blog posts

How Far Do Hackers Go And How Do We See Their Way?

How Far Do Hackers Go And How Do We See Their Way?

To Secure Wi-Fi, We Should Not Just Set A Strong Password. If We Take Some Time And Pay Attention To Other Security Factors In This Regard, We Will Be Able To Protect Our Network More Precisely. 

In this article, we’ve covered five of the most common techniques to help you protect your Wi-Fi.

Wi-Fi networks are like gateways that may allow users, even hackers, to enter the networks. In this case, hackers can enter his house through Wi-Fi networks without needing to be physically in the user’s house and go with him to different rooms. This problem occurs because wireless devices are more accessible to hack than wired networks. This reminds us that we should be more cautious about the security of our wireless devices.

Use uncommon names for SSIDs

Expose you to a severe challenge. SSID, or “Service Setting ID,” is one of the basic parameters of Wi-Fi networks. While many users assume that the network name is not a problem, the reality is that the network name may be a security concern. Using common words like wireless or the name of the vendor you purchased your service from allows hackers to easily break into your network in WPA or WPA2 mode.

Penetration is implemented simply because the cryptographic algorithm consists of SSID and a password (sometimes straightforward) that allows hackers to penetrate networks that use simple passwords through their dictionaries. Using a simple SSID makes it even easier for hackers. Organizations using WPA or WPA2 security mechanisms are not exposed to this threat. (figure 1)

Figure 1 – Your network name should be chosen wisely. This name should not directly reveal your location. 

Unfortunately, several organizations and companies try to use their collection name for their corporate network. Organizations use this name to carry out the advertising process indirectly. However, regarding security, using such a name means showing a green light to hackers. If hackers try to break into a network in a business complex full of different wireless networks, they will mostly go for networks that use simple identifiers. 

The simple identifier helps them know the advantages of infiltrating such networks. But note that it is possible to turn off the SSID broadcast feature. 

An approach that does not allow your network name to be displayed. But this technique is not very popular, as it forces users to manually enter the SSID, negatively affecting network efficiency and causing frequent requests to search for Wi-Fi instead of making you more secure. In practice, it will bring you problems of low network performance. Also, some tools allow hackers to eavesdrop on the SSID through network traffic.

Do not neglect physical security.

Wireless security or various aspects of IT security are not limited to the technologies or protocols used in this field. There’s always the possibility that you’ve used the best encryption algorithms, but you’re still vulnerable. Disregard for securityThe physical itself is considered a significant vulnerability.

Most access points have a reset button that anyone can press to reset your device to factory settings, completely disabling your Wi-Fi security and allowing anyone to connect to your network. Accordingly, it is essential that the access points are physically secured and that no one can tamper with them. Ensure that they are always out of reach and that the mechanism provided by vendors to restrict physical access to access point ports and buttons is working correctly. (figure 2)

Figure 2 – Example of a reset button placed on an access point. 

Another primary concern with physical security around Wi-Fi is that someone has managed to add an unauthorized access point to the network. Adding a rogue access point may be done by a corporate employee aiming to increase Wi-Fi signal coverage or by an employee seeking to do illegal work. It is even possible that a hacker who has access to the center created this point. The approach is called rough AP.

To prevent the creation of rogue access points, you should ensure unused Ethernet ports are disabled. Wall ports or loose ethernets are among these things.

Users can disable these ports or cables by physically removing or plugging these ports on the router or switch. If you’re looking to improve security, if your router or switch supports the 802.1x authentication mechanism, enable it on the wired side. In such a situation, any device that connects to the Ethernet port must pass authentication before entering the network.

Use enterprise WPA2 in conjunction with the 802.1X authentication mechanism.

One of the most powerful techniques used to protect Wi-FiYou have at your disposal, using the enterprise mode of Wi-Fi security, this security solution can examine and verify each user separately. In this case, each user can have their username and password.

The opposite of enterprise mode is private mode, which allows all users to use a common password. This technique has a significant advantage. Whenever a laptop or smartphone is lost or stolen, or when an employee leaves a company, you have to change or, more precisely, delete the user’s input.

The main problem with the above method is that whenever a device is lost, you have to change the password of all the devices, which is tiresome. Another advantage of enterprise mode is assigning a unique key to each user. This word means that each user can only decrypt the traffic data related to their communication through this key and will not have access to the wireless data traffic of other users. (Figure 3)

Figure 3 – With enterprise Wi-Fi security, users enter their unique username and password when connecting.

To be able to put your access points in enterprise mode, you must first implement a RADIUS server. This authentication mechanism is implemented so that it is connected to a database containing user names and passwords. While you can use a standalone RADIUS server, evaluate whether your servers provide a feature like Windows Server.

If not, consider a cloud-based or hosted RADIUS service. Also, some wireless access points or controllers provide a default RADIUS server. Still, these servers’ functionality and capabilities are limited and more suitable for small networks. (Figure 4)

Figure 4 – An example of configuring access points with the RADIUS server IP address and port. 

Secure 802.1X client settings

While enterprise-mode Wi-Fi security has many benefits, the reality is that it has vulnerabilities, just like any other security mechanism. One of the most well-known of these vulnerabilities is a man-in-the-middle attack. An attack where hacker sitting in an airport or cafe or outside an organization’s premises could implement such an attack.

In this attack, a hacker can create a fake Wi-Fi network with an SSID name similar to the web he intends to infiltrate. In this attack mechanism, when a laptop or any companion device tries to connect to the web, it is connected to a fake RADIUS server whose task is to collect user information.

Further, the hacker can enter a network legally and like a real user through the completely valid information he has obtained to document the web—a technique to prevent a man-in-the-middle attack using the 802 authentication mechanism. 1X uses client-side server authentication. When the server authentication is enabled on the wireless client side, as long as a client’s connection with the legitimate server is not evaluated, the client will not pass the login authentication part of the Wi-Fi system and will not be able to reach the RADIUS server.

The exact server authentication capability and the requirements you can apply to a client depend on the client’s device or operating system. For example, in the Windows operating system, you can enter the legal server’s domain name or domains, select the certificate issuer, and then the option “not allow any new servers or certificate authorities.” ) Choose.

Figure 5 – You can find Windows’s 802.1x server authentication feature when configuring EAP over a Wi-Fi connection.

Use a rogue access point detector or wireless intrusion detection mechanism.

We investigated three malicious scenarios related to vulnerable access points. The first scenario is that the hacker can implement a fake Wi-Fi network and RADIUS server. The second scenario is that a hacker can access the issue to their original factory settings, and the third is that anyone is an applicant to their access point. If the security mechanisms are implemented correctly, any unauthorized access point will be detected by the employees of the IT department in a short period.

Another powerful solution in this regard is to enable the rogue access point detection mechanism provided by the access point vendor or wireless controller. The working methods of these mechanisms differ. Still, each can scan radio waves periodically and in certain intervals. If they detect a new access point in the range of valid and predefined access points, they provide you with the necessary warning. (Figure 6)

Figure 6 – A simple example of identifying rogue access points

To increase detection capability, some access point vendors offer a complete wireless intrusion detection system called WIDS or WIPS. These systems can scan and identify wireless attacks, suspicious activity, and rogue access points.

The above systems can detect invalid authentication requests, participation requests, and MAC address abuse. If you can use a natural WIPS system instead of a WIDS system, this system will automatically help you block a suspicious client that has attacked a network while protecting the network.