Network Security Fundamentals Part 7: Wireless Network Security

네트워크 보안 기초부터 실전까지 7편: 무선 네트워크 보안

2026-01-22 IT/Tech

Introduction: The Importance of Wireless Network Security

Wireless networks have become essential infrastructure in modern society. Wi-Fi internet connectivity is available in almost every location - homes, businesses, and public spaces - and the number of wirelessly connected devices such as smartphones, laptops, and IoT devices is growing exponentially.

However, unlike wired networks, wireless networks transmit data through radio waves, which means signals spread without physical boundaries. This allows attackers to attempt attacks remotely without physically accessing the network. Therefore, wireless network security has become a critical security challenge for all organizations and individuals.

In this Part 7, we'll examine wireless network security threats, the evolution of Wi-Fi security standards, various wireless attack techniques, and effective wireless security enhancement measures in detail.

1. Wireless Network Security Threats

1.1 Wireless Network Vulnerabilities

Wireless networks inherently have the following vulnerabilities:

Signal range extension: Wireless signals can pass through walls and windows, spreading outside buildings where external attackers can access them.
Ease of eavesdropping: Anyone with appropriate equipment can receive and analyze wireless signals.
Physical security limitations: Unlike wired networks, physical access control is difficult.
Bandwidth sharing: Multiple devices share the same frequency band, causing interference and congestion.
Mobility-related risks: Users connect to various networks while moving, exposing them to additional security risks.

1.2 Major Wireless Network Threats

The main security threats to wireless networks include:

Unauthorized Access: Unauthorized users connect to the network to use resources or steal data.
Eavesdropping: Intercepting wireless communications to collect sensitive information.
Man-in-the-Middle (MITM) Attacks: Attackers position themselves between communications to intercept or manipulate data.
Denial of Service (DoS) Attacks: Disrupting wireless signals or flooding the network with excessive traffic to disable it.
Rogue AP: Installing unauthorized access points to bypass network security.

2. History of Wi-Fi Security Standards

2.1 WEP (Wired Equivalent Privacy)

WEP was the first Wi-Fi security protocol introduced as part of the 802.11 standard in 1997.

Features:

Uses RC4 stream cipher algorithm
64-bit or 128-bit encryption keys
Uses 24-bit Initialization Vector (IV)

Vulnerabilities:

Short IV length: 24-bit IV provides only about 17 million possible combinations, making repetition inevitable.
Static key: All users share the same key, and key changes are difficult.
Weak integrity verification: CRC-32 checksum doesn't guarantee cryptographic integrity.
FMS attack: Vulnerability discovered in 2001 allows key cracking within minutes.

Warning: WEP is no longer secure and should never be used. If any network is currently using WEP, an immediate upgrade is required.

2.2 WPA (Wi-Fi Protected Access)

WPA was introduced in 2003 to address WEP's vulnerabilities.

Key improvements:

TKIP (Temporal Key Integrity Protocol): Dynamically generates keys for each packet.
MIC (Message Integrity Check): Michael algorithm applied to ensure data integrity
48-bit IV: Extended IV length to reduce reuse possibility
Key mixing function: Mixes base key and IV to generate per-packet encryption keys

Limitations:

Still based on RC4 algorithm, fundamental vulnerabilities exist
Attack techniques discovered against TKIP (Beck-Tews attack)
Vulnerable to dictionary attacks in PSK (Pre-Shared Key) mode

2.3 WPA2 (Wi-Fi Protected Access 2)

WPA2 is a security protocol that fully implements the 802.11i standard in 2004.

Core technologies:

AES-CCMP: Strong encryption using 128-bit AES block cipher
CCMP (Counter Mode with CBC-MAC Protocol): Guarantees both confidentiality and integrity
Enhanced key management: Secure key exchange through 4-way handshake

WPA2-Personal vs WPA2-Enterprise:

Category	WPA2-Personal (PSK)	WPA2-Enterprise
Authentication method	Pre-Shared Key (PSK)	802.1X/EAP + RADIUS
Target	Home, small office	Enterprise, large organizations
Key management	Same key for all users	Individual key per user
Security level	Medium	High
Deployment complexity	Simple	Complex (requires authentication server)

WPA2 Vulnerabilities:

KRACK attack (2017): Key Reinstallation Attack exploits vulnerabilities in the 4-way handshake
Offline dictionary attacks: Brute force attacks using captured handshakes in PSK mode

2.4 WPA3 (Wi-Fi Protected Access 3)

WPA3 is the latest security standard announced by the Wi-Fi Alliance in 2018.

Key improvements:

SAE (Simultaneous Authentication of Equals): Uses Dragonfly key exchange protocol to prevent offline dictionary attacks
Forward Secrecy: Previous session data protected even if long-term key is compromised
192-bit security suite: CNSA (Commercial National Security Algorithm) support in Enterprise mode
Protected Management Frames (PMF): Management frame protection mandatory
Wi-Fi Enhanced Open: Open network encryption through OWE (Opportunistic Wireless Encryption)

WPA3-Personal features:

Enhanced password-based authentication through SAE
Relatively safe even with weak passwords
Support for natural password changes

WPA3-Enterprise features:

192-bit minimum security strength
256-bit GCMP (Galois/Counter Mode Protocol) encryption
384-bit ECDH (Elliptic Curve Diffie-Hellman) key exchange
256-bit BIP-GMAC (Broadcast Integrity Protocol) management frame protection

# Wi-Fi Security Standard Evolution Summary
WEP (1997)  ->  WPA (2003)  ->  WPA2 (2004)  ->  WPA3 (2018)
  RC4           RC4/TKIP        AES/CCMP        AES/GCMP
  Vulnerable    Transitional    Secure          Very Secure

3. Wireless Attack Techniques

3.1 Evil Twin Attack

Evil Twin is an attack that deceives users by installing a malicious AP with the same SSID as a legitimate access point.

Attack process:

Attacker sets up a fake AP with the same SSID as the target AP
Broadcasts stronger signal to lure users to connect to the fake AP
Intercepts and monitors all traffic from connected users
Performs MITM attacks to steal or manipulate data

Countermeasures:

Use VPN to encrypt traffic
Avoid sensitive operations on public Wi-Fi
Network certificate verification (WPA2/3-Enterprise)
Deploy wireless IDS/IPS to detect malicious APs

3.2 Deauthentication (Deauth) Attack

Deauth attack exploits deauthentication messages in 802.11 management frames to forcibly disconnect clients.

Attack purposes:

Denial of Service (DoS): Continuous disconnection makes network unusable
Handshake capture: Capture 4-way handshake during reconnection for password cracking
Evil Twin induction: Lure users to connect to malicious AP

Countermeasures:

PMF (Protected Management Frames) enabled: Prevents forgery by encrypting management frames
WPA3 usage: PMF is mandatory
802.11w standard applied: Management frame protection feature

# Deauth attack example (educational purposes)
# aireplay-ng deauth attack syntax
aireplay-ng --deauth 100 -a [AP MAC] -c [Client MAC] wlan0mon

# Check PMF enabled command (Linux)
iw dev wlan0 info | grep "Protected"

3.3 Rogue AP (Rogue Access Point)

A Rogue AP is an unauthorized access point installed within an organization, serving as a backdoor that bypasses internal security policies.

Risks:

Provides unauthorized access path to internal network
Bypasses security policies (firewalls, IDS, etc.)
Potential for sensitive data leakage
Can be used as malware distribution path

Detection methods:

Operating wireless IDS/IPS systems
Performing regular wireless scans
Deploying NAC (Network Access Control) solutions
Using WLAN controller's Rogue AP detection feature

3.4 Packet Sniffing and Password Cracking

Attacks that capture packets on wireless networks to crack encryption keys.

Attack tools:

Aircrack-ng: Wireless security assessment tool suite
Hashcat: GPU-accelerated password cracking
Wireshark: Packet analysis tool
Kismet: Wireless network detection and sniffing

Defense strategies:

Use strong passwords (minimum 12 characters, including special characters)
Adopt WPA3 to prevent offline dictionary attacks
Regular password changes
Implement Enterprise authentication methods

4. Wireless Network Security Enhancement

4.1 Basic Security Settings

Essential security measures:

Use latest security protocols: WPA3 or at least WPA2
Strong password configuration: Minimum 12 characters, random character combination
Change default settings: Change default SSID and admin password
Firmware updates: Keep AP and router firmware up to date
Disable unnecessary features: Disable WPS, UPnP, etc.

4.2 Advanced Security Settings

Additional security measures:

MAC filtering: Allow only permitted MAC addresses (supplementary measure)
SSID hiding: Disable SSID broadcast (supplementary measure)
Network separation: Separate guest network from internal network
VLAN configuration: Network segmentation by purpose
Transmission power adjustment: Adjust signal strength to cover only necessary range

# hostapd configuration example (WPA2-Personal)
interface=wlan0
driver=nl80211
ssid=SecureNetwork
hw_mode=g
channel=7
ieee80211n=1
wmm_enabled=1

# WPA2 settings
wpa=2
wpa_passphrase=StrongP@ssw0rd!2024
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

# Enable PMF
ieee80211w=2

5. Enterprise Wireless Security

5.1 WPA2/3-Enterprise Deployment

In enterprise environments, centralized authentication management through WPA2/3-Enterprise is essential.

Components:

Supplicant: Client requesting authentication (laptops, smartphones, etc.)
Authenticator: AP or WLAN controller relaying authentication
Authentication Server: RADIUS server performing actual authentication

5.2 RADIUS Server Setup

RADIUS (Remote Authentication Dial-In User Service) provides centralized Authentication, Authorization, and Accounting (AAA).

Major EAP methods:

EAP Method	Features	Security Level
EAP-TLS	Requires client/server certificates	Very High
PEAP	Only server certificate required, inner MSCHAPv2	High
EAP-TTLS	Various authentication methods within TLS tunnel	High
EAP-FAST	Fast re-authentication using PAC	High

# FreeRADIUS basic configuration example
# /etc/freeradius/3.0/clients.conf

client wireless-controller {
    ipaddr = 192.168.1.10
    secret = RadiusSharedSecret123!
    shortname = wlan-controller
    nastype = other
}

# /etc/freeradius/3.0/users
testuser  Cleartext-Password := "UserPassword123"
          Tunnel-Type = VLAN,
          Tunnel-Medium-Type = IEEE-802,
          Tunnel-Private-Group-ID = 100

5.3 NAC (Network Access Control) Integration

Integrating NAC solutions with wireless networks can enhance security.

NAC features:

Device authentication: Allow only registered devices to access the network
Posture assessment: Check endpoint security status (antivirus, patches, etc.)
Dynamic VLAN assignment: Network separation based on user/device type
Guest management: Manage temporary access for visitors
Quarantine and remediation: Isolate non-compliant devices and auto-remediate

6. Wireless IDS/IPS

6.1 WIDS (Wireless Intrusion Detection System)

Wireless IDS is a system that detects security threats occurring on wireless networks.

Detection targets:

Rogue AP detection
Unauthorized client detection
Deauth flooding attacks
Evil Twin attacks
MAC spoofing
Man-in-the-Middle attacks

6.2 WIPS (Wireless Intrusion Prevention System)

Wireless IPS provides not only detection but also active threat blocking capabilities.

Blocking features:

Rogue AP containment: Interfere with connections by sending deauth packets to malicious APs
Client isolation: Separate suspicious clients from the network
Automated response: Automatic actions based on predefined policies

# Kismet WIDS configuration example
# /etc/kismet/kismet.conf

source=wlan0:type=linuxwifi
log_types=kismet,pcap,alert

# Alert configuration
alert=ADVCRYPTODISABLED,5/min,3/sec
alert=DEAUTHFLOOD,5/min,10/sec
alert=ROGUEAP,5/min,1/sec
alert=EVILTWAP,5/min,1/sec

7. Bluetooth Security

7.1 Bluetooth Vulnerabilities

Bluetooth, as a wireless communication technology, is also exposed to various security threats.

Major attacks:

BlueBorne: Remote code execution exploiting Bluetooth stack vulnerabilities
BlueJacking: Sending unauthorized messages
BlueSnarfing: Unauthorized data theft from devices
BlueBugging: Remote device control
KNOB attack: Negotiating encryption key length to 1 byte for cracking

7.2 Bluetooth Security Recommendations

Disable Bluetooth when not in use
Disable "discoverable" mode
Only pair with trusted devices
Keep device firmware up to date
Recommend using Bluetooth 5.0 or higher
Use SSP (Secure Simple Pairing)

8. IoT Security Considerations

8.1 Wireless Security Challenges for IoT Devices

IoT devices have difficulty implementing security due to limited resources.

Major challenges:

Limited computing power: Difficulty applying strong encryption algorithms
Default credentials: Many IoT devices maintain default passwords
Lack of firmware updates: Difficulty applying security patches
No encryption support: Some devices don't support encrypted communication
Long lifecycle: Long-term use maintains legacy protocols

8.2 IoT Security Recommendations

Network configuration:

Network separation: Place IoT devices in separate VLAN/subnet
Firewall policies: Restrict IoT device internet access
Traffic monitoring: Detect abnormal communication patterns

Device management:

Change default passwords immediately
Disable unnecessary features and services
Regular firmware updates
Disconnect unused devices from the network

# Firewall rules for IoT devices (iptables)
# Block IoT VLAN access to internal network
iptables -A FORWARD -s 192.168.100.0/24 -d 192.168.1.0/24 -j DROP

# Restrict IoT device internet access (allow only necessary ports)
iptables -A FORWARD -s 192.168.100.0/24 -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -s 192.168.100.0/24 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.100.0/24 -j DROP

9. Wireless Security Checklist

A checklist to assess your organization's wireless network security status:

Category	Check Item	Recommendation
Encryption	Security protocol check	Use WPA3 or WPA2
Authentication	Authentication method check	Use 802.1X in enterprise environments
Password policy	PSK strength check	Minimum 12 characters, complex combinations
AP management	Admin password	Change default, set strong password
Firmware	Update status	Maintain latest firmware
PMF	Management frame protection	Enable PMF (802.11w)
Network separation	Guest network	Separate from internal network
Monitoring	WIDS/WIPS	Operate wireless intrusion detection system
Rogue AP	Regular scanning	Detect and remove unauthorized APs
Physical security	AP location	Install in hard-to-access locations

Conclusion

Wireless network security is a core element of modern IT infrastructure. Here's a summary of what we covered in Part 7:

Wi-Fi security standards: From WEP vulnerabilities to WPA3 evolution, adopting the latest standards is important.
Wireless attack techniques: Understanding and preparing for various attacks like Evil Twin, Deauth, and Rogue AP.
Enterprise security: Centralized authentication management through WPA2/3-Enterprise and RADIUS is essential.
Wireless IDS/IPS: Consider deploying wireless IDS/IPS for proactive threat detection and blocking.
Bluetooth and IoT: Security threats from new wireless technologies must also be managed.

Wireless network security requires continuous management and monitoring, not one-time configuration. As technology advances, new threats emerge, so it's important to stay informed about the latest security trends and establish appropriate response systems.

In Part 8, we'll cover "Malware and Ransomware Response," examining endpoint security, malware analysis, and effective response strategies.

Back to List