access point
barrier. Wireless 802.1x A direct bridge, which requires the
authentications do help with user actually configure a bridge
protection but are still vulnerable to between the two connections and is
cracking. The idea behind this type of thus unlikely to be initiated unless
attack may not be to break into a VPN explicitly desired, and an indirect
or other security measures. Most bridge which is the shared resources
likely the criminal is just trying to on the user computer. The indirect
take over the client at the Layer 2 bridge provides two security hazards.
level. The first is that critical organizational
data obtained via the secured network
Ad-hoc networks may be on the user's end node
computer drive and thus exposed to
Ad-hoc networks can pose a discovery via the unsecured Ad-hoc
security threat. Ad-hoc networks are network. The second is that a
defined as peer-to-peer networks computer virus or otherwise
between wireless computers that do undesirable code may be placed on
not have an access point in between the user's computer via the unsecured
them. While these types of networks Ad-hoc connection and thus has a
usually have little protection, route to the organizational secured
encryption methods can be used to network. In this case, the person
provide security. placing the malicious code need not
"crack" the passwords to the
The security hole provided by organizational network, the legitimate
Ad-hoc networking is not the Ad-hoc user has provided access via a normal
network itself but the bridge it and routine log-in. The malfactor
provides into other networks, usually simply needs to place the malicious
in the corporate environment, and the code on the unsuspecting user's end
unfortunate default settings in most node system via the open (unsecured)
versions of Microsoft Windows to Ad-hoc networks.
have this feature turned on unless
explicitly disabled. Thus the user may Non-traditional networks
not even know they have an
unsecured Ad-hoc network in Non-traditional networks such
operation on their computer. If they as personal network Bluetooth
are also using a wired or wireless devices are not safe from cracking
infrastructure network at the same and should be regarded as a security
time, they are providing a bridge to risk. Even barcode readers, handheld
the secured organizational network PDAs, and wireless printers and
through the unsecured Ad-hoc copiers should be secured. These non-
connection. Bridging is in two forms. traditional networks can be easily
overlooked by IT personnel who have active working shift, MAC filtering
narrowly focused on laptops and only provides a false sense of security
access points. since it only prevents "casual" or
unintended connections to the
Identity theft (MAC spoofing) organizational infrastructure and does
nothing to prevent a directed attack.
Identity theft (or MAC
spoofing) occurs when a cracker is Man-in-the-middle attacks
able to listen in on network traffic and
identify the MAC address of a A man-in-the-middle attacker
computer with network privileges. entices computers to log into a
Most wireless systems allow some computer which is set up as a soft AP
kind of MAC filtering to only allow (Access Point). Once this is done, the
authorized computers with specific hacker connects to a real access point
MAC IDs to gain access and utilize through another wireless card offering
the network. However, a number of a steady flow of traffic through the
programs exist that have network transparent hacking computer to the
“sniffing” capabilities. Combine these real network. The hacker can then
programs with other software that sniff the traffic. One type of man-in-
allow a computer to pretend it has any the-middle attack relies on security
MAC address that the cracker desires, faults in challenge and handshake
[6]
and the cracker can easily get protocols to execute a “de-
around that hurdle. authentication attack”. This attack
forces AP-connected computers to
MAC filtering is only effective drop their connections and reconnect
for small residential(SOHO)networks, with the cracker’s soft AP. Man-in-
since it only provides protection when the-middle attacks are enhanced by
the wireless device is "off the air". software such as LANjack and
Any 802.11 device "on the air" freely AirJack, which automate multiple
transmits its unencrypted MAC steps of the process. What once
address in its 802.11 headers, and it required some skill can now be done
requires no special equipment or by script kiddies. Hotspots are
software to detect it. Anyone with an particularly vulnerable to any attack
802.11 receiver (laptop and wireless since there is little to no security on
adapter) and a freeware wireless these networks.
packet analyzer can obtain the MAC
address of any transmitting 802.11 Denial of service
within range. In an organizational
environment, where most wireless A Denial-of-Service attack
devices are "on the air" throughout the (DoS) occurs when an attacker
continually bombards a targeted AP In a network injection attack, a
(Access Point) or network with bogus cracker can make use of access points
requests, premature successful that are exposed to non-filtered
connection messages, failure network traffic, specifically
messages, and/or other commands. broadcasting network traffic such as
These cause legitimate users to not be “Spanning Tree” (802.1D), OSPF,
able to get on the network and may RIP, and HSRP. The cracker injects
even cause the network to crash. bogus networking re-configuration
These attacks rely on the abuse of commands that affect routers,
protocols such as the Extensible switches, and intelligent hubs. A
Authentication Protocol (EAP). whole network can be brought down
in this manner and require rebooting
The DoS attack in itself does or even reprogramming of all
little to expose organizational data to intelligent networking devices.
a malicious attacker, since the
interruption of the network prevents
the flow of data and actually
indirectly protects data by preventing
it from being transmitted. The usual
reason for performing a DoS attack is Caffe Latte attack
to observe the recovery of the
wireless network, during which all of The Caffe Latte attack was
the initial handshake codes are re- discovered by two security
transmitted by all devices, providing researchers of AirTight Networks-
an opportunity for the malicious VivekRamachandaran and Md. Sohail
attacker to record these codes and use Ahmad. It is another way to defeat
various "cracking" tools to analyze WEP. It is not necessary for the
security weaknesses and exploit them attacker to be in the area of the
to gain unauthorized access to the network using this exploit. By using a
system. This works best on weakly process that targets the Windows
encrypted systems such as WEP, wireless stack, it is possible to obtain
where there are a number of tools the WEP key from a remote client.[7]
available which can launch a By sending a flood of encrypted ARP
dictionary style attack of "possibly requests, the assailant takes advantage
accepted" security keys based on the of the shared key authentication and
"model" security key captured during the message modification flaws in
the network recovery. 802.11 WEP. The attacker uses the
ARP responses to obtain the WEP key
Network injection in less than 6 minutes.[8]
Wireless Intrusion Prevention network, anyone on the street or in the
Systems neighboring office could connect.

A Wireless Intrusion The most common solution is

Prevention System (WIPS) is the most wireless traffic encryption. Modern
robust way to counteract wireless access points come with built-in
security risks[citation needed]. A WIPS is encryption. The first generation
typically implemented as an overlay encryption scheme WEP proved easy
to an existing Wireless LAN to crack; the second and third
infrastructure, although it may be generation schemes, WPA and
deployed standalone to enforce no- WPA2, are considered secure if a
wireless policies within an strong enough password or passphrase
organization. is used.

Large organizations with many Some WAPs support hotspot

employees are particularly vulnerable style authentication using RADIUS
to security breaches[9] caused by rogue and other authentication servers.
access points. If an employee (trusted
entity) in a location brings in an easily
available wireless router, the entire
network can be exposed to anyone
within range of the signals.
Comparison of wireless LAN
WIPS is considered so clients:
important to wireless security that in
July 2009, the PCI Security Standards Every wireless LAN network
Council published wireless consists of an access point, such as a
guidelines[10] for PCI DSS wireless router, and one or more
recommending the use of WIPS to wireless adapters. Each adapter is
automate wireless scanning and controlled by software known as a
protection for large organizations wireless LAN client, or wireless
connection management utility.
Security:
There are many wireless LAN clients
Wireless access has special available for use. Clients vary in
security considerations. Many wired technical aspects, support of protocols
networks base the security on physical and other factors. Some clients only
access control, trusting all the users work with certain hardware devices,
on the local network, but if wireless while others only on certain operating
access points are connected to the systems.
Wireless connection additional diagnostic and tracing
management utility: information logged by the service.
Wireless Security Best Practices
A wireless connection
management utility is a piece of Though a WIPS is deployed,
software that manages the activities certain wireless security best practices
and features of a wireless network are recommended for every Wireless
connection.[1][2] It may control the LAN deployment. Certain practices
process of selecting an available may not be possible due to
access point, authenticating and deployment constraints.
associating to it and setting up other
parameters of the wireless connection. MAC ID filtering

Wireless Zero Configuration: Most wireless access points

contain some type of MAC ID
Wireless Zero Configuration filtering that allows the administrator
(WZC), also known as Wireless Auto to only permit access to computers
Configuration, or WLAN AutoConfig that have wireless functionalities that
is a wireless connection management contain certain MAC IDs. This can be
utility included with Microsoft helpful; however, it must be
Windows XP and later operating remembered that MAC IDs over a
systems as a service that dynamically network can be faked. Cracking
selects a wireless network to connect utilities such as SMAC are widely
to based on a user's preferences and available, and some computer
various default settings This can be hardware also gives the option in the
used instead of, or in the absence of, a BIOS to select any desired MAC ID
wireless network utility from the for its built in network capability.
manufacturer of a computer's wireless
networking device. The drivers for the Static IP addressing
wireless adapter query the NDIS
Object IDs and pass the available Disabling at least the IP
network names (SSIDs) to the service. Address assignment function of the
The service then lists them in the user network's DHCP server, with the IP
interface on the Wireless Networks tab addresses of the various network
in the connection's Properties or in devices then set by hand, will also
the Wireless Network Connection make it more difficult for a casual or
dialog box accessible from the unsophisticated intruder to log onto
notification area. A checked build the network. This is especially
version of the WZC service can be effective if the subnet size is also
used by developers to obtain reduced from a standard default
setting to what is absolutely necessary new user can log on without detection
and if permitted but unused IP using TCP/IP only if he or she stages
addresses are blocked by the access a successful Man in the Middle
point's firewall. In this case, where no Attack using appropriate software.
unused IP addresses are available, a