Securing IEEE 802.11 wireless networks

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.


What are you planning to do and how?

This projects main goal is about wireless network security, in this area of the project, will study many factors which needed to be taken into consideration.

One of the most important issues is to understand the concepts of wireless networks in terms of their architectural and network infrastructure, deep investigation of different wireless network vulnerabilities is very important in understanding the weaknesses and strengths of wireless networks and the causes of an attack. A walkthrough of different security tools and countermeasures is essential. This will help in comparing wireless attacks and choosing the right security tool to reduce or prevent causing harm to wireless networks.

What is a Wireless Network?

Wireless Networks consists of group of wireless networking architecture within a limited geographical environment such as a building campus which simply enables devices to communicate without physical connections and without requiring network or peripheral cabling. Wireless Networks use air waves as a medium for transmitting data, whereas wired networks use cables. Wireless Network is usually implemented as part of a wired Ethernet infrastructure through a centrally managed device or location. This helps to promote user mobility, increased productivity, access to network resources and lower installation costs.

Why protect Wireless Networks?

As point out above, wireless networks uses air as a medium to transmit information between two endpoints. So, anyone with a properly configured wireless device can pick up radio frequency signals and makes use of this connection to compromise hosts in the unprotected network for sensitive information such as login credentials or simply as a means to surf the internet for free. Without protection, wireless networks remain vulnerable to attacks therefore it is important to study about different threats and countermeasures available. Learning those techniques will help to maintain data integrity, confidentiality and availability all the time to prevent any changes or loss of information.


Wireless Networks as pointed out above provides flexibility and mobility to the modern world. Wireless users are able to move from one place to another within a range despite each time being connected to a new wireless emitting device. As long as it is secured, it would not be a problem but nowadays, people don't even bother to implement security to their networks. This leaves the door to unauthorized users who can easily buy high gain antennas and download free software such as Air snort or WEP crack to get access to poorly configured networks or wireless networks even without any security configured. My main investigations in this project revolve around the wireless LAN concepts, an overview of different network threats, and the different security tools currently in use, their benefits and other countermeasures for wireless network security.


How Wireless Networks works

The network structure includes the wireless network interface adapters and base stations that send and receive the radio signals. In a wireless network, the network interface adapters in each computer and base station convert digital data to radio signals, which they transmit to other devices on the same network, and they receive and convert incoming radio signals from other network elements back to digital data.

Benefits of Wireless Networks

Connecting workstations to a local network by radio offers several advantages over connecting the same computer through a wired connection. First, wireless provides convenient access for portable computers; it's not necessary to find a cable or network data outlet. And second, it allows a user to make a connection from more than one location and to maintain a connection as the user moves from place to place. For network managers, a wireless connection makes it possible to distribute access to a network without the need to string wires or cut holes through walls. In practice, access without cables means that the owner of a laptop or other portable computer can walk into a classroom, a coffee shop, or a library and connect to the Internet by simply turning on the computer and running a communication program.

Range and Coverage

The distance over which radio frequency and infrared waves can communicate is a function of product design (including transmitted power and receiver design) and the propagation path, especially in indoor environments. Interactions with typical building objects, including walls, metal, and even people, can affect how energy propagates, and thus what range and coverage a particular system achieves. Solid objects block infrared signals which impose additional limitations. Most wireless LAN systems use radio frequency because radio waves can penetrate most indoor walls and obstacles. The range for typical wireless LAN systems varies from under 100 feet to more than 300 feet. Coverage can be extended and true freedom of mobility via roaming.

Network Architecture

Wireless network architecture comes into two forms:

1) Ad-Hoc Mode

2) Infrastructure Mode

With Ad-Hoc mode, wireless devices can communicate directly with one another for a relatively short period of time. It does not make use of an access point.

Infrastructure mode on the other hand allows a device to communicate with an access point which in turn is connected via wired Ethernet to the rest of the network infrastructure. Moreover, infrastructure mode is divided into 2 sub modes commonly basic service set (BSS) which uses one AP which creates a single wireless LAN and extended service set (ESS) which incorporates multiple APs allowing roaming and a larger coverage area.

Wireless LAN Security Features

Wireless LAN technologies typically need to support several security objectives. Three most common security objectives are briefly

Data Confidentiality is very important in wireless networks. It ensures that information is accessible only to authorized users. Individuals within an organization have the responsibility to maintain the confidentiality of the information entrusted to them for job performance and this responsibility must be reinforced through awareness.

Data Integrity is safeguarding the accuracy and completeness of information and processing methods from intentional, unauthorized, or accidental changes. Maintaining data integrity is essential to the privacy, security, and reliability of business data. Integrity of data can be compromised by malicious users, hackers, software errors, computer virus infections, hardware component failures.

Availability of data ensures that authorized users have access to information and associated assets when required. This can be accomplished utilizing data backup plans, disaster recovery plans, and business continuity/recovery plans. People should be trained in their responsibilities as it relates to data backups, disaster recovery, and business continuity.

Brief Overview of Wireless Threats

This area briefly shows a description of some wireless vulnerability and its effect in a network.

Wireless Networks if not properly configured with the appropriate security tools can be subjected to various kind of threats. The two most common types of attacks are active and passive attacks.

In an active attack, the attacker is actively trying to cause harm to a network. The attacker is not just monitoring the traffic but is also attempting to shut down the system.

Denial of Service

Active attacks Replay


Rogue AP


Passive Attacks

Traffic Analysis

Denial of Service

In this kind of attack, the intruder prevents the normal use of communications facilities by flooding the network with packets so that it becomes unstable and by causing hosts to no longer be able to connect to the network.


The attacker keeps tracks of transmissions and copies packets sent by a legitimate user and then later resends the packets to appear to be a legitimate user.


This attack involves the attacker to impersonate an authorized user and thereby gains certain unauthorized privileges.

Rogue AP

A Rogue AP basically is an access point on networks that is managed by a network administrator and which does not conform to wireless LAN allowing anyone with a suitable wireless device to gain access to a network.

The risks associated with 802.11 are the result of one or more of these attacks. The consequences of these attacks include, but are not limited to, loss of proprietary information, legal and recovery costs, and loss of network service.

Passive attacks are whereby an unauthorized user gains access to an asset and does not modify its content


This involves the attacker listening into the transmission on a LAN between two workstations or tuning into transmissions between a wireless handset and a base station.

Traffic Analysis

The intruder in this case gains intelligence by monitoring the transmissions for pattern of communication. A considerable amount of information is contained in the flow of messages between communicating parties.

Quick Analysis of security tools

There are numerous things that can be done to secure a network and to prevent attacks and unknown users from entering the network. Security is a balance of technology, usability and cost. The following is about the basic evaluation of different security tools available for wireless network security.


Nowadays every computer comes with a built-in firewall but most people tend to deactivate this feature. Without this little piece of technology, intruders and easily gain access to someone's hard drive and try to compromise the hosts. Firewalls is simply a system designed to prevent unauthorized users to get access to a network. It can be implemented in a combination of both hardware and software. Its main aim is to keep track of packets entering a network block those that does not meet the specified security criteria.

IDS/IPS detection tools

Detection tools is another types of tools used for securing a network. It usually identify actions that attempt to compromise the confidentiality, integrity and availability of a resource. Its main function is to determine all types of malicious network traffic that can't be detected by a conventional firewall. It includes attacks against vulnerable services, unauthorized login and access to sensitive files and malware such as viruses or even worms.


Virtual Private Network is a private connection over an open network. This could mean encrypting traffic as it passes over a circuit but VPN is more commonly used as a security method for sending information privately between two points across the public network which is the internet through a tunnel. So no traditional telephone wires are used for this type of connection. The path from one endpoint to the other is said to be virtual.

Security Protocols Comparison

WEP (Wired Equivalent Privacy) provides wireless networks with a level of security and privacy by encrypting data transmitted over a network. Data encryption protects the vulnerable wireless link between clients and access points. It uses a key which is not often changed by users. This makes the network vulnerable to attacks. The disadvantage WEP is that it provides weak encryption and authentication and since the encryption uses a weak key, attackers can easily uses free software to crack the network key.

WPA (Wi-Fi Protected Access) on the other hand bridges the gap between WEP and the upcoming 802.11i standard which is implemented via upgrades. WPA uses TKIP which allows WEP to be upgraded through measures that addresses the existing security problems. WPA provides a better key management and stronger encryption services as it is much harder to break.


Aims 1 - Wireless LAN Concepts

* To provide a good understanding of Wireless LAN in terms of Network Architecture

* To find an overview of different standards

* To identify different wireless security issues and their importance

Aim 2 - Investigation of different Wireless Vulnerabilities

* To understand Eavesdropping

* To study about Denial of Service, its features and dangers to network

* To identify the cause of Masquerading

* To understand Rogue AP and its occurrence in networks

* To make comparisons between those wireless threats

Aim 3 - Security Tools Evaluation

* To understand Firewalls and its features for network security

* To investigate about IDS/IPS detection tools and their use

* To find an overview of some security protocols like WEP and WAP and makes comparisons.

* To find out how VPN works

* To find the pros & cons of the above tools

Aim 4 - Countermeasures

* To understand the different countermeasures in network security

* To compare and apply security techniques to a network




Work Break down Structure

Securing Wireless Networks


Work Plan

Nov 2009

Dec 2009

Jan 2010

Feb 2010

Mar 2010

Apr 2010

May 2010


Wireless LAN

Studying about the data security issues

Research about Denial of Service attack & Eavesdropping

Research into Rogue AP & Masquerading

Comparing wireless threats

Research into Firewalls

Research into WEP & WPA

Research into IDS/IPS detection tools

Overview of VPN

Comparison with other tools

Identifying countermeasures

Studying Techniques

Setting up Network

Securing Network



Investigation on the background of Wireless LAN

* Understanding the concepts of wireless networks

* Brief study of network architecture

* Overview of the importance of data network security

Investigation in Wireless network vulnerabilities

* Understanding Denial of Service attack and their cause

* Researching about Rogue AP

* Investigating into Masquerading and its cause

* Understanding Message Replay

* Making comparisons between the above wireless vulnerabilities

Identifying the different class of security tools

* Investigating on Firewalls and its functionality in wireless networks

* Understanding IDS/IPS detection tools and determine how it works

* Evaluation of WEP and WAP and making comparisons

* Investigating about VPN and its features

* Discussing about Pros & Cons of the above tools

Identifying different Techniques

* Countermeasures for network security

* Comparing techniques

* Applying techniques

Setting up network

* Applying tools to secure network

* Comparing tools

* Conclusions