Wireless Network Security
Wireless network security basics: Challenges, solutions, advantages and disadvantages, and future developments
You’re likely using a wireless network or your cell phone service’s data package to read this article on the internet. Is your connection secure? Have you taken all of the steps necessary to protect your data and technology?
Continue reading to learn about the basics of wireless network security and ways to ensure that your connection is secure for your data and devices. This article covers an overview of wireless network security challenges, common solutions to those challenges, advantages and disadvantages of wireless network security, and future security developments.
A brief overview of wireless network security challenges
Essentially, demand for and technological advancements in wireless Internet of Things (IoT) devices, especially those powering smart homes and cities, are driving notable growth in the number of wireless network systems. Such growth poses new security challenges alongside legacy ones. Let’s look at the latter first.
Legacy wireless network security challenges
Security is a chief concern for wireless network systems because threats can exploit them remotely. (In contrast, wired network systems are vulnerable to threats only when they have physical access to wired devices.) Some common threats to wireless network systems include the following:
- Rogue access points: Rogue access points are devices operating on a local area network (LAN) that network administrators don’t authorize. Both sanctioned network users and intruders can deploy rogue access points to gain free and unrestrained wireless access to a network. The latter often do so to commit denial-of-service (DoS) attacks and data theft.
- Denial-of-service attacks: A DoS attack prevents sanctioned users from accessing a network’s resources, devices, or information systems by flooding the network with traffic until it crashes. Fixing DoS attacks can cost affected organizations significant amounts of time and money.
- Passive capturing: Passive capturing, also called “eavesdropping,” refers to capturing data from a LAN without affecting its resources. This threat is hard to detect—think of it as a form of malicious reconnaissance. A hacker capturing packets from a network is an example of passive capturing.
Wireless network security challenges in an IoT-driven world
The demand for a greater ease of network access grows proportionally alongside the number of wireless network systems available. Unfortunately, as ease of access grows, so, too, does a network’s “attack surface.” This is a network’s mosaic of pathways, or “attack vectors,” hackers can use to access the system. And wireless IoT devices, as well as the wireless technologies such as Bluetooth and Zigbee that connect them, present many of these security weak points.
In fact, recent research from Hewlett Packard (HP) found that IoT devices, particularly those in the networks of smart homes, were prone to serious security vulnerabilities. The report focused on findings from an examination of ten of the most popular IoT devices in common niches. Its most alarming finds were the following:
- A storage of personal information existed on 90 percent of examined devices. This storage was on the devices themselves, their mobile apps, or the cloud.
- Weak credentials and persistent cross-site scripting (XSS) were among a range of vulnerabilities for six out of ten devices that provided user interfaces.
- Failure to capture passwords of sufficient complexity and length was an issue for 80 percent of devices with cloud and mobile app components.
- Attackers could identify valid user accounts through account enumeration in 70 percent of devices with cloud and mobile app components.
- Finally, unencrypted network service was an issue for 70 percent of devices.
HP’s findings summarized five key flaws with popular IoT devices:
- Privacy concerns: Users are vulnerable to privacy concerns when they give personal information—addresses, health information, credit card numbers, and so on—to wireless devices. This is especially true when devices are operating cloud services and mobile apps while transmitting unencrypted data.
- Insufficient authentication and authorization: Insecure password recovery mechanisms, poorly protected credentials, and weak passwords are all security flaws. Attackers can take advantage of these flaws to access devices and penetrate their networks.
- Insecure web interface: Persistent XSS, weak default credentials, and poor session management are chief web interface concerns. HP found that many surveyed devices could enable attackers to figure out valid user accounts by exploiting password reset features among other mechanisms.
- Lack of transparent encryption: Sensitive data transmission is commonplace among home, business, and community IoT devices. This transmission necessitates transport encryption. Alarmingly, HP’s research found that many devices failed to encrypt network services transmitting data via the internet and local networks.
- Insecure software and firmware: At least 60 percent of the devices HP surveyed neither encrypted update downloads nor protected update files themselves. During their device testing, HP detected that “some downloads were intercepted, extracted, and mounted as a file system in Linux, where the software could be viewed or modified.”
HP’s research illustrates only a small but crucial fraction of the security challenges that wireless networks face. The full scope of challenges would also apply to Bluetooth technologies, the Zigbee standard, and other wireless technologies and goes beyond the purview of this article. Visit the IEEE Xplore digital library—one of the world’s largest collections of technical literature in engineering, computer science, and related technologies—to learn more about wireless security as it applies to these technologies.
Common solutions to wireless network security challenges
On the whole, administrators can secure a wireless network using a few different methods.
Automated wireless network security
In 2018, the Wi-Fi Alliance started certifying devices that support a higher level of Wi-Fi protected access, known as Wi-Fi Protected Access 3 (WPA3). The new WPA3 standard replaces WPA2 and provides an additional layer of security.
Having the latest hardware, such as devices that support WPA3, as well as the latest software, is key to automated security networks. To establish such a system at home or work, individuals or administrators should upgrade to WPA3 if possible and consider using antivirus and ad-blocking software that updates automatically.
Using a firewall is the traditional way to safeguard a wireless network from intrusion. A firewall is a device that stands between a network and the internet. All traffic has to go through the firewall.
It surveys network data packet heads for information on source and destination internet protocol (IP) addresses and port numbers. The firewall then compares that information to directives laid out in a network’s security policy. If a firewall finds information in a data packet head that its network’s security policy flags, it will block the source of that packet from accessing the network.
Encryption is the most common and most effective method of wireless network security. Data is encoded and decoded at end points, usually a router or switch, before being sent through radio frequencies. Encrypted data prevents attackers from reading data in in-transit packets, should attackers penetrate a network.
Access restriction configuration and captive portals
Other common security methods involve configuring access restrictions in network access points or setting up an open but isolated wireless network that uses a captive portal to authorize access. The latter method is popular among commercial network providers.
WIDSs and WIPSs
Finally, network administrators can deploy wireless intrusion detection systems (WIDSs) and wireless intrusion prevention systems (WIPSs). A WIDS is designed to send out alerts to human operators when it encounters what it believes to be malicious data packets trying to access a network. WIDSs are facing obsolescence since they don’t stop threats in real time. In contrast, WIPSs read data packet signatures to stop traffic from sources they determine are malicious.
Advantages of wireless network security
Wireless networks and the technology that enable them support many aspects of life at home and at work. Practically every individual and organization passes sensitive data back and forth over wireless networks, knowingly or unknowingly, every day. So the main, and perhaps most obvious, advantage of wireless network security when we implement it correctly and effectively is that it can protect our data. Below are four other noteworthy advantages of securing a network.
- It prevents costly operational downturns in business. In 2018, the FBI released a report that stated cybercrime cost businesses over $2.7 billion that year. And a survey that Kaspersky published in 2017 found that a single distributed DoS attack cost business enterprises an average of $2 million each. Compare that to the average yearly cost of securing a business network at $20,000.
- It protects network resources. Never mind sensitive data—some attackers might go after networks themselves. Some malware attacks can cause considerable damage to network resources, rendering networks inoperable. Security techniques such as “sandboxing” and content disarm and reconstruction can prevent the damage malware can cause to a network.
- It enables better network monitoring. With a robust network security system in place, individuals and organizations can better track who’s using a network, prevent unauthorized users from accessing it, and flag suspicious behaviors. Packet analyzers, apps and services monitors, and/or off-network monitors are all monitoring technologies that make excellent additions to any robust security system.
- It frees individuals and organizations from criminal liability. Attackers committing cybercrimes are getting better and better at hiding their forensic signatures. If an attacker penetrates a network to use it to commit a cybercrime anonymously, investigators can trace the crime’s digital footprints to the organization’s or individual’s network IP address, not the attacker’s.
Disadvantages of wireless network security
Unfortunately, many wireless networks individuals use at home, at work, and out in the community remain insecure. And that’s not without reason. There are three chief reasons for this—in other words, three chief disadvantages to wireless network security.
- There’s a lack of general knowledge of network security. Many wireless network users at home have a poor or no understanding of why network security is important and how it works. Admittedly, network security is a complex topic for the average person. Some of those who invest in smart-home products and everyday IoT devices either simply don’t think about security or don’t have the time to invest in learning about it.
- It takes effort to develop and implement. Some organizations have to transform operational processes to facilitate new security systems for their wireless networks. Organizations using older WPA standards need to upgrade to newer ones. They might need to restrict or disable dynamic host configuration protocols (DHCPs). And disabling DHCPs requires manual IP address assigning for all network devices. They might need to install a web application firewall (WAF) or update router firmware, and so on.
- It can be expensive to develop and implement. Implementation comes at a cost, not only for installation labor but also for new and upgraded components. Data encryption, for example, uses additional processing power, so end points need the technology that can support this requirement.
Future developments in wireless network security
Spyware, viruses, and other malicious software from attackers and hackers are becoming increasingly sophisticated. Thankfully, developments in wireless network security are progressing to meet new security needs.
What are the expected advancements in wireless network security?
One of the newer ways to secure data when using a wireless network is through multipath avoidance routing. This security measure avoids routing information through areas that are not secure, such as compromised nodes or malicious countries.
The greatest anticipated advancements in the wireless network security industry, however, are tied to the expansion of 5G.
5G is the fifth-generation technology standard for mobile networks. It promises higher speeds, increased reliability, and more network capacity. With 5G, cell phone providers can have more users using their system without it slowing down. This provides users with a better, more consistent experience.
The impact of 5G on business and the public will likely be huge. 5G is expected to have a $13.2 trillion global economic impact, creating more than 22.3 million new jobs, as goods and services evolve to work on a 5G network.
What is driving trends in wireless network security?
Innovations in technology and growing network infrastructure are driving trends in wireless network security.
As technology becomes increasingly powerful and society becomes increasingly dependent on mobile devices, wireless security becomes increasingly important. Understanding the strengths and weaknesses of Wi-Fi networks and Wi-Fi security is imperative for the workplace and private sector.
Interested in becoming an IEEE member? Joining this community of over 420,000 technology and engineering professionals will give you access to the resources and opportunities you need to keep on top of changes in technology, as well as help you get involved in standards development, network with other professionals in your local area or within a specific technical interest, mentor the next generation of engineers and technologists, and so much more.