3.1. Wireless Network Basics

Wireless networks, as opposed to wired networks, are computer networks that use radio waves to connect devices without the need for physical wires or cables. Instead, wireless networks use wireless access points, routers, and other devices to transmit data between devices. Wireless networks are commonly used in homes, offices, public places, and other locations where users need to connect to the internet or other networks without using cables.

Wireless networks have several characteristics that differentiate them from wired networks. The following is a set of characterestics and definitions applicable to wireless networks:

1. Mobility: Wireless networks allow users to connect to the network from different locations, without being tied to a specific location by cables or wires.
2. Signal strength: The strength of the radio waves used to transmit data in a wireless network can be affected by obstacles such as walls, furniture, and other devices.
3. Security: Wireless networks are generally less secure than wired networks because radio waves can be intercepted by unauthorized users. As a result, wireless networks require additional security measures to protect against unauthorized access and data theft.
4. Bandwidth: The bandwidth of a network is the maximum rate of data transfer across a given path. Throughput, a related term, refers to the actual amount of data transmitted and processed throughout the network.
5. Frequency: The number of occurrences of something that repeats per unit of time. Frequency is measured in a unot called Hertz (Hz). In computing, frequency refers to the processor's operational clock cycles per second (i.e., speed). In wireless networks, we use frequency to refer to the channel or band (e.g., 2.4 GHz vs. 5 GHz).

3.1.1. Understanding Wireless Networks

There are several types of wireless networks, including:

1. Wi-Fi (Wireless Fidelity): is a wireless networking standard that is commonly used to connect devices to the internet. Wi-Fi networks use radio waves to transmit data between devices and access points, which are connected to a wired network or the internet.
2. Bluetooth: is a wireless technology that is used to connect devices over short distances. Bluetooth is commonly used to connect devices such as smartphones, tablets, and headphones to other devices.
3. ZigBee: is a wireless networking standard that is used for low-power devices such as sensors and smart home devices. ZigBee networks can cover a large area and are often used in industrial applications.

In additiona to the types above, there are mobile communication technologies that use wireless networking to transmit data between mobile devices and cell towers, including 4G and 5G.

Infrared (IR) is another wireless communication technology that uses infrared radiation to transmit data between devices. However, IR is not a popular wireless networking technology for general use, as it has several limitations, including short-range transmission and line-of-sight requirements. IR is commonly used for remote controls for televisions and other devices.

And finally, Near Field Communication (NFC) is another wireless communication technology that enables short-range data exchange between devices. NFC operates at a frequency of 13.56 MHz and allows for data transfer between two devices when they are within a few centimeters of each other. NFC is commonly used for contactless payments, mobile ticketing, and other applications where secure short-range data transfer is required.

Wireless networks consist of several components, including:

1. Wireless Access Points (APs): Wireless APs are devices that connect wireless devices to a wired network or the internet. WAPs receive data from wireless devices and transmit it over a wired network or the internet. The name used to identify a wireless local area network (WLAN) is the Service Set Identifiers (SSID).
2. Routers: Routers are devices that connect different networks together. In a wireless network, a router may be used to connect a wireless network to a wired network or the internet.
3. Wireless Clients: Wireless clients are devices that connect to a wireless network, such as laptops, smartphones, and tablets.

Wireless Network Standards

There are several IEEE standards that define the technical specifications for each wireless networking technology, including the frequency bands used, transmission rates, and security protocols. Adherence to these standards ensures that devices from different manufacturers can communicate with each other and that networks are interoperable [1].

Relevant networks standards include:

1. 802.11 is the IEEE standard for Wi-Fi. There are several versions of the 802.11 standard, including 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, and 802.11ax. These sub-standards vary in characterestics liks bandwidth, speed, range, etc.
2. 802.15.1 is the IEEE standard for Bluetooth.
3. 802.15.4 is the IEEE standard for ZigBee.
4. 802.16, also known as WiMAX, is the IEEE standard for 4G.
5. 5G NR (New Radio) is the global standard for the unified and more capable 5G wireless air interface. It delivers a significantly faster and more responsive mobile experiences.

Wireless Network Speed

Speed in wireless networks is typically measured in terms of data transfer rate or bandwidth, which is the amount of data that can be transmitted per unit of time. The unit of measurement for data transfer rate is usually bits per second (bps), although larger units like megabits per second (Mbps) or gigabits per second (Gbps) are commonly used.

The speed of a wireless network can be affected by a variety of factors, including the wireless technology being used, the distance between the devices, the number of devices on the network, and any interference from other wireless signals or physical obstacles.

Table 3.1: Wireless Network Speeds

To measure the speed of a wireless network, speed test tools are used. These tools typically measure the time it takes to transfer a file or download data and calculate the data transfer rate based on the file size and transfer time. The results of these speed tests can provide useful information about the performance of a wireless network, allowing users to identify areas where improvements can be made.

Wireless Network Topolgy

The 802.11 standard discusses two main wireless topology modes: infrastructure mode and Independent Basic Service Set (IBSS).

1. Infrastructure Mode: With infrastructure mode, wireless clients connect to one another via an AP. This mode has two main topologies:

   A) Basic service set (BSS): BSS consists of a single AP interconnecting all associated wireless clients. Most small wireless networks use BSS (e.g., homes). The signal reach of an AP within a BSS network is called the Basic service area (BSA).

   Figure 3.1: BSS Topology

   B) Extended service set (ESS): When a single BSS provides insufficient coverage, two or more BSSs can be joined through a common distribution system (DS) into an ESS. ESS is used in enterprise networks where all APs use the same SSID, which allows for roaming.

2. IBSS (Ad Hoc Mode): The 802.11 standard defines IBSS as two devices connected wirelessly in a peer-to-peer (P2P) manner without the use of an AP.
Figure 3.2: IBSS Topology

References

---

[1] IEEE 802.11-2020

3.2. Wireless Network Security

Wireless network security refers to the measures and strategies that are implemented to protect wireless networks, such as Wi-Fi networks, from unauthorized access, data theft, and other security threats. Wireless network security is concerned with safeguarding the confidentiality, integrity, and availability of the data transmitted over wireless networks.

Wireless networks are inherently more vulnerable to security threats than wired networks, because they use radio waves to transmit data, which makes it easier for attackers to intercept and eavesdrop on data transmissions. Additionally, wireless networks are more susceptible to attacks from rogue access points, unauthorized users, and other security threats.

A security breach in a wireless network can lead to the theft of sensitive information, such as financial information, personal information, or intellectual property. This can result in financial losses, damage to reputation, legal liability, and other negative consequences.

Therefore, implementing effective wireless network security measures is essential to protect the network and its users from security threats, ensure the confidentiality and integrity of data, and maintain the availability of the network.

3.2.1. Wireless Network Threats

Wireless networks are vulnerable to a variety of security threats, many of which are not present in wired networks. Some common wireless network threats include:

1. Wardriving is the act of locating, and possibly attacking, Wi-Fi networks by driving around with special hardware and software. Wardriving tools that can help detect unsecured APs include antennas, computers with Wireless NIC, and software like AirCrack-Ng.
2. Eavesdropping involves an attacker intercepting and monitoring wireless network traffic to gain access to sensitive information, such as login credentials, financial data, or personal information.
3. Man-in-the-middle (MITM) attacks: In a MITM attack, an attacker intercepts communication between two parties and relays messages between them without their knowledge. This can be used to steal information, inject malicious code, or manipulate the communication.
4. Rogue access points is an unauthorized wireless access point that has been installed on a network by an attacker. These access points can be used to intercept traffic, steal information, or launch other attacks.
5. Denial-of-service (DoS) attacks: In a DoS attack, an attacker floods a wireless network with traffic or sends malformed packets to disrupt communication and prevent legitimate users from accessing the network.

Attackers can use a variety of techniques to exploit wireless network vulnerabilities, including:

1. Passive scanning: This involves an attacker using a wireless sniffer to capture wireless traffic and analyze it for vulnerabilities or sensitive information.
2. Active scanning: In an active scan, an attacker sends probe requests to wireless devices in an attempt to identify wireless networks and gather information about them.
3. Evil twin attacks: An evil twin attack involves an attacker setting up a rogue access point with the same name as a legitimate access point, tricking users into connecting to the rogue network instead.
4. Injection attacks: Injection attacks involve an attacker injecting malicious code into wireless network traffic to exploit vulnerabilities in the network.
5. Amplification attacks: In an amplification attack, an attacker sends small packets to a wireless device or network, causing it to respond with much larger packets that can overwhelm the network and cause a DoS attack.

To protect wireless networks from these threats, it is important to implement strong security measures such as encryption, authentication, and access controls. It is also important to keep wireless devices and access points up-to-date with the latest security patches and to regularly monitor the network for unusual activity.

3.2.2. Securing Wireless Network
Wireless Network Encryption

Encryption is an essential component of wireless network security because it helps to ensure that data transmitted over wireless networks is kept confidential and secure from eavesdropping and other attacks.

There are several encryption protocols used in wireless networks, including:

1. Wired Equivalent Privacy (WEP): This is an older encryption protocol that is no longer considered secure due to vulnerabilities that have been discovered. WEP uses a 40-bit, 104-bit, or 232-bit encryption key entered manually on the AP. The key does not change making it very easy to crack.
2. Wi-Fi Protected Access (WPA): This protocol was designed as a replacement for WEP and provides stronger encryption and authentication. WPA uses the Temporal Key Integrity Protocol (TKIP) where a new 128 bit key is sent with every packet. Although WPA includes a message integrity check to prevent altering and resending packets, it is also vulnerable to certain types of attacks.
3. Wi-Fi Protected Access 2 (WPA2): This protocol provides stronger encryption and authentication than WPA and is currently the most widely used wireless network encryption protocol. WPA2 Personal, typical in small BSS networks, uses a pre-shared key (PSK). WPA2 Enterprise, used in larger ESS networks, often includes EAP or RADIUS for centralized access.
4. Wi-Fi Protected Access 3 (WPA3): This is the latest wireless network encryption protocol and provides even stronger encryption and authentication than WPA2.

When comparing encryption protocols, it is important to consider factors such as the strength of the encryption, the ease of use and implementation, and the level of security provided. Generally speaking, newer protocols tend to be more secure than older ones and offer better protection against attacks.

Wireless Network authentication

Wireless network authentication is the process of verifying the identity of users and devices attempting to access a wireless network. Authentication helps to ensure that only authorized users and devices are allowed to connect to the network. The 802.1X Standard defines the process of authenticating and authorizing users on a WLAN.

There are several authentication methods used in wireless networks, including:

1. Point-to-Point Protocol (PPP): This authentication method is used to establish a direct connection between two nodes
2. Pre-Shared Key (PSK): This authentication method uses a shared secret key that is entered by users or devices when connecting to the wireless network.
3. Extensible Authentication Protocol (EAP): This authentication method provides more robust authentication and security than PSK and PP, and can be used with a variety of authentication mechanisms, including certificates and biometric authentication. Addittional EAP authentication methods include EAP-TLS, Protect-EAP (PEAP), and Microsoft PEAP.
4. Captive Portal: This authentication method requires users to log in to a portal page with their credentials before being granted access to the wireless network.

When comparing authentication methods, it is important to consider factors such as the level of security provided, the ease of use and implementation, and the scalability of the authentication method.

Best Practices and Countermeasures

Best practices for using encryption and authentication in wireless networks include:

1. Use the strongest encryption protocol available: Currently, WPA2 and WPA3 are the most secure wireless network encryption protocols available.
2. Choose strong encryption keys: Use long, complex encryption keys that are difficult to guess or crack.
3. Regularly update encryption keys: Change encryption keys periodically to ensure continued security.
4. Use the strongest authentication method available: Currently, EAP is the most secure wireless network authentication method available.
5. Choose strong authentication credentials: Use long, complex passwords or other authentication credentials that are difficult to guess or crack.
6. Implement user and device authentication: Require both user and device authentication to ensure that only authorized users and devices are allowed to access the network.
7. Use multiple layers of security: In addition to encryption, use other security measures such as access controls and authentication to protect the wireless network.
8. Monitor the network for unusual activity: Regularly monitor the wireless network for unusual activity or signs of intrusion, and take action if necessary.
9. Protect against wardriving attacks by using measures for preventing radio waves from leaving or entering the building (e.g., use a special paint on the walls).
10. Use Honeypots (e.g., Black Alchemy Fake AP) to detect and block intrusions.

Wireless network access control is the process of managing access to a wireless network by controlling which devices and users are allowed to connect. Access control is an essential component of wireless network security and is used to prevent unauthorized access and attacks.

1. MAC Address Filtering: This access control mechanism allows or blocks devices based on their MAC addresses, which are unique identifiers assigned to network devices.
2. SSID Hiding: This access control mechanism hides the network's SSID (Service Set Identifier), which is the name of the wireless network, from users who are not authorized to connect to the network.

In addition the above practices and meaures, home users and small wireless network owners should do the following:

1. Make it more difficult to discover your WLAN by disabling SSID broadcasting
2. Change default settings (e.g., default SSID) and harden the configurations of the AP (e.g., static IPs, filtering MACs and IPs, stronger admin credentials, etc.)
3. Don't use easy PSKs

References

---

[2] Wireless Network Security: A Beginner's Guide, by Tyler Wrightson (ISBN: 0071760949)
[3] Wi-Fi Security by Avi Rubin (ISBN: 0321321281)

3.3. Monitoring and managing wireless networks

Wireless network monitoring and management are essential components of wireless network security and performance management, helping organizations to ensure the security and reliability of their wireless networks.

3.3.1. Wireless Network monitoring

Wireless network monitoring is the process of monitoring wireless network activity to detect potential security threats, performance issues, and other network problems. This involves the use of specialized software tools that collect and analyze data about the network's performance and activity, including network traffic, signal strength, and device connectivity.

Organizationsmonitor wireless networks to identify unauthorized access attempts, rogue devices, and other potential security threats, as well as to identify network congestion and other performance issues. By monitoring the wireless network, administrators can take proactive measures to prevent security breaches and ensure that the network is operating at optimal levels.

Wireless network monitoring typically involves the use of network monitoring software that collects and analyzes data from wireless access points and other network devices. This software may include features such as real-time alerts, traffic analysis, and reporting tools to help administrators identify potential security threats and performance issues.

Some of the benefits of wireless network monitoring include:

1. Early detection of security threats: Wireless network monitoring can help to detect security threats early, before they have a chance to cause damage to the network or compromise sensitive data.
2. Improved network performance: By identifying and addressing performance issues, wireless network monitoring can help to ensure that the network is operating at optimal levels, providing faster and more reliable connectivity for users.
3. Enhanced network visibility: Wireless network monitoring provides administrators with greater visibility into network activity, allowing them to identify potential problems and take proactive measures to address them.

monitoring tools and techniques

There are several tools and techniques that can be used to monitor wireless networks, including:

1. Wireless Network Analyzers
2. Spectrum Analyzers
3. Wireless Access Point Management Tools
4. Network Performance Monitoring Tools
5. Intrusion Detection Systems

Wireless Network Analyzers

Wireless network analyzers are software tools that capture and analyze wireless network traffic. They can be used to identify potential security threats, performance issues, and other network problems. Examples of wireless network analyzers include Wireshark, AirMagnet, and Acrylic WiFi.

Spectrum Analyzers

Spectrum analyzers are hardware tools that can be used to measure and analyze wireless signals. They can be used to identify sources of interference and other potential problems with wireless network performance. Examples of spectrum analyzers include Metageek Wi-Spy and AirView.

Wireless Access Point Management Tools

Wireless access point management tools are used to monitor and manage wireless access points. They can be used to track device connectivity, monitor network traffic, and perform other network management tasks. Examples of wireless access point management tools include Cisco Prime Infrastructure and Aruba Central.

Network Performance Monitoring Tools

Network performance monitoring tools are used to monitor network performance, including wireless network performance. They can be used to identify bottlenecks, congestion, and other performance issues that may be impacting network performance. Examples of network performance monitoring tools include SolarWinds Network Performance Monitor and PRTG Network Monitor.

Intrusion Detection Systems

Intrusion detection systems (IDS) are used to monitor network activity for signs of unauthorized access and other security threats. They can be used to identify and respond to potential security threats before they have a chance to cause damage to the network or compromise sensitive data. Examples of intrusion detection systems include Snort and Cisco Security Manager.

3.3.2. Wireless Network management

Wireless network management refers to the processes and tools used to configure, monitor, and maintain wireless networks. Effective wireless network management is critical to ensure the security, reliability, and performance of wireless networks.

Wireless network management includes a range of activities, such as:

1. Network Configuration: Configuring wireless access points, routers, and other network devices with appropriate settings to ensure secure and reliable connectivity.
2. Network Monitoring: Monitoring wireless networks to identify potential security threats, performance issues, and other network problems.
3. Network Maintenance: Performing regular maintenance tasks, such as firmware updates, to ensure the security and reliability of wireless networks.
4. Troubleshooting: Troubleshooting network issues, such as connectivity problems and performance issues, to quickly identify and resolve problems.
5. Network Optimization: Optimizing wireless network performance to ensure that networks are running at optimal speed and efficiency.

Effective wireless network management requires the use of specialized tools and technologies, such as wireless network analyzers, spectrum analyzers, and wireless access point management tools. These tools enable network administrators to monitor and manage wireless networks more effectively, allowing them to quickly identify and resolve potential issues before they cause problems.

Wireless network management tools include:

1. Wireless Network Management Software: Specialized software tools designed to manage and monitor wireless networks, including tools for configuring wireless access points, monitoring network traffic, and detecting potential security threats. Examples: Cisco Prime Infrastructure, SolarWinds Network Performance Monitor, NetSpot.
2. Network Performance Monitoring Tools: These tools allow network administrators to monitor network performance, including traffic flow, bandwidth usage, and other key metrics. Examples: PRTG Network Monitor, Zabbix, Nagios.
3. Network Configuration Tools: Tools for configuring wireless access points and other network devices, including tools for setting up security policies and network access controls. Examples: Cisco Network Assistant, Aruba Central, Ubiquiti Network Management System.
4. Remote Access Tools: Tools that enable network administrators to remotely manage and monitor wireless networks, including remote access tools for accessing wireless access points and other network devices. Examples: TeamViewer, LogMeIn, Microsoft Remote Desktop.
5. Wireless Site Survey Tools: Tools for conducting wireless site surveys to determine the optimal placement of wireless access points and other network devices. Examples: Ekahau Site Survey, NetSpot, Acrylic WiFi Heatmaps.
6. Security Tools: Tools for monitoring and securing wireless networks, including intrusion detection systems and security information and event management (SIEM) tools. Examples: Snort, Suricata, McAfee Enterprise Security Manager.

References

---

[6] IEEE 802.1X-2020
[7] RADIUS RFC 8559
[8] Network Access Control, CISCO

case study
Coffe Shop Public Wi-Fi
Problem

A popular coffee shop had an unsecure Wi-Fi network that customers could access without a password. As a result, the network was vulnerable to various security threats, including eavesdropping, man-in-the-middle attacks, and rogue access points. This put both the customers' personal information and the coffee shop's network at risk.

Solution

The coffee shop decided to implement several security measures to secure its Wi-Fi network. First, they implemented a strong encryption protocol (WPA2) to encrypt all data transmitted over the network. Second, they configured the access points to use a secure password for customers to connect to the network. Third, they installed a network monitoring tool to detect any unauthorized access attempts or suspicious network activity. Finally, they trained their staff to recognize and report any security incidents.

Results

After implementing these security measures, the coffee shop saw a significant reduction in security incidents related to its Wi-Fi network. Customers could still access the network easily, but now with a secure password, and all their data was encrypted to prevent eavesdropping or man-in-the-middle attacks. The network monitoring tool provided visibility into the network, enabling the coffee shop to detect any suspicious activity and take action before any damage could occur. Customers also felt more confident in using the Wi-Fi network, knowing that their personal information was safe.

Case Study Questions

Attempt to answer the following questions before revealing the model answers:

1. What were the risks associated with the coffee shop's unsecured Wi-Fi network?
2. What security measures did the coffee shop implement to secure its Wi-Fi network?
3. What were the results of implementing these security measures?

Show Model Answers

Research Assignment
Wireless Network Security Best Practices
Objective

The objective of this research assignment is to explore the best practices for securing wireless networks and their effectiveness in mitigating security threats.

Tasks

In order to evaluate the effectiveness of NIDS in detecting and responding to APTs, the following methods will be used:

• Conduct a literature review of the current best practices for securing wireless networks. Identify the most common and effective practices and protocols recommended by experts and industry leaders.
• Research and evaluate real-world case studies of successful wireless network security breaches. Analyze how these attacks were carried out, what vulnerabilities were exploited, and what measures could have been taken to prevent them.
• Compare and contrast different encryption and authentication protocols used in wireless networks. Identify their strengths and weaknesses and evaluate their effectiveness in preventing attacks.
• Explore the latest wireless network monitoring and management tools and techniques. Evaluate their capabilities, limitations, and costs.
• Develop a set of wireless network security best practices based on your research. Consider the most common and effective practices and protocols, as well as emerging trends and technologies.

Deliverables

• The deliverable is a well-organized and clearly written research paper. The report should be free of errors and should be appropriately formatted and referenced.
• The literature review should summarize the current best practices for securing wireless networks, their effectiveness, and their limitations
• A case study analysis report of successful wireless network security breaches, including recommendations for preventing similar attacks.
• A comparative analysis report of different encryption and authentication protocols used in wireless networks, including their strengths, weaknesses, and effectiveness.
• A report on the latest wireless network monitoring and management tools and techniques, including their capabilities, limitations, and costs.
• A set of wireless network security best practices based on your research, including guidelines for implementing them and recommendations for continuous improvement.