Chapter 4. Going Wireless
| "Freedom always comes at a price" | |
| --Samir Datt |
Today, people desire to be free from the restraining and restricting wires. Always connected and always online, the growth of this desire has fueled the proliferation of wireless networks. Who doesn't have Wi-Fi at home or at their place of work? Our phones are connected using Wi-Fi, our tablets are connected over Wi-Fi and with the advent of the
Internet of Things (IoT), even our household devices are connected over Wi-Fi or will be in the future!
However, the freedom of a wireless existence comes at a price. Wireless networks broadcast a signal that is open to the air. With no physical limitations except those of range, this signal is open to interception and interpretation by the bad guys.
In the previous chapters, we saw how information travels in packets over the network physical layer. In wireless LAN networks, the data packets are broadcast wirelessly over the air. The receiving device reads the packet header...
Laying the foundation – IEEE 802.11
At the
Institute of Electrical and Electronics Engineers (IEEE), a working group was set up to create specifications for wireless local area networks (WLANs). This slowly evolved into a family of specifications known as the IEEE 802.11 specifications for wireless LANs.
The Ethernet protocol forms the foundation of all the 802.11 specifications.
As investigators who are getting ready to explore the forensics of wireless networks, it is important to develop an understanding of the underlying technology. The 802.11 specifications allow us to gain an insight into data speeds, spectrums, encoding, and so on.
These standards are downloadable and available free of charge from the IEEE website at http://standards.ieee.org/about/get/802/802.11.html.
In a nutshell, the 802.11 specifications are a set of media access control (MAC) and physical layer (PHY) specifications that govern communications in wireless LANs in the 2.4, 3.6. 6, and 60 GHz frequency bands.
The 802...
Understanding wireless protection and security
Before we move onto forensic investigation of wireless security breaches, we need to understand the various facets of wireless protection and the elements of security therein.
Let's start with a bit of a walk down memory lane.
During September, 1999, the WEP security algorithm was created. Wired Equivalent Privacy (WEP), as the name suggests, was supposed to be as secure as wired Ethernet networks. At one point of time, it was the most used security algorithm. This was due to the fact that it was backwards compatible and was the first choice in the early router control options.
The early versions of WEP were particularly weak as the US Government had restrictions on the export of cryptographic technology that used greater than 64-bit encryption. This led the manufacturers to restrict themselves to the 64-bit encryption.
Once the US Government lifted the restrictions, 128-bit and 256-bit encryptions were introduced. However...
Discussing common attacks on Wi-Fi networks
Prevention, detection, and investigation of illegal network activity is greatly strengthened by an intimate knowledge of the different modes of unauthorized access. The security perimeter of a Wi-Fi network is quite porous and breaches can come from multiple vectors.
To help enhance this knowledge, let's discuss the common attacks on Wi-Fi networks.
When a user turns on his laptop and his device accidentally associates itself with an available Wi-Fi network (maybe due to the network being open), this is known as an incidental connection. The user may be unaware that this has occurred. This can be classified as an attack since the laptop may also be connected to another wired network and could perhaps provide inroads to this network from the open network. This mis-association could be accidental or deliberate with malicious intent, for example, the attacker's objective may be to bypass the company firewall and allowing a company...
Capturing and analyzing wireless traffic
Before we go off to dive into the deep waters of the Wi-Fi sea, it is time to invite our good seafaring friend, Wireshark, to the scene. Just as we had used Wireshark to capture traffic on our wired Ethernet networks in the previous chapters, we will now use it to capture the Wi-Fi network traffic.
Sniffing challenges in a Wi-Fi world
Sniffing Wi-Fi traffic can be quite challenging. Wireless networks work on multiple channels and use different frequencies, even in the same location. The challenge is to select a specific static channel. The next challenge is identifying the channel number that we have decided to capture.
Another important factor to consider is the distance between the point of capture and the transmitting point. The greater the range, the less reliable the collection. Interference and collisions can also affect the quality of capture. As discussed earlier, certain network frequencies are subject to interference by devices such as cordless...
As we have seen, Wi-Fi networks, while making life easier for end users, have increased our security risks correspondingly. The investigation of Wi-Fi data also involves a number of additional complexities such as ensuring the wireless network interface is in the monitor mode. However, once these issues are taken care of, capturing and analyzing Wi-Fi data can be quite straightforward and is just a matter of applying tools in an effective manner.
So far, we have made pretty good progress. In the next chapter, we will put together all that we have studied to track an intruder in our network. Therefore, put on your 007 hats and let's get started…