Security
  • IT Security Knowledge Base
  • Blue team
    • Linux System Hardening
    • Phishing Analysis
    • Snort
    • Yara
  • Capture the Flag
    • OverTheWire
      • Bandit
        • Bandit Level 0
        • Bandit Level 0 → Level 1
        • Bandit Level 1 → Level 2
        • Bandit Level 2 → Level 3
        • Bandit Level 3 → Level 4
        • Bandit Level 4 → Level 5
        • Bandit Level 5 → Level 6
        • Bandit Level 6 → Level 7
        • Bandit Level 7 → Level 8
        • Bandit Level 8 → Level 9
        • Bandit Level 9 → Level 10
        • Bandit Level 10 → Level 11
        • Bandit Level 11 → Level 12
        • Bandit Level 12 → Level 13
        • Bandit Level 13 → Level 14
        • Bandit Level 14 → Level 15
        • Bandit Level 15 → Level 16
        • Bandit Level 16 → Level 17
        • Bandit Level 17 → Level 18
        • Bandit Level 18 → Level 19
        • Bandit Level 19 → Level 20
        • Bandit Level 20→ Level 21
        • Bandit Level 21→ Level 22
        • Bandit Level 22 → Level 23
        • Bandit Level 23 → Level 24
        • Bandit Level 24 → Level 25
        • Bandit Level 25 → Level 26
        • Bandit Level 26 → Level 27
        • Bandit Level 27 → Level 28
        • Bandit Level 28 → Level 29
        • Bandit Level 29 → Level 30
        • Bandit Level 30 → Level 31
        • Bandit Level 31 → Level 32
        • Bandit Level 32 → Level 33
    • OWASP Juice Shop
      • Installation
      • Level 1 - Challenges
      • Level 2 - Challenges
    • TryHackMe Rooms
      • Anthem
      • Capture!
      • Corridor
      • Gotta Catch'em All!
      • Mustacchio
      • Neighbour
      • Opacity
      • Source
    • CEH v12 practical resources
  • Cryptology
    • CryptoHack
      • Course: Introduction to CryptoHack
        • Introduction - Challenges
        • General - Encoding
        • General - XOR
      • Course: Modular Arithmetic
        • General - Mathematics
        • Mathematics - Modular Math
        • Mathematics - Brainteasers Part 1
      • Course: Symmetric Cryptography
        • How AES Works
        • Symmetric Starter
        • Block Ciphers
        • Stream Ciphers
  • Red Team
    • Reconnaissance
      • Foot-printing
      • Scanning (Nmap)
      • Enumeration
    • Vulnerability Analysis
    • Initial Access
      • Obtaining credentials
      • Vulnerability Exploitation
        • Buffer Overflow
        • Metasploit and Armitage
        • Ninja Jonin
    • Active Directory
      • Connect to AD
      • AD Explore
      • CMD and PowerShell enumeration
      • Certificates in AD
      • LDAP Pass-back Attacks
      • Cracking NetNTLM Challenge with Responder
      • Exploring Configuration Files for AD Credentials
      • Pass the hash with evil WinRM
      • Understanding Runas
    • Malware
    • Sniffing
      • Intercept HTTP traffic - Hetty
      • Intercept HTTP traffic - Bettercap
      • Wireshark
    • Social Engineering
    • Denial of Service
    • Web Hacking
      • Burp Suite
      • OWASP ZAP
      • Web servers
      • Web Server Footprinting
      • Directory Enumeration
      • Session Hijacking
      • Web Shells
      • Web vulnerability scanners
      • SQL Injection
    • Cloud
    • Wireless Networks
      • Attacking WEP
      • Attacking WPA/WPA2
    • Mobile Devices
    • Network Security Evasion
    • Privileges Escalation
    • Maintain Access and Hide Malicious Activity
      • Backdooring
    • Cover your Tracks
  • Internet of Things
    • IoT in general
    • Common IoT Protocols
      • CoAP
      • MQTT
      • ZIGBEE
      • Bluetooth
    • Scapy
      • Sniffing and spoofing
      • ARP cache Poisoning
  • Projects
    • Cybersecurity Roadshow
Powered by GitBook
On this page
  • Definitions
  • Wi-Fi Authentication Modes
  • Open System Authentication Process
  • Shared Key Authentication Process
  • Wi-Fi Authentication Process Using a Centralized Authentication Server:
  • Wireless Encryption
  • Definitions
  • WEP - Wired Equivalent Privacy
  • WPA - Wi-Fi Protected Access
  • WPA2 - Wi-Fi Protected Access 2
  • WPA3 Wi-Fi Protected Access 3
  1. Red Team

Wireless Networks

A wireless network is a limitless data communication system that employs radio-frequency technology to establish connections with devices and retrieve information.

Definitions

Term
Description

Global System for Mobile Communications (GSM)

A universal system for mobile data transmission in wireless networks worldwide.

Bandwidth

The volume of information that can be transmitted over a connection, typically measured in bits per second (bps).

Access Point (AP)

A device used to connect wireless devices to a wireless or wired network, serving as an intermediary between them.

Basic Service Set Identifier (BSSID)

The media access control (MAC) address of an access point (AP) or base station that establishes a basic service set (BSS).

Industrial, Scientific, and Medical (ISM) Band

A set of frequencies used by international industrial, scientific, and medical communities.

Hotspot

Locations with public wireless network availability, allowing users to connect to the internet via Wi-Fi.

Association

The process of linking a wireless device to an access point (AP).

Service Set Identifier (SSID)

A unique 32-character alphanumeric identifier for a wireless local area network (WLAN), serving as the network's label.

Orthogonal Frequency-Division Multiplexing (OFDM)

A method of digitally modulating data by splitting a signal into multiple orthogonal carrier frequencies.

Multiple Input, Multiple Output-Orthogonal Frequency-Division Multiplexing (MIMO-OFDM)

Enhances spectral efficiency in wireless communication.

Direct-Sequence Spread Spectrum (DSSS)

A technique that multiplies the original data signal with a noise-spreading code, providing interference protection.

Frequency-Hopping Spread Spectrum (FHSS)

A method of transmitting radio signals by rapidly switching the carrier across various frequency channels.

Wi-Fi Authentication Modes

Open System Authentication Process

In this process, any wireless client attempting to access a Wi-Fi network sends a request to the wireless Access Point (AP) for authentication. The station sends an authentication management frame containing its identity to the AP, initiating the authentication and connection with the wireless AP. The AP responds with an authentication frame to confirm access, thus completing the authentication process.

Shared Key Authentication Process

In this process, each wireless station receives a shared secret key over a secure channel separate from the 802.11 wireless network communication channels. The connection is established as follows:

  1. The station sends an authentication frame to the AP.

  2. The AP sends a challenge text to the station.

  3. The station encrypts the challenge text using its configured 64-bit or 128-bit key and sends the encrypted text to the AP.

  4. The AP uses its configured key (e.g., Wired Equivalent Privacy - WEP) to decrypt the text. It then compares the decrypted text with the original challenge text.

  5. If they match, the station is authenticated, and it can connect to the network. If the decrypted text doesn't match the original challenge text, the AP rejects the station, preventing communication with both the Ethernet and 802.11 networks.

Wi-Fi Authentication Process Using a Centralized Authentication Server:

The 802.1X standard provides centralized authentication. In this Wi-Fi authentication process, a centralized authentication server, often referred to as Remote Authentication Dial-in User Service (RADIUS), sends authentication keys to both the AP and clients attempting to authenticate with the AP. This key allows the AP to identify a specific wireless client securely.

Wireless Encryption

Wireless encryption is a process of protecting a wireless network from attackers who attempt to collect sensitive information by breaching the RF traffic. We will focus on WEP, WPA, and WPA2.

Definitions

Term
Description

802.11i

An IEEE amendment specifying security mechanisms for 802.11 wireless networks.

WEP

An encryption algorithm for IEEE 802.11 wireless networks. An older standard with known vulnerabilities.

EAP

Extensible Authentication Protocol (EAP) supporting various authentication methods such as token cards, Kerberos, and certificates.

LEAP

Lightweight EAP (LEAP), a proprietary version of EAP developed by Cisco.

WPA

Advanced wireless encryption protocol using TKIP and Message Integrity Check (MIC) for strong encryption and authentication.

TKIP

Security protocol used in WPA as a replacement for WEP.

WPA2

An upgrade to WPA, using AES and the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) for data encryption.

AES

Symmetric-key encryption used in WPA2 as a replacement for TKIP.

CCMP

Encryption protocol used in WPA2 for strong encryption and authentication.

WPA2 Enterprise

Integration of EAP standards with WPA2 encryption.

RADIUS

Centralized authentication and authorization management system.

PEAP

Protocol encapsulating EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel.

WPA3

Third-generation Wi-Fi security protocol offering new features for personal and enterprise usage. Utilizes Galois/Counter Mode-256 (GCMP-256) for encryption and the 384-bit hash message authentication code with HMAC-SHA-384 for authentication.

WEP - Wired Equivalent Privacy

WEP was an initial endeavor to safeguard wireless networks against security threats. However, with advancements in technology, it became clear that data encrypted using WEP is susceptible to attacks.

WPA - Wi-Fi Protected Access

WPA is a security protocol established by the 802.11i standard. WPA offers enhanced data encryption security compared to WEP. It achieves this by employing a Message Integrity Check (MIC) within the Temporal Key Integrity Protocol (TKIP). TKIP utilizes the RC4 stream cipher encryption with 128-bit keys and a 64-bit MIC, ensuring robust encryption and authentication for transmitted messages.

WPA2 - Wi-Fi Protected Access 2

WPA2 is a security protocol employed for the protection of wireless networks. Introduced in 2006 as a replacement for WPA, WPA2 is compatible with the 802.11i standard and introduces several security enhancements not present in WPA.

WPA2 provides two operational modes:

  1. WPA2-Personal: In WPA2-Personal mode, security is upheld through a pre-shared key (PSK), a predetermined password. This key is used by all wireless devices to authenticate with the access point (AP). The key is generated from the password and is 256 bits in length. Each wireless device encrypts network traffic using a 128-bit key derived from an 8 to 63 ASCII character passphrase. The router employs a combination of the passphrase, network SSID, and Temporal Key Integrity Protocol (TKIP) to create a distinct encryption key for each wireless client. These encryption keys are dynamically modified over time.

  2. WPA2-Enterprise: WPA2-Enterprise leverages Extensible Authentication Protocol (EAP) or Remote Authentication Dial-In User Service (RADIUS) for centralized client authentication. It supports various authentication methods like token cards, Kerberos, and certificates. WPA2-Enterprise assigns a unique encrypted key to each system, ensuring key confidentiality. These keys are not exposed to users to prevent key sharing. Users receive login credentials from a centralized server, which they must present for network access

WPA3 Wi-Fi Protected Access 3

WPA3 was introduced by the Wi-Fi Alliance in January 2018 as an advanced evolution of WPA2, offering innovative security protocols. Similar to its predecessor, WPA3 encompasses two main variants: WPA3-Personal and WPA3-Enterprise.

In addition to encryption enhancements, WPA3 reinforces network integrity through the deployment of Protected Management Frames (PMF), which significantly elevate protection levels against eavesdropping and forgery attacks. Moreover, WPA3 places a strict prohibition on outdated legacy protocols.

PreviousCloudNextAttacking WEP

Last updated 1 year ago

See for attacks on WEP.

here