Before discussing the overall title of my post. I will first provide an overview of "What is a wireless network?"
Wireless network refers to the implementation of wireless networks (wireless) that use IEEE 802.11x protocols for public Internet access. Implementation of wireless networks can be used without paying, access is usually provided by the service provider for purposes of promotion, education or paid. wireless network (hotspot) is designed to provide ease of use. Therefore, most wireless hotspots do not provide full protection against misuse of wireless networks.
Wireless network is easy enough to set up, and also feels very comfortable, especially if we want to be able to walk way around the home or office with a portable computer but still can still access the Internet network. However, as wireless waves, it will be easier to hack than a wired connection. Data traffic passing by in an open media of course is very vulnerable. That's the reality faced by wireless network technology, you need to know and work around it carefully. If the network using a wired medium alone there are so many loopholes in it, what about a network that uses the open nature of media as intermediaries such as wireless data, for example.
Wireless networks are notoriously weak in terms of safety. Not only because the process of data communication traffic passing through the air is free, but many processes in it that must be considered as quite vulnerable and stretched a lot of loopholes.
Wireless Network Security Why So Vulnerable?
Broadly speaking, the gaps in wireless networks spread out over four layers in which the fourth layer is actually a process of communication of data on wireless media. So in fact, at each layer through the medium of wireless communication process there are gaps waiting to enter. Thus, the security of wireless networks become so weak and need to be observed with extra care. The layers and their weaknesses are as follows:
:: Physical Layer::
As you know, the Physical layer (physical layer) of data communication will be much talk about the carrier's own data. In the wireless data communications system, which became the intermediary media is nothing but air. In the free air, the data you a tangible radio signals in certain frequency back and forth freely.You certainly can imagine how vulnerable your data security because the traffic passing by in the wild. Anyone may be able to catch it, bug it, even read it without your knowledge?
If only for personal use just a fad, intercepted or read by someone else certainly will not be too dangerous even if a bit annoying as well. However, what if there are weaknesses in your company's wireless network in which there is a variety of business transactions, the company's projects, info-secret, confidential information, and much more sensitive information in them. Of intercepts can not be tolerated anymore if you do not want your company to be the butt of people.
:: Network Layer::
Network layer (network layer) will normally be much to talk about devices that have the ability to create a communications network which is also accompanied by pengalamatannya system. In wireless communication networks, devices commonly used are often referred to as Access Point or abbreviated AP. IP addressing system would be a lot you find on this device. Because it serves communication-free use media that is open, then the AP-AP can also be regarded as devices that open freely.
Network devices that are not controlled properly verified and will be an entrance for the vandals. Starting from just browse through its contents, changed little, until fully plowed were highly likely to be experienced by an AP.For that, you need to pay attention to security also AP-AP on your wireless network. In addition, inter-AP communication should also examine and consider your safety.
:: User Layer::
In addition to the security of network devices that need attention, you also need to pay attention and look at anyone who accesses your wireless network.Wireless networks do use public media to traffic data, but if your network is not a public network that is accessible by anyone, surely there must be limits pengaksesnya. It is not difficult for those users who do not deserve to be able to access a wireless network. If carelessly users can use your network, this certainly would be very detrimental to the other users who are entitled to.
A good wireless network must have the assurance that only those users who are known, trusted, and who is entitled to access the network. Network devices used to join the wireless network should also be on-track and monitored correctly, as this will be very useful for the purpose of monitoring, accounting, to determine trends that occur in your network, and more.
:: Application Layer::
Networks that use the media cable alone can open up gaps that exist in a fairly wide application, especially wireless networks that are vulnerable throughout its layers. Business applications that use traffic passing through the wireless media is certainly very vulnerable to security, either simply infiltrated and in DoS (Denial of Service). For that, a good wireless network should also be able to protect applications running in it so as not to be easily distracted.
How Intruders Can Actually Playing in a Wireless Network?
See the weaknesses in each layer on top, of course we can imagine so many ways to be able to infiltrate into your wireless network. Not only from one layer only, but the four layers mentioned above can be a way to disrupt your network. Regulate, monitor, and secure wireless network into trouble many times over compared with wire media.
For that, you should be able to identify any gaps that exist in wireless networks in general. Better yet, if you recognize the weakness started from the bottom layer to application layer. Here are some of the gaps are very common in a wireless network starting from the bottom layer:
Physical Layer
1.Bleeding Coverage Area
As you know, the radio signals emitted by the AP propagates in the form of three-dimensional, long range, wide range, and high range. The radio signal is quite difficult to know and predict the areas where it can reach. Seeing this, it is possible for a wireless network to be able to expand its reach beyond the physical boundaries that you need.
For example, you install an AP in the room of your office to cover the entire office, but in fact the neighbor's office which is right next to you can still use your wireless network is. This is called bleeding coverage area.
With the coverage area of these unwanted, resource-sensitive resource your company has the potential to be exploited by people outside with his wireless device. There are even some people who deliberately looking for bleeding coverage area is to be used and exploited. What did these people are often referred to as war driving.
External 2.AP Troublemaker
The users who have wireless devices in PCs, notebooks, PDAs, cell phones, and many more, have the possibility to associate with any AP for AP's to cover the locations where these devices are and also gives permission. If you are in office, must be connected to the wireless network is transmitted by the AP as determined by your office is.
However, what happens if there is an AP's coverage area of another person who is also reaching out to your device. Then your device is with or without your awareness is associated with an external AP. What will happen? Surely you will connect to the external network is that you do not know what's behind the network.
In terms of security, this is very dangerous because you realize you may provide sensitive data, such as password-password authentication you should actually type in the actual wireless network. Or maybe when it's connected to the external wireless network, your device will soon be exploited and your data is stolen. Or maybe the network also provides Internet connection for your use, yet equipped with a packet sniffer and other advanced wire-tappers, so all your Internet transactions can be known by them.
If you've been in this condition, you can already be regarded as an unwitting victim of theft you get yourself into a den of thieves. Or maybe the network also provides Internet connection for your use, yet equipped with a packet sniffer and other advanced wire-tappers, so all your internet transactions can be known by them. In addition, the external AP that its coverage area into the area you certainly can also cause interference to the signals your network communications. This interference would greatly affect the performance and viability of this you Wirelss network.
Network Layer
1.Rogue AP
"Rogue AP", the meaning of this word is addressed to AP-AP of unknown or unregistered existence by the administrator of a wireless network. Or maybe it could be termed wild AP. AP-AP wild is very dangerous for the security of your wireless network because the AP-AP is never desirable existence.
Besides disturbing the security, of course, can also interfere with signals carrying data at a specific frequency. Usually the presence of AP is quite difficult to prevent illegal because of the uncertainty area covered by a wireless network, especially for a large scale. In general, there are two sources that can make a rogue AP appears in your wireless network:
1. Recalcitrant employee
To facilitate his work reasons or for personal use, often occurs where an employee secretly install an AP to be connected to the internal network. So that he could get a connection to the network from anywhere in the vicinity. Most APs are used by individual consumers is an AP class in which the features sekuritinya incomplete or nonexistent. It could also, if it exists, not in setting it right or not in accordance with the standards because of his ignorance. Though all the AP has been secured by the administrators with the standards prevailing in the company.
With the AP "naughty", then opened a gate where people from outside can get into your network easily. They have the access rights and the same ability to utilize resources within the network. This is certainly very serious, right?
2. Hacker
Besides employees, the hackers who intentionally left his AP device in your office network can also occur. If your office is supplied ethernet ports that can be used for the public, then this also needs to watch out for possible hackers quietly plugging his AP and then hide it, so that he can still access your wireless network even though physically he was leave your room.
2.Fake AP
Fake AP or AP literal meaning is false, is a technique permissions theft by an AP to be incorporated into a wireless network and join to serve its users. Not only serves its users, the AP-Other AP also may be associated with this AP. This is because the owner probably got the fake AP SSID of the wireless network and use it for the AP to broadcast SSID. So users will see either the same SSID of the AP and from AP actually false.
If the user is incorporated in the AP network which is false, then the data can easily be stolen.
Worse, if the AP also has the ability to forge the MAC address of an AP that actually exist within the network. With the MAC which is equated with the actual MAC of the AP, the AP will be known as a fake AP that it has been authorized within the network.As a result, counterfeit APs can also be associated with other AP-AP and AP are treated as real.
It would be very dangerous because the login information, authentication, and more can be taken by users of this fake AP. Even if it could be associated with other APs, many more can be done.
3.Jaringan Wireless Ad-Hoc
Wireless network that uses the 802.11 standard, has a feature that allows the client in it can communicate with each other by the method of peer-to-peer directly through their wireless devices. This one feature is often referred to as Ad-Hoc.
Ad-Hoc In this topology, each laptop, PDA or other wireless-enabled device can act as an independent node and form a network of its own, regardless of what has been provided by the AP in the vicinity.
You can imagine, the Ad-Hoc wireless network will certainly be able to cause chaos for the actual wireless network. By forming a network of its own outside of the wireless network of the AP there is, of course there are some problems it would cause. First, the Ad-Hoc network may use the limited frequency bandwidth is also used by the real wireless network. So, between Ad-Hoc network with a true wireless network must share the frequency bandwidth. Of course this is quite disturbing the continuity of a real wireless network.
Another problem that can be caused by the presence of Ad-Hoc network is a network security key into the open. Ad-Hoc wireless network can be used as a gateway for the intruders to get into the main network. This is because these networks are very difficult to be managed centrally. Monitor the propagation of radio signals is also nearly impossible. Ad-Hoc network becomes easy to get into and confused because of the difficulty of this monitor. Moreover the hackers can easily fit into the main network by hacking on the device incorporated in the Ad-Hoc network and then do the bridging to the main network. The road to the main network to be wide open.
User Layer
1.Login the leaking
When a wireless network will be used as a medium to bring critical business data, is very important to limit only valid users who can log into it. If any user can log into the network and accessing the resources in it, then your business data will no longer safe.
The important thing to consider in maintaining security at this layer is to keep unauthorized users do not enter into this wireless network so as not to disturb the security of data and also the performance of your wireless network. To that end, the authentication process to be conducted and well-maintained security for accounts and keys to perform logging does not leak into unauthorized hands.
2.Man in the middle attack
In addition to preventing it is only entitled to enter, the security at this layer could also be threatened by the hackers who do Man in the middle attack (MIM attack).MIM attack is an attack from hackers who secretly put themselves in the middle of a process of communication between users with a real wireless network. MIM attack also relies on Fake AP as one of the intermediary.
So, first of all a user will enter into the trap of fake APs that can be incorporated with the main network because it has the SSID and MAC address is authorized. Then after the user successfully connected with the fake AP, the authentication process will be done immediately. Because the authentication system is confidential and only owned by a real network, then the fake AP is programmed to create such a tunnel to connect directly between users with a real wireless network. Thus, the authentication will run as usual, but with the help of an invisible intermediary.
Intermediary is certainly not going to squander this opportunity to steal keys and knick-knacks authentication gets. Knick-knacks such as your username and password authentication can be easily seen because the process is really through the intercession of the wireless network hackers. Having got it, then the hacker can now be freely incorporated in the network anywhere because he had earned the right to have access to the truth of others. In addition to trinkets authentication, the hacker was also able to tap any communication made by the user.
Application Layer
1.Denial of Service (DoS)
DoS is quite easy to do on a wireless network. Either intentionally or unintentionally, unwittingly or not, DoS often override the wireless network. Start from a deliberate like a hacker sending massive data packets to a point through your wireless network, up to the events that are not intentional and terkadan not occur at all.
For example, there is an employee who brings his wireless phone that also uses the 2.4 GHz frequency, the phone will certainly disrupt the signals of your wireless network also works at a frequency of 2.4 GHz. So the network is breaking down work because of interference. Finally, communication with servers and devices in a wireless network to be disrupted as well.
How to Prevent If It can not be eliminated Altogether?
With the breadth of the road leading to your private wireless network including landscapes, it is almost impossible to cover everything up completely one hundred percent safe. But, of course you do not want to just stay quiet to see the vandals ransacked the network you are not. To that end, several methods of securing the following is the most commonly used to slightly strengthen the defenses your wireless network:
Physical Layer
1.Bleeding Coverage Area
The first step to making your wireless network security defense is to adjust the coverage area of AP-AP you use. You can not set the length, width and far-reaching with great precision, but with a more narrow its coverage area into a particular direction may be more secure.
Limiting coverage area only go to certain direction, where its users a lot of activities can be performed using the AP that has the characteristics of sectoral emission, or in other words, emits only to one particular direction. Most APs are commonly used has the characteristics of the emission Omni, where the communication signals emitted 360 degrees.
External 2.AP Troublemaker
AP-AP vandals are attacking your wireless network is certainly a serious threat.Signal becomes disturbed and the possibility of user l vandals become likely. To prevent signal interference, one common way is to use a system of canals frequency setting dynamically the AP. With this system the occurrence of interference can be more in the press, though not inevitable at all.
To prevent the errors users in the association is making the SSID is really specific.For example, a word that is easily remembered by everyone in your office to be quite appropriate SSID. In addition, authentication systems should also be given at the time the user wants to join the SSID. If you want more secure again, regrouped its users in a VLAN-specific VLAN. All of this will probably be able to minimize the possibility of external AP vandals can ruffled your wireless network.
Network Layer
1.Rogue Fake AP and AP
Fake Rogue AP and the AP can extend your wireless network anywhere without permission can usually be prevented with the help of an X.509 certification system that mostly comes in the AP-AP class.
With this certification system, an AP will go through the authentication process first before joining the wireless network. AP does not have the same authentication will not be incorporated in the wireless switch or other wireless devices and will be reported as a Rogue AP or Fake AP.
2.Jaringan Wireless Ad-Hoc
The existence of the Ad-Hoc network is also a gap that is very dangerous for your personal wireless network. For that reason, monitoring of your wireless network is very important to do. Especially if you have a monitoring system that can do notice if there are wireless devices are configured in Ad-Hoc mode. Some classes of wireless devices may provide this facility.
User Layer
The Leaked 1.Login
Login system for users who want to get into the wireless network is actually a defense first performed in the user layer. Can you imagine what if this level is not secured. Sure anyone can go and play in it, even disruptive.
To select users that are believed to enter into this network, there are several security methods are commonly used as the Authentication Web, 802.1X and Address filtering. With one or even all three of these systems installed in your wireless network, then the user can get into your network will be selected.
2.Man in the Middle Attack
One method that can break the attack "middle man" is to use encrypted communication when braided. Whether building a fabric of communication as well as data transfer, encryption becomes a fortress sturdy enough. With the encryption in the authentication process to the process of sending data, the "middle man" is not going to be easy to read what was passing in this wireless media. Encryption systems are widely used for the MAC layer is TKIP encryption and IPSec for IP layer encryption.
Application Layer
1.Denial of Service (DoS)
DoS on the wireless network can sometimes be caused by ignorance of its users.As put microwave ovens, cordless phones, bluetooth devices, and many more devices using elektormagnet signals on your wireless network coverage area.
The first step to cope with DoS is to create a good monitoring system that can capture and detect interference, jamming, until the AP-Other AP around your wireless network. If possible, use a device capable of adjusting dynamically the characteristics of radio frequency to be able to automatically avoid interference. Also complete all your network devices with Access List and filter if possible. Thus, the DoS on your network may be minimized.
Must be comfortable but alert
Wireless networks are very convenient to use. All would agree with this opinion. But just knowing how many loopholes and weaknesses in it, certainly many people who will change this approval. Work hard to create good security for wireless networks you absolutely must do if you want safe. But hard work is certainly not perceived as a convenience for some people. It is in fact, convenience is always inversely proportional to the security of wireless networks in the world.
But if your wireless network is very meaningful to the ease and smoothness of your business, why not raise a little awareness to create better security. Your hard work will certainly pay off with the pleasure of communicating data wirelessly.