Wireless Fidelity (Wi-Fi) refers to wireless local area network, as

we all know them. It is based on IEEE 802.11 standard.

Wi-Fi is a type of wireless network you meet almost everywhere,

at your home, workplace, in hotels, restaurants and even in taxis,
trains or planes

These 802.11 communication standards operate on either 2.4 GHz or

5 GHz ISM radio bands.
Wireless Clients

Wireless clients are considered to be any end-devices with a wireless

card or wireless adapter installed. Now, in this 21st century, those
devices can be almost anything −

Modern Smartphones − These are one of the most universally

used wireless devices you see in the market. They support multiple
wireless standards on one box, for example, Bluetooth, Wi-Fi, GSM.

Laptops − These are a type of device which we all use every

single day!

Smartwatch − An example of Sony based smartwatch is shown

here. It can synchronize with your smartphone via a Bluetooth

Smart-home Equipment − With the current progress of the

technology, smart-home equipment might be for example a
freezer that you can control over Wi-Fi or a temperature controller
Wireless Security - Access Point
Access Point (AP) is the central node in 802.11 wireless
implementations. It is the interface between wired and wireless
network, that all the wireless clients associate to and exchange data
with.

For a home environment, most often you have a router, a switch,

and an AP embedded in one box, making it really usable for this
purpose.
Base Transceiver Station

Base Transceiver Station (BTS) is the equivalent of an Access Point

from 802.11 world, but used by mobile operators to provide a signal
coverage, ex. 3G, GSM etc...
 Wireless Controller (WLC)
In corporate wireless implementation, the number of Access Points is
often counted in hundreds or thousands of units. It would not be
administratively possible to manage all the AP's and their
configuration (channel assignments, optimal output power, roaming
configuration, creation of SSID on each and every AP, etc.)
separately.

This is the situation, where the concept of wireless controller comes into
play. It is the "Mastermind" behind all the wireless network operation. This
centralized server which has the IP connectivity to all the AP's on the
network making it easy to manage all of them globally from the single
management platform, push configuration templates, monitor users from
all the AP's in real time and so on.
Antennas

Antennas are used to "translate" information flowing as an

electrical signal inside the cable and into the electromagnetic field,
which is used to transmit the frame over a wireless medium.
Wireless Communication Standards

Since the beginning of IEEE 802.11 standard, the wireless networks

were evolving at a significant pace. People saw the potential in this
type of data transmission, therefore 802.11 successors were showing
up, few years after each other. The following table summarizes the
current 802.11 standards that are used in our times −
summarizes the current 802.11 standards that
are used in our times −

Standard Frequency Max speed

802.11 2.4 GHz 2 Mbps

802.11a 5 GHz 54 Mbps

802.11b 2.4 GHz 11 Mbps

802.11g 2.4 GHz 54 Mbps

802.11n 2.4 or 5 GHz 600 Mbps

802.11ac 5 GHz 1 Gbps

The main parts of 802.1x Authentication are:

A supplicant, a client end user, which wants to be authenticated.

An authenticator (an access point or a switch), which is a "go

between", acting as proxy for the end user, and restricting the end
user's communication with the authentication server.

An authentication server (usually a RADIUS server), which decides

whether to accept the end user's request for full network access.

In a wireless network, 802.1x is used by an access point to

implement WPA. In order to connect to the access point, a wireless
client must first be authenticated using WPA.
 The 7 most common wireless network threats are:

1.Configuration Problems: Misconfigurations, incomplete configurations.

2.Denial of Service: Sending large amounts of traffic (or viruses) over the
network with the intent of hijacking resources or introducing backdoors.

3.Passive Capturing: Eavesdropping within range of an access point to

capture sensitive information.

4.Rogue (or Unauthorized/Ad-Hoc) Access Points: Fool devices into

connecting with a false access point.

5.Evil Twin Attacks: Impersonating legit access points with a stronger

signal to entice authorized users to sign on.

6.Hacking of Lost or Stolen Wireless Devices: Bypassing the password to

gain access.

7.Freeloading: Piggybacking on a connection or intercepting file sharing.

WLAN Encrytion Flaws
WLAN encryption

WLANs transmit data over the air and thus there is an inherent
need to protect data confidentiality. This is best done using
encryption. The WLAN committee (IEEE 802.11) formulated the
following protocols for data encryption:

1.Wired Equivalent Privacy (WEP)

2.Wi-Fi Protected Access (WPA)

3.Wi-Fi Protection Access v2 (WPAv2)

WEP encryption
Introduced in 1997, Wired Equivalent Privacy (WEP) was the first
attempt at wireless protection. The aim was to add security to
wireless networks by encrypting data. If wireless data were
intercepted, it would be unrecognizable to the interceptors since it
had been encrypted.

However, systems that are authorized on the network would be able

to recognize and decrypt the data. This is because devices on the
network make use of the same encryption algorithm.

One of WEP’s main goals was to prevent Man-in-the-Middle attacks,

which it did for a time. However, despite revisions to the protocol
and increased key size, various security flaws were discovered in the
WEP standard over time
What is WPA?
Next came WPA, or Wi-Fi Protected Access. Introduced in 2003, this
protocol was the Wi-Fi Alliance’s replacement for WEP. It shared
similarities with WEP but offered improvements in how it handled
security keys and the way users are authorized.

While WEP provides each authorized system with the same key, WPA
uses the temporal key integrity protocol (TKIP), which dynamically
changes the key that systems use. This prevents intruders from
creating their own encryption key to match the one used by the secure
network. The TKIP encryption standard was later superseded by the
Advanced Encryption Standard (AES).
In addition, WPA included message integrity checks to determine if an
attacker had captured or altered data packets. The keys used by WPA
were 256-bit, a significant increase over the 64 bit and 128-bit keys
used in the WEP system. However, despite these improvements,
elements of WPA came to be exploited – which led to WPA2.
 What is WPA2?

WPA2 was introduced in 2004 and was an upgraded version of WPA.

WPA2 is based on the robust security network (RSN) mechanism and
operates on two modes:

Personal mode or Pre-shared Key (WPA2-PSK) – which relies on a

shared passcode for access and is usually used in home environments.

Enterprise mode (WPA2-EAP) – as the name suggests, this is more

suited to organizational or business use.

Both modes use the CCMP – which stands for Counter Mode Cipher
Block Chaining Message Authentication Code Protocol. The CCMP
protocol is based on the Advanced Encryption Standard (AES)
algorithm, which provides message authenticity and integrity
verification. CCMP is stronger and more reliable than WPA's original
Temporal Key Integrity Protocol (TKIP), making it more difficult for
attackers to spot patterns
However, WPA2 still has drawbacks. For example, it is vulnerable to
key reinstallation attacks (KRACK). KRACK exploits a weakness in
WPA2, which allows attackers to pose as a clone network and force the
victim to connect to a malicious network instead.

What is WPA3?

WPA3 is the third iteration of the Wi-Fi Protected Access protocol. The
Wi-Fi Alliance introduced WPA3 in 2018. WPA3 introduced new
features for both personal and enterprise use, including:

Individualized data encryption: When logging on to a public

network, WPA3 signs up a new device through a process other than a
shared password. WPA3 uses a Wi-Fi Device Provisioning Protocol
(DPP) system that allows users to use Near Field Communication
(NFC) tags or QR codes to allow devices on the network.
Simultaneous Authentication of Equals protocol: This is used to
create a secure handshake, where a network device will connect to a
wireless access point, and both devices communicate to verify
authentication and connection

Stronger brute force attack protection: WPA3 protects against

offline password guesses by allowing a user only one guess, forcing
the user to interact with the Wi-Fi device directly, meaning they
would have to be physically present every time they want to guess
the password.
ARP poising and MAC spoofing

ARP Poisoning (also known as ARP Spoofing) is a type of cyber attack

carried out over a Local Area Network (LAN) that involves sending
malicious ARP packets to a default gateway on a LAN in order to
change the pairings in its IP to MAC address table

ARP Protocol translates IP addresses into MAC addresses. Because

the ARP protocol was designed purely for efficiency and not for
security, ARP Poisoning attacks are extremely easy to carry out as
long as the attacker has control of a machine within the target LAN
or is directly connected to it.
The attack itself consists of an attacker sending a false ARP reply
message to the default network gateway, informing it that his or
her MAC address should be associated with his or her target's IP
address (and vice-versa, so his or her target's MAC is now
associated with the attacker's IP address).
Once the default gateway has received this message and broadcasts
its changes to all other devices on the network, all of the target's
traffic to any other device on the network travels through the
attacker's computer, allowing the attacker to inspect or modify it
before forwarding it to its real destination.

Because ARP Poisoning attacks occur on such a low level, users

targeted by ARP Poisoning rarely realize that their traffic is being
inspected or modified.

Besides Man-in-the-Middle Attacks, ARP Poisoning can be used to

cause a denial-of-service condition over a LAN by simply intercepting
or dropping and not forwarding the target's packets.
MAC spoofing is using configuration controls to set a different MAC
address for a router or laptop so it appears to the network as a device
which is known. It used to be that this was required to put a router
instead of a PC on a ISP connection - because it was locked down to a
specific PC and the ISP would charge extra for each additional MAC
address which appeared to be connected. Connecting a router was
completely forbidden