Computer Crime Research Center

pc/1018031491.jpg

Wireless security: some measures

Date: September 21, 2006
Source: Computer Crime Research Center
By: Praveen Dalal

... capabilities. Combine these programs with other software that allow a computer to pretend it has any MAC address that the cracker desires, and the cracker can easily get around that hurdle.

(f) Man-In-The-Middle Attacks: A man-in-the-middle attack is one of the more sophisticated attacks that have been cleverly thought up by crackers. This attack revolves around the attacker enticing computers to log into his/her computer which is set up as a soft AP. Once this is done, the cracker connects to a real access point through another wireless card offering a steady flow of traffic through the transparent cracking computer to the real network. The cracker can then sniff the traffic for user names, passwords, credit card numbers...etc. One type of man-in-the-middle attack relies on security faults in challenge and handshake protocols. It is called a “de-authentication attack”. This attack forces AP-connected computers to drop their connections and reconnect with the cracker’s soft AP. Man-in-the-middle attacks are getting easier to pull off due to freeware such as LANjack and AirJack automating multiple steps of the process. What was once done by cutting edge crackers can now be done by less knowledgeable and skilled crackers sitting around public and private hotspots.[11] Hotspots are particularly vulnerable to any attack since there is little to no security on these networks.

(g) Denial of Service: A Denial-of-service attack occurs when an attacker continually bombards a targeted AP or network with bogus requests, premature successful connection messages, failure messages, and/or other commands. These cause legitimate users to not be able to get on the network and may even cause the network to crash. These attacks rely on the abuse of protocols such as the Extensible Authentication Protocol (EAP).

(h) Network Injection: The final attack to be covered is the network injection attack. A cracker can make use of AP points that are exposed to non-filtered network traffic. The cracker injects bogus networking re-configuration commands that affect routers, switches, and intelligent hubs. A whole network can be brought down in this manner and require rebooting or even reprogramming of all intelligent networking devices.[12]

IV. Conclusion


The growing penetration of Internet in the day to day affairs of Indian society has both positive and negative effects. The positive side of this is the advent of e-governance and e-commerce in India. The use of e-governance will provide a transparent, accountable and hassle free citizen and Government interaction. Similarly, e-commerce is also facilitated with the use of ICT. The e-commerce is a well known phenomenon of the global trade that is gaining momentum in India. However, neither e-governance nor e-commerce can be a success in India till we also secure these infrastructures. Any ICT infrastructure is ineffective till we are capable of securing and protecting it. It must be appreciated that the ICT infrastructure of a nation can exist only to the extent it can be protected from internal and external online attacks. This “need” becomes a “compulsion” due to the provisions of IT Act, 2000 that fixes both civil and criminal liability for failure to act diligently. Both the citizens and companies are required to establish a sound and secure ICT infrastructure to escape the accusation of lack of “due diligence”.[13] The need of the hour is to secure both home based and publically situated wireless networks. The same cannot be a reality in India till we take immediate steps in this direction. Every base needs time to mature and its deficiencies can be removed only after it is established and analysed. It is futile to wait for several years and then adopt and establish a base that is unsuitable to Indian conditions. The ICT strategy of India must be “futuristic” in nature that must anticipate and adopt future developments and trends. We are following those trends that have been discarded long before by developed countries. We must concentrate on “originality” and devote our time, money and energy to security and forensics researches rather than blindly following foreign standards. It is high time for “innovation” and “futuristic efforts” and giving a final farewell to dependence upon standards and technology left by developed nations.


Praveen Dalal. All rights reserved with the author.
* Arbitrator, Consultant and Advocate, Supreme Court of India.
Managing Partner-Perry4law (Legal Firm)
Ph.D –Cyber Forensics (Pursuing).
Contact at: perry4law@yahoo.com, pd37@rediffmail.com

[1] A router is a device that processes traffic entering and exiting a network. It examines individual bits of network traffic, known as packets, and determines where to send the packet.
[2] DSL stands for digital subscriber line. This is a dedicated, high-bandwidth telecommunications line provided by a telecommunications or telephone company.
[3] Modus Operendi is the manner and style of committing the crime or contravention.
[4] Praveen Dalal, “Cyber security in India: An ignored world”, http://cyberforensicsinindia.blogspot.com/2006/08/cyber-security-in-india-ignored-world.html
[5] http://en.wikipedia.org/wiki/Wireless_security
[6] An access point is a station that transmits and receives data. An access point connects users to other users within the network.
[7] http://en.wikipedia.org/wiki/Wireless_security
[8] A local area network in which computers and network devices are in close proximity to others on the network. These devices are connected temporarily or for specific purposes.
[9] Personal Digital Assistant.
[10] Medium Access Control.
[11] A hotspot is a wireless network node that provides an internet connection. More and more hotspots are becoming available in public locations such as airports, coffee shops, and hotels.
[12] http://en.wikipedia.org/wiki/Wireless_security
[13] Praveen Dalal, “The need of techno-legal compliance in India”, http://perry4law.blogspot.com/2006/06/need-of-techno-legal-compliance-in.html



Add comment  Email to a Friend

Discussion is closed - view comments archieve
2010-11-30 02:32:04 - I liked ytour site hemant
2010-11-29 00:59:59 - I Liked Your Site. Rob Miller
2009-01-07 07:43:05 - Looking for some good information on types... A Davies
2007-06-28 14:33:18 - ckdkf sad sad erjkdkpfp youewerft waererjcjd
2006-12-21 08:12:09 - zhmpgv ymsctzfve eoswcauxn oiugdt... ebhzipxjl hkiqdsc
2006-12-21 08:11:30 - jgmdzitu psmo laeqtmykw kchriv ycnzastd... bvymu lgusypaj
2006-12-21 08:11:01 - ldjasvnrp gmtkb tzulm ktiv btjvxkhl lnfm lpin lynkmgsa lyscr
2006-11-08 05:07:07 - cmblugaz basuorc gnacdyujp mfakhepno vumw... zyboeajg yhcs
2006-11-08 05:07:04 - bgyu vhdljkmy atwfmhykd jdta qmcyklntf... cwpklanio muhri
2006-11-08 05:06:56 - qcwzharo giahmrds jctdgpyl mnjwcdlsz... zoyxfr hpqoxsz
Total 11 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo