Wireless Security (Prevent Hacking Wifi)

Wireless Security

Wifi network has more weaknesses than the network cable. Currently, the development of technology wifi is very significant in line with the needs of mobile information systems. Many wireless service providers such as commercial hotspot, ISP, Warnet, campuses and offices are using the wifi network on each, but very little attention to the security of data communications on the network is wireless.

This makes the hacker be interested to mengexplore keamampuannya to perform various activities that are usually illegal to use wifi. In this article will discuss various types of activities and methods that the hacker or wireless in the beginners do wardriving. Wardriving is an activity or event to get information on a wifi network and get access to the wireless network. Generally aims to get internet connection, but also many that do for the purposes of a particular start feeling keingintahuan, try try, research, job praktikum, and other crimes.
Wireless Weaknesses
The weakness of wireless networks in general can be divided into 2 types, ie, weakness, and weakness in the configuration on the type of encryption used. One example of the weakness in the configuration because at this time to build a wireless network is easy. Many vendors provide a facility that allows users or network admin so often found that wireless is still using the default wireless configuration default vendor. Writers often find that wireless is installed on the network is still using the default settings such as vendor default SSID, IP Address, remote management, DHCP enable, channel frequency, even without encryption user / password for the wireless administration.
WEP (wired equivalent privacy) security standard which is the wireless before, at this time can easily be solved with a variety of tools available free on the internet. WPA-PSK and Leap which is considered to be the solution replaces WEP, this can also be solved with the method of offline dictionary attack. Some events and activities for the mengamanan wireless networks, among others:
1. Hide SSID
Many administrators hide Services Set Id (SSID) wireless network with the intention that they only know the SSID can be connected to their network. This is not correct, because the SSID is not able disembuyikan perfectly. At a certain time, or especially when the client is connected (assosiate) or when it will decide itself (deauthentication) of a wireless network, the client will still send the SSID in the form of plain text (even if using encryption), so if we intend menyadapnya, can be easy to find information. Some tools that can be used to obtain the SSID dihidden among others, kismet (kisMAC), ssid_jack (airjack), aircrack,
void11 and many more.
2. Wireless security with WEP only
WEP is a standard security & encryption used on the first wireless, WEP has many weaknesses, among others:
 The problem of weak keys, the RC4 algorithm used can be solved.
 WEP uses a static key
 Problems initialization vector (IV) WEP
 Problems message integrity Cyclic redundancy check (CRC-32)
WEP has two levels, namely 64 bit key, and 128 bits. In fact the key to the secret WEP key 64 bit only 40 bit, and 24bit is the initialisation vector (IV). Likewise in the 128-bit WEP key, secret key consists of 104bit. Attacks on the weakness of WEP are:
- The attack on the weaknesses initialization vector (IV), often called fmS attack. FmS abbreviation of the name of the third weakness IV inventor of Fluhrer, Mantin, and Shamir. The attack is carried out by collecting the weak IV as much as possible. The more the weak IV, quickly found the key that is used (~ www.drizzle.com/ aboba/IEEE/rc4_ksaproc.pdf)
- Obtain a unique IV data packet through the process to be processed for cracking the WEP key more quickly. This is called chopping attack, was first found by h1kari. This technique only requires a unique IV will reduce the need of IV in the weak WEP cracking.
- Second attack and take over the packet enough, to shorten the time, the hackers usually do traffic injection. Traffic Injection that is often done with the way the ARP packet and send back to the access point. This resulted in the initial collection vectors more easily and quickly. Unlike the first and second attack, the attack traffic for injection, required specification of tools and applications that start rarely found in shops, from the
chipset, firmware version, and driver version, and not infrequently had to do the patching of the driver and application.
3. Only with the wireless security key WPA-PSK or WPA2-PSK
WPA is a security technology that was created to temporarily replace the WEP key. There are two types of WPA Personal (WPA-PSK) and WPA-Radius. At this time that could have a crack at the WPA-PSK, ie, with the brute force method of attack offline. Brute force using the try-try a lot of words from a dictionary. This attack will be successful if the passphrase is used wireless terapat on the dictionary used the word hacker. To prevent such attacks against wireless security using WPA-PSK, use a long passphrase (one sentence). Which is very popular tools used to attack this is CoWPAtty (http://www.churchofwifi.org/) and aircrack (http://www.aircrack-ng.org). Tools requires a list of words or wordlist, it can be taken from http://wordlist.sourceforge.net/

4. MAC Filtering
Almost every wireless access point or router with security facilitated MAC Filtering. This is not actually much help to secure the wireless communication, because the MAC address is easy dispoofing or even amended. Tools ifconfig in OS Linux / Unix or a variety of network tools spt utilitis, regedit, smac, machange on windows OS with easy to use for changing or spoofing the MAC address. The author is still often find wifi in the office and even the ISP (which is usually used by warnet-warnet) that only use MAC Filtering protection. With
applications such as wardriving using kismet / aircrack or kisMAC tools, information can be obtained by the MAC address of each client that are connected to an Access Point. After getting this information, we can connect to the Access point to change with the MAC in accordance with the client earlier. In the wireless network, MAC address duplication does not lead to conflict. Only need a different IP to the client before that.
5. Captive portal
Captive portal infrastructure originally designed for a community
allows all people can connect (open network). Captive portal engine is actually a router or gateway that does not protect or allow the user traffic to make a registration / authentication. Here's how workplace captive portal:
 user with a wireless client is allowed to connect wireless to get the IP address (DHCP)
 block all traffic except for the captive portal (Registration / Web-based Authentication), which is located on the cable network.
 belokkan or redirect all web traffic to the captive portal
 after user login or to register, allow access to the network (internet)
Some things to note, that the captive portal only perform tracking based on the IP connection client and MAC address after authentication. This makes possible for the captive portal is used for authentication without IP and MAC address can dispoofing. Attacks with IP spoofing and MAC. MAC address spoofing, such as that already
described in section 4 above. Medium to IP spoofing, which required more effort that is using the ARP cache poisoning, we can redirect traffic from a client that has been connected before.
Attacks that are quite easy to do using the Rogue AP, Access Point that is set up (usually using HostAP) that use components such as the same information as the target AP SSID, BSSID and channel frequency is used. So when a client
which will be connected to the AP made us, we can divert traffic to the actual AP. Not infrequently captive portal built on a hotspot has a weakness in the network configuration or design. For example, authentication is still using plain text (http), network management can be accessed via wireless (the one on the network), and many more.
Another weakness of the captive portal is that the communication of data or traffic when authentication is conducted (connected network) will be sent is still not encrypted, so it can easily disadap by the hacker. For that need to be careful connecting the hotspot network, in order to take the use of secure communication protocols such as
https, pop3s, ssh, imaps ff.