WEP was the first security option for 802.11 WLANs. Table 10-2 compares the Wi-Fi security standards type of authentication and encryption. Shared-key authentication has the wireless client hash a string of challenge text with the Wired Equivalent Privacy (WEP) key to authenticate the client to the network. Open system does not provide any security mechanisms but is simply a request to make a connection to the network. Two methods exist in the 802.11 standard for authenticating wireless LAN clients to an access point: open system or shared-key authentication. The security vulnerabilities and security solutions discussed in this chapter are all based on these IEEE and Wi-Fi Alliance standards. The Wi-Fi Alliance created additional security certifications known as Wi-Fi Protected Access (WPA) and WPA2 to fill the gap between the original 802.11 standard and the latest 802.11i amendment. The 802.11i amendment is the latest security solution that addresses the 802.11 weaknesses. The initial 802.11 standard included only rudimentary security features and was fraught with vulnerabilities. Table 10-1 shows a comparison of the 802.11 standard amendments.
However, since the lettered amendments are still frequently used when differentiating between the sections of the 802.11 standard, they will be used here in this chapter as well. The lettered amendments have been rolled up into a final 802.11 standard and are now referred to by the clause or section number within the 802.11 standard. Most wireless LANs (WLANs) are based on the IEEE 802.11 standards and amendments, such as 802.11a, 802.11b, 802.11g, and 802.11n. Control-Used to control which station has access to the wireless network media.Management-Used for notification, connection, disconnection, and information.See Figure 10-2.įigure 10-1: Wireless LANs in the OSI Model 802.11 frames also carry a frame control field in the MAC header used to indicate information about the frame, such as if the frame is encrypted. Ethernet just defines source and destination addresses, while an 802.11 frame can define source, destination, transmitter and receiver. For example, Ethernet Layer 2 frames carry only two MAC addresses, while 802.11 frames have fields for four MAC addresses. 802.11 has a completely different frame format at Layer 2 than does 802.3 (Ethernet). Many people call 802.11 WLANs “wireless Ethernet,” which is a big misnomer. This means that the protocols in use on a WLAN are the same from Layer 3 (usually IP) on up to Layer 7 (the application layer). The details of wireless attacks and countermeasures will be covered later in this chapter, but first you need to understand the fundamentals of the 802.11 standards and protocols.Ĩ02.11 Wireless LANs operate at layer 1 and 2 of the OSI Model. Additionally, any encryption applied to wireless networks only encrypts the data itself, leaving the header potion of the wireless frame open to many types of attacks. Whereas in an Ethernet network the data is carried in frames on copper or fiber-optic cabling, in a Wi-Fi network the data travels across open air. It is important to recognize that Wi-Fi networks are fundamentally different from Ethernet networks.
#Network ch 11 mac address sniffer install
The cost of Wi-Fi equipment is dropping and many organizations are pressing the IT staff to install wireless networks to complement or replace existing wired networks.
Even for organizations with a “no wireless” policy-meaning they do not support any Wi-Fi connectivity-rogue wireless access points placed on the LAN are an increasing threat. From the increase of Wi-Fi hotspots to the rising number of cell phones, PDAs, and laptops equipped with Wi-Fi radios, wireless security is an ever increasing issue for many organizations.īecause of the broadcast nature of radio frequency (RF) wireless networks and the rapid adoption of wireless technologies for home and business networks, many hacking opportunities exist in wireless networking. Much has been written about wireless security and hacking because wireless is a relatively new technology and rife with security vulnerabilities. Wireless networks add another entry point into a network for hackers.
Overview of wireless sniffers and locating SSIDs, MAC spoofing.Overview of WEP, WPA authentication mechanisms, and cracking techniques.CEH Certified Ethical Hacker (2010) Chapter 10: Wireless Network HackingĬEH Exam Objectives Covered in This Chapter: