Importance of LAN Security
Local Area Networks (LANs) play a pivotal role in modern organizations for data processing and communication. Securing these networks is crucial to prevent cyber-attacks, especially given the prevalence of wireless LANs in homes and businesses. This article investigates wireless security, addresses common issues with Wi-Fi routers, provides actionable recommendations, and includes real-world examples to illustrate the importance of robust LAN security measures.
To begin, a wireless network refers to a computer network that makes use of Radio Frequency (RF) connections between nodes in the network. Wireless networks are a popular solution for homes, businesses, and telecommunications networks.
Benefits and downfalls of a wireless LAN
Advantages:
- Mobility
- Easy setup
- Cost effective.
Disadvantages:
- Security
- Performance
- Interference
- Range
- Compatibility
Wi-Fi standards
Wi-Fi standards are a set of protocols and specifications that govern how wireless networks operate, including data transmission rates and frequency bands. The most common Wi-Fi standards you’ll encounter are part of the IEEE 802.11 family, which includes variations such as 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, and 802.11ax. These standards operate on either the 2.4 GHz or 5 GHz frequency bands, with future expansions planned for the 6 GHz band. Each standard offers different speeds, features, and compatibility levels, catering to various network requirements and advancements in wireless technology.
Securing a Wi-Fi network?
Usually, a common practice to secure the Wi-Fi network is to change default passwords. Other practices may be using different encryption standards, like:
- WEP
- WPA
- WPA2
- WPA3
The 4-way handshake in WPA2, the most common encryption method used, is a crucial process used to establish a secure connection between a client device (such as a laptop or smartphone) and a wireless access point (AP) in Wi-Fi networks. The figure below describes the process, involving four messages:
- Client Initiation: The client sends a request to the AP, specifying its capabilities and preferred security protocols.
- AP Response: The AP responds with its chosen security protocol and a nonce (a random number used only once).
- Client Confirmation: The client generates its nonce, creates a Message Integrity Code (MIC) using the AP’s nonce and encryption key, and sends this confirmation back to the AP.
- Secure Connection Establishment: Upon receiving and verifying the MIC, the AP acknowledges the secure connection, and both parties establish a Pairwise Transient Key (PTK) for encrypting data during the Wi-Fi session.
Ref [https://www.wifi-professionals.com/wp-content/uploads/2019/01/4-WAY-handshake.png]
In many cases, even this is not enough to prevent cyberattacks and in the following chapter describes the most common attacks that are used to access and exploit the LAN.
Common attacks used to hack a Wi-Fi LAN
The approach for the project was to showcase the most common vulnerabilities of a LAN from inside and outside the network.
Consequently, a LAN was defined, with a classic network address 192.168.0.0/24. The router chosen for this case was an older generation TP-Link router. Different virtual machines (VMs) – Kali Linux, Windows 10, Metasploitable v2 – and smartphones were connected to the network.
Internal Network Attacks
- DoS Attack (Denial of Service): Using tools like Kali Linux, an attacker floods the router with DHCP requests, causing network congestion and denial of service for legitimate users.
- MITM Attack (Man-in-the-Middle): The attacker sets up a rogue DHCP server to intercept and modify traffic between a Windows 10 device and the router, allowing for data manipulation or eavesdropping.
- Router Exploitation: Exploiting known vulnerabilities in the router’s firmware or software to gain unauthorized access or control over the device.
- Password Attack: Conducting dictionary attacks against the router to guess or crack weak passwords and gain access to network credentials.
External Network Attacks
- Password Cracking: Using brute force or dictionary attacks to guess Wi-Fi passwords and gain unauthorized access to the network.
- DoS Attack: Continuously de-authenticating other users’ devices to disrupt network access.
- Captive Portals: Setting up fake access points (APs) with captive portals to trick users into entering credentials, leading to credential theft.
Conclusions
LAN security is paramount for all users. The demonstrated attacks highlight Wi-Fi network vulnerabilities. To enhance LAN security, consider the following recommendations:
- Firmware and Software Updates: Regularly update devices to address vulnerabilities and improve overall security.
- Strong Passwords: Encourage the use of complex and unique passwords to mitigate password cracking attacks.
- Service Disabling: Disable unnecessary services to reduce the attack surface and enhance network resilience.
- Encryption Protocols: Utilize robust encryption protocols like WPA2 and WPA3 to ensure data confidentiality and integrity.
- Firewall Activation: Enable firewalls as an additional layer of defense against unauthorized access and network threats.
- Multifactor authentication: requires users to provide two or more forms of verification before gaining access to the network.
- VPN Usage: Implement VPNs for secure remote network access and data transmission.
- WPS Disabling and Traffic Limiting: Turn off WPS (Wi-Fi Protected Setup) and limit network traffic to minimize potential attack vectors.
- Public LAN Avoidance: Advise against using unsecured public LANs to protect sensitive data from interception.
- Security Features Activation: Enable DHCP snooping, Port Security, IDS/IPS systems to detect and prevent unauthorized network access and attacks.
Additionally, the emerging trends in LAN security, such as the adoption of AI-driven threat detection and IoT devices will have an impact on network vulnerabilities. Moreover, upcoming technologies or protocols (e.g., Wi-Fi 6E, 802.11be) may influence LAN security practices soon.
By implementing these measures and staying informed about evolving security trends, users can significantly improve their LAN’s resilience against cyber threats.