I will examine Wi-Fi networks and explore the reasoning behind why certain features and options are used or not and how they affect the operation as well as the security of the network. The 802.11 suites of protocols define standards that are drafted and managed by the Institute of Electrical and Electronics Engineers (IEEE). Although most people believe that Wi-Fi and 802.11 are synonymous with each other, the fact is that Wi-Fi is actually a subset of the 802.11 protocols, which is managed by the Wi-Fi Alliance, who were formed in 1999 by several visionary companies. This paper will examine the 802.11n and 802.11ac protocols in particular.
I will perform this study using a 2009 Mac Pro with an 802.11n wireless Airport card installed. The wireless Access Point (AP) is an Apple Airport Extreme 802.11b/g/n/ac router running in “Dual Mode” at both 2.4GHZ and 5Ghz bandwidths. The AP is located on an interior wall of a bedroom centrally located on the second floor of the house. The walls of the house are constructed of wood, R40 insulation and 1.5” Sheetrock. I have approximately twenty-five various types of wireless devices running off this AP including, three WD TV Live, two Apple TVs, an iMac, a MacBook Pro, a Mac Pro, two iPhones, an iPad Air, a home automated heating system, a home camera system, etc. I will use a software program called Wi-Fi- Explorer to analyze the network.
Since I’m using a 2009 Mac Pro, the only Wi-Fi card currently available for it is an 802.11n. During this study, I observed that using Wi-Fi Explorer with my MacBook Pro, which has an 802.11ac card, actually discovered many more networks than my Mac Pro did with the 802.11n card. After launching the Wi-Fi Explorer, I let it soak for 5 minutes giving it time to discover the surrounding Wi-Fi networks. The results displayed critical information including, BSSID, vendor, and signal strength as seen in figure 1.
The BSSID is one piece of critical information that is used to identify Wi-Fi networks. The BSSID is the combination of the network name and Mac address of the AP’s Wi-Fi interface. The BSSID is a unique identifier that distinguishes all Wi-Fi networks from one another. The 2WIRE604 is my U-verse home AP, which provides IPTV to my home. The U-verse AP is running on the same bandwidth as the MB AirPort, which could potentially cause network interference. This is less of a problem since those two particular networks are running on two different channels, 6 and 11 respectively. Even though they are within the same 2.4GHz bandwidth, they do not overlap as seen in figure 3.
As seen in figure 2, MB AirPort is running in two different modes, 802.11 b/g/n on the 2.4GHz bandwidth and 802.11ac on the 5GHz bandwidth. It’s pretty unanimous that everyone in my neighborhood is keen on Wi-Fi security because they’re all using WPA2 Security. I chose to use WPA2 security over WEP or WPA because WPA2 has replaced those two older technologies due inherent vulnerabilities built within them. WPA2 uses the stronger AES encryption, as opposed to WEP’s weaker Shared Key encryption or WPA’s TKIP encryption, because the AES encryption key changes after a various cycles of use as opposed to WEP’s older Shared Key encryption would remain constant throughout transmission making it easy for crackers to exploit.
As seen in figure 3, the two networks, MB Airport and 2WIRE604, do not interfere with each other due to channel separation. Each channel within the 2.4GHz range is approximately 22Mhz wide. There are four primary non-overlapping channels available within the 2.4GHz bandwidth, 1, 6, 11, and 14. MB AirPort is running on channel 6 with a frequency range of 2426MHz to 2448MHz equaling a total frequency range of 22MHz.
The lone wolf here is the Ortiz Network who is using channel 8 within the 2.4 GHz range. The Ortiz network is overlapping my two networks, MB AirPort and 2WIRE604, but isn’t much of a problem since his signal is weak as seen in figure 1. The Wi-Fi analyzer intermittently picks up the Ortiz Network because the signal is too weak rendering it a negligible threat to interfering either of my networks.
As seen in figure 4, one inherent problem with the 2.4GHz bandwidth is that it has a stronger output, as opposed to 5GHz, creating a larger transmission radius that can potentially intersect with neighboring Wi-Fi networks causing interference. One can view this as a benefit as long as the other Wi-Fi networks are on different channels within the 2.4GHZ spectrum but this most likely will not be the case. As we saw in figure 2, most of the 2.4 GHz network are using channel 11, which causes those particular networks to have overlapping signals potentially injecting interference into their Wi-Fi networks. This can easily be remedied by selecting differing channels from one another as well.
I elected to broadcast my BSSID contrary to common opinion because not doing so introduces new security risks. The problem here is that since the SSID is not being broadcast, all of the clients now have to send out beacon probes to the AP. The beacon probes contain trusted SSID information. So why hide the BSSID to begin with? Well, first and foremost, there is software widely available that can still pick up an SSID even though is not broadcast. The problem here is that a sophisticated cracker can exploit my network by tricking clients into connecting to a rogue AP after capturing the trusted SSID info via the beacon probes, thus, breaking into a unsuspecting home network stealing valuable information leading to all sorts of problems including stolen identities.
A hacking device called Wi-Fi Pineapple, which is widely available on the Internet, can perform man-in-the-middle attacks against any home Wi-Fi network. On the flip side of that coin, in order for the Wi-Fi Pineapple to successfully go unseen during wardriving, its BSSID should be set to hidden or not broadcast. The Wi-Fi Pineapple requires very little hacking experience to operate and there is a huge library of tutorials online including videos, which go into enough detail for novices. It’s crucial for user to protect their networks with WPA2 Wi-Fi security using a strong AES encryption with a sophisticated password.
Wi-Fi network are becoming more and more commonplace in today’s society and as a result there will be greater opportunities for problems to occur. As noted within this study, Wi-Fi networks are very complex as they are diverse and with a little consumer education most of the problems inherent in the technology can be avoided, such as not using default passwords for instance. The Wi-Fi Explorer software program has been instrumental in helping me identify areas of potential conflict and weaknesses, which allowed me to make changes that helped, improving my home Wi-Fi experience.
There is a whole plethora of home devices that could interfere with the 2.4GHz signal including, microwave ovens, cordless home telephone units, baby monitors, and neighboring Wi-Fi networks just to name a few. With a little knowledge and understanding, these problems can be reduced if not eliminated all together and home Wi-Fi network security doesn’t have to take a backseat in the process.
(2015). Retrieved 5 17, 2016, from Wi-Fi- Pineapple: https://www.wifipineapple.com
Geek, T. H. (2010, 9 13). Is Hiding Your Wireless SSID Really More Secure? Retrieved 5 17, 2016, from lifehacker.com: http://lifehacker.com/5636856/is-hiding-your-wireless-ssid-really-more-secure
ieee. (2016). Retrieved 5 17, 2016, from ieee.org: https://www.ieee.org/index.html?WT.mc_id=hpf_logo
IEEE. (2015). Official IEEE 802.11 Working Group Project Timelines. Retrieved 5 17, 2016, from IEEE802.org: http://www.ieee802.org/11/Reports/802.11_Timelines.htm
Johnny Cache, J. W. (2010). Hacking Exposed Wireless: Wireless Security Secrets & Solutions, Second Edition (2nd Edition ed.). McGraw-Hill/Osborne.
packetworks. (2015). Common Causes of WiFi Interference. Retrieved 5 17, 2016, from packetworks Blog: http://www.packetworks.net/blog/common-causes-of-wifi-interference