CEH Module 16: Hacking Wireless Networks

Have you ever thought how easily someone could infiltrate your wireless network? In a world where wireless connectivity is ubiquitous, understanding the vulnerabilities and security measures associated with these networks is crucial.

Wireless networks offer convenience and flexibility, but they also present unique security challenges. According to a study done by the National Cyber Security Alliance, 60% of small businesses experiencing a cyber attack run out of business within half a year. This statistic underscores the importance of securing wireless networks, as they can be a common entry point for cybercriminals.

CEH Module 16: Hacking Wireless Networks dives deep into the world of wireless networks, exploring how attackers exploit vulnerabilities and how we can defend against these threats.

What are Wireless Networks?

Wireless networking is revolutionizing the way we work and play. By removing physical connections, it allows devices to communicate over electromagnetic (EM) waves. Wireless networks use radio-frequency technology to connect devices without physical cables, making data portable and accessible. This innovation simplifies network setups and makes data accessible on the go. However, it also requires robust security measures to prevent unauthorized access.

Some Common Wireless Terminology

• Global System for Mobile Communications (GSM): A universal system for mobile communications used worldwide.
• Bandwidth: The amount of data that can be transmitted over a connection per second.
• Access Point (AP): A device that links wireless devices to a wired network.
• Basic Service Set Identifier (BSSID): The MAC address of an AP or base station in a wireless network.
• Industrial, Scientific, and Medical (ISM) Band: A set of frequencies used for various industrial, scientific, and medical applications.
• Hotspot: A public place where wireless networks are available for use.
• Service Set Identifier (SSID): The network’s name.
• Orthogonal Frequency-Division Multiplexing (OFDM): A method for encoding data on multiple carrier frequencies.
• Multiple Input Multiple Output-Orthogonal Frequency-Division Multiplexing (MIMO-OFDM): Enhances data transmission rates and reliability.
• Direct-Sequence Spread Spectrum (DSSS): A modulation technique that spreads data over a wider bandwidth, making it more resistant to interference.
• Frequency-Hopping Spread Spectrum (FHSS): A method for transmitting signals across multiple frequencies to avoid interference and eavesdropping.

Key Wireless Concepts

• Association: Connecting a wireless device to an AP.
• Service Set Identifier (SSID): A unique identifier for a wireless network that allows devices to connect to it.
• Orthogonal Frequency-Division Multiplexing (OFDM): A method of encoding digital data on multiple carrier frequencies.
• Multiple Input, Multiple Output-Orthogonal Frequency-Division Multiplexing (MIMO-OFDM): Enhances data transmission rates and reliability in wireless communications.
• Direct-Sequence Spread Spectrum (DSSS): A modulation technique that spreads data over a wider bandwidth, making it more resistant to interference.
• Frequency-Hopping Spread Spectrum (FHSS): A method of transmitting radio signals by rapidly switching frequencies to avoid interference and eavesdropping.

Types of Wireless Networks

1. Extension to a Wired Network: Wireless networks can extend the reach of wired networks using Access Points (APs). These APs act as intermediaries, connecting wired networks to wireless devices. There are two main types of APs:

• Software APs (SAPs): These devices can connect to a wired network and operate on a computer with a wireless Network Interface Card (NIC).
• Hardware APs (HAPs): These support most wireless features and function independently.

In this setup, APs act as switches, allowing wireless devices to access resources like file servers and internet connections.

2. Multiple Access Points: When a single AP cannot cover an area, multiple APs can be used to create an overlapping network. This allows users to move seamlessly within the network area, a feature known as roaming. Manufacturers often create extension points that act as relays, extending the network’s range.

3. LAN-to-LAN Wireless Network: APs can interconnect local computers within different networks, providing wireless connectivity. This can be complex but is essential for creating interconnected network environments.

4. 3G/4G Hotspot: A 3G/4G hotspot provides Wi-Fi access to various devices like smartphones, tablets, and laptops. These hotspots connect to the internet via cellular networks, making them versatile and mobile.

5. LAN-to-LAN Wireless Network: APs can interconnect local computers within different networks, providing wireless connectivity. This can be complex but is essential for creating interconnected network environments.

6. 3G/4G Hotspot: A 3G/4G hotspot provides Wi-Fi access to various devices like smartphones, tablets, and laptops. These hotspots connect to the internet via cellular networks, making them versatile and mobile.

Wireless Standards

Wireless networks follow specific standards to ensure compatibility and security. The IEEE 802.11 standard is the backbone, evolving from basic connections to supporting high-speed, secure communications. Here are some of them:

• 11a: Operates at 5 GHz with speeds up to 54 Mbps.
• 11b: Uses 2.4 GHz with speeds up to 11 Mbps.
• 11g: Enhances 802.11b with speeds up to 54 Mbps.
• 11n: Adds MIMO technology for higher speeds and better range.
• 11ac: Provides high throughput at 5 GHz, supporting gigabit speeds.

Wireless Encryption

Wireless encryption is like a secret code that protects the information traveling over your wireless network. Just like you wouldn’t want someone eavesdropping on your private conversations, encryption ensures that only authorized users can access your data.

Types of Wireless Encryption

1. 802.11i

• What It Is: This is a set of security measures designed for wireless networks, as specified by the IEEE.
• Why It’s Important: It standardizes security protocols, making wireless networks more secure.

2. Wired Equivalent Privacy (WEP)

• What It Is: One of the oldest encryption standards for wireless networks.
• Why It’s Important: It was an initial attempt to secure wireless networks but is now considered outdated because it can be easily hacked.

3. Extensible Authentication Protocol (EAP)

• What It Is: A flexible protocol that supports multiple authentication methods, such as passwords and certificates.
• Why It’s Important: It allows for strong and diverse security measures, enhancing network protection.

4. Lightweight EAP (LEAP)

• What It Is: A version of EAP developed by Cisco.
• Why It’s Important: It offers improved security and is specifically designed for Cisco wireless networks.

5. Wi-Fi Protected Access (WPA)

• What It Is: An advanced encryption protocol that uses Temporal Key Integrity Protocol (TKIP) and Message Integrity Check (MIC) for better security.
• Why It’s Important: It provides stronger protection than WEP, making it harder for hackers to access your network.

6. Temporal Key Integrity Protocol (TKIP)

• What It Is: A security protocol used in WPA as a replacement for WEP.
• Why It’s Important: It fixes many of the weaknesses found in WEP, offering enhanced security.

7. WPA2

• What It Is: An upgrade to WPA that uses Advanced Encryption Standard (AES) and Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) for encryption.
• Why It’s Important: It provides a higher level of security and is widely used today.

8. Advanced Encryption Standard (AES)

• What It Is: A robust encryption standard used in WPA2.
• Why It’s Important: It offers strong encryption, making it very difficult for hackers to crack.

9. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

• What It Is: An encryption protocol used in WPA2 for strong encryption and authentication.
• Why It’s Important: It ensures data integrity and confidentiality, protecting your information from tampering and eavesdropping.

10. WPA2 Enterprise

• What It Is: Integrates EAP standards with WPA2 encryption.
• Why It’s Important: It provides centralized authentication, making it ideal for enterprise environments.

11. Remote Authentication Dial-In User Service (RADIUS)

• What It Is: A centralized system for authentication, authorization, and accounting (AAA) in networks.
• Why It’s Important: It secures and simplifies user access management, ideal for corporate networks requiring centralized authentication to enhance security and streamline control.

12. Protected Extensible Authentication Protocol (PEAP)

• What It Is: Encapsulates EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel.
• Why It’s Important: It adds an extra layer of security by protecting EAP methods.

13. WPA3

• What It Is: The latest generation of Wi-Fi security protocols.
• Why It’s Important: It uses stronger encryption methods and provides enhanced security features for both personal and enterprise networks.

Wi-Fi Discovery Techniques

Before launching an attack, attackers often use Wi-Fi discovery techniques to identify potential targets. These methods help them locate wireless networks that may be vulnerable to exploitation. Here are some common techniques:

• WarWalking: Attackers walk around with Wi-Fi-enabled laptops or smartphones, using a wireless discovery tool to detect and map out wireless networks in the area. This technique allows them to find networks with weak security settings.
• WarChalking: Symbols are drawn in public places to indicate the presence and status of nearby wireless networks. These symbols can denote whether a network is open, requires a password, or has other specific characteristics.
• WarFlying: Attackers use drones equipped with Wi-Fi scanning tools to detect wireless networks from above. This method can cover a larger area more quickly than ground-based techniques.
• WarDriving: Attackers drive around with Wi-Fi-enabled devices to map out wireless networks. They use tools like inSSIDer, NetSurveyor, and Wi-Fi Analyzer to identify networks and assess their security levels.

Wi-Fi Discovery Tools

To discover and analyze wireless networks, attackers or Network Administrators use specialized tools that can scan for Wi-Fi signals, measure signal strength, and gather detailed information about nearby networks. Some of the most popular tools include:

• inSSIDer: A Wi-Fi optimization and troubleshooting tool that scans for wireless networks and provides detailed information about their signal strength and channels. It helps users visualize network performance and identify areas with high Wi-Fi concentration.
• NetSurveyor: This network discovery tool gathers information about nearby wireless access points (APs) in real-time, displaying data in various diagnostic views and charts. It can also generate reports that are useful for analyzing network performance.
• WiFi Analyzer: A mobile app used to examine surrounding Wi-Fi networks, measure signal strengths, and identify crowded channels. Attackers use it to detect nearby APs, graph signal strengths, and estimate distances to APs.

Master CEH with InfosecTrain

Ethical hacking is a sophisticated, multi-phase process that demands extensive knowledge and security certifications. Professionals can enhance their security assessment and network architecture skills by enrolling in ethical hacking courses, such as the Certified Ethical Hacker (CEH v13) training offered by InfosecTrain. This comprehensive training equips individuals with the crucial skills and techniques necessary to conduct authorized hacking activities within organizations.

TRAINING CALENDAR of Upcoming Batches For CEH v13

Start Date	End Date	Start - End Time	Batch Type	Training Mode	Batch Status
11-May-2025	28-Jun-2025	09:00 - 13:00 IST	Weekend	Online	[ Close ]
31-May-2025	06-Jul-2025	19:00 - 23:00 IST	Weekend	Online	[ Open ]	Enroll Now
07-Jun-2025	13-Jul-2025	09:00 - 13:00 IST	Weekend	Online	[ Open ]	Enroll Now
21-Jun-2025	27-Jul-2025	19:00 - 23:00 IST	Weekend	Online	[ Open ]	Enroll Now
06-Jul-2025	16-Aug-2025	09:00 - 23:00 IST	Weekend	Online	[ Open ]	Enroll Now