Wireless Security Basics - Auditing Wireless Networks
Recent advancements in networking and internet connectivity have transformed the way that companies across the world conduct business. One such advancement, the introduction of wireless networking and mobile devices, carries with it specific risks and threats that must be considered when planning an information technology audit. As Stallings and Brown (2012) note, chief among these inherent risks is the fact that wireless networks present three attack vectors not necessarily present in a traditional wired network:
The wireless client
The wireless access point
The transmission medium
As with everything information security related, a successfully implemented wireless security strategy should address the CIA triad; that is it should ensure the confidentiality, integrity, and availability of the wireless network and the data shared across it.
This article aims to discuss the advantages of a wireless network; outline the recommended techniques and objectives for auditing a wireless network; discuss the tools available to assist with a wireless network audit; and recommend the best certification for those interested in learning more about wireless auditing.
Advantages and Risks of Wireless Networks
Wireless networking presents several advantages and disadvantages. The primary pro versus con discussion pertaining to wireless networks revolves around cost versus the footprint of the attack vector. Wireless networks are lower in cost than traditional wired networks as they do not require expensive installation of structured cabling, but at the same time, they have a much larger wireless network footprint (Whitman & Mattord, 2017). This means that potential bad actors can interact with the network in a much larger area. In fact, there have been some examples of bad actors gaining access to corporate wireless networks by parking in nearby parking lots or even just by driving by. This practice of driving though urban areas and documenting locations with access to business wireless networks is called war driving (Whitman & Mattord, 2017). For this reason, it is important that corporate wireless networks are appropriately sized; they should not be so powerful that they are readily available outside of the desired coverage area.
Another key advantage of wireless is convenience. Many corporate employees enjoy the luxury of not being tethered to their desk or workstation. The mobility that wireless and cellular/mobile technologies afford workers empowers them to complete their work in ways previously not thought possible. But again, information technology teams and auditors should take great care to protect the wireless network, as this mobility can also be a disadvantage. The ability to work untethered from the corporate network also means that bad actors can potentially compromise corporate systems without being geographically or physically located near the network itself.
Techniques and Objectives for Auditing Wireless Networks
The specific risks inherent to wireless networking discussed above must be considered when planning an audit of a wireless network. These specific concerns rely primarily with the wireless hardware and mobile devices that make up the three attack vectors (client, access point, and transmission medium). Industry experts recommend that auditors confirm that the following minimum security configurations are in place for any given wireless network:
Admin username and password for the router has been changed to a secure, non-standard password
The SSID is hidden to prevent war driving or other unauthorized visibility
ACLs based on hardware MAC addresses are in place to prevent unauthorized devices from connecting to the corporate network
Credentials used for authentication to the wireless network are secure and changed regularly
The transmission of data is encrypted
VPN is used for secure remote access
Similarly, wireless networks should employ appropriate authentication and encryption protocols. In fact, selecting the appropriate wireless authentication method for an organization’s wireless network is one of the most important decisions a network engineer will make. Available options include:
open (no authentication is needed to connect)
shared (authentication is accomplished via a shared password)
EAP (Extensible Authentication Protocol, which utilizes a server to generate an encrypted key)
Authentication alone does not constitute a security standard, however, and so ultimately the decision comes to down to which set of standards/protocols contain the best mix of authentication, encryption, and other desired features. Well-known wireless connection technologies such as WEP, WPA, WPA2 and others give administrators a multitude of options when considering the ways in which their users will interact with the wireless network. Not all of the technologies are created equal, however, as WEP should not be considered an option at all due to its fundamental flaws (such as using open authentication) which can be easily exploited to give bad actors access (Whitman & Mattord, 2017). As industry experts generally agree that utilizing WEP is a bad idea, it has since been replaced by WPA/WPA2/WPA3. WPA2/3 can be configured to use a pre-shared key or EAP via an 802.1x authentication server. In general, the use of an authentication server, such as RADIUS, is the preferred option as it provides the most secure blend of authentication and encryption.
Wireless Auditing Tools
Auditing a wireless network may seem like an insurmountable task at first glance, but industry experts and leaders have created a multitude of tools aimed at assisting auditors with their work. Davis, Schiller, & Wheeler (2011) recommend several tools, including Kismet, Aircrack-ng, and BackTrack (now known as Kali Linux). As Pearson (2013) notes, each of these tools are incredibly valuable in assisting auditors in testing and confirming wireless network controls are functioning correctly:
Kismet – 802.11 layer 2 wireless network detector, sniffer, and intrusion detection system. This can be used to ensure that SSIDs are hidden and unable to be accessed without authorization.
Aircrack-ng – 802.11 and WPA-PSK key cracking program. This can be used to test the security of credentials and pre-shared keys.
Kali Linux – Linux distribution focused on virtual penetration testing, including wireless resources. This can be used to plan and implement a penetration test. If interested, in creating a pen test target, please see our guide on how to configure a raspberry pi for use in pen testing.
Wireless Auditing Certifications
Additionally, one of the greatest tools at an auditor’s disposal is knowledge and expertise. To that end, the Global Information Assurance Certification (GIAC) offers the GIAC Assessing and Auditing Wireless Networks (GAWN) certification which focuses on the security mechanisms for wireless networks, the tools and techniques used to evaluate and exploit weaknesses, and the techniques used to analyze wireless networks. The GAWN confirms that an information technology professional possesses the necessary skills and abilities to audit a wireless network. The program offers training resources and suggested knowledge domains and allows candidates to take an exam as evidence of their expertise. Studying for and obtaining the GAWN is a a great step towards a career in IT auditing (and network auditing in particular).
Davis, C., Schiller, M., & Wheeler, K. (2011). IT auditing using controls to protect information assets (2nd ed.). New York, NY: McGraw Hill. ISBN: 9780071742382
Pearson, D. (2013). Wireless attack and audit tools: Recommendations list. Retrieved from http://www.subliminalhacking.net/2013/02/07/wireless-attack-and-audit-tools-recommendations-list/
Stallings, W., & Brown, L. (2012). Computer security: principles and practice. Boston, Mass.:Pearson.
Whitman, M. E., & Mattord, H. J. (2017). Management of information security. Australia:Cengage Learning.