BASIC WIRELESS CONCEPTS AND CONFIGURATION

By: Zeesha Memon

Outline
THE WIRELESS LAN THE WIRELESS LAN SECURITY THE WIRELESS LAN CONFIGURATION THE WIRELESS LAN TROUBLESHOOTING

THE WIRELESS LAN

SECTION 7.1

Why use Wireless LANs?

Business networks today are evolving to support people who are on the move. People now expect to be connected at any time and place, from the office to the airport or even the home. In addition to the flexibility that WLANs offer, another important benefit is reduced costs.

Comparing a WLAN to a LAN

Wireless LANs share a similar origin with Ethernet LANs. However, there are important differences between the two:
LAN- cables  WLANs- radio frequencies (RF)


Comparing a WLAN to a LAN

WLANs connect clients to the network through a wireless access point (AP) instead of an Ethernet switch. WLANs connect mobile devices that are often battery powered, as opposed to plugged-in LAN devices. WLANs use a different frame format than wired Ethernet LANs. WLANs raise more privacy issues because frequencies can reach outside the facility. radio

RF Characteristics
RF does not have boundaries. RF is unprotected from outside signals, whereas cable is in an insulating sheath. RF bands are regulated differently in various countries.

Wireless LAN Components

Client uses a wireless adapter to gain access to the network through a wireless device. The wireless adapter in the client communicates with the wireless router or access point using RF signals.

Wireless LAN Standards

802.11 wireless LAN is an IEEE standard that defines how radio frequency (RF) in the unlicensed industrial, scientific, and medical (ISM) frequency bands is used for the Physical layer and the MAC sub-layer of wireless links. Wireless LAN standards have continuously improved with the release of IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and draft 802.11n.

Wireless LAN Standards- 802.11a

The IEEE 802.11a adopted the OFDM modulation technique and uses the 5 GHz band. 802.11a devices operating in the 5 GHz band are less likely to experience interference than devices that operate in the 2.4 GHz band because:  fewer consumer device  Also, higher frequencies allow for the use of smaller antennas. Disadvantages of 5 GHz band  higher frequency radio waves are more easily absorbed by obstacles such as walls  higher frequency band has slightly poorer range than either 802.11b or g.

Wireless LAN Standards- 802.11b & g

802.11b specified data rates of 1, 2, 5.5, and 11 Mb/s in the 2.4 GHz ISM band using DSSS. 802.11g achieves higher data rates in that band by using the OFDM modulation technique. IEEE 802.11g also specifies the use of DSSS for backward compatibility with IEEE 802.11b systems. Advantages of the 2.4 GHz band  Devices have better range than those in the 5GHz band  Also, transmissions in this band are not as easily obstructed as 802.11a. disadvantage of the 2.4 GHz band  Many consumer devices also use the 2.4 GHz band and cause 802.11b and g devices to be prone to interference.

Wireless LAN Standards- 802.11n

The IEEE 802.11n draft standard is intended to  improve WLAN data rates  and range without requiring additional power or RF band allocation. 802.11n uses multiple radios and antennae at endpoints  each broadcasting on the same frequency to establish multiple streams The MIMO technology  splits a high data-rate stream into multiple lower rate streams and broadcasts them simultaneously over the available radios and antennae. The standard is expected to be ratified by September 2008.

Wireless LAN Standards- 802.11n

Wireless Infrastructure Components

Wireless NIC  makes a client station capable of sending and receiving RF signals  Like an Ethernet NIC, the wireless NIC, using the modulation technique it is configured to use, encodes a data stream onto an RF signal.  Wireless NICs are most often associated with mobile devices, such as laptop computers. Other options have emerged over the years as well. Desktops located in an existing, non-wired facility can have a wireless PCI NIC installed.  To quickly set up a PC, mobile or desktop, with a wireless NIC, there are many USB options available as well.

Wireless Infrastructure Components

Wireless Access Points Connects wireless clients to the wired LAN. Client devices do not typically communicate directly with each other; they communicate with the AP. An access point is a Layer 2 device that functions like an 802.3 Ethernet hub. RF is a shared medium and access points hear all radio traffic. Just as with 802.3 Ethernet, the devices that want to use the medium contend for it.

Wireless Infrastructure Components

The Hidden Node Problem

Wireless Infrastructure Components

Solution: a CSMA/CA feature called request to send/clear to send (RTS/CTS) allows a negotiation between a client and an access point allocates the medium to the requesting station for as long as is required to complete the transmission other stations can request the channel in a similar fashion

Wireless Infrastructure Components

Wireless Router perform the role of: access point, Ethernet switch and router. For example, the Linksys WRT300N used is really three devices in one box. A wireless access point, which performs the typical functions of an access point. A built-in four-port, full-duplex, 10/100 switch provides connectivity to wired devices. Finally, the router function provides a gateway for connecting to other network infrastructures. The WRT300N is most commonly used as a small business or residential wireless access device.

Configurable Parameters for Wireless Endpoints

Configurable Parameters for Wireless Endpoints

Wireless Network Mode The wireless network mode refers to the WLAN protocols:  802.11a, b, g, or n.

Configurable Parameters for Wireless Endpoints

Wireless Network Name (SSID) a unique identifier that client devices use to distinguish between multiple wireless networks in the same vicinity. alphanumeric, case-sensitive entry from 2 to 32 characters long. Several access points on a network can share an SSID

Configurable Parameters for Wireless Endpoints

Wireless Channel

a separate path through which data can flow 11 channels for North America 13 channels for Europe

The 2.4 GHz band is broken down into

multiple access points - non-overlapping channels

802.11 Topologies
Adhoc Networks can operate without access points; Client stations which are configured to operate in ad hoc mode configure the wireless parameters between themselves. The IEEE 802.11 standard refers to them as an IBSS.

802.11 Topologies
Adhoc Networks can operate without access points; Client stations which are configured to operate in ad hoc mode configure the wireless parameters between themselves. The IEEE 802.11 standard refers to them as an IBSS.

802.11 Topologies
Basic Service Sets APs provide an infrastructure that adds services and Improves the range for clients A single AP in infrastructure mode manages the wireless parameters The coverage area is the basic service area (BSA).

802.11 Topologies
Extended Service Sets Single BSS provides insufficient RF coverage More than one APs to extend into ESS One BSS is differentiated from another by the BSSID MAC address of the access point serving the BSS. Coverage area - extended service area (ESA).

Client and Access Point Association

key part of the 802.11 process: discovering a WLAN and connecting to it. Primary components of this process: Beacons - Frames used by the WLAN network to advertise its presence. Probes - Frames used by WLAN clients to find their networks. Authentication - A process which is an artefact from the original 802.11 standard, but still required by the standard. Association - The process for establishing the data link between an access point and a WLAN client.

Client and Access Point Association

The primary purpose of the beacon allow WLAN clients to learn which networks and access points are available in a given area Access points may broadcast beacons periodically.

The 802.11 Join Process (Association)

Step 1: Probing

The 802.11 Join Process (Association)

Step 2: Authentication Two authentication mechanisms Open authentication

a NULL authentication client says "authenticate me," and the access point responds with "yes. based on a Wired Equivalency Protection (WEP) key shared between the client and the access point

Shared key authentication

The 802.11 Join Process (Association)

It is not recommended Problem: the WEP key is normally used to encrypt data during the transmission process Using this same WEP key provides an attacker with the ability to extract the key

The 802.11 Join Process (Association)

Step 3: 802.11 Association finalizes the security and bit rate options Establishes data link b/w WLAN client and access point allows the infrastructure switch to keep track of frames destined for the WLAN client so that they can be forwarded.

THE WIRELESS LAN SECURITY

SECTION 7.2

Threats to Wireless Security

Unauthorized Access
open to

anyone within range of an AP an attacker may not have to physically enter the workplace to gain access to a WLAN.

three major categories of threat:

War drivers Hackers (Crackers) Employees

Threats to Wireless Security

War Drivers originally referred to using a scanning device to find cellular phone numbers to exploit now also means driving around a neighbourhood with a laptop and an 802.11b/g client card looking for an unsecured 802.11b/g system to exploit.

Threats to Wireless Security

Hackers/Crackers
Hacker-

someone who delved deeply into computer systems to exploit for creative reasons hackers and crackers- malicious intruders who enter systems as criminals and steal data or deliberately harm systems Break weak security measures

Threats to Wireless Security

Employees Use Rogue Aps rogue access point- to interfere with normal network operation client data could be captured provide information such as the MAC addresses of clients at worst, to gain access to servers and files.

Threats to Wireless Security

Man In The Middle Attack

Threats to Wireless Security

Denial of Service Attack

802.11 b & g WLAN use unlicensed 2.4 GHz ISM band

Wireless Security Protocols

Open System Authentication

Wireless Security Protocols

Wireless Equivalency Protection The 32-bit WEP keys Algorithm used to encrypt the data was crackable Not scalable

Wireless Security Protocols

Wi-Fi Protected Access Developed by Wi-Fi Alliance implements the majority of the IEEE 802.11i standard Uses Temporal Key Integrity Protocol  128 bit per packet dynamic key

Wireless Security Protocols

WPA 2/802.11 i relies on the TKIP also supports more secure AES The Wi-Fi Alliance created a new certification, called WPA2  for devices that support the 802.11i standard WPA2 can secure wireless networks in infrastructure mode as well as networks in ad hoc mode.

Wireless Security Protocols

Controlling Access to the Wireless LAN
SSID cloaking MAC address filtering WLAN security implementation - WPA or WPA2

CONFIGURE WIRELESS LAN ACCESS

SECTION 7.3

Configuring the Wireless AP

Configuring the Wireless AP

Basic Wireless Settings

Configuring the Wireless AP

Configuring Security

PSK2 is the preferred option

Configuring the Wireless NIC

Steps

Configuring the Wireless NIC

Select the Wireless Security Protocol

Configuring the Wireless NIC

Select the Wireless Security Protocol

Configuring the Wireless NIC

Select the Wireless Security Protocol

Configuring the Wireless NIC

Verify Connectivity to the Wireless LAN

TROUBLESHOOTING SIMPLE WLAN PROBLEMS

SECTION 7.4

Solve AP Radio and Firmware Issues

A Systematic Approach to WLAN Troubleshooting Step 1 - Eliminate the user PC as the source of the problem Step 2 - Confirm the physical status of devices Step 3 Inspect wired links

Solve AP Radio and Firmware Issues

Update Access Point Firmware
If problems with Access Point Or new feature needs to be used

Incorrect Channel Settings

Incorrect Channel Settings

Incorrect Channel Settings

Correct RF Interference Issues

Correct RF Interference Issues

Correct RF Interference Issues

Identify Problems with AP Misplacement

Identify Problems with AP Misplacement

Identify Problems with AP Misplacement

Problems with Authentication & Encryption

Problems with Authentication & Encryption

Problems with Authentication & Encryption

Questions are never indiscreet, answers sometimes are!