Depending on the operating system in use, Kismet for Linux or Kismac for OS X provide the greatest level of functionality for detecting and identifying WLANs. NetStumbler is available for Windows but supports only active WLAN detection and identification, whereas the Linux and OS X tools both support passive WLAN detection and identification.
Wired Equivalent Privacy is a security protocol defined by the IEEE Wireless Fidelity (WiFi) 802.11b standard designed to provide a similar level of security and privacy for a WLAN (wireless local area network) as commonly expected from a wired LAN (local area network).
Wired LANs however, are physically protected because they are inside secure buildings unlike wireless networks that send data over radio waves not confined by physical barriers like walls and floors. WEP encrypts data sent over radio waves so that it is protected as it is transmitted from one end point to another.
The Wi-Fi Alliance is a global industry association that governs the standards around WiFi interoperability and security.
Already in place in many corporations, remote access dial-up service (RADIUS), is another standard that protects access to wireless networks. RADIUS employs a user name and password scheme to allow only approved users access to the network – it does not affect or encrypt data. When a user wants access to network files, email programs or the internet, they submit their user name and password to the server, the server verifies that the user has an account, then verifies that the user is using the correct password, before granting access.
Every wireless network, whether home or business, has a name consisting of up to 32 letters or numbers by which it can be identified – this is its Service Set Identifier (SSID). A wireless access point (AP) or router in open network mode will periodically broadcast a beacon signal along with the signal strength and functional capabilities of the AP, and the SSID to all wireless devices within range announcing that the network is live.
Wi-Fi Protected Access 2 is an enhanced version of WPA. It is the official 802.11i standard that was ratified by the IEEE in June 200@WPA2 is stronger than WPA because it uses Advanced Encryption Standard (AES) instead of RC-4/TKIP (see above). AES supports 128-bit, 192-bit and 256-bit keys. WPA2 can also use pre-shared keys or 802.1x authentication.
Kerberos is a network authentication system based on key distribution, developed by MIT.
Devices communicating over a wired or wireless network identify themselves to each other while preventing eavesdropping or replay attacks. After a client and server have identified themselves to one another, Kerberos enables their communication to be encrypted to assure privacy and data integrity, using cryptography systems such as data encryption standard (DES).
Passpoint is a program launched by the Wi-Fi Alliance in an effort to streamline network access in hotspots and eliminate the need for users to find and authenticate a network each time they connect. The first release of Passpoint was in 2012 and the second release was in October 2014.
WEP has been found to have a number of weaknesses. At its base, the encryption algorithm is flawed, making it susceptible to cracking. Also, the keys used for protection are unreliable and easily deciphered.
Every Wi-Fi device has its own unique media access control (MAC) number. Networks can be configured to accept only certain MAC addresses and filter out the rest. MAC filtering is effective for small networks, but for larger networks it is not as useful as experienced hackers can imitate a MAC address by intercepting it and then programming their own computer to broadcast using this stolen MAC address.
The IEEE develops and determines the wireless standards (802.11a, b, g, and so on). The WiFi Alliance, the group that owns the WiFi trademark, then certifies the interoperability of these devices.
You should use WPA2 as it is the most secure of all three options and uses AES encryption to protect data. After WPA2, WPA is the second most secure using Temporal Key Integrity Protocol (TKIP) to secure transmission. WEP is the least secure due to its flawed encryption algorithm.
To order a SecureWiFi Certificate you need the common name for the certificate, a logo and/or friendly name for your service provider, organization details (name, address), and contact details (name, telephone, email). Once you complete the order, DigiCert’s validation team will contact you to gather validation information.
Active WLAN detection requires that the SSID be broadcast in the beacon frame. Passive WLAN detection listens to all traffic in range of the device and determines what WLANs are in range.
Encryption is a security measure that uses special technologies to scramble transmissions from one end to the other. One of the most popular forms of encryption uses special keys or codes enabling two computers to communicate: the sending computer transmits a key or code to the receiving computer and if the keys match, the sender is allowed into the system.
Encryption is important because it prevents others from reading your messages, files and information.
WiFi certificates are able to authenticate a service provider because of the special WiFi root on Passpoint-certified devices. WiFi certificates are the only kind of certificate that can provide this authentication and the visual indicators like the logo and friendly name.
The first release of Passpoint included features around network selection and secure access. In the second release of Passpoint, the Wi-Fi Alliance introduced new, streamlined methods for secure online signup and policy provisioning. DigiCert SecureWiFi Certificates help to secure the online signup process.
As a publicly trusted Certificate Authority, DigiCert offers a full line of authentication and encryption solutions.
802.11g operates in the 2.4 GHz frequency range, as do 802.11b and 802.11i, whereas 802.11a operates in the 5 GHz frequency range.
To efficiently crack a WEP key, you first need to obtain an Address Resolution Protocol (ARP) packet from the access point you want to attack. You can obtain this packet using a tool such as Void11 to send deauthentication packets to the clients associated with that access point. When the clients reassociate to the access point, ARP packets will be generated and can be captured. After you have captured a valid ARP packet, you can use a tool such as Aireplay, a part of the Aircrack suite, to inject the ARP packet back into the network. This injection process will cause a large number of initialization vectors to be generated. You can capture this traffic with any pcap format sniffer. Ethereal, Airodump, and Kismet all support pcap format. After you have captured between 500,000 and 1 million unique initialization vectors, you can then crack the WEP key using Aircrack or other, similar tools. Most of these tools are available for free on the Internet.
No. WiFi certificates are only used to encrypt data during the signup process. They are not used to encrypt data that is passed while an end-user is browsing the Internet.
This helps make your wireless network less susceptible, but it’s still not failsafe. When you disable the beacon functionality, you need to know the SSID to access the connection. If you are not broadcasting, the hacker does not easily know the SSID to your network, but he can still intercept data packets as they travel between your access point and wireless client, vice versa. This data may reveal the SSID of your network.
When you order a SecureWiFi Certificate, you must include either a logo, friendly name, or both a logo and a friendly name. The logo and friendly name are shown to end-users after the WiFi certificate on the OSU server is validated by the device to show that the service provider has been authenticated.
Because WPA-PSK with a short passphrase is vulnerable to a dictionary attack, and automated tools are available to facilitate this process, a WPA-PSK passphrase should be at least 21 characters long.
These are new security standards developed by 802.11 that use advanced encryption technologies such as Advanced Encryption Standard (AES) and Temporal Key Integrity Protocol (TKIP), as well as secure key-distribution methods. 802.1x enables automatic changing of encryption keys at certain time intervals, for example every 5 minutes or so.
By the time a hacker has intercepted a key and managed to decipher it, a new key has already replaced it.
There are six fully supported EAP types for WPA/WPA2: EAP-TLS; EAP-TLS/MSCHAPv2;
PEAPv0/EAP-MSCHAPv2; PEAPv1/EAP-GTC; EAP-SIM;and EAP-LEAP.
Wi-Fi Protected Access (WPA) is a data encryption specification for 802.11 wireless networks that replaces the weaker WEP. Created by WiFi Alliance before the 802.11i security standard was ratified by the IEEE, it improves on WEP by using dynamic keys, Extensible Authentication Protocol to secure network access, and an encryption method called Temporal Key Integrity Protocol (TKIP) to secure data transmissions.
It is better than no security at all, but it is not recommended.
Both of these drivers work with a variety of cards; however, only the HostAP drivers allow you to place your card in monitor mode.