Types of Wireless Network Attacks: Client-to-Client Attacks
Clients exist frequently on both wired and wireless networks. A client may be anything from a NAS (Network Attached Storage) device to a printer or a server. The conventional ad-hoc network has no printers or servers, only the computers of other users. The fact that most consumer computers run the Windows operating system and many users do not know enough about proper security leaves plenty of room for attackers to work.
The Role of the Client in Wireless Security
In wireless communications, a client must first receive the packet from an access point within close range, typically up to 300 feet. If packets from more than one access point are obtained, the client will select which BSS (Basic Service Set) to join. For example, Windows XP users are presented with a list of SSIDs and are asked which network they would like to use for a connection. Once an access point has been found, numerous management frames are exchanged in accordance to the mutual authentication scheme used in wireless networking. Authentication consists of two standard processes - open system authentication and shared key authentication. In the first method, management frames are transmitted unprotected, even if a user has enabled WEP. The second method uses a shared secret along with the standard challenge and response system. In order for it work, the client forwards and authentication request in the form of a management frame stating that it wants to use the shared key. When the access point receives the request, it responds by sending an authentication management frame contain the challenge text. The client receives the frame and copies the text into a new frame in which it is then encrypted and transmitted to the access point.
Two computers have the ability bypass the base station and directly communicate with one another. This also holds true for wireless clients, the main reason why each client must be protected from others. An attacker can easily strike a laptop computer using a wireless connection. For instance, they could initiate a DoS (denial-of-service) attack by jamming wireless clients with illegitimate packets. They can also configure their own client to duplicate the IP (Internet Protocol) or MAC (Media Access Control) address of legitimate clients to disrupt network traffic.
Even if a company only uses hardwired workstations and not a wireless connection, a laptop computer connected to Ethernet may still have its wireless NIC (Network Interface Card) installed and configurations set in peer-to-peer mode. Wireless NICs send out probe request frames at regular intervals in seek of other devices with the same SSID. This enables a wireless sniffing program to find those devices configured in peer-to-peer mode and attempt to invade the network. From there the attacker could make a connection to the laptop and exploit a number of vulnerabilities in the operating system, possibly gaining administrative access to the machine. With full access they can install a sophisticated Trojan horse or keystroke logging application to further compromise the network. A client-to-client attack may occur when the targeted machine is in transit and in use. At this point, it doesn't matter if the wireless NIC is actively being used or not.
Client-to-Client Defense
The best security against a client-to-client attack is an Intrusion Detection System. This will provide your wireless network with early detection of common exploits from a centralized location. CyberDefender is one such product that also works well against other attacks such as viruses, spyware, phishing and much more.
Post a comment