Chapter 8:
Wireless and Network Exploitation
Wireless connectivity has gained popularity over the years. It has been
around since 1971 when the first demonstration of a wireless packet data
network was provided. It was forgotten until the 1980s when ALOHAnet’s
technique of sending packets of data was enhanced. Wi-Fi technology
gained ground in the late 1990s. Companies realized the importance of
connection mobility in business expansion.
For example, what if someone wants to present a PowerPoint presentation
with no computer? He might have a laptop but does not have the Internet.
The PowerPoint presentation needs a stream of the Internet. The use of
Wireless Local Area Network (WLAN) in the firm allows him to move
around with a laptop and give the presentation. Wireless works in a similar
way to wired Ethernet protocol. An access point that supports wireless is
used to grab packets coming through the wired connection. It then emits it
in a radio frequency which is captured by the receiving node. The fact that
Wi-Fi is mobile makes it fascinating, but since data is constantly passed
through the air, it presents great security risks.
There are various wireless security protocols used to protect air-borne data
through encryption. Wired Equivalent Privacy (WEP) is sometimes used.
Wireless Access Point (WAP/2) is safer than WEP. However, these
protocols can be interfered with, and although one may take some time to
crack them, all of them face risks. People should not assume that the
internal network is secure simply because it has a password. There are
tricks of gaining access to systems without putting the correct password.
Errors arise when the frequency is being transmitted regardless of what you
want, even when you opt not to show the Service Set Identification (SSID).
Anyone can be close to the SSID and grab encrypted packets and analyze
patterns to decrypt data. Once the attacker is connected, he can harm
because SSID is hard-wired in the entire business. While cracking a
wireless network seems easy to those with knowledge on how to go about
it, encryption techniques are helping firms are individuals overcome such
risks.
The most exploitable Wireless Security Protocol is WEP, followed by
802.1x. 802. 1X is also known as WPA/2 Enterprise. It was created in
response to the lack of security WEP offered because it had a problematic
stream cipher. It was adopted in the business environment and facilitated
authentication by using the software. The client used software called
supplicant.
Various tools can be used to exploit the security protocols, and one of them
is the aircrack suite. This tool is everything you require to test wireless
networks. It has to crack WEP, and WPA/2 is regarded as one of the best
tools for exploiting wireless and networks. It is a gold standard of wireless
exploitation and is automated. It enables users to picture what they are
cracking, instead of sticking to the command line. It is GUI based and
makes cracking WEP easy. It enables users to perfect aircrack features and
is primarily for the use of WEP although it can also be used for WAP/2.
Minidwep is another fantastic GUI based tool from the aircrack suite. It is
an auditing tool used to audit wireless networks.
The good thing with using Minidwep is that it is fully automated and users
do not have to fine-tune it. Moreover, it tests every attack against Access
Point until there is progress and gives you feedback. It is a great tool to use
in wireless exploitation. While it might take some time to break into a
wireless network using Minidwep, it is ideal for any situation. Wifite is
another awesome tool that automates the aircrack suite. This tool is not GUI
based like the rest but is an automated command line. It automates the
entire wireless network and is more of an “execute and go’ kind of tool.
Although the aircrack suite is used for WEP or WPA/2 attacks, it does not a
good job in exploiting WPS wireless security protocol. It is best to use two
tools against WPS, wash, and reaver. They can be fine-tuned based on the
WPS network you encounter. The role of Wash is to scan the air for
wireless any wireless network nearby that enables your WPS. Once you get
this information, you put it into reaver which launches the WPS attack.
These tools are vital in the exploitation of wireless networks. They are
found in penetration testing specific Linux Distribution. Below are
examples of wireless exploitation:
Xiaopan is a wonderful operating system used to pentest wireless networks.
It is based on a tiny core Linux. It has all the tools mentioned above, which
makes it ideal for wireless exploitation. Moreover, it is lightweight and
stands at less than a hundred megabytes. Its features make it the perfect tool
for testing wireless networks quickly. WifiSlax is another wonderful Linux
Distribution that helps with wireless exploitation. It has all the tools and
other tools that represent aircrack in different ways. It is also lightweight
which makes it better than other operating systems. WEP is the most
vulnerable protocol for a reason. It was decommissioned in 2004 due to its
lack of security. An RC4 key is used to encrypt WEP. It is done by taking
the initialization vector (IV) and concatenates it with the password key that
is connected to the AP.
Every number of WEPs represents the bit value of the WEP connection.
Regardless of the WEP type, bits are kept for the encryption process. The
kinds of attacks on WEP networks are steadily inclined focused on
accommodating efficient techniques of acquiring the WEP key. The FMS
attack was the first to take place and was named after its makers. PTW
Method was the second attack that made it possible to crack WEP
passwords. The creators employed statistical information found in the FMS
attack method and established a loophole that could be used against ARP
requests. Korek attack is another WEP exploitation method used by many.
It is an unknown person who discovered exploits in the WEP protocol. The
only way to stop attacks against WEP networks is to re-invent the wheel.
Others have implemented restrictive features to enable authorized people
into networks. While this method has gone a long way in helping people
stopping attacks, it has not mitigated the problem completely. A mitigation
technique that was used to prevent attacks was hiding SSIDs, but it was not
successful. Hiding SSID is inconvenient because they were not meant to be
hidden in the first place. Others believe that the best method of mitigating
attacks on WEP is found on Dynamic WEP. However, it is the 802.1X
standard implemented in the form of WEP and changes the password. User-
friendly approach to securing WEP and is only considered to be a fix in the
corporate world.
Similar to WPA2, it is not a good approach for protecting WEP and is a
quick fix in the corporate world. The best way to tackle WEP problems is
to use it the way it is. It was decommissioned in 2004 and WPA took over.
Although WPA employs the same stream cipher, it secures your system
better than WEP. WPA is Wi-Fi Protected Access. It is the solution to WEP.
It brought about a secure protocol that did not have numerous exploits like
WEP. However, it was offered a temporary solution and used to hold off
attacks. WPA differs from WEP in several ways. Instead of employing the
RC4 stream cipher for IV with the passphrase technique, they increased it to
24bit of IV to reach 128bit.
When WPS was developed, it seemed as if we went back on wireless
security. It provides convenience for device connection to networks by
enabling it to click a button and connect to an access point. Doing this
enables users to save time in the configuration connection settings to the
AP. They simply click and go. The access point allows the client to connect
to the access point easily through the pin technique. To open the system, the
client must know the secret pin implemented by the access point .
Some WEP vulnerabilities extend to WPA because TKIP is an improved IV
that passes through the RC4 stream cipher. One way of compromising
networks through attack vectors is to exploit the Temporal Key Integrity
Protocol (TKIP). Because it utilizes RC4 stream cipher similar to WEP, you
can use a packet and decrypt them. Capturing and deconstructing the 4-way
handshake is the most prominent exploitation. It involves the use of brute
force where the network is only safe when the password is. Following the
same method to crack WPA and WPA2 is ideal because it reveals the
password to the network. WPS is the final exploitation against WPA that is
very common. It is a simple hack that is carried out on WPA/2 that allows
WPS by default. Sometimes hackers use brute force to gain access. WPA2
is the safest wireless security protocol right now.
Computer network exploitation refers to steal information from
unsuspecting victims. The rate of computer exploitation has increased
tremendously, and organizations have adopted measures to restore safety.
However, nothing seems to be working to get rid of exploitation. If
anything, the number of attackers is increasing with governments,
organizations, and individuals taking steps to protect themselves. Some of
the measures implemented to ensure security include the use of a firewall
and encryption of data. Firms have also introduced training programs to
educate employees on computer exploitation. All this is done with the
intention of creating awareness and safety. Attackers have taken the game a
notch higher by using sophisticated and appealing techniques to lure
victims .
It is worse if they send links to people who do not know about lurking
dangers or live in oblivion. Some people do not care about perils that they
can encounter online and live a carefree life, even on the internet. This has
proved costly for some people in leadership positions because they shared
more than they were supposed to. Others have not installed firewalls and
think that cyberattack is a myth propagated by people who are against
technology. The truth of the matter is, computer network exploitation is on
the rise, and everyone is trying to find a solution. People exploit networks
for varied reasons.
Others do it to get back at their previous employer, others do it for fun,
while others want financial gain. As discussed in previous chapters, the
numbers of attackers who exploit networks and then demand ransom to
return sensitive information are on the rise. Hackers are trying new ways of
getting the most out of the situation. Because the industry has many
hackers, everyone is trying to survive. The person who spots and takes
advantage of vulnerable networks is the one that makes it. Some people also
exploit networks to test their skills. Some computer students want to test
their skills, and the best way for them to do that is to determine whether
they can compromise systems. Others do it because of peer pressure and
wanting to appear cool in front of their friends. There are many reasons
why people exploit networks. The only sure thing is that it is rising rapidly
and organizations need to find a solution quickly before things get out of
hand. With TV series and movies showing how cool it is to infiltrate
networks, it is no doubt that network exploitation will not end any time
soon. Organizations are doing everything to protect themselves from
exploitation by boosting their security programs. However, a lot still needs
to be done to mitigate against wireless and network exploitation. The first
step is educating people about security risks, their role in preventing it and
using effective strategies to mitigate risks once and for all.
|
