A man-in-the-middle attack is a deceitful espionage attack which aims to listen, record, or manipulate sensitive data being sent between unsuspecting internet users. To do this, hackers rely on methods that enable them to position themselves, unnoticed, between two or more computers communicating with one another. We introduce you to some well-known attack patterns and countermeasures that can be...Man-in-the-middle attack: attack patterns and countermeasures
Whether you’re using a private or business network, the need for security is a top priority. Traditional networks that use cables can provide some protection against external attacks. This is because without physical access to the cables, which are located throughout buildings, strangers cannot easily intercept or read data.
However, if you want to use a more practical wireless network, you run the risk of encountering security problems. Empty space is used instead of cables for transferring data, and the range is not measured by the length of the cable, but by the strength of radio signals. If a device in the wireless local network – better known as WLAN – sends data, a spy only needs a receiver within the range of transmitted radio signals to intercept this data. To use the wireless communication path without any worries, it is important to ensure you have good WLAN security.
What actually is WLAN?
WLAN (Wireless Local Area Network) is a wireless local network and is generally used when the network device can’t be wired or is difficult to implement, requiring a lot of effort. A wireless network can also exist for convenience reasons. Wireless connections are particularly widespread in the private sector, since they are a good solution for implementing internet access through entire living quarters without having to rely on cables. Radio networks are also useful in offices, especially when a variety of portable devices such as laptops, tablets, or smartphones are in use.
There are three different modes for operating wireless networks:
- Infrastructure mode: the structure of this mode is similar to the mobile network. A wireless access point takes care of the coordination of all network users and sends them small packets, at adjustable intervals, with information about the network name, the supported transmission rates, or the type of encryption. The access point is often a router.
- Wireless distribution system: since WLAN networks use the same addressing mode as Ethernet, you can easily connect to wired networks (or other wireless networks) via the access point. This is how networks are linked together and the range is increased, which is why this is known as a wireless distribution system.
- Ad-hoc mode: in ad-hoc networks, the central control unit is missing, which means that the coordination must be taken over by the respective terminals. These networks are used for fast, direct communication between individual participants. However, this WLAN mode isn’t used as frequently – alternative techniques, such as Bluetooth, are much more common.
These are the disadvantages of wireless networks
The outline data for communication in radio networks is specified in IEEE 802.11 from the Institute of Electrical and Electronics Engineers (IEEE) near New York. At the beginning, however, not much emphasis was placed on security: unencrypted transmission and no user authentication requirements meant that anyone within the appropriate area had access to a wireless network. Ultimately, the requirement of WLAN security promoted the development of the following encryption and authentication methods:
- Wired Equivalent Privacy (WEP): WEP is the oldest standard for WLAN encryption and dates back to 1997. It offers two authentication methods: Open System Authentication (enabled for all clients) and Shared Key Authentication (activated by password). In addition, WEP includes the encryption methods RC4. Due to various weaknesses, WEP is today considered unsafe and outdated.
- WLAN Protected Access (WPA): WPA builds on the WEP architecture and is designed to eradicate weaknesses in the same process. To ensure this, WPA operates with a dynamic key based on the Temporal Key Integrity Protocol (TKIP). Since WPA also has certain security deficiencies, new wireless access points (since 2011) and all WLAN-enabled devices (since 2012) are no longer allowed to support this protocol.
- WLAN Protected Access 2 (WPA2): the current, safest WLAN encryption and authentication method WPA2 was released in 2004 with the IEEE 802.11i standard. Instead of TKIP, WPA2 uses the much more modern AES encryption method. Therefore, if you set up a WLAN, you should always use the older WEP and WPA standards of WPA2.
- WLAN Protected Setup (WPS): the standard WPS is not a transmission nor encryption technique, but is rather an automatic configuration feature, which aims to make WLAN configuration easier for new network users. The authentication is carried out at the push of a button (WPS PBC) – physically at the access point or virtually via a software-implemented button – or by entering a PIN (WPS PIN). Alternatively, you can change the network settings via USB stick or via NFC (Near Field Communication).
Although WEP and WPA with WPA2 have a legitimate, more secure successor, some operators are still using these outdated standards – as long as they are supported by the wireless action point in order to encrypt their WLAN. Whether this is unintentional or for compatibility reasons (to grant access to older devices) is incidental. What is clear is that networks like this are at a high risk of unauthorized access – one of the main reasons for the critical assessment of WLAN security. Additional errors that make it easier for attackers to intercept data include:
- Having standard user names and passwords for wireless access points
- Having unsafe basic configurations for wireless access points
- Implementing WPA2 and WPS incorrectly
In addition, wireless networks are vulnerable to common DoS or DDoS attacks as well as so-called evil twin attacks. With the latter, malicious attackers plant fake wireless access points in the network with special firmware. Network users believe these to be real and then connect to them. The evil twin responds with its own authentication request and receives the WLAN access data from the unsuspecting network device. It also takes over the MAC address of the client (MAC spoofing), gaining all necessary data to establish the connection. Publicly accessible WLAN points are particularly at risk from this kind of attack.
Make WLAN more secure: a question of consistency
The weaknesses listed above show the importance of becoming familiar with various possibilities of WLAN security. If you expect to get the best protection with a firewall and a secret password, you will quickly be convinced otherwise in the event of a targeted attack. There’s more to the comprehensive security of wireless networks than just simply turning on a router, carrying out a five-minute set-up, and searching for a password that isn’t easy to guess, but at the same time, not hard to remember.
The more careful you are with the configuration and management, the more secure your network will be later on.
The basis for WLAN security: configuring the wireless access points correctly
Wireless access points – usually routers – are the network’s central control units and are therefore responsible for their safety. Specifically, the settings you make for this hardware component determine whether an attacker can gain access to your wireless network within a few seconds, or whether it remains just an attempt. These are the most important configuration steps:
Step 1: Create individual administrator access
So that an access point can be configured, firmware needs to be running, which provides a user interface in common internet browsers as soon as you call up the access point’s IP address. Access to this interface is achieved through an administrator account with a default username and password. This log-in data isn’t unique, since it is the same for all devices of the respective model and is also very easy to remember, such as 'admin' (password and username) or '1234'. Change this administrator account log-in information at the beginning of the configuration. You can write it down and store it in a safe place, but do not store it on your computer without proper password storage.
Step 2: Select WPA2 as the encryption method
In order to encrypt your WLAN, you should definitely choose WPA2, since the two predecessors WPA and WEP are outdated and could prove a security risk. Combining or mixing WPA/WPA2 isn’t recommended either. Instead, use network devices that support WPA2 and do not rely on old encryption methods. If you are using WPS configuration software, you should only switch it on when it is needed.
Step 3: Create a secure WLAN password
So far, only password attacks have been known for WPA2; in particular brute force attacks and dictionary attacks are very popular with cyber criminals. The importance of a complex WLAN password therefore cannot be underestimated. Your best bet against decryption algorithms and dictionaries that the tools use is to set up a WLAN key, consisting of as many characters as possible, using both lowercase and uppercase letters as well as numbers and special characters. Avoid actual words and distribute the characters randomly. You can also keep the WLAN password on paper in a safe place, just don’t write in on your computer.
Step 4: Specify an unidentifiable network name
WLAN security measures (which primarily serve as your personal protection), are to formulate a non-traceable service set identifier (SSID). The SSID displays the name of your network and is available to all in the signal range. If you are not running a public hotspot, you should avoid personal details that might point to you, your company, or your location. Many consider it all as more secure if they hide the WLAN name (Hidden SSID). However, this technique doesn’t fully deter attackers and makes the connection set-up a bit more difficult for legitimate clients. If you hide your WLAN’s SSID, it could prevent some devices from seeing the access point, so that they won’t be able to connect to it.
Step 5: Turn on automatic firmware updates
So that your WLAN is always secure, it’s paramount that the wireless access point’s firmware is up to date. As with any software, attackers can take advantage of security flaws and can take over admin rights or let malware infiltrate the system. Some access points have an automatic update function for the installed firmware, which you can promptly activate. If this isn’t the case, you should regularly check whether there are any updates for your device that you can download and install manually.
Optimize authentication with IEEE 802.1X
IEEE 802.1X is a port-based security concept that only grants connection-enabled clients access once they are verified and approved by an authentication server (RADIUS). This is based on a pre-defined list, which gives the security concept information about whether the requesting client is allowed to connect to the wireless access point. The authentication method relies on the Extensible Authentication Protocol (EAP), which also supports WPA2. Also mentioned with this variant, are WPA2 Enterprise, WPA2-1X, and WPA2/802.1X.
Further useful WLAN security measures
If you have configured your wireless access point accordingly, your wireless network already has decent protection. Depending on its intended use, however, there are various tasks to be carried out after set-up has been completed. Since the majority of all WLANs are connected to other networks – mainly through the internet – you should set up the firewall included or create your own firewall to filter out unwanted connections. It is also useful to consider intrusion detection or an intrusion prevention system, in order to detect and prevent attacks as early on as possible.
If you want to provide customers with wireless internet access, you should always work with a separate SSID, which you create and configure in addition to your workplace WLAN. In any case, as an operator of the wireless network, you are jointly responsible for how the connection is used since any copyright infringement could quickly be traced back to you. To be safe, you should keep track of bandwidth usage and block any untrustworthy sites in the router settings.
If the WLAN is used in a professional environment, performing regular security checks with the help of special tools are definitely recommended. These help to simulate common hacker attacks and find out whether your WLAN security measures are working. In this case too, the principle applies to the whole process of WLAN security: the more conscientious and more precise you are, the better. Make sure to
- configure your wireless access point,
- install additional security components such as IEEE 802.1X, a firewall, or an intrusion detection system,
- operate work and guest networks separately
- regularly make sure your network components are updated and are performing correctly.
By carrying out these steps, it’ll be harder for hackers to gain access to your WLAN.