Wireless LAN, WLAN Security, and VPN

Similar documents
Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

C H A P T E R Overview Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

MTA_98-366_Vindicator930

Wireless technology Principles of Security

LevelOne WBR User s Manual. 11g Wireless ADSL VPN Router. Ver

Wireless SOHO Router/Bridge 2.4 GHz b/g 54 Mbps

EnGenius Quick Start Guide

PRODUCT DESCRIPTION. Learn more about EnGenius Solutions at

WNRT-627. Data Sheet. Europe/ ETSI: 2.412~2.472GHz (13 Channels) Japan/ TELEC: 2.412~2.484GHz (14 Channels) RF Power.

802.11b/g/n SOHO Router 2.4GHz 300Mbps 11N AP/Router

802.11n SOHO Router NSR GHz 300Mbps AP/ Router

Multi-Function Gigabit Wireless-N Client Bridge 2.4GHz 300Mbps Client Bridge/AP/ WDS/Repeater

802.11N Wireless Broadband Router

Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)

Learn How to Configure EnGenius Wi-Fi Products for Popular Applications

Configuring OfficeExtend Access Points

ECB1221R. Wireless Long Range Multi-function Client Bridge PRODUCT DESCRIPTION

Wireless# Guide to Wireless Communications. Objectives

KX/3G ADSL2+ ROUTER MAIN FEATURES

A+ Guide to Hardware: Managing, Maintaining, and Troubleshooting, 5e. Chapter 10 Networking Essentials

ESR b/g/n SOHO Router PRODUCT OVERVIEW. 2.4 GHz 150Mbps 11N Router/AP

802.11N Wireless ADSL Router

MIMO Wireless Broadband Route r User s Manual 1

Cisco Technologies, Routers, and Switches p. 1 Introduction p. 2 The OSI Model p. 2 The TCP/IP Model, the DoD Model, or the Internet Model p.

Virtual Private Networks (VPNs)

Wireless Broadband Router

EAP Wireless Access Point. 2.4 GHz b/g 54 Mbps

Wireless High power Multi-function AP

ECB7510. Wireless Gigabit Dual Band Concurrent Router AP PRODUCT DESCRIPTION

Your wireless network

Wireless b/g/n 150Mbps AP Router

ETR9350 HOUSING LOOK b/g/n Pocket-Size AP/Router. 2.4GHz 300Mbps PRODUCT DESCRIPTION

ECB N Multi-Function Gigabit Client Bridge

ECB3220. Wireless Long Range Multi-function Client Bridge PRODUCT DESCRIPTION. 2.4 GHz EIRP up to 1000mW

A+ Guide to Hardware: Managing, Maintaining, and Troubleshooting, 5e. Chapter 10 Networking Essentials

IP network that supports DHCP or manual assignment of IP address, gateway, and subnet mask

Basic Wireless Settings on the CVR100W VPN Router

Wireless 450N Dual-Band Gigabit Router 450 Mbps Wireless a/b/g/n, GHz, 3T3R MIMO, QoS, 4-Port Gigabit LAN Switch Part No.

M a/b/g Outdoor Layer-2 MESH AP

IP819VGA g ADSL VoIP Gateway

1100 Dexter Avenue N Seattle, WA NetMotion Mobility Architecture A Look Under the Hood

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel

ECB3500 Wireless Long Range Multi-function 7+1 AP 2.4GHz Super G 108Mbps EIRP up to 2000mW

Top-Down Network Design

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

IP806GA/GB Wireless ADSL Router

Quick Installation Guide of Acer WLAN 11b Broadband Router

ESR9752 ESR b/g/n SOHO Router. 2.4 GHz 300Mbps 11N AP/Router PRODUCT DESCRIPTION

It is the process of sharing data, programs, and information between two or more computers.

ECB3500 Wireless Long Range Multi-function 7+1 AP

Configuring Repeater and Standby Access Points

ECB3500 Wireless Long Range Multi-function 7+1 AP

LevelOne User Manual WBR g Wireless ADSL2+ Router

Everybody s connecting.

Security Setup CHAPTER

EVR b/g/n VPN Router PRODUCT DESCRIPTION

Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide

ECB Gon Tel: +44 (0) Fax: +44 (0) Wireless Long Range Multi-function 7+1 AP

Chapter 1 Introduction

EVR b/g/n VPN Router

VISUAL SUMMARY COMMUNICATION CHANNELS COMMUNICATIONS. Communications and Networks

A connected workforce is a more productive workforce

EnGenius Networks Singapore Pte Ltd M-Series Products Launch Oct., 2009

ECB GHz Super G 108Mbps Access Point/Client Bridge/Repeater/WDS AP/

Standard For IIUM Wireless Networking

16/06/56. Communications and Networks. Communications and Networks. Communications and Networks

NT1210 Introduction to Networking. Unit 6: Chapter 6, Wireless LANs

FAQ on Cisco Aironet Wireless Security

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

Wireless LAN Overview

ECB N Multi-Function Client Bridge

Overview of IEEE Networks. Timo Smura

AC750 Wireless Dual-Band Router CR2. User Manual

Configuring Cipher Suites and WEP

3G Mobile Wireless Mobile Router PRODUCT DESCRIPTION PACKAGE CONTENT. 1* 3G Mobile Wireless-N Router (ESR6650) 1*12V/1.

Exam Questions CWSP-205

Configuring a VAP on the WAP351, WAP131, and WAP371

WNAP 3G MOBILE ROUTER. Quick Installation Guide

CompTIA Network+ Study Guide Table of Contents

A Division of Cisco Systems, Inc. GHz 2, g. Wireless-G. Bridge for Phone Adapters WIRELESS. User Guide WBP54G (EU/LA) Model No.

PRODUCT OVERVIEW. Learn more about EnGenius Solutions at

Cisco WAP131 Wireless-N Dual Radio Access Point with PoE

Auranet EAP Solution 2

M5000. Wireless a/b/g Outdoor AP PRODUCT DESCRIPTION

Cisco Systems, Inc , 1200, 1300 Series AP (Autonomous mode) Product sw version 12.3(11)JA4 I75 Handset sw version 1.4.

Billion SG6200NXL Series

Wireless Network Infrastructure. Inscape Data Corporation January 10, 2006

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

KillTest 䊾 䞣 催 ࢭ ད ᅌ㖦䊛 ᅌ㖦䊛 NZZV ]]] QORRZKYZ TKZ ϔᑈܡ䊏 ᮄ ࢭ

CERIO Corporation OW-310N2

COPYRIGHTED MATERIAL. Con t e n t s. Chapter 1 Introduction to Networking 1. Chapter 2 Overview of Networking Components 21.

1. INTRODUCTION. Wi-Fi 1

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

EOA7530. Dual Radio Concurrent AP/CB. 2.4GHz / 5GHz 54Mbps a/b/g Flexible Application

2.4GHz / 5GHz 54Mbps a/b/g Flexible Application

COPYRIGHTED MATERIAL. Index

WUG2690 User s Manual

WIRELESS ACCESS POINT / CLIENT BRIDGE

Copyright and Trademarks. How to Use This User Guide

Transcription:

Wireless LAN, WLAN Security, and VPN 麟瑞科技台南辦事處技術經理張晃崚

WLAN & VPN FAQ What is WLAN?802.11a?802.11b?802.11g? Which standard (product) should we use? How to deploy WLAN? How to block intruders? How to authenticate users? How to keep data secure? What is roaming? How to provide a fast path for some VIP users? How to exchange data securely between offices?

Agenda Introduction to Wireless LAN WLAN deployments WLAN security issues WLAN security solutions VPN solutions

Agenda Introduction to Wireless LAN WLAN deployments WLAN security issues WLAN security solutions VPN solutions

What is Wireless Network Wireless Network: 802.11x standards (Wi-Fi) Cell phones Bluetooth HomeRF Fixed Broadband wireless, IEEE 802.16 Mobile broadband Optical point-to-point wireless

What is Wireless LAN IEEE 802.11-based networks Bluetooth is regarded as a PAN (Personal Area Network) Need Wireless NIC and Access Point(AP)

Wireless LAN vs. Wired LAN Wireless LAN Wired LAN Media Access CSMA/CA CSMA/CD Bit error rate 0.1% 10-10 Duplex half half/full Speed slow fast Throughput Reduce 50-60% N/A

Wireless LAN vs. Wired LAN All 802 WLANs employ handshaked transmission to compensate WLAN just like PUSH-to-TALK radio WLAN will be a step backward: slower speed, half duplex, shared media. BUT, gain FREEDOM AP usually is a Layer 2 bridge (between wired LAN and wireless LAN) Spanning Tree Protocol issue

Wireless LAN Standards 802.11b 802.11a 802.11g Frequency 2.4 GHz 5 GHz 2.4 GHz Channel 3 8 3 Max speed 11Mbps 54Mbps 54Mbps Real throughput 4-6 Mbps 22-27 Mbps 22-27 Mbps Interference Yes No Yes Distance for max speed Distance for half speed 120-140 ft. 1-2 ft. 120-140 ft. 120-140 ft. 60 ft.??? ft. Maturity Very mature Early No product

802.11b+ IEEE 802.11g will be finalized in May 2003 Not a formal IEEE specification Texas Instruments (TI) applied PBCC to enable 22Mbps data rate Interoperable with 802.11b device at 11Mbps Must use TI s chip to enable 22Mbps

Other 802.11x standard 802.11d: Multiple regulatory domains 802.11e: QoS 802.11f: Inter-Access Point Protocol (IAPP) 802.11h: Dynamic Frequency Selection(DFS) and Transmit Power Control (TPC) 802.11i: Security

Which Technology should you use? Decision should be based on requirements of system/users User bandwidth requirements User density Overall implementation cost Upgrade requirements Client availability Client platform features

Agenda Introduction to Wireless LAN WLAN deployments WLAN security issues WLAN security solutions VPN solutions

Typical WLAN Topologies Wireless Cell Wireless Cell Channel 1 Channel 6 LAN Backbone Access Point Access Point Wireless Clients Wireless Clients

Wireless Repeater Topology Wireless Repeater Cell Channel 1 LAN Backbone Channel 1 Access Point Access Point Wireless Clients

Hot Standby LAN Backbone Monitored AP Standby AP Wireless Clients

Multi-rate Implementations 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps

Higher and variable transmission power Vendor Offering External antennas Little throughput degradation with encryption Line-power via the wired Ethernet cable Dual-band: 802.11b + 802.11a AP load balancing Roaming between IP subnets Hot Standby AP VLAN support Lockable case Enhanced security features: 802.1x, 802.11i draft, etc.

Agenda Introduction to Wireless LAN WLAN deployments WLAN security issues WLAN security solutions VPN solutions

WLAN Security Issues Wireless is like having an RJ45 jack in the parking lot Need to deny access to intruders Need to secure message with good encryption technology

Managing the security side of you networks requires several things Protecting the network from intruders Requires authentication for users Protecting the Wireless DATA from sniffers Requires some type of encryption WLAN Security Issues Protecting you RF networks from being detected The ability to MANAGE you users credentials Includes WEP keys, users names, passwords, etc. Protecting your wireless infrastructure from improper configuration Required a good user manager interface on APs

Managing the security side of you networks requires several things To dynamically assign user s IP address, gateway, etc. Deploy DHCP server WLAN Security Issues To let roaming users be authenticated by their original account and passwords Requires authentication roaming features for authentication servers

Agenda Introduction to Wireless LAN WLAN deployments WLAN security issues WLAN security solutions VPN solutions

Authentication Techniques Open System Authentication No security SSID Authentication SSID is broadcast in clear text form Can be obtained by snooping on traffic Shared key Authentication (WEP) Key stolen Employee leaves

Authentication Techniques MAC address Authentication MAC is sent in clear form Can be obtained be snooping Attackers may change their MAC to match Not flexible and scalable 802.1x and Extensible Authentication Protocol (EAP) Secure not only client but also devices Only Windows XP and few vendors support this technique

Authentication Techniques VPN client Authentication Does good authentication and encryption Variable authentication and encryption method to choose Need VPN client software installed Wireless Gateway Authentication No need to install any client software Pop up authentication window when initiating connection (use web browser) Easy to install and configure One wireless gateway for a subnet

Wireless Gateway Topology

Blocking Inter-client communication PSPF Publicly Secure Packet Forwarding Prevents WLAN interclient communication Relies on MAC address Same subnet devices only

Encryption Techniques Key Management Can be painful Requires a power tool to manage keys Easy to hack with well-know single key Key Rotation Changing the user s key periodically Broadcast Key Rotation WEP Encryption 128 bit WEP IPsec

Encryption Techniques IEEE 802.11i TKIP (Data Integrity) MIC (Data Integrity) AES (Encryption) Not yet complete

WLAN Security Solution Product Wireless Gateway Bluesocket Vernier ReefEdge VPN Cisco VPN concentrator/router/client NetScreen Authentication Server Cisco ACS (RADIUS, TACACS, LEAP) RADIUS

WLAN Security Solution Product Campus switch DHCP&AAA Server Wireless Gateway (Bluesocket) Or VPN Gateway (Cisco/NetScreen) Cisco Aironet 1100 (802.11b, 802.11g) Mobile IP VLAN Cisco Aironet 1200 (802.11a, 802.11b, 802.11g) External Antenna

Cisco Aironet 1200 AP Modular platform for single or dual band operation Field upgradeable radios Modular design enhances future upgrade ability Simultaneous dual radio operation 10/100 Ethernet LAN uplink

VLAN support 802.11b, 802.11g (2.4 GHz) Cisco Aironet 1100 AP

Bluesocket Wireless Gateway

Agenda Introduction to Wireless LAN WLAN deployments WLAN security issues WLAN security solutions VPN solutions

VPN Type and Applications Type Application As Alternative To Benefits Remote Access VPN Remote Dial Connectivity Dedicated Dial ISDN Ubiquitous Access Lower Cost Site-to-Site VPN Site-to-Site Internal Connectivity Leased Line Frame Relay ATM Extend Connectivity Increased Bandwidth Lower Cost Extranet VPN Biz-to-Biz External Connectivity Fax Mail EDI Facilitates E-Commerce

VPN Type and Applications Extranet Business Partner Mobile User POP Internet VPN Home Telecommuter DSL Cable Site-to-Site Remote Office Central Site

Remote Access VPN Cisco VPN Clients Microsoft Win 2000 (IPSec) Microsoft Win 9x/NT (PPTP) WAN Router PIX Firewall Cisco VPN 3000 Concentrator Cisco Secure ACS (AAA) Telecommuter POP Internet VPN Central Site Mobile Customer

Site-to-Site VPN Remote Campus Main Campus Remotel Campus Internet Small Office/ Home Office

Extranet VPN Supplier ISP Gateway Firewall Remote Office Security Server Supplier ISP Network DMZ Corporate Intranet

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback