INFORMATION SECURITY

Information Security

Information Security

Thesis Statement

WiFi connectivity has been flawed in the past, and with WPS it continues to be flawed.

Introduction

The US-CERT has warned about vulnerability in WiFi Setup Standard that has minimized the number of attempts taken by an attacker brute-force the PIN for a wireless router's setup process. The flaw leads towards providing too much information related to the PIN that is being returned to an attacker and turns the PIN weak. This badly affects the security of millions of access points and security routers. WPS is the name given to method which is used to establish a new and innovative setup for a new wireless router of a home network as in this way users are offered with an efficient and effective way of network setup either via internal or external registrar. During the setup phase, a PIN is required in this method to be used. Either on access point or wireless router, the PIN is often printed. PIN is discovered to be highly susceptible to brute force attempts and it is one of the major vulnerabilities (Kerner, 2012).

Discussion

WPS (Wi-Fi Protected Setup) is a standard promoted by the Wi-Fi Alliance for networking WLAN secure. In other words, WPS is not a security mechanism in itself, it is the definition of various mechanisms to facilitate the configuration of a secured WLAN with WPA2, designed to minimize user intervention in the home or small office (SOHO). Specifically, WPS defines mechanisms through which different network devices obtained credentials (SSID and PSK) necessary to start the authentication process (Vulnerability Note Database, 2011).

The WPS was created to facilitate the use of Wi-Fi networks, especially by less experienced, and serves to activate the connection between host and client through a simple numeric PIN instead of a complex password. It is considered quite safe because only the owner has the right to access t the necessary code. In the transition between theory and practice, however, a serious problem emerges. When the PIN authentication fails via the access point sends the client an EAP-NACK message. These messages are sent in such a way that an attacker can determine if the first half of the PIN is correct. This design greatly reduces the number of attempts needed to force the PIN (Kerner, 2012).

Many routers have no locking mechanism against brute force attacks and they can easily understand that a network can be quite easy to break. Manufacturers such as D-Link, Netgear, Linksys or Buffalo did not respond to email sent clarification by the researcher Stefan Viehbock, who discovered and published this vulnerability. It is more important to analyze the negative effects of this vulnerability in our daily lives. If a user of a Wi-Fi network "sees" from the street or from the apartment of his neighbor, then perhaps it would be better to disable the WPS method to access the network, he has the utmost confidence in people who may engage in signal. And of course it is also important to create a strong enough password (Vulnerability Note ...