Академический Документы
Профессиональный Документы
Культура Документы
Agenda
• Introduction
• Wi-Fi Technologies
• Wi-Fi Architecture
• Wi-Fi Network Elements
• How a Wi-Fi Network Works
• Wi-Fi Network Topologies
• Wi-Fi Configurations
• Applications of Wi-Fi
• Wi-Fi Security
• Advantages/ Disadvantages of Wi-Fi
Introduction
• Wireless Technology is an alternative to Wired
Technology, which is commonly used, for
connecting devices in wireless mode.
• IEEE 802.11b
• IEEE 802.11a
• IEEE 802.11g
IEEE 802.11b
• Introduced in 2003
• Combine the feature of both standards
(a,b)
• 100-150 feet range
• 54 Mbps Speed
• 2.4 GHz radio frequencies
• Compatible with ‘b’
802.11 Physical Layer
There are three sublayers in physical layer:
802.11 uses the same 802.2 LLC and 48-bit addressing as other
802 LANs, allowing for very simple bridging from wireless to
IEEE wired networks, but the MAC is unique to WLANs.
802.11 Media Access Control
• Carrier Sense Medium Access with collision
avoidance protocol (CSMA/CA)
• Listen before talking
• Avoid collision by explicit Acknowledgement (ACK)
• Problem: additional overhead of ACK packets, so slow
performance
• Request to Send/Clear to Send (RTS/CTS)
protocol
• Solution for “hidden node” problem
• Problem: Adds additional overhead by temporarily
reserving the medium, so used for large size packets only
retransmission would be expensive
802.11 Media Access
Control(cont.)
• Power Management
• MAC supports power conservation to extend the battery life of
portable devices
• Power utilization modes
• Continuous Aware Mode
• Radio is always on and drawing power
• Power Save Polling Mode
• Radio is “dozing” with access point queuing any data for it
• The client radio will wake up periodically in time to receive
regular beacon signals from the access point.
• The beacon includes information regarding which stations have
traffic waiting for them
• The client awake on beacon notification and receive its data
802.11 Media Access
Control(cont.)
• Fragmentation
• CRC checksum
• Each pkt has a CRC checksum calculated
and attached to ensure that the data was not
corrupted in transit
• Association & Roaming
Elements of a WI-FI Network
• Access Point (AP) - The AP is a wireless LAN
transceiver or “base station” that can connect one or many
wireless devices simultaneously to the Internet.
• IEEE 802.11i
Service Set Identifier (SSID)
• SSID is used to identify an 802.11 network
• It can be pre-configured or advertised in
beacon broadcast
• It is transmitted in clear text
• Provide very little security
Wired Equivalent Privacy (WEP)
• Provide same level of security as by wired network
• Original security solution offered by the IEEE 802.11
standard
• Uses RC4 encryption with pre-shared keys and 24 bit
initialization vectors (IV)
• key schedule is generated by concatenating the shared
secret key with a random generated 24-bit IV
• 32 bit ICV (Integrity check value)
• No. of bits in keyschedule is equal to sum of length of
the plaintext and ICV
Wired Equivalent Privacy (WEP)
(cont.)
• 64 bit preshared key-WEP
• 128 bit preshared key-WEP2
• Encrypt data only between 802.11 stations.once it enters
the wired side of the network (between access point)
WEP is no longer valid
• Security Issue with WEP
• Short IV
• Static key
• Offers very little security at all
802.1x Access Control
• Designed as a general purpose network access control mechanism
• Not Wi-Fi specific
• Authenticate each client connected to AP (for WLAN) or switch port
(for Ethernet)
• Authentication is done with the RADIUS server, which ”tells” the
access point whether access to controlled ports should be allowed
or not
• AP forces the user into an unauthorized state
• user send an EAP start message
• AP return an EAP message requesting the user’s identity
• Identity send by user is then forwared to the authentication server by AP
• Authentication server authenticate user and return an accept or reject
message back to the AP
• If accept message is return, the AP changes the client’s state to
authorized and normal traffic flows
802.1x Access Control
Wireless Protected Access (WPA)
• WPA is a specification of standard based, interoperable security
enhancements that strongly increase the level of data protection and
access control for existing and future wireless LAN system.
• User Authentication
• 802.1x
• EAP
• TKIP (Temporal Key Integrity Protocol) encryption
• RC4, dynamic encryption keys (session based)
• 48 bit IV
• per packet key mixing function
• Fixes all issues found from WEP
• Uses Message Integrity Code (MIC) Michael
• Ensures data integrity
• Old hardware should be upgradeable to WPA
Wireless Protected Access (WPA)
(cont.)
• WPA comes in two flavors
• WPA-PSK
• use pre-shared key
• For SOHO environments
• Single master key used for all users
• WPA Enterprise
• For large organisation
• Most secure method
• Unique keys for each user
• Separate username & password for each user
WPA and Security Threats
• Data is encrypted
• Protection against eavesdropping and man-in-the-
middle attacks
• Denial of Service
• Attack based on fake massages can not be used.
• As a security precaution, if WPA equipment sees
two packets with invalid MICs within a second, it
disassociates all its clients, and stops all activity for
a minute
• Only two packets a minute enough to completely
stop a wireless network
802.11i
• Provides standard for WLAN security
• Authentication
• 802.1x
• Data encryption
• AES protocol is used
• Secure fast handoff-This allow roaming
between APs without requiring client to
fully reauthenticate to every AP.
• Will require new hardware
Advantages
• Mobility
• Ease of Installation
• Flexibility
• Cost
• Reliability
• Security
• Use unlicensed part of the radio spectrum
• Roaming
• Speed
Limitations
• Interference
• Degradation in performance
• High power consumption
• Limited range