Scribd
Upload
35 views5 pages

Cyber Security Assignment 1

The document outlines a wireless network security assessment focusing on the vulnerabilities of Wi-Fi networks, such as weak encryption protocols, misconfigured authentication, and DDoS risks. It recommends measures to enhance security, including upgrading to WPA3, implementing enterprise authentication, and conducting regular security audits. Additionally, it emphasizes the importance of strong access control, DDoS protection measures, and user education on Wi-Fi best practices.

Uploaded by

thakurajay8865
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
35 views5 pages

Cyber Security Assignment 1

The document outlines a wireless network security assessment focusing on the vulnerabilities of Wi-Fi networks, such as weak encryption protocols, misconfigured authentication, and DDoS risks. It recommends measures to enhance security, including upgrading to WPA3, implementing enterprise authentication, and conducting regular security audits. Additionally, it emphasizes the importance of strong access control, DDoS protection measures, and user education on Wi-Fi best practices.

Uploaded by

thakurajay8865
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Cyber SeCurity ASSignment 1

NAME:Aakif Mushtaq Siddiqui


ROLL NO. : 2300290110001

1. Wireless Network Security Assessment

a. Evaluation of Security Risks in Wi-Fi Networks


Wi-Fi networks are inherently vulnerable due to their
broadcast nature. Below are key risks and vulnerabilities
associated with using Wi-Fi for data transmission:

1. Weak Encryption Protocols


• WEP (Wired Equivalent Privacy):
o Outdated and easily breakable using tools like
Aircrack-ng. o Vulnerable to IV (Initialization Vector)
reuse and RC4 stream cipher attacks.
• WPA (Wi-Fi Protected Access):
o Better than WEP but still vulnerable to brute force
and dictionary attacks on pre-shared keys (PSK).
• WPA2-PSK:
o Commonly used but susceptible to KRACK (Key
Reinstallation Attacks) if not patched. o Doesn’t
protect against internal threats or unauthorized
users with access to the key.

2. Weak or Misconfigured Authentication


• Use of default credentials, or lack of 802.1X (enterprise-
grade) authentication, allows: o Rogue device access.
o Man-in-the-middle (MITM) attacks.

3. Rogue Access Points & Evil Twin Attacks


• Attackers can set up fake access points that mimic
legitimate networks to: o Intercept data.
o Launch phishing or malware injection attacks.

4. Inadequate Network Segmentation


• Flat network structures allow:
o Unauthorized lateral movement. o Access to
sensitive systems once inside the
network.

5. DDoS Vulnerabilities
• Lack of rate limiting and filtering can expose
infrastructure to:
o Deauthentication attacks (especially in WPA2).
o Bandwidth exhaustion through botnets
targeting access points or DHCP servers.

b. Measures to Enhance Wireless Network Security


To secure NetCom Solutions' wireless infrastructure,
implement a layered defense strategy:

1. Upgrade Encryption Standards


• Enforce WPA3 encryption:
o Stronger Simultaneous Authentication of Equals
(SAE) key exchange.
o Protection against offline dictionary attacks.
• Disable outdated protocols (WEP, WPA, WPA2 without
patching).

2. Implement Enterprise Authentication


• Use 802.1X with RADIUS servers: o Provides individual
user credentials.

o Supports dynamic VLAN assignment and logging.


• Implement certificate-based authentication (EAPTLS)
for enhanced security.

3. Intrusion Detection and Prevention Systems


(IDS/IPS)
• Deploy Wireless IDS (WIDS) to:
o Detect rogue APs.
o Monitor for unusual activity (e.g., deauth floods).
• Use network-based IPS to filter DDoS attempts.

4. Conduct Regular Security Audits and Penetration


Testing
• Simulate attacks (e.g., rogue APs, brute force on WPA) to
find weak points.
• Scan for misconfigurations and firmware vulnerabilities
in routers/APs.
• Enforce regular patching and firmware updates.

5. Strong Access Control and Segmentation


• Use MAC filtering and network access control (NAC)
systems.
• Isolate guest Wi-Fi traffic from internal networks.
• Employ VLANs to segment traffic by user type or risk
level.

6. DDoS Protection Measures


• Deploy rate limiting, firewall filters, and load balancers.
• Work with ISPs to set up upstream DDoS scrubbing
services.
• Enable CAPWAP traffic prioritization for controlplane
traffic.

7. Employee and User Education


• Train staff on Wi-Fi best practices.
• Enforce use of VPNs on public Wi-Fi.
• Educate users about fake APs and phishing over Wi-
Fi.

You might also like