Types of unauthorized access to networks:

Accidental association

Unauthorized access to company wireless and wired networks can come from a number of different methods and intents. One of these methods is referred to as “accidental association”. This is when a user turns on their computer and it latches on to a wireless access point from a neighboring company’s overlapping network. The user may not even know that this has occurred. However, this is a security breach in that proprietary company information is exposed and now there could exist a link from one company to the other. This is especially true if the laptop is also hooked to a wired network.

Malicious association

“Malicious associations” are when wireless devices can be actively made by crackers to connect to a company network through their cracking laptop instead of a company access point (AP). These types of laptops are known as “soft APs” and are created when a cracker runs some software that makes his/her wireless network card look like a legitimate access point. Once the cracker has gained access, he/she can steal passwords, launch attacks on the wired network, or plant Trojans. Since wireless networks operate in the Layer-2 world, Layer-3 protections such as network authentication and virtual private networks (VPNs) offer no protection. Wireless 802.1x authentications do help with protection but are still vulnerable to cracking. The idea behind this type of attack may not be to break into a VPN or other security measures. Most likely the cracker is just trying to take over the client at the Layer-2 level.

Ad-hoc networks 2.3

Ad-hoc networks can pose a security threat. Ad-hoc networks are defined as peer to peer networks between wireless computers that do not have an access point in between them. While these types of networks usually have little security, encryption methods can be used to provide security.

Non-traditional networks 2.3

Non-traditional networks such as personal network Bluetooth devices are not safe from cracking and should be regarded as a security risk. Even bar code scanners, handheld PDAs, and wireless printers and copiers should be secured. These non-traditional networks can be easily overlooked by IT personnel that have narrowly focused on laptops and APs.

Identity theft (MAC spoofing)

Identity theft (or MAC spoofing) occurs when a cracker is able to listen in on network traffic and identify the MAC address of a computer with network privileges. Most wireless systems allow some kind of MAC filtering to only allow authorized computers with specific MAC IDs to gain access and utilize the network. However, a number of programs exist that have network “sniffing” capabilities. Combine these programs with other software that allow a computer to pretend it has any MAC address that the cracker desires, and the cracker can easily get around that hurdle.

Man-in-the-middle attacks

A man-in-the-middle attacker entices computers to log into a computer which is set up as a soft AP (Access Point). Once this is done, the hacker connects to a real access point through another wireless card offering a steady flow of traffic through the transparent hacking computer to the real network. The hacker can then sniff the traffic. One type of man-in-the-middle attack relies on security faults in challenge and handshake protocols to execute a “de-authentication attack”. This attack forces AP-connected computers to drop their connections and reconnect with the cracker’s soft AP. Man-in-the-middle attacks are enhanced by software such as LANjack and AirJack, which automating multiple steps of the process. What was once required some skill can now be done by script kiddies. Hotspots are particularly vulnerable to any attack since there is little to no security on these networks.

Denial of service

A Denial-of-Service attack (DoS) occurs when an attacker continually bombards a targeted AP (Access Point) or network with bogus requests, premature successful connection messages, failure messages, and/or other commands. These cause legitimate users to not be able to get on the network and may even cause the network to crash. These attacks rely on the abuse of protocols such as the Extensible Authentication Protocol (EAP).

Network injection

The final attack to be covered is the network injection attack. A cracker can make use of access points that are exposed to non-filtered network traffic. Specifically broadcast network traffic such as “Spanning Tree” (802.1D), OSPF, RIP, HSRP…etc. The cracker injects bogus networking re-configuration commands that affect routers, switches, and intelligent hubs. A whole network can be brought down in this manner and require rebooting or even reprogramming of all intelligent networking devices.

Counteracting risks

Risks from crackers are sure to remain with us for any foreseeable future. The challenge for IT personnel will be to keep one step ahead of crackers. Members of the IT field need to keep learning about the types of attacks and what counter measures are available.