Wireless Security

One of the tools used for wireless network detection is Kismet. Kismet is a tool that one can use to determine which wireless access points are accessible as well as wireless clients within range (Kismet Wireless, n.d.).

One of the tools used for network sniffing and analysis is WireShark. WireShark comes with the necessary tools to sniff and capture wireless packets as well as analyze them for useful information. This is in addition to the many other tools and functionality for penetration testing that come pre-bundled with WireShark (WireShark Foundation, 2017).

One of the tools used for cracking wireless encryption is Fern WiFi Cracker. Fern WiFi Cracker combines various exploits and tools such as Reaver WPS attack and Airmon-ng which makes it easy to exploit wireless networks. It can crack WEP, WPA and WPA2 passwords. It is thus an invaluable tool for wireless network penetration testing (Kali Org, 2014).

One of the tools used for password cracking is HashCat. HashCat is a password cracker that is multi-threaded and can run off GPUs. This ability to utilize multiple threads and GPUs make it one of the fastest password crackers for normal
users available. It is able to crack mscash2, md5crpt, phpass, WPA and WPA2 passwords (HashCat, n.d.).

There are three main wireless encryption schemes. These are WEP, WPA and WPA2. The Wired Equivalent Privacy (WPA) scheme was aimed at offering security that matched that of wired networks. WEP uses CRC32 for ensuring message integrity and the RC4 cipher for ensuring confidentiality. The scheme uses 64-bit or 128-bit keys. It was phased out in 2003 due to security vulnerability though it is still used in some legacy networks.

WiFi Protected Access (WPA) was developed to address the security vulnerability inherent in WEP. It was developed in 2003 and updated in 2006 to WPA2 which is the current standard in wireless encryption. The WPA2 is divided into three versions, each with its own authentication mechanism. They are WPA-Personal, WPA-Enterprise and WPS (Wireless Protected Setup).

To penetrate any of the wireless schemes, the first step is to carry out reconnaissance and to determine what access points are accessible. WEP can be compromised using any tool that provides an Initial Vector Attack exploit. WPA-Personal can be compromised by sniffing traffic between a client and an access point during the authentication handshake process. This can then be used to determine the passcode to the network. WPA-Enterprise is hard to compromise since it uses a RADIUS server for authentication, making it hard to use brute force to compromise network keys that are pre-shared.

The WPS scheme uses a 4 PI code. This code is short enough to be broken using brute force or any other technique. Once the PIN is determined, it can be used to further escalate the attack so as to determine the wireless passcode to the network passwords (HowToGeek, n.d.).

The greatest challenge when using these tools will be learning exactly how they work. Although some of them have GUIs, the best way to leverage them is by issuing commands through the terminal. The functionality and tools that come with some of these tools such as WireShark can also be daunting in terms of scope and size. Additionally, the technical expertise needed in order to leverage the tools effectively is also quite vast although the learning curve is not that steep.

References

Kismet Wireless. (n.d.). Kismet wireless. Retrieved from https://www.kismetwireless.net/
WireShark Foundation. (2017, January 23). WireShark - go deep. Retrieved from https://www.wireshark.org/
Kali Org. (2014, February 18). Fern Wifi Cracker. Retrieved from http://tools.kali.org/wireless-attacks/fern-wifi-cracker
HashCat. (n.d.). HashCat advanced password recovery. Retrieved from https://hashcat.net/hashcat/
HowtoGeek. (n.d.). The Difference Between WEP, WPA, and WPA2 Wi-Fi Passwords. Retrieved from http://www.howtogeek.com/167783/htg-explains-the-difference-between-wep-wpa-and-wpa2-wireless-encryption-and-why-it-matters/