Wireless Networking - Modern Information and Communications Technology

List of Abbreviations

Chapter 2. Literature Review

2.8 Modern Information and Communications Technology

2.8.2 Wireless Networking

Wireless networking for local area networks (WLAN) is governed by the Institute for Electrical and Electronic Engineers (IEEE) 802.11 standards, which define the media access control (MAC) and physical layers. The variations of the standards may have different levels of security and data transfer rates; the IEEE 802.11b variant had transfer rates of 11 Mbps, whereas the IEEE 802.11g version has a theoretical transfer rate of 54 Mbps (Smyth, McLoone, & McCanny, 2006). WLAN usually operates on a frequency range of 2.4GHz to 2.48GHz (Nichols & Lekkas, 2002). A security issue with wireless is that it is very difficult to constrain wireless signals, making it possible to physically connect to the network without physically being on an organisation's property. It is also easier to disrupt (i.e. jam) or eavesdrop on wireless connections than it would be on a physical line.

Shielding is the most effective way of constraining wireless signals to physical boundaries; however

it may become prohibitively expensive for large buildings. There are various security mechanisms such as wired equivalent privacy (WEP), Wi-Fi protected access (WPA), and restricting MAC addresses that may connect to the access point; however a determined and sophisticated attacker may still be able to circumvent these (Whitman & Mattord, 2010).

Bluetooth is designed as a personal wireless network, primarily to connect two devices or a device to a peripheral; such as a mobile phone to a head-set. Bluetooth specifications are governed by the IEEE 802.15 working group and the Bluetooth special interest group (Dwivedi, Clark, & Thiel, 2010). Bluetooth also operates at a frequency of 2.4GHz (Nichols & Lekkas, 2002), and has three power classes: power class 1 is used for access devices, and has a maximum output power of 100mW; peripheral devices such as keyboards fall under power class 2, with a maximum of 2.5mW output power; power class 3 has a maximum output power of 1mW, and is used for devices such as headsets (Dwivedi, Clark, & Thiel, 2010). Early versions of Bluetooth had transmission rates of up to 400Kbps (Nichols & Lekkas, 2002), however more modern Bluetooth versions can achieve up to 1Mbps (Dwivedi, Clark, & Thiel, 2010). Bluetooth access points and devices can form ad-hoc networks. Piconets are where two or more devices organise themselves dynamically; a scatternet is where two or more piconets where a device acts as a slave in one piconet, and a master in a second piconet (ibid.).

Both WLAN and Bluetooth can be jammed and intercepted due to the fact that they are based on radio waves; therefore the electronic warfare jamming and detection discussed in Section 2.5 are applicable. In addition to traditional jamming which targets the physical layer, there are vulnerabilities in the media access control (MAC) layer which allows attackers to manipulate the management and control frames (Motorola, 2010). Like wired networks, the wireless networks are also susceptible to man-in-the-middle attacks. Wardriving is the process of driving through an area with a laptop of other device that scans for open wireless access points, or ones which have not been sufficiently secured (Whitman & Mattord, 2010). Warwalking is a similar concept, where the travelling is done on foot; warchalking is where those scanning for wireless networks leave marks indicating the location of the open or unsecured wireless access point (ibid.). Attacks on Bluetooth include Bluejacking, where an attacker exploits Bluetooth pairing to send illegitimate messages or access data on the targeted device; BlueChop, which is a DoS attack on Bluetooth Piconets; and BlueDump, which is used to sniff key exchanges between devices by spoofing the address of one of the devices (Dunham, 2009).

84 2.8.3 Web 2.0

In this section the background to the modern phenomenon of Web 2.0 and online „social networking‟ will be provided. An earlier version of this section was published in Pillay, van Niekerk, and Maharaj (2010), and the content presented here was originally generated by the candidate.

The term web 2.0 covers a number of technologies, including online social networking, wikis, and blogs (O'Reilly, 2005). Web 2.0 is currently classified as the new media; where the new media can be defined as the incorporation of new information and communications technologies into the traditional media (Williams, Rice, & Rogers, 1988). Web 2.0 differs from the traditional web and media in that it focuses on user-generated content, collaboration, and the collective intelligence principle (O'Reilly, 2005). As such, it can be seen as a many-to-many communications, whereas web 1.0 is still considered as a one-to-many communications; these concepts are shown in Figure 2.24.

One – to – one Telephone, fax, postal

services

One – to – many Email, television, radio,

SMS

Many – to – many Web 2.0: blogs, social

networks, discussion forums

Figure 2.24: Modes of communication, Pillay, van Niekerk and Maharaj (2010)

Web 1.0 was different from the traditional media in that it provided content on demand; in the traditional media the audience were restricted to the broadcast times of what they wanted to view, whereas on the Internet the audience could go online and access the desired content when it suited them. A level of interaction was provided where the audience could provide feedback to the broadcasters via short message service (SMS), call-lines and email; on the web users were provided

with a space to comment on stories or items. Web 2.0 came to full strength when the users generated their own content, and comment on the content that others have shared online. As many mobile devices now have integrated social networking capabilities, users can access and share content on the move.

More technical vulnerabilities and threats are exhibited by Web 2.0 technologies compared to the traditional Web 1.0 sites due to the scripting requirements that provide the user with the ability to upload content (Lawton, 2007). Common threats in Web 2.0 are cross-site scripting, cross-site request forgery, and mobile worms (ibid.). YouTube was affected by a cross-site scripting attack that appeared to have targeted the singer Justin Bieber (Barnett, 2010), as was Twitter, where attackers used a cross-site scripting flaw to open unauthorised marketing pop-ups when the user's mouse cursor moved over a link (Twitter, 2010). Many Web 2.0 sites use applications that allow video and audio playing; these applications may also have vulnerabilities which can be exploited (Lawton, 2007). Davidson and Yoran (2007) suggest that users are coming to expect the same interactivity and collaborative ability in the workplace as Web 2.0 provides; however, Naraine (2009) states that users do not have the same restraint with personal information on Web 2.0 as they would when disclosing the information in person. These factors may result in Web 2.0 posing a risk regarding information leaks. The security implications of Web 2.0 will be discussed in more detail in Section 5.6.

Dalam dokumen Vulnerability assessment of modern ICT infrastructure from an information warfare perspective. (Halaman 110-113)