WIRELESS SECURITY


Wireless security is nothing but protecting computers, smartphones, tablets, laptops and other portable devices along with the networks they are connected to, from threats and vulnerabilities associated with wireless computing.

 Common Bluetooth Security Issues :

 There are a number of ways in which Bluetooth security can be penetrated, often because there is little security in place. The major forms of Bluetooth security problems fall into the following categories:

Bluejacking:  Bluejacking is often not a major malicious security problem, although there can be issues with it, especially as it enables someone to get their data onto another person's phone, etc. Bluejacking involves the sending of a vCard message via Bluetooth to other Bluetooth users within the locality - typically 10 metres. The aim is that the recipient will not realise what the message is and allow it into their address book. Thereafter messages might be automatically opened because they have come from a supposedly known contact.

Bluebugging:  This more of an issue. This form of Bluetooth security issue allows hackers to remotely access a phone and use its features. This may include placing calls and sending text messages while the owner does not realise that the phone has been taken over.

Car Whispering:  This involves the use of software that allows hackers to send and receive audio to and from a Bluetooth enabled car stereo system

BlueBorne: This attack allows attackers to completely take over Bluetooth-enabled devices, spread malware, or even establish a "man-in-the-middle" connection to gain access to devices' critical data and networks without requiring any victim interaction.

In order to protect against these and other forms of vulnerability, the manufacturers of Bluetooth enabled devices are upgrading he security to ensure that these Bluetooth security lapses do not arise with their products.

Common  WIFI  Security Issues :

  • Man-in-the-Middle Attack
  • Packet Analyzers
  • Rogue Access Points
  • Evil Twins
  • Ad Hocs
  • War Driving
  • Cracking Attacks
  • Denial Of Service

Securing Wireless Network :
  • Change Default Administrator Passwords
  • Turn On Wireless Network Encryption
  • Utilize The Enterprise Mode Of WPA2 Security
  • Keep Track Of Mobile Devices
  • Change The Default SSID
  • Control Your Broadcast Area
  • Limit Access Rights
  • Limit The Number Of User Addresses
  • Enable Mac Address Filtering
  • Disable SSID Broadcast
  • Position The Router Or Access Point Strategically
  • Assign Static Ip Addresses To Devices
  • Turn Off The Network During Extended Periods Of Non-Use
  • Monitor For Rogue APs
  • Update Router Firmware
  • Turn Off WPS
  • Disable Remote Access

                                 Wireless Technology Risks :

                                • All the vulnerabilities that exist in a conventional wired network apply to wireless technologies.
                                • Malicious entities may gain unauthorized access to an agency's computer network through wireless connections, bypassing any firewall protections.
                                • Sensitive information that is not encrypted (or that is encrypted with poor cryptographic techniques) and that is transmitted between two wireless devices may be intercepted and disclosed.
                                • DoS attacks may be directed at wireless connections or devices.
                                • Malicious entities may steal the identity of legitimate users and masquerade as them on internal or external corporate networks.
                                • Sensitive data may be corrupted during improper synchronization.
                                • Malicious entities may be able to violate the privacy of legitimate users and be able to track their movements.
                                • Malicious entities may deploy unauthorized equipment (e.g., client devices and access points) to surreptitiously gain access to sensitive information.
                                • Handheld devices are easily stolen and can reveal sensitive information.
                                • Data may be extracted without detection from improperly configured devices.
                                • Viruses or other malicious code may corrupt data on a wireless device and subsequently be introduced to a wired network connection.
                                • Malicious entities may, through wireless connections, connect to other agencies or organizations for the purposes of launching attacks and concealing their activities.
                                • Interlopers, from inside or out, may be able to gain connectivity to network management controls and thereby disable or disrupt operations.
                                • Malicious entities may use third-party, untrusted wireless network services to gain access to an agency's or other organization's network resources.
                                • Internal attacks may be possible via ad hoc transmissions.
                                Labels: , , , , , , ,

                                No comments:

                                Post a Comment

                                Subscribe to: Post Comments (Atom)

                                Popular Posts

                                • IDS, IPS AND FIREWALL EVASION USING NMAP
                                  NIDS – Network Intrusion Detection System   • It Uses a network tap, span port, or hub to collect packets on the network  • Attempts t...
                                • FOOTPRINTING
                                  Footprinting  (Also Known As Reconnaissance) Is The Technique Used For Gathering Information About Computer Systems And The Entit...
                                • ALL ABOUT DNS
                                  Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them ...
                                • Introduction To Linux
                                  In the early 80s Richard Stallman working in the AI lab in MIT started the GNU Project with the goal of creating an entire free and open...
                                • VPN CONCENTRATORS
                                  A VPN concentrator is a type of networking device that provides secure creation of VPN connections and delivery of messages between VPN nod...
                                • ADVANCE EVASION TECHNIQUES
                                  Insertion An IDS can accept a packet that an end-system rejects. An IDS that does this makes the mistake of believing that the end-system...
                                • DENIAL OF SERVICE (DOS) ATTACK
                                  WHAT IS DOS ATTACK ? DOS is the acronym for Denial of Service, used to deny legitimate users access to a resource such as accessing a web...