Wireless technology Principles of Security

Similar documents
Wireless Technologies

Chapter 7. Basic Wireless Concepts and Configuration. Part I

Wireless# Guide to Wireless Communications. Objectives

Wireless Networking based on Chapter 15 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Appendix E Wireless Networking Basics

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

Wireless Networking Basics. Ed Crowley

Outdoor High Power b/g/n Wireless USB Adapter USER MANUAL 4.0

Overview of IEEE Networks. Timo Smura

1. INTRODUCTION. Wi-Fi 1

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

Chapter 10: Wireless LAN & VLANs

04/11/2011. Wireless LANs. CSE 3213 Fall November Overview

WIRELESS USB 2.0 ADAPTER. Manual (DN & DN )

11n Wireless USB Adapter

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Chapter 3.1 Acknowledgment:

Institute of Electrical and Electronics Engineers (IEEE) IEEE standards

11N Wireless USB Adapter User Guide

Wireless Networking. Chapter The McGraw-Hill Companies, Inc. All rights reserved

Wireless LAN -Architecture

11N Wireless PCI Adapter User Guide

based on Chapter 15 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Wireless Attacks and Countermeasures

Wireless Communication and Networking CMPT 371

Wireless LAN USB Super G 108 Mbit. Manual

Wireless# Guide to Wireless Communications. Objectives

Guide to Wireless Communications, Third Edition. Objectives

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

11N Wireless PCI Adapter User Guide -6-

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012

NT1210 Introduction to Networking. Unit 6: Chapter 6, Wireless LANs

DRAFT. Wireless Networking. Introduction

U S E R M A N U A L b/g PC CARD

Basic Wireless Settings on the CVR100W VPN Router

Deploying WLANs: This section lists a set of generic steps for installing small WLANs, with no product-specific details.

Chapter 24 Wireless Network Security

Wireless Networking CHAPTER SEVEN. Objectives. What You Need To Know

Topics for Today. More on Ethernet. Wireless LANs Readings. Topology and Wiring Switched Ethernet Fast Ethernet Gigabit Ethernet. 4.3 to 4.

What is Eavedropping?

Wireless LANs. ITS 413 Internet Technologies and Applications

Wi-Fi Scanner. Glossary. LizardSystems

WiFi Networks: IEEE b Wireless LANs. Carey Williamson Department of Computer Science University of Calgary Winter 2018

Wireless MAXg Technology

300M MIMO Wireless-N PCI-E Adapter

IP network that supports DHCP or manual assignment of IP address, gateway, and subnet mask

FAQ on Cisco Aironet Wireless Security

Overview : Computer Networking. Spectrum Use Comments. Spectrum Allocation in US Link layer challenges and WiFi WiFi

802.11g PC Card/USB Wireless Adapter

IT220 Network Standards & Protocols. Unit 6: Chapter 6 Wireless LANs

Wireless Communication and Networking CMPT 371

WNC-0300USB. 11g Wireless USB Adapter USER MANUAL

ECB N Multi-Function Gigabit Client Bridge

MODE COM WIRELESS NETWORK USB ADAPTER

802.11b+g Wireless LAN USB Adapter. User Manual

3.1. Introduction to WLAN IEEE

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

RNX-N150NUB N150 Wireless Nano USB Adapter

Configuring a VAP on the WAP351, WAP131, and WAP371

A Division of Cisco Systems, Inc. GHz g a. Dual-Band. Wireless A+G. User Guide. Notebook Adapter WIRELESS WPC55AG. Model No.

CWNP PW Certified Wireless Analysis Professional. Download Full Version :

Chapter 17. Wireless Network Security

Data and Computer Communications. Chapter 13 Wireless LANs

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

11N Wall Mount Access Point / WDS AP / Universal Repeater. Features. Fully compatible with IEEE b/g/n devices

EnGenius EAP-9550 Indoor Access Point

Wireless LAN Access Point

300M Wireless-N Mini USB Adapter

The Wi-Fi Boom. Dr. Malik Audeh Tropos Networks March 13, 2004

Compact. Wireless-G g. User Guide. USB Network Adapter with SpeedBooster WIRELESS WUSB54GSC (EU/LA) Model No.

EnGenius Quick Start Guide

Product Brief: SDC-PE15N n PCIe Module with Antenna Connectors

Technical Introduction

ECB N Multi-Function Client Bridge

Chapter 5 Local Area Networks. Computer Concepts 2013

Feature. What exactly is WLAN? More reading:

IEEE WLANs (WiFi) Part II/III System Overview and MAC Layer

Chapter 6 Wireless and Mobile Networks. Csci 4211 David H.C. Du

WIRELESS LANS. By: M. Habibullah Pagarkar Mandar Gori Rajesh Jaiswal

MSIT 413: Wireless Technologies Week 8

Wireless networking with three times the speed and five times the flexibility.

Configuring the Wireless Parameters (CPE and WBS)

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Mobile Computing. Fery Updi, M.Kom.

COPYRIGHT & TRADEMARKS

Architecture. Copyright :I1996 IEEE. All rights reserved. This contains parts from an unapproved draft, subject to change

Wireless LAN. Access Point. Provides network connectivity over wireless media

Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)

Multi-Function Gigabit Wireless-N Client Bridge 2.4GHz 300Mbps Client Bridge/AP/ WDS/Repeater

EAP Wireless Access Point. 2.4 GHz b/g 54 Mbps

Introduction to Wireless Networking CS 490WN/ECE 401WN Winter 2007

Wireless High power Multi-function AP

Wireless-G. User Guide. Portable USB Adapter. GHz g WUSB54GP. A Division of Cisco Systems, Inc. WIRELESS. Model No.

Key Features. EnGenius Outdoor CPE design High Power, High Sensitivity and Strong Reliability Solutions under Harsh Environment.

Wireless Local Area Networks (WLAN)

Table of Contents. Chapter 1Introduction Package Contents Features Specifications Physical Description...

Transcription:

Wireless technology Principles of Security 1

Wireless technologies 2

Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the industry views LANs Wireless networking provides all the features and benefits of traditional LAN technologies without the limitations of wires or cables The freedom to roam while still maintaining connectivity has helped launch wireless networking to new heights 3

Wireless Technologies

Comparing a WLAN to a LAN

Benefits of wireless technology 6

Limitations of wireless technology 7

Introduction to wireless LANs A WLAN, just like a LAN, requires a physical medium through which transmission signals pass. Instead of using twisted-pair or fiber-optic cable, WLANs use infrared light (IR) or radio frequencies (RFs) The use of RF is far more popular for its longer range, higher bandwidth, and wider coverage. WLANs use the 2.4-gigahertz (GHz) and 5-GHz frequency bands Wireless networking provides the freedom and flexibility to operate within buildings and between buildings. 8

Wireless LAN Standards A number of standards have been developed to ensure that wireless devices can communicate They specify the RF spectrum used, data rates, how the information is transmitted The IEEE 802.11 standard governs the WLAN environment. 802.11a, 802.11b, 802.11g and 802.11n (802.11n is not ratified at the time of this writing). Collectively these technologies are referred to as Wi-Fi, Wireless Fidelity. 9

10

11

Evolution of Wireless LANs Just as the 802.3 Ethernet standard allows for data transmission over twisted-pair and coaxial cable, the 802.11 WLAN standard allows for transmission over different media: Infrared light Three types of radio transmission within the unlicensed 2.4- GHz frequency bands: Frequency Hopping Spread Spectrum (FHSS) 1 Mbps Direct Sequence Spread Spectrum (DSSS) 11 Mbps Orthogonal Frequency-Division Multiplexing (OFDM) One type of radio transmission within the unlicensed 5-GHz frequency bands: 54 Mbps Orthogonal Frequency-Division Multiplexing (OFDM) 12

Wireless LAN standards 13

Wireless Standards

802.11a: Uses 5 GHz RF spectrum Not compatible with 2.4 GHz spectrum, i.e. 802.11 b/g/n devices Range is approximately 33% that of the 802.11 b/g Relatively expensive to implement compared to other technologies Increasingly difficult to find 802.11a compliant equipment 15

802.11b: First of the 2.4 GHz technologies Maximum data-rate of 11 Mbps Range of approximately 46 m (150 ft) indoors/96 m (300 ft) outdoors 16

802.11g: 2.4 GHz technologies Maximum data-rate increase to 54 Mbps Same range as the 802.11b Backwards compatible with 802.11b 17

802.11n: Newest standard in development 2.4 GHz technologies (draft standard specifies support for 5 GHz-) Extends the range and data throughput. Backwards compatible with existing 802.11g and 802.11b equipment (draft standard specifies 802.11a support) 18

Wireless Technologies and devices 19

Wireless LAN components 20

Wireless LAN components An access point (AP) contains a radio transceiver. It can act as the center point of a stand-alone wireless network or as the connection point between wireless and wired networks. The roaming functionality provided by multiple APs allows wireless users to move freely throughout the facility, while maintaining seamless, uninterrupted access to the network. Any AP can be used as a repeater, or extension point, for the wireless network 21

Hidden Nodes A CSMA/CA feature called request to Request/Clear to send (RTS/CTS), access points allocate the medium to the requesting station for as long as is required to complete the transmission. When the transmission is complete, other stations can request the channel in a similar fashion.

Wireless LAN components Wireless router Wireless routers perform the role of access point, Ethernet switch, and router 23

WLANs and SSID When building a wireless network, it is important that the wireless components connect to the appropriate WLAN. This is done using a Service Set Identifier (SSID). The SSID is a case-sensitive, alpha-numeric string that is up to 32-characters. It is sent in the header of all frames transmitted over the WLAN Regardless of the type of WLAN installation, all wireless devices in a WLAN must be configured with the same SSID in order to communicate. 24

WLANs and SSID There are two basic forms of WLAN installations: Ad-hoc Infrastructure Mode 25

Ad-hoc The simplest form of a wireless network is created by connecting two or more wireless clients together in a peer-to-peer network. Does not include an AP All clients within an ad-hoc network are equal. The area covered by this network is known as an Independent Basic Service Set (IBSS). Used to exchange files and information between devices without the expense and complexity of purchasing and configuring an AP. 26

Infrastructure Mode Larger networks require a single device that controls communications in the wireless cell. AP will take over this role and control who can talk and when. Wireless communication most often used in the home and business environment. To communicate, each device must obtain permission from the AP. The AP controls all communications and ensures that all STAs have equal access to the medium. The area covered by a single AP is known as a Basic Service Set (BSS) or cell. 27

WLANs and SSID The area of coverage of a single AP is limited. To expand the coverage area, it is possible to connect multiple Basic Service Set (BSS) through a Distribution System (DS). This forms an Extended Service Set (ESS). An ESS uses multiple APs. Each AP is in a separate BSS. In order to allow movement between the cells without the loss of signal, BSSs must overlap by approximately 10% 28

Wireless channel Wireless technology uses an access method called Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). CSMA/CA creates a reservation on the channel for use by a specific conversation. While a reservation is in place, no other device may transmit on the channel thus possible collisions are avoided. 29

Wireless channel The conversation between sender and receiver must be controlled. One way this is accomplished is through the use of Channels. Channels are created by dividing up the available RF spectrum Normally each wireless conversation makes use of a separate channel. 30

If there are three adjacent access points, use channels 1, 6, and 11. If there are just two, select any two that are five channels apart, such as channels 5 and 10 802.11b DSSS 31

Client and Access Point Association Beacons - Frames used by the WLAN network to advertise its presence. Probes - Frames used by WLAN clients to find their networks. Authentication - A process which is an artifact from the original 802.11 standard, but still required by the standard. Association - The process for establishing the data link between an access point and a WLAN client.

Client and Access Point Association

Client and Access Point Association

Client and Access Point Association

Client and Access Point Association

Planning the Wireless LAN Network requirements specify that there must be a minimum of 6 Mb/s 802.11b

Planning the Wireless LAN Network requirements specify that there must be a minimum of 6 Mb/s 802.11b

Planning the Wireless LAN Network requirements specify that there must be a minimum of 6 Mb/s 802.11b

Security considerations on WLANs The ease of connectivity and the fact that the information is transmitted through the air also makes your network vulnerable to interception and attacks. Once an attacker have access to your network, they can use your Internet services for free, as well as access computers on the network to damage files, or steal personal and private information. These vulnerabilities in wireless networking require special security features and implementation methods to help protect your WLAN from attacks. 40

Treats to wireless security Unauthorized Access War drivers Hackers (Crackers) Employees Rogue Access Points A rogue access point is an access point placed on a WLAN that is used to interfere with normal network operation Man-in-the-Middle Attacks Denial of Service 41

Security considerations on WLANs The SSID broadcast feature can be turned off. Change the default setting such as SSIDs, passwords, and IP addresses in place. Even with SSID broadcast turned off and default values changed, attackers can learn the name of a wireless network through the use of these devices that intercept wireless signals 42

Limiting access to a WLAN MAC Address Filtering Requires the MAC addresses of all devices 43

Wired Equivalent Privacy (WEP) The IEEE 802.11 standard includes WEP to protect authorized users of a WLAN WEP standard specified a 40-bit key Most vendors have extended WEP to 128 bits or more. Both the wireless client and the access point must have a matching WEP key. WEP is based upon an existing and familiar encryption type, Rivest Cipher 4 (RC4). 44

WPA- Wi-Fi Protected Access WPA also uses encryption keys from 64 bits up to 256 bits. WPA, unlike WEP, generates new, dynamic keys each time a client establishes a connection with the AP. WPA is considered more secure than WEP because it is significantly more difficult to crack. WPA allows user authentication through the IEEE 802.1x protocol. 802.1x provides mutual authentication. Network and the user prove their identity to each other. An access point that supports 802.1x and its protocol, Extensible Authentication Protocol (EAP), acts as the interface between a wireless client and an authentication server such as a Remote Access Dial-In User Service (RADIUS) server. 45

Authentication on WLAN Authentication is the process of permitting entry to a network based on a set of credentials. The use of a username and password is a most common form of authentication. Two types of authentication were introduced with the original 802.11 standard: Open authentication Pre Shared WEP Key authentication 46

Open Authentication By default, wireless devices do not require authentication. Clients are able to associate regardless of who they are. Open authentication should only be used on public wireless networks such as those found in many schools and restaurants. 47

48

Pre-shared keys (PSK) With PSK both the AP and client must be configured with the same key or secret word. AP sends a random string of bytes to the client. The client accepts the string, encrypts it (or scrambles it) based on the key, and sends it back to the AP. PSK performs one-way authentication, that is, the host authenticates to the AP. PSK does not authenticate the AP to the host, nor does it authenticate the actual user of the host. 49

Pre-shared WEP keys (PSK) 50

Today, the standard that should be followed in most enterprise networks is the 802.11i standard. This is similar to the Wi-Fi Alliance WPA2 standard. For enterprises, WPA2 includes a connection to a Remote Authentication Dial In User Service (RADIUS) database. 51

Extensible Authentication Protocol (EAP) EAP provides mutual, or two-way, authentication as well as user authentication. When EAP software is installed on the client, the client communicates with a backend authentication server such as Remote Authentication Dial-in User Service (RADIUS). 52

53

The access point blocks all data frames, except for 802.1x-based traffic. The 802.1x frames carry the EAP authentication packets via the access point to a server that maintains authentication credentials. This server is an Authentication, Authorization, and Accounting (AAA) server running a RADIUS protocol. If the EAP authentication is successful, the AAA server sends an EAP success message to the access point. 54

Encrytpion Two enterprise-level encryption mechanisms specified by 802.11i are certified as WPA and WPA2 by the Wi-Fi Alliance: Temporal Key Integrity Protocol (TKIP) TKIP is the encryption method certified as WPA. Advanced Encryption Standard (AES) 55

AES AES offers stronger encryption Cryptographic algorithm for use by United States government organizations to protect sensitive, unclassified information AES requires a coprocessor or additional hardware to operate. This means that companies need to replace existing access points and client NICs to implement AES AES specifies three key sizes, which are 128, 192, and 256 bits 56

Configuring Basic Wireless Settings

Configuring Security When you see "Personal" in a security mode, no AAA (Authentication, Authorization, Accounting)ser ver is used. "Enterprise" in the security mode name means a AAA server and EAP authentication is used.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback