Monday, May 28, 2018

[RESEARCH] How Secure Of Your Wifi Netowrk

Some information security experts still suggested to hide your SSID and set MAC address filtering in addition to WPA2, AES and strong passphrase setting in order to keep your wireless network secure.

However, most wireless hacking tools can unhide the hidden SSID, meanwhile, MAC address can be easily spoofed. Fortunately, there is a feature that can be used to harden your wireless network. It is namely Protected Management Frames or IEEE 802.11w even it is still not a standard since 2009.

What are Protected Management Frames (IEEE 802.11w) ?

Wi-Fi CERTIFIED WPA2 with Protected Management Frames provides WPA2 protection for unicast and multicast management action frames. Unicast management action frames are protected from both eavesdropping and forging, and multicast management action frames are protected from forging. WPA2 with Protected Management Frames augments WPA2 privacy protections already in place for data frames with mechanisms to improve the resiliency of mission-critical networks.

In order to understand how does it work for the security of a wireless network, I did some experiments for the purpose.

Hardware

(1) Home wireless router with the feature of Protected Management Frames;
(2) Android 6.0 at 2.4GHz smartphone;
(3) Android 7.0 at 5GHz smartphone;
(3) Macbook Pro (Retina Mid 2012) with macOS High Sierra (10.13.4) at 5GHz;
(4) Macbook Air (Mid 2013) with macOS High Sierra (10.13.4) at 5GHz;
(4) Lenovo Thinkpad X201s (as 2.4GHz attacker); and
(5) TP-Link Archer T4UHP (as 2.4/5GHz attacker)

Software

(1) Parrot Security OS 4.0.1 64-bit;
(2) WAIDPS 1.0 R6j; and
(3) Aircrack-NG 1.2

Lenovo Thinkpad X201s installed Parrot Security OS 4.0.1 with the latest update and running WAIDPS which is powered by Aircrack-NG 1.2 as attacker.

The home wireless router and the testing wifi devices are set to WPA2 and AES encryption. The firmware of the wireless router is up-to-date. Since the home wireless router is dual bands, 2.4GHz and 5GHz, I set some of the testing devices to 5GHz. The home wireless router is set to AP mode as I already have a wired router in the network.

Once the 4-way handshake is captured from wireless router and devices, attackers can brute force the captured packets to obtain the passphrase of the wireless router.

Experiment

The Protected Management Frames can be set to "disabled", "capable" and "required" on the home wireless router.

(a) Disabled

When the Protected Management Frames (PMF) at the wireless router is set to "Disabled". All wireless devices can be disassociated and the 4-way handshake can be captured.

(b) Capable

When the PMF is set to "Capable" at the wireless router, all devices can connect to the router without problem. However, the wireless devices can be disassociated and the 4-way handshake can be captured.

(c) Required

When the PMF is set to "Required", only Macbook Pro and Macbook Air can be connected to the wireless router and it cannot be disassociated as well as the 4-way handshake cannot be captured.

(d) extra

When the PMF is set to "Capable" and all the devices are disconnected as well as re-connected to the wireless router, the 4-way handshake can be captured.

When the PMF is set to "Required" and Macbook Pro as well as Macbook Air are disconnected and re-connected to the wireless router, the 4-way handshake cannot be captured.

Conclusion

Purchase a wireless router that equipped with Protected Management Frames feature and set it to WPA2, AES and PMF to "Required" with wireless devices that compatible to PMF, such as macOS 10.13.4.

However, not all wireless routers and/or wireless devices are equipped with this feature even it is an expensive/high-end or commercial model.

Finally, when you find a wireless router that equipped with this feature, make sure to update the firmware to the latest version often.

By the way, I am unwilling to provide the brand name of the home wireless router that I tested. Sorry for that!

That's all! See you.