Scribd
Upload
40 views1 page

Engineering in Your Pocket: Vulnerabilities? With Nessus

This document discusses security issues in wireless networks. It describes various types of active and passive attacks that can be carried out on wireless local area networks (WLANs). Active attacks include unauthorized access, man-in-the-middle attacks, masquerading, replay attacks, denial of service attacks, and message modification. Passive attacks involve traffic analysis and passive eavesdropping. The document also discusses how confidentiality, integrity, and availability can be compromised through these attacks and provides examples such as brute force password cracking and insertion attacks.

Uploaded by

Rahul Thorat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
40 views1 page

Engineering in Your Pocket: Vulnerabilities? With Nessus

This document discusses security issues in wireless networks. It describes various types of active and passive attacks that can be carried out on wireless local area networks (WLANs). Active attacks include unauthorized access, man-in-the-middle attacks, masquerading, replay attacks, denial of service attacks, and message modification. Passive attacks involve traffic analysis and passive eavesdropping. The document also discusses how confidentiality, integrity, and availability can be compromised through these attacks and provides examples such as brute force password cracking and insertion attacks.

Uploaded by

Rahul Thorat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Explore " !

Login

Explain possible attacks on


Wireless LANs.

# $ &
written 18 months ago by modified 18 months ago by

• 100
stanzaa37 290
Sanket Shingote

Vulnerabilities? With
Nessus
Pro, You'll Always Know
Leader in Vulnerability Risk Management Wave
Report Q4 2019
tenable.com

OPEN

Subject: Wireless Technology

Topic:
Topic:Security Issues in Wireless Network

Di!iculty: Medium

wt(27) • 2.0k views

% 0 upvotes ADD COMMENT

# $ written 18 months ago by

• 100
stanzaa37

Wireless LAN’s (WLAN) are LAN’s networked


wirelessly using the air interface as the medium of
the network. The wireless technology being used is
nothing but radio frequency waves. WLAN can run on
three di!erent physical media, two based on the
spread spectrum and one on di!used infrared.

Most of the industries and businesses are dependent


on correct, secure and safe operation of the wireless
local area networks. The security of this confidential
data is extremely important. If there is an attack on
the network, this data can be leaked and
unauthorized users or enemies can misuses the data
or modify it. There are two types of attacks on
computer networks. They are:

Active Attack: Active attacks are attacks where the


user data is modified or fraud data is created. It is
very di!icult to avoid attacks on the computer
networks.

The di!erent types of Active attack are:

Unauthorized Access: The attack is not aimed at a


particular user, but by doing this, the attacker gains
unauthorized access to the whole network. This
attack in turn gives rise to more malicious attacks
such as MITM, ARP poisoning. Man In The Middle
Attacks (MITM): This attack comprises the integrity of
messages as they can be read and/or modified by the
attacker. The attacker appears to the access
point(AP) as the user and to the user as the authentic
AP, Hence this fools both the AP and the user and all
data is passed through the Attacker
Masquerading/spoofing is the technique employed
by the attacker to fool the participants of the
connection.

Masquerade: A masquerade attack is an attack that


uses a fake identity, such as a network identity, to
gain unauthorized access to personal computer
information through legitimate access identification.

Masquerade attacks may happen in a number of


ways. In case of an insider attack, a masquerade
attacker gains access to the account of a legitimate
user either by stealing the victim's account ID and
password, or by using a key logger.

Another common method is by exploiting a


legitimate user's laziness and trust. Vulnerable
authentication is one of the other factors that can
trigger a masquerade attack.

For example, although a unique IP address is


assigned to each individual computer, a hacker can
convince another system that it is the authorized
user through spoofing, essentially convincing the
target computer that the hacker's computer has the
same IP.

A standard strategy to resist this kind of attack is to


create innovative algorithms that can e!iciently
detect the suspicious actions, which could result in
the detection of imposters.

Replay
Replay: A replay attack has the same objectives as
the Man-in-the-Middle and the session hijacking, but
this attack happens o!line, rather than in real time.
The attacker can capture data of a session and can
use it later to exploit the victim’s information.

Denial of Service (DoS): This works well on WLAN


and is one of the very famous attacks, to bring down
the system. The main aim is to bring down the
system so that it doesn’t respond to the users
request. This can be done by sending huge tra!ic at
the AP, making it unable to respond.

Modification of messages
messages: In this attack, some
part of the message is modified (deleted or added),
recorded or delayed so as to produce an
unauthorized result.

Session Hijacking: This attack is also attacking the


victim indirectly as the MITM attack. Session High
jacking involves taking control of the session. The
attacker will take control of the session and the
victim will think that the session is no longer in
operation whatever the cause. Whereas the session
will be live and in the hands of the attacker, which
he/she can exploit for many purposes. This attack
happens in real time and also compromises the
integrity aspect.

Passive Attacks:

Passive attacks are attacks where the attacker tries to


access the data that is being transmitted over the
network. Passive attacks are eavesdropping - easy to
perform and almost impossible to detect or
snopping during the data is transmitted.

There are two types of Passive attack:

Tra!ic analysis
analysis: The first step to any type of
hacking is foot printing and wireless foot printing is
done by carrying out tra!ic analysis. The attackers
before mounting an active attack have to obtain
su!icient information about the network This
operation of tra!ic analysis gives the attacker some
basic information about the network, like, the
network activity going on, the protocols being used
by the network and also the active access points
(AP’s) of the network.

Passive eavesdropping: This attack is very similar


to the tra!ic analysis attack, as this also discloses the
information about the network but at the same time
the attacker can access and read the message
contents.

Release of message content: The attacker can


attack the users email or file that is being
transmitted. The attacker can then view those secret
messages and can misuse them.

The di!erent attacks on wireless networks are:

Service Interruption
Interruption: In this attack the system
resources are destroyed or service to the network is
made unavailable by either increasing the load on
the service network by making fake requests to
connect to the network or by destroying the
resources.

Modification: In this attack, the attacker accesses


the data of the network and also he can modify the
data or destroy the data.

Jamming: In this attack, the network service is


interrupted if the tra!ic is such that it cannot reach
the client. The attackers flood the 2.4GHz band,
degrading the signal strength.

Fabrication: In this attack, the network authenticity


is attacked. The attacker puts obstruction objects in
file records. Attacks against encryption: Wired
Equivalent Privacy (WEP) is used as an encryption
method in IEEE 802.11b standard. It has some
drawbacks. The attacker can break the WEP.

Misconfiguration: Some of the access points (APs)


have unsecured configuration as they are rapidly
deployed. Hence, each access point must be secured
otherwise, it can be attacked by unauthorized users.

Interception: For capturing the data in a network,


this attack is an attack on the network
confidentiality.

Client-to-client attacks: The clients need to


protect themselves against attacks similar to wired
networks. The service can be interrupted even if IP or
MAC addresses of networks are duplicated.

Brute-force attacks against passwords of


access points
points: Usually the wireless users that use
an Access point share a single password or key. An
attacker or hacker can hack the password by
guessing the password. Once the password is known
to the attacker, he can access that entire network or
even change the password, causing a threat to
system security.

Insertion attacks: Insertion attacks occur because


of deploying wireless network without implementing
security methods or installing unauthorized devices
on the network.

Characteristics of a Network System:


Confidentiality: This features indicates only the
authorized users can access the network system. The
access provided will be read-only access to the
network system.

Integrity
Integrity: This feature indicates that only authorized
users can insert, delete or modify the network
system data in an authorized manner. Integrity is
related to error correction and protection of
resources.

Availability: This feature indicates that a user can


access files (data and services) to which he has
access.

% 0 upvotes ADD COMMENT

Please log in to add an answer.

Next up

Read More Questions


If you are looking for answer to specific questions,
you can search them here. We'll find the best
answer for you.

Search

Study Full Subject


If you are looking for good study material, you can
checkout our subjects. Hundreds of important
topics are covered in them.

Know More

Engineering in your
pocket
Download our mobile app and study
on-the-go. You'll get subjects,
question papers, their solution,
syllabus - All in one app.

COMPANY CONTENT SUPPORT


About Us New Post Contact Us
Community All Posts Privacy
Blog Q.Papers Terms

For Instant Help: +91 950 373 3731

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy