In today’s world, wireless devices and applications have made life a lot easier. Wireless devices such as mobile phones, laptops, satellite navigation, Personal Digital Assistants (PDA), etc., enable people undertake everyday tasks with ease. Some of these tasks include connection to the internet, lower phone bills via internet calls, finding location in a new city, etc. Radack (2009, p.1) enumerates some of the major benefits of wireless devices when she states,
Many organizations and users have found that wireless communications and devices are convenient, flexible, and easy to use. Users of wireless local area network (WLAN) devices have flexibility to move their laptop computers from one place to another within their offices while maintaining connectivity with the network. Wireless personal networks allow users to share data and applications with network systems and other users with compatible devices, without being tied to printer cables and other peripheral device connections. Users of handheld devices such as personal digital assistants (PDAs) and cell phones can synchronize data between PDAs and personal computers and can use network services such as wireless email, web browsing, and Internet access. Further, wireless communications can help organizations cut their wiring costs.
Wireless devices may have advantages but one major issue that arises with the use of wireless devices is security. In other words, concern is often raised about the safety of information that is exchanged with the use of these devices. Radack (2009, p.1) enumerates the security issue involved with the use of wireless devices when she writes,
Wireless networks transmit data through radio frequencies, and are open to intruders unless protected. Intruders have exploited this openness to access systems, destroy or steal data, and launch attacks that tie up network bandwidth and deny service to authorized users. Another risk is the theft of the small and portable devices themselves.
Toward this end, this study will find out the many strategies that can make wireless networks more secure. In the first place, it is important to assess the many threats and attacks which wireless devices are prone to and the extent of damage that is done. Thus what can be done to prevent this scenario? Security issues concerning wireless devices are diverse and approaches vary from one country to the other. What lessons can be learnt between various approaches.
Security Risks Associated with Wireless Devices
A number of security risks plague wireless devices. In this paper, a selection of these security issues are identified and discussed. Given the scope of this paper, it is impossible to exhaustively discuss all the security issues that are associated with wireless devices and application. However the following security attacks and issues are treated- viruses, Bluetooth and 801.11 connections, malicious hackers (who bypass firewall protection), poor cryptographic techniques, denial of service attacks (DoS), detection of DoS attacks, leaks, unapproved deployments, exposure of wireless devices and signal interference.
Wireless devices are susceptible to viruses. With the popularity of mobile internet, mobile phones have become increasingly susceptible to very disruptive viruses. Ryder (2001, p.1) writes about viruses on I-phones circulating via malicious e-mail. Once the malicious e-mail is delivered it starts executing destructive behavior: it dials emergency numbers automatically; makes unsolicited calls to many people listed in the phone book; and in some cases, it causes the display screen to freeze.
Steps in securing wireless devices: Bluetooth and 801.11
The security of wireless devices is important and appropriate steps should be taken to ensure the security of these devices so that they will continue functioning well. Wireless networks are secure when it is difficult to decrypt the data stream. Over the years, it has been discovered that certain network protocols are insecure. These insecure network protocol include: standard TCP/IP and fax/modem protocols. These insecure network protocols are associated with high data overheads. Toward this end, Ryder (2001, p.2) recommends the use of tamper proof methods where the information being exchanged cannot easily be interfered with. The recommended wireless standards include: Bluetooth and 801.11. These wireless standards have evolved in response to the need for added security of wireless devices.
With Bluetooth and 801.11, users can connect mobile phones, digital cameras, and other portable devices without a need for cables. While Bluetooth is used for low cost and low power devices such as door bells, home security systems, 801.11 supports devices that require higher frequencies and bandwidth (laptops, desktop computers, personal digital assistants, etc.
With the 801.11 technology users are able to define the level of security they require. First of all it is possible to make the protocol “snoop proof.” Also, they are able to execute their own levels of encryption and authentication, which are above the provided standard. These measures ensure that the information which the user sends across this wireless network is safe. Other users find it difficult to interfere with the information send.
In Bluetooth, the encryption and authentication method is inbuilt. Authentication in Bluetooth connections usually requires a pass code or Personal Identification Number (PIN). Also, after a search for devices is done the user of the receiving device has to accept the transfer from the sender. The Bluetooth device requires a unique key for each device. Bluetooth is suitable for impromptu wireless connections. For this reason, Bluetooth connections are very convenient. The connections are made at the spur of the moment when needed to exchange the needed files and afterwards, the connection is closed.
Other Security Risks
The security risks that affect wireless devices are many. Karygiannis and Ownes (2002, p.4) identify the following security risks that affect wireless devices. These security threats are as follows: malicious hackers (who bypass firewall protection), poor cryptographic techniques, denial of service attacks, improper synchronization, the activity of interlopers, malicious code, theft of service, and industrial and foreign espionage.
Bypassing firewall connections is a security threat to wireless devices because intruders can gain unauthorized access into an organizations network. In every organization, all the devices in the network ought to be protected by the firewall. When this firewall is compromised, then it poses a security risk. This means that the shield is broken and intruders can have access to sensitive information and other confidential files and resources on the network.
Poor cryptographic techniques enable intruders to break codes easily. Proper encryption is necessary to ensure the security of data on wireless devices. Intruders may have various techniques for cracking pass words and other means of authentication but proper encryption is a safeguard against this kind of activity. Encryption is necessary when sensitive data is being transmitted from one wireless device to the other. When the users of these wireless devices use poor cryptographic techniques, it is possible for intruders to intercept the information and have access to it. In an organization, this might be a significant loss especially if the information or data at hand is very sensitive.
In some cases, denial of service attacks (DoS) are aimed at wireless devices and wireless devices as well, especially wireless devices that are connected to the internet. These days most wireless devices are connected to the Internet. Denial of service (DoS) refers to the ability of an intruder to make the web page unavailable to authentic users for specific periods in the day, month or year. Carl (et al 2006, p.82) write that “DoS attacks, which come in many forms, are explicit attempts to block legitimate users’ system access by reducing system availability.” Carl (et al 2006, p.82) found that the frequency of DoS attacks around the world in 2001 was 12000 attacks over a period of three weeks. The architecture of the internet provides an unregulated path which attackers use to perpetrate this disruption. The people who perpetrate DoS attacks are often motivated by a sense of revenge, politics, prestige and money. DoS attacks are very expensive security threats both to the organization and the user of wireless devices. A lot of money is lost when these attacks are perpetrated (especially when users cannot access the service) and also it costs a lot to restore the service to normal again.
There are many types of DoS attacks. At the elementary level, a DoS attack can be physical when the power supply of a system is disrupted. However, DoS attacks take more sophisticated forms. Attackers can make resources on the computer unavailable by changing the configuration of the system (this is possible by changing pass word files).In distributed DoS (DDOS) attacks there is a coordinated spread of the attack to other systems from one particular system. According to Carl (et al 2006, p.84) the systems to which the attack spread are referred to as the “zombies” while the system from which the attack originates is the “master.”
Furthermore, Carl (et al 2006, p.86) differentiate between two DoS attacks, namely: vulnerability attacks and flooding attacks. Vulnerability attacks are possible because there are inherent weaknesses in the application or network protocol. Such weaknesses are present because the software was not properly tested. This lapse is often exploited by malformed packets. When these malformed packets interact with the software, it causes the system to use extensive amounts of memory. Furthermore, it the central processing unit (CPU) is over labored and the system reboots very frequently. In some cases vulnerability attacks end up making the system very slow. Carl (et al 2006, p.86) list the following types of vulnerability attacks:
Popular examples are the land attack, Neptune or Transmission Control Protocol synchronization (TCP SYN) flag, the ping o’ death, and the targa3 attacks.
On the other hand, flooding attacks are aimed at causing congestion in wireless devices. Carl (et al 2006, p.86) not the following about flooding attacks:
Flooding attacks … send the victim a large, occasionally continuous, amount of network traffic workload. As a result, legitimate workloads can become congested and lost at bottleneck locations near or removed from the victim. Such an attack requires no software vulnerability or other specific conditions.
In contrast to vulnerability attacks, flooding attacks do not occur due to any susceptibility in the system. Rather flooding attacks are targeted at the system by intruders who want to cause mischief. Flooding attacks saturate the network with queues and delays. In the long run, simple tasks take a “forever” to be undertaken. In some cases they are never done. In this situation a DoS flooding attack is underway.
Security precaution: Detection of DoS attacks.
The first step in dealing with DoS attacks is detection. Once the vulnerability attack is detected, vendor support is often effective in removing the attack and ensuring that it never occurs again. Carl (et al 2006, p.86) write that,
Once the exploit is identified, adequate vendor support ensures the vulnerability is short-lived and unlikely to return. Vendors can address TCP SYN attacks using syn cache, syn cookies, and synkill mechanisms, for example.
Although vendors can address vulnerability attacks by correcting protocol or application weaknesses, these types of attacks can remain problematic.
Although a lot can be done to contain DoS attacks there as cases where the attacks persist. However, the joy is that something can be done at least before the attack reaches the difficult stage. DoS attacks are inherently destructive- they deplete the resources of the system and on the whole they degrade it. Flooding attacks may be very difficult to contain but the words of Carl (et al 2006, p.86) are not very encouraging when they write that,
…. flooding attacks are especially difficult because even the best-maintained system can become congested, thus denying service to legitimate users.
Knowledge and research in the field of wireless devices and wireless communication is evolving. The failures of yesterday are overcome tomorrow and the knotty issues of today become research problems for researcher to work upon. The challenges posed by DoS attacks may be challenging at this point, but that does not dampen the determination to fix these problems as time goes bye.
Detection involves analysis packet traffic and distinguishing between legitimate packet traffic and malicious packet traffic. Malicious packet traffic usually floods the system and denies the user access to the web. In order to forestall this situation, the web server needs to detect malicious packet traffic and prevent it from interfering with legitimate packet traffic. This is often not an easy task to do. Flooding attacks take advantage of the fact that it is not very easy to distinguish between the activity of legitimate users and malicious packet traffic. The best way to forestall flooding attacks is early detection. Carl (et al 2006, p.86) provide an option for the prevention of flooding attacks thus,
When large amounts of expected or unexpected traffic from legitimate clients suddenly arrive at a system, it’s called a flash event. One way to predict such events and thus distinguish them from DoS attacks is for service providers to be aware, a priori, that adding new content might trigger large request volume. ….Because there is no innate Internet mechanism for performing malicious traffic discrimination, our best alternative is to install attack detectors to monitor real-time traffic, rather than rely on static traffic load predictions.
It is advisable that users of wireless devices install detectors that will protect them against the destructive activity of DoS attack. These devices can be installed locally or remotely. In the case of wireless devices it is important to install detectors remotely and ensure that it offers coverage to the all wireless devices on the network.
A lot of security software is available on the internet and may be easily accessed via wireless devices that are connected to the Internet. These days most wireless devices have internet access. This is an opportunity to use online resources to boost the security of wireless devices. In agreement with this fact, Radack (2009) notes that is it important for users of wireless devices to,
Enable, use, and routinely test the inherent security features, such as authentication and encryption methods that are available in wireless technologies. Firewalls and other appropriate protection mechanisms should also be employed
Furthermore, the Internet Security Systems (2000, p.1) recommends a list of attack tools against distributed denial of service (DDoS) which are readily available on the Internet for anyone to use. While all these tools filter traffic (as a solution to DDoS attacks), they have different approaches, methods, capabilities and intricacies. These attack tools use encryption and filters in order to ensure that they scale detection from malicious programs. The attack tools are as follows: Tribal Flood Network (TFN), Trin00, TFN2K and Stacheldraht. TFN was the first attack tool against DDoS attacks. TFN is also referred to as “Teletubby Flood Network,” reveals a two tier architecture. TFN has controls for the client which enable targeting and the attacking the DDoS. Above all, TFN is a hidden service on the machines that use it and it was made to cover a range of DDoS attacks. Trin00 has a three tier architecture which sends control from the client to the master server and then to the daemons. The third tier of Trin00 makes it difficult to trace attack activity back to Trin00. Although Trin00 has a three tier architecture, it is limited in scope to just one particular DDoS attack. TFN2K has a 2 tier architecture and adds encryption between its two layers making it very difficult to detect. Stacheldraht is a combination of Trin00 and TFN. Stacheldraht has the added advantage of avoiding detection and attacking a variety of DDoS.
Other security risks and solutions for wireless devices
This is not the end of the story, because other security risks affect wireless devices. According to Symantec (2002, p.6), the following are security wireless Local Area Networks (LAN): leaks, unapproved deployments, exposure of wireless devices, signal interference. Leaks occur when wireless signals (for wireless devices and LANs) fall in areas that are not intended. This gives intruders that opportunity to hack onto the network. Without the presence of this signal they will not have the chance to break into the network. Most wireless signal is pass word protected, but the presence of the signal in certain areas gives hackers a chance to try their unscrupulous methods which are aimed at getting in.
Unapproved deployments are a security risk. These unapproved deployments occur when unauthorized users are able to log onto the network and use facilities (most of the time in order to save cost). Symantec (2002, p. 6)
When unapproved technology is plugged into a corporate network, a number of challenges ensue, including end user and equipment support difficulties as well as potential disruptions to existing services.
These unapproved deployments are often facilitated by employees who are legitimately connected to the network. Consequently they enable other users join the network by revealing passwords and other authentication. When unauthorized users become part of the network it poses a security risk because, whilst on the network it is easier to access information from various devices and resources on that network. While on the network, these users have bypassed the firewall which protects the network from attack by intruders. Now they are on the network and can do much damage.
Wireless devices are prone to attack especially because they possess WIFI capability and easily link to networks. Radack (2009, p.3) captures the essence of the security risks that plague wireless devices when she writes,
In a wireless environment, data is broadcast using radio frequencies. As a result, data may be captured when it is broadcast. The distances needed to prevent eavesdropping vary considerably because of differences in building construction, wireless frequencies and attenuation, and the capabilities of high-gain antennas. The safe distance can vary up to kilometers, even when the nominal or claimed operating range of the wireless device is less than a hundred meters.
Wireless devices are especially prone to security threat because by their very nature, hackers can reach them remotely and cause extensive damage in many cases. Symantec (2002, p. 6) explains the situation of wireless devices when they write that
Many of today’s laptops ship with embedded WiFi capabilities. Hackers can access a device’s data and the organization’s wireless LAN even if that particular device has never been used to send or receive wireless transmissions.
Furthermore, in order to ensure a high level of security for wireless devices, it is important to change the default security settings. It is important to set pass words that are not dictionary words which can be easily detected by password crackers used by hackers. Also, the security of wireless devices also requires the use of firewalls, worm trappers, anti virus and other advanced security apparatus. Radack (2009, p.6) acknowledges the laws int eh default setting of wireless devices and writes that,
Wireless technologies generally come with some embedded security features, although frequently many of the features are disabled by default. The security features available in wireless networks and devices may not be as comprehensive or robust as necessary. The security features provided in some wireless products may be weak; therefore, robust, well-developed, and properly implemented cryptography should be used to attain the highest levels of integrity, authentication, and confidentiality.
Recommendations are often useful for the solution of security issues which affect wireless devices and networks. Symantec (2002) has issued a list of security guidelines for Local Area Networks (LAN). These are as follows: establishing wireless LAN security policies and practices; designing for security; logically separate internal networks; removing unnecessary protocols; and protecting wireless devices. Very often wireless devices are on these networks, thus these security recommendations are applicable to wireless devices.
Wireless devices and applications are extremely useful in today’s technology driven world. However, the usefulness of these devices will be short lived if necessary security precaution is not taken. Given the wireless capability, it is possible for intruders to steal valuable information and violate the privacy of individuals and organizations. As research provides solutions to security risks that affect wireless devices, criminals are devising better strategies. Thus, individuals and organizations that use wireless devices need to be abreast and up to date with current trends in the wireless world.