Wireless Network Confidentiality Vulnerabilities
Order ID:89JHGSJE83839 Style:APA/MLA/Harvard/Chicago Pages:5-10 Instructions:
Wireless Network Confidentiality Vulnerabilities
Assignment 1: Identifying Potential Malicious Attacks, Threats, and Vulnerabilities
LaRonda McKay
Wireless Network Confidentiality Vulnerabilities
Strayer University
Professor Robert Whale
Wireless Network Confidentiality Vulnerabilities
CIS333 Fundamentals of Networking Security Systems
January 28, 2017
Identifying Potential Malicious Attacks, Threats, and Vulnerabilities.
The company is not alone in its dependence upon networking technology, which is essential to remaining competitive in today’s video game software marketplace. The connectivity introduced by networking and computer technologies also introduces an enormous number of vulnerabilities that can compromise the confidentiality, integrity, and availability of the company’s information. However, for each vulnerability there are countermeasures that
can be implemented to would be intruders. Following are a series of vulnerability examples and countermeasure solutions that should be implemented by the company to avoid data loss and an information security incident.
Existing Network Vulnerabilities
Wireless WPS Vulnerabilities
WPA2 is the most current version of standard based wireless network security to protect data confidentiality as it is transported over the wireless network. WPA2 includes major changes that address the shortcomings of both WPA and WEP. WPA2 includes the use of mandatory AES encryption, no longer supporting RC4 and TKIP. WPA2 also addresses most of the security issues that have been uncovered in WPA so that wireless networks
protected with WPA2 can be considered as much more secure. However, as with all security measures, flaws are usually found and WPA2 is no different. Like WPA, the WPA2 implementation provides support for a feature called WPS or Wi-Fi Protected Setup, which is included to ease the setup and configuration of wireless network devices by leveraging a device specific pin number for use in automatically configuring pass-phrases between the AP unit
and wireless clients, (Fitzpatrick, 2013). Unfortunately, this feature has a critical flaw that, with time (up to 10 hours are required), using software such as the free for download “Reaver” tool, penetration of a WPA2 protected
wireless network is trivial. Hence, if implementing a WPA2 protected wireless network, make sure that all wireless network AP units are capable of disabling the WPS feature prior to deployment, (Fitzpatrick, 2013).
Wireless Network Confidentiality Vulnerabilities
Wireless network hackers use sniffer programs that contain additional, special “hacking” features designed to simplify the process of wireless network penetration. For example, the Airsnort wireless network sniffer is
used by wireless hackers to sniff (capture) wireless network packets, collect those packets used in authentication exchange between an AP and its client devices. And then crack the passphrase contained in those packets that are
required to access the wireless network (even when the strongest wireless encryption, WPA2 with AES, is enabled). Hence, once Airsnort captures the correct packets, wireless network penetration, even with the most robust form
of wireless network encryption is trivial. It is important to understand that the process Airsnort uses to capture and crack wireless network passphrases, and passwords effectively bypass the encryption protecting conversation
data packet payloads because the packets used during the authentication and negotiation process are not protected with encryption because the encryption method has not yet been negotiated. To defend against this vulnerability,
the company should enable MAC address filtering (so that only known devices can connect to the wireless network). Also enable wireless integrated directory services authentication (so that devices cannot connect unless they
first authenticate with the company’s directory services, such as Active Directory which employs much stronger forms of encryption for authentication).
Weak Passwords
Passwords are the most common method (along with user accounts) for authenticating a person in order to identify them as someone who is allowed access to the system and company network. This is especially true within networks where multiple platforms exist (such as Windows, Linux, and Apple iOS) because not all systems are supported by more advanced authentication devices. Passwords offer a very simple method of identification by requiring the user to provide only something that they know, in this case, a “secret” known only to the user and the system to which they are authenticating. However, several factors now make passwords a very weak method of
protecting systems from unauthorized access. First, passwords can be broken over time. Today’s much faster processors enable malicious attackers to crack passwords (even those with strong encryption) in hours or even minutes, depending upon the nature of the password. While this is more of a technology vulnerability, it is important to mention because of the next point. In order to prevent successful password cracking, administrators can
enforce password complexity rules. These rules, when configured on systems, force users to create passwords that meet specific constraints designed to ensure that passwords cannot be cracked within a short period of time.
Rules typically include the length of the password (over 12 characters) and require passwords to include one or more numbers, special characters, lower case letters and upper case letters. A second countermeasure is to
implement two-factor authentication such that a user must present something they know (such as a username and password) and something they have (such as a smart card) or something they are (such as a fingerprint). By
requiring two forms of identification, the company will be protected against advanced password cracking techniques.
Potential Data Loss
Information Integrity Issues
The concept of integrity is confidence that information hasn’t been changed, altered or damaged while in transit over networks, in longer term storage, or when on portable storage devices. For example, data files
transferred over the network and the Internet or from the intranet network could have integrity issues due to EMI (electromagnetic interference) or even man-in-the-middle (MITM) attacks if countermeasures are not taken so that
verification of the information delivered is performed. Hash algorithms in which a one-way hash chain is generated from the original message, then compared to a hash created after the message has been received (which can be
implemented through the use of the IPSec security framework). This an example of a countermeasure used to verify that information is identical to its original, acceptable state.
Storage Failures
Availability means that the information managed by an organization is always available when needed (for authorized users). Availability can be compromised within the local data center (the company file servers and
email servers are of particular concern), such as when a hard drive fails causing irreparable loss of information. Countermeasures to avoid loss of information due to storage failures include implementing RAID 5 hard drive array
configurations in all servers which maintains stored information in the event of a single hard drive failure (RAID 6 will maintain stored information in the event of a two-drive failure), (Chambers, 2014).
Dumpster Diving
Dumpster diving is a social engineering practice of digging through a company’s trash and other refuse for information that can be used to gain unauthorized access to company networks or gain unauthorized access to
confidential information. Dumpster diving is one of the primary reasons why the paper shredding business is booming, as it helps destroy information before papers are thrown away. However, optical media, floppy disks, hard
drives, USB drives and other digital storage devices are often overlooked since they are not functional when tossed in the trash, and may even have all data deleted before they are thrown away. However, by downloading free
software, a hacker can gain access even to data that has been deleted on these devices, once again providing them with information that can be used to gain access to the organization’s networks. To avoid this problem, the
company must have strict policies in place regarding discarding storage media in addition to providing personnel with training so that they are aware of how to properly dispose of storage devices, ensuring that this vulnerability is
not exploited, (Social Engineer, 2015).
Conclusion
The discussion above presents just a few of the much vulnerability that the company must be aware of to protect valuable data from intruders. However, by implementing a best practice information security program with an in-depth defense strategy, the company can ensure the confidentiality, integrity, and availability of its valuable information.
RUBRIC
Excellent Quality
95-100%
Introduction 45-41 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Literature Support
91-84 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Methodology
58-53 points
Content is well-organized with headings for each slide and bulleted lists to group related material as needed. Use of font, color, graphics, effects, etc. to enhance readability and presentation content is excellent. Length requirements of 10 slides/pages or less is met.
Average Score
50-85%
40-38 points
More depth/detail for the background and significance is needed, or the research detail is not clear. No search history information is provided.
83-76 points
Review of relevant theoretical literature is evident, but there is little integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are included. Summary of information presented is included. Conclusion may not contain a biblical integration.
52-49 points
Content is somewhat organized, but no structure is apparent. The use of font, color, graphics, effects, etc. is occasionally detracting to the presentation content. Length requirements may not be met.
Poor Quality
0-45%
37-1 points
The background and/or significance are missing. No search history information is provided.
75-1 points
Review of relevant theoretical literature is evident, but there is no integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are not included in the summary of information presented. Conclusion does not contain a biblical integration.
48-1 points
There is no clear or logical organizational structure. No logical sequence is apparent. The use of font, color, graphics, effects etc. is often detracting to the presentation content. Length requirements may not be met
You Can Also Place the Order at www.collegepaper.us/orders/ordernow or www.crucialessay.com/orders/ordernow Wireless Network Confidentiality Vulnerabilities