What is a wireless network? Wi-Fi security

Among the many advantages that WiFi offers, we can count on the fact that it allows the user to use the network at any point within the limits of the transmission range. It also makes it possible to quickly add other computers and devices to the network. In addition to this, it is much more practical and economical to implement than a traditional wired network.

The flexibility of WiFi is so great that it is now common to find WiFi networks available in hotels, airports, bus stations, bars, restaurants, shopping malls, schools, universities, offices, hospitals and many other places that offer Internet access . many times for free.

But do we really know what WiFi is? In this post we will find all the answers to our questions.

What is Wi-Fi?

Technically, WiFi is a set of specifications for wireless local networks (WLAN Wireless Local Area Network) based on the IEEE 802.11 standard. The name WiFi is an abbreviation of the English term “Wireless Fidelity”. It is common to find the term WiFi written as “Wi-Fi”, “Wi-fi” or even “wifi”. All of these names refer to the same technology.

With Wi-Fi technology, it is possible to implement networks that connect computers and other compatible devices such as cell phones, game consoles, printers, and other devices that are geographically close. These networks do not require the use of cables, since they transmit data through radio frequency.

How Wi-Fi works

One of the most widespread technologies of recent times, and that with greater momentum and speed is being incorporated into our daily lives without a doubt, as we have been mentioning in this article is WI-Fi, which allows us to interconnect different kinds of devices between them. without the need for cables or for them to be fixed in one place. In this article we will get to know this concept a little more closely to internalize what it can offer us.

Introduction

Basically, WiFi wireless links are a connection methodology that allows us to interconnect devices and access the Internet without the need to use cables or complicated configurations, allowing unprecedented mobility and ease of use in the history of computing.

Currently, it is almost an obligation that new devices that come onto the market offer a Wi-Fi wireless connection, which is why we can find Blu-Ray or DVD players and home entertainment equipment such as consoles, smartphones, tablets or smartphones. , in addition to laptops or desktops and many others.

The possibility that the wireless Wi-Fi type connection offers all these devices gives them unlimited flexibility to be connected, giving rise to even other technologies born from this concept, such as SmartTVs.

It’s amazing what a connection to the  Internet or to other devices via WI-Fi can add to a simple media player , just look at some of the new models recently released to realize the possibilities it offers us.

Technical data

Wi-Fi technology is based on the IEEE 802.11 standard, however, that does not mean that every product that works with these specifications is Wi-Fi. In order for a certain product to receive a seal with this mark,  it must be evaluated and certified by the Wi-Fi Alliance.  This is a way of assuring the user that all products with the Wi-Fi Certified seal  follow the functionality standards that guarantee compatibility with each other .

However, that does not mean that devices that do not have the seal will not work with devices that do (but, it is preferable to opt for certified products to avoid problems). Wi-Fi is based on the 802.11 standard. We explain this topic below.

The 802.11 standard

The 802.11 standard establishes standards for the creation and use of wireless networks. The transmission of this network is carried out by radio frequency signals, which propagate through the air and can cover areas of hundreds of square meters.  As there are countless services that can use radio signals, it is necessary for each one to operate in accordance with the requirements established by the government of each country. This is one way to avoid problems, especially with interference.

There are, however, some frequency segments that can be used without the need for the direct approval of the appropriate entities of each government: the  ISM (Industrial, Scientific and Medical) bands,  which can operate, among others, with the following intervals: 902 MHz-928MHz; 2.4 GHz – 2.485 GHz and 5.15 GHz – 5.825 GHz (depending on the country, these limits may vary). The last two bands are the ones used by Wi-Fi,  however, this feature may vary according to the version of the 802.11 standard.

It is good to know that, for such a network to be established, it is necessary for devices (also called STA – for “station”) to connect to devices that provide access.

These are generically called Access Point (AP). When one or more STAs connect to an AP, a network is therefore obtained, which is called a  Basic Service Set (BSS).  For security reasons and the possibility of having more than one BBS in a given location (for example, two wireless networks created by different companies in an event area), it is important that each one receives an identification called Service Set Identifier (SSID ).

Basically, the SSID is a set of characters that, after being defined, is inserted into each network data packet .  In other words, the SSID is nothing more than the name given to each wireless network.

What is Wireless technology?

Wireless is a technology also known as wireless, which allows the connection of two devices through radio waves,  without the need for cables. Unlike other business areas, Wireless technology, also known as Wi-fi (Wireless Fidelity), allows the creation of radio waves in unlicensed frequencies, which avoids the problem of licenses or the authorization of the regulatory agent when operating. of communications.

Basically, two items are needed in a wireless connection : a hotspot  and a device with wireless communication capabilities. Hotspot is the access point through which the signal is transmitted . Currently, all notebooks come with an integrated WiFi-type Wireless communication system . In addition, many houses, offices and commercial establishments such as shopping malls, restaurants, bookstores and other establishments have their own wireless networks, thus making it possible to connect to the Internet without any type of wiring, which means a great advance in terms of versatility and efficiency.

These networks, known as  WLANs , enable high-speed  Internet access in radiuses of less than 100 meters, that is, relatively small areas.  Another possibility is the connection through high frequencies,  but in this case the authorization of a competent body is necessary. This type of connection, known as streaming, is increasingly used by users.

In this way,  Wireless technology is presented as an alternative to conventional networks,  since it enables the same functionalities but in a flexible way, with easy configuration and good connectivity.

WiFi network vulnerabilities

No type of network is totally untouchable , even wired networks suffer from different types of vulnerabilities. Wireless networks are even more vulnerable than wired networks,  due to signal propagation in all directions. In this chapter we will see the main types of attack on wireless networks.

Wi-Fi Vulnerabilities: Access Point Spoofing

Access Point Spoofing or “Malicious Association”: in this case the attacker pretends to be an access point and the client thinks he is connecting to a real WLAN network . Common attack on ad-hoc networks.

Wi-Fi Vulnerabilities: ARP Poisoning

ARP Poisoning or “ARP Poisoning”, attack on the ARP protocol (Address Resolution Protocol)  as the attack case called “Man in the Midle” or “man in the middle”. An invading computer X sends an ARP reply packet to Y saying that the IP address of computer Z points to the MAC address of computer X, and likewise sends an ARP reply packet to computer Z saying that the address Computer Y’s IP points to X’s MAC address. Since the ARP protocol does not save states, computers Y and Z assume they sent an ARP request packet requesting this information, and assume the packets are true. From this point on, all packets sent and received between computers Y and Z go through X (man in the middle).

WiFi vulnerabilities: MAC spoofing

MAC Spoofing, or “MAC masking,”  occurs when someone steals a MAC address from a network by posing as an authorized client. In general, network cards allow the change of the MAC number for another , which makes this type of attack possible.

Wi-Fi vulnerabilities: Denial of service

Denial of Service or “Negative of Service”, also known as DOS It consists of denying some type of resource or service. It can be used to “flood” the network with disassociation requests, thus making it impossible for users to access,  as network components associate and disassociate over and over again. By rejecting some service, it can also cause interference from Bluetooth equipment, microwave ovens and cordless phones, since these equipment work in the same frequency band as wireless networks.

WiFi vulnerabilities: WLAN scanners

WLAN Scanners or “Surveillance Attack”,  consists of visiting a place to be invaded to discover active WLAN networks in that place,  as well as physical equipment, for a subsequent attack or theft.

WiFi vulnerabilities: Wardriving and warchalking

“Wardriving ” is the activity of finding access points to wireless networks, while moving around the city in a car and using a notebook with a Wireless network card to detect signals.

After locating an access point to a certain wireless network, some individuals mark the area with a chalk symbol on the sidewalk or wall, and inform other invaders – an activity called “warchalking.”

Security protocols in WiFi networks

Security is the weak point of wireless networks , since the signal spreads through the air in all directions and can be captured at a distance of hundreds of meters, using a notebook with an antenna. This makes  wireless networks vulnerable to interception.  Next, we will see some protocols used in the security of wireless networks.

Extensible Authentication Protocol

Extensible Authentication Protocol or EAP is  a protocol that allows various authentication methods such as EAP-MD5, EAP-TLS and other methods.  The authentication modalities can be by security certificates or by passwords.

EAP for security certificates

EAP-TLS:  Requires the installation of security certificates on the server and clients. It provides mutual authentication, that is, the server authenticates the client and vice versa using the TLS (Transparent Layer Substrate) protocol.

EAP-TTLS:  It is similar to EAP-TLS. However, the certificate is only installed on the server, which allows client authentication of the server.  Server-side client authentication is done after establishing a TLS session using another method such as PAP, CHAP, MS-CHAP, or MS-CHAP v2.

PEAP:  It is similar to EAP-TTLS,  since it only requires a security certificate on the server . It was developed by Microsoft, Cisco and RSA Security.

EAP for passwords

EAP-MD5 –  Use username and password for authentication .  The password is transmitted in encrypted form through the MD5 algorithm. It does not provide a high level of protection  as it can suffer “dictionary” attacks, that is, an attacker can send several encrypted ones until he finds a valid one. There is no way to authenticate the server, and it does not generate dynamic WEP keys.

LEAP:  uses a username and password, and supports dynamic WEP keys.  As it is a proprietary technology of CISCO, it requires that the equipment be from Cisco  and that the RADIUS server be compatible with LEAP.

EAP-SPEKE:  uses the  SPEKE method (Simple Password-authenticated Exponential Key Exchange), which allows the client and server to share a secret password , which provides a mutual authentication service without the use of security certificates.

Service Set ID. SSID

Service Set ID or SSID is an alphanumeric code that identifies a wireless network . Each manufacturer uses the same code for the components it manufactures. You should alter this name and disable the “broadcast SSID” option to the access point to increase network security. When broadcast SSID is enabled, the access point periodically broadcasts the SSID of the network allowing other clients to connect to the network.

In public access networks, it is desirable to propagate the SSID, so that anyone can connect to the network . As the SSID can be extracted from the transmitted packet through the “sniffing” technique, it does not offer good security for the network. Even so, the name should be altered to prevent others from accidentally using the same network.

Wired EquivalencyPrivacy

Wired Equivalency Privacy or WEP. As the name suggests,  this protocol is intended to provide the same level of privacy as a wired network.  It is a security protocol based on the RC4 cryptography method that uses 64-bit or 128-bit cryptography. Both use a 24-bit initialization vector. However, the secret key is either 40-bit or 104-bit long. All Wi-fi products support 64-bit encryption, however not all of them support 128-bit encryption.

In addition to cryptography, it also uses a cyclic redundancy check procedure in the CRC-32 pattern, used to verify the integrity of the data packet. WEP does not protect the entire connection, only the data packet. The WEP protocol is not totally untouchable, since there are already programs capable of breaking the cryptography keys in the event that the network is monitored for a considerable time.

Wi-Fi Protected Access

Wi-Fi Protected Access or WPA was developed to solve the security problems of WEP.  WPA has a protocol called TKIP (Temporal Key Integrity Protocol)  with a 48-bit initialization vector and 128-bit cryptography . With the use of TKIP the key is altered in each packet and synchronized between the client and the Access Point, it also uses user authentication by a central server.

Media Access Control

Media Access Control or MAC, each network card has its own unique MAC address number.  In this way, it is possible to limit access to a network only to boards whose MAC numbers are specified in an access list.

It has the disadvantage of requiring more administration, as you need to update the list of MAC addresses when a computer on the network changes or to provide access to a visitor, or even on public networks.  Another disadvantage is due to the fact that the MAC number of the network card can be altered via software and emulate a valid number with access to the network.

WPA2

It is an enhancement of WPA that uses the encryption algorithm called AES (Advanced Encryption Standard).

Remote Authentication Dial-In User Service

Remote Authentication Dial-In User Service or RADIUS is a proprietary 128-bit encryption pattern.  However, it is only available in some more expensive products, due to the addition of an extra layer of cryptography.

Tricks to improve our wireless network

Wireless technology frees users from cables, in addition to allowing convenient and greater mobility, without the need to only have Internet access in a certain place. Users who use a Wireless Internet connection usually receive a notification from the system indicating that the wireless link is poor.

This happens due to certain peculiarities of the wireless signal itself, which, by taking into consideration some tips, we can improve and  achieve complete and better coverage in all corners of our home or office.

There are certain actions that can improve wireless connectivity in homes. Here we list the main ones:

How to locate the router to improve WiFi range

The wireless signal does not have a long range, and any walls or large objects can cause interference. For this reason, the wireless router must be located in the center of the house to guarantee the greatest possible coverage.

Ideally, place the router on a flat surface away from obstructions and verify that the wireless channel is for exclusive use to avoid interference. The Wireless router should be located, as far as possible, from walls, above ground level and away from any metal object that stands between it and the receiver.

Buy a  WiFi repeater

A wireless repeater is an easy way to amplify the signal. It works like a router, but instead of creating a signal, it builds on an existing one. A WiFi repeater is easy to install and does not require additional cables or connections. Multiple repeaters make it easy to create a home or office network with full connectivity.

Replace the WiFi antenna with a high gain one

The antennas that are included in most routers are small, with omni directional capabilities.  These antennas transmit the same signal in different directions, very useful if you need a connection throughout a house, but the range is relatively short.

A directional antenna can improve range by focusing the signal in a specific direction,  allowing the signal to be directed where it is needed . These antennas are commonly called “high-gain” and the signal gain is measured in decibels (dB).

These types of antennas manage  to send the wireless signal in a specific direction, just to the place where  a good performance connection is necessary.

Change the wireless network card

In the event that you have a notebook or netbook,  it is a good idea to try replacing the WiFi network card with a USB network adapter,  since the latter uses an external antenna to improve the range of the WiFi signal.

Change the channel of the WiFi router

On the router’s Setup page, we can change the channel, which will allow us to improve the signal strength. This setting is usually factory set to “Automatic”, but we can experiment until we find the signal level that best suits our requirements.

Change Wi-Fi router

In the last instances, what we can try is to update our router to one that supports the latest  WiFi standards , with which we will surely be able to correct these reception defects.  It should be noted that the latest version of WiFi available is the N standard.

firmware update

Router manufacturers release firmware updates on a regular basis, and upgrading routers can lead to increased performance and allow access to new features.

Another option for tech-savvy people is to install third-party firmware.  There are free alternatives that may be compatible for the respective update.