Wireless DESY Zeuthen

Similar documents
Wireless technology Principles of Security

Wireless# Guide to Wireless Communications. Objectives

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

Guide to Wireless Communications, Third Edition. Objectives

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel

U S E R M A N U A L b/g PC CARD

Wireless and Mobile Networks 7-2

Wireless LAN. Access Point. Provides network connectivity over wireless media

Chapter 7. Basic Wireless Concepts and Configuration. Part I

Chapter 3.1 Acknowledgment:

Wireless LAN, WLAN Security, and VPN

Wireless LANs. The Protocol Stack The Physical Layer The MAC Sublayer Protocol The Frame Structure Services 802.

Advanced Security and Mobile Networks

IP network that supports DHCP or manual assignment of IP address, gateway, and subnet mask

Wireless Networking based on Chapter 15 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

Wireless# Guide to Wireless Communications. Objectives

Multiple Access in Cellular and Systems

Wireless Networks. CSE 3461: Introduction to Computer Networking Reading: , Kurose and Ross

CSC 4900 Computer Networks: Wireless Networks

Topic 2b Wireless MAC. Chapter 7. Wireless and Mobile Networks. Computer Networking: A Top Down Approach

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Wireless 150N 3G Router 150 Mbps, 3G, 4-Port 10/100 Mbps LAN Switch Part No.:

Wireless 300N Access Point 300 Mbps, MIMO, Bridge, Repeater, Multiple SSIDs and VLANs Part No.:

Chapter 10: Wireless LAN & VLANs

Wireless networking with three times the speed and five times the flexibility.

Multi-Function Gigabit Wireless-N Client Bridge 2.4GHz 300Mbps Client Bridge/AP/ WDS/Repeater

PRODUCT DESCRIPTION. Learn more about EnGenius Solutions at

WiFi Networks: IEEE b Wireless LANs. Carey Williamson Department of Computer Science University of Calgary Winter 2018

Chapter 6 Wireless and Mobile Networks

CS 332 Computer Networks Wireless Networks

Data Communication & Networks G Session 5 - Main Theme Wireless Networks. Dr. Jean-Claude Franchitti

04/11/2011. Wireless LANs. CSE 3213 Fall November Overview

original standard a transmission at 5 GHz bit rate 54 Mbit/s b support for 5.5 and 11 Mbit/s e QoS

ECB N Multi-Function Gigabit Client Bridge

1. INTRODUCTION. Wi-Fi 1

Product Brief: SDC-PE15N n PCIe Module with Antenna Connectors

Wireless Technologies

Wireless High power Multi-function AP

Wireless 450N Dual-Band Gigabit Router 450 Mbps Wireless a/b/g/n, GHz, 3T3R MIMO, QoS, 4-Port Gigabit LAN Switch Part No.

Author: Bill Buchanan. Wireless LAN. Unit 2: Wireless Fundamentals

Hardware Capabilities. Product Brief: SDC-PC20G g PCMCIA Card with Integrated Antenna

11N Wireless PCI Adapter User Guide

CSNT 180 Wireless Networking. Meeting 6

Wireless Router at Home

C H A P T E R Overview Cisco Aironet Wireless LAN Client Adapters Installation and Configuration Guide for Mac OS OL

Technical Introduction

Wireless Networking. Chapter The McGraw-Hill Companies, Inc. All rights reserved

In-Building Wireless Networks. Mitchell Shnier Lance Communications

Wireless Local Area Networks (WLANs) and Wireless Sensor Networks (WSNs) Primer. Computer Networks: Wireless LANs

EAP Wireless Access Point. 2.4 GHz b/g 54 Mbps

"Charting the Course... Implementing Cisco Unified Wireless Networking Essentials v2.0 (IUWNE) Course Summary

ECB N Multi-Function Client Bridge

Product Brief: SDC-EC25N n ExpressCard Card with Integrated Antenna

Institute of Electrical and Electronics Engineers (IEEE) IEEE standards

ECB1221R. Wireless Long Range Multi-function Client Bridge PRODUCT DESCRIPTION

Overview : Computer Networking. Spectrum Use Comments. Spectrum Allocation in US Link layer challenges and WiFi WiFi

Public Wireless LAN Service.

Product Brief: SDC-PC22AG a/g PCMCIA Card with Integrated Antenna

Wireless Networking Basics. Ed Crowley

11N Wireless PCI Adapter User Guide -6-

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Local Area Networks NETW 901

COMP 3331/9331: Computer Networks and Applications

6.9 Summary. 11/20/2013 Wireless and Mobile Networks (SSL) 6-1. Characteristics of selected wireless link standards a, g point-to-point

Wireless Mobile Interface Cards

Shared Access Networks Wireless. 1/27/14 CS mywireless 1

IT220 Network Standards & Protocols. Unit 6: Chapter 6 Wireless LANs

Wireless Communication and Networking CMPT 371

ECB Gon Tel: +44 (0) Fax: +44 (0) Wireless Long Range Multi-function 7+1 AP

Key Features. EnGenius Outdoor CPE design High Power, High Sensitivity and Strong Reliability Solutions under Harsh Environment.

NT1210 Introduction to Networking. Unit 6: Chapter 6, Wireless LANs

Mohammad Hossein Manshaei 1393

Last Lecture: Data Link Layer

WNC-0300USB. 11g Wireless USB Adapter USER MANUAL

Learning Objectives. Introduction. Advantages of WLAN. Information Technology. Mobile Computing. Module: Wireless Local Area Network: IEEE 802.

Product Brief: SDC-MCF10G g Miniature CF Module with Antenna Connectors

EAP9550 is a powerful and multi-functioned 11n Access Point

Wireless Local Area Networks (WLANs)) and Wireless Sensor Networks (WSNs) Computer Networks: Wireless Networks 1

Product Brief: SDC-PC10AG a/g Compact Flash Module with Antenna Connectors

Add performance and security to your business' wireless network with the Intellinet High-Power Wireless AC1750 Dual-Band Gigabit PoE Access Point.

Wireless Local Area Networks. Networks: Wireless LANs 1

Wireless 300N ADSL2+ Modem Router For ADSL (Annex A), 300 Mbps Wireless n, MIMO, QoS, with 4-Port 10/100 Mbps LAN Switch Part No.

4.3 IEEE Physical Layer IEEE IEEE b IEEE a IEEE g IEEE n IEEE 802.

Wireless LAN USB Super G 108 Mbit. Manual

C H A P T E R Overview Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL

ECB3500 Wireless Long Range Multi-function 7+1 AP

ECB GHz Super G 108Mbps Access Point/Client Bridge/Repeater/WDS AP/

11N Wireless USB Adapter User Guide

WIRELESS USB 2.0 ADAPTER. Manual (DN & DN )

Configuring a Wireless LAN Connection

ECB3500 Wireless Long Range Multi-function 7+1 AP

11N Wall Mount Access Point / WDS AP / Universal Repeater. Features. Fully compatible with IEEE b/g/n devices

ECB3220. Wireless Long Range Multi-function Client Bridge PRODUCT DESCRIPTION. 2.4 GHz EIRP up to 1000mW

Key Features EnGenius Outdoor Access Points, High Sensitivity and Strong Reliability Solutions under Harsh Environment

Power WLAN. Plug-in. Internet DSL. Power Ethernet USB. DSL Internet. Voice. Thomson Gateway Wireless Configuration Guide

Viewing Status and Statistics

MSIT 413: Wireless Technologies Week 8

Product Brief: SDC-MSD30AG a/g Miniature SDIO Module with Antenna Connectors

Wireless LANs. ITS 413 Internet Technologies and Applications

Transcription:

Wireless LAN @ DESY Zeuthen 15.10.02 I.Meier: WLAN at DESY Zeuthen 1 Wireless LAN at DESY Zeuthen Agenda Applications (IEEE 802.11) Wireless Technologies and Standards Components and Features Wireless LAN & Security WLAN ínstallation at DESY Zeuthen 15.10.02 I.Meier: WLAN at DESY Zeuthen 2 1

Applications (IEEE 802.11) 15.10.02 I.Meier: WLAN at DESY Zeuthen 3 Wireless Connections Router Router Ethernet HUB Access Point 10 Mbps shared bandwidth CSMA/CD 11 Mbps shared bandwidth CSMA/CA 15.10.02 I.Meier: WLAN at DESY Zeuthen 4 2

Mobile Office Internet Home Office Head Office Branch Office Airports Convention Center Hotels Industries Education... Hot Spots IP anywhere anytime 15.10.02 I.Meier: WLAN at DESY Zeuthen 5 15.10.02 I.Meier: WLAN at DESY Zeuthen 6 3

Why Wireless LAN Office mobility Common areas, meeting rooms Temporary offices Office expansion Quick installation Cost effective alternative Minimale infrastructure costs Flexible growth 15.10.02 I.Meier: WLAN at DESY Zeuthen 7 Wireless Technologies and Standards 15.10.02 I.Meier: WLAN at DESY Zeuthen 8 4

Wireless Technologies Wireless Personal Area Network IEEE 802.15 (100 m) Bluetooth (10 m) HomeRF 1.2 (100 m) HomeRF 2.0 (100 m) Bandwidth: 0.8-10 Mbps Wireless Local Area Network IEEE 802.11 (100 m) 802.11 802.11b 802.11a 802.11g HiperLAN-1 HiperLAN-2 Bandwidth: 1 54 (100) Mbps Wide Area Network (GSM, GPRS: 2 km, UMTS: 1 km) GSM (9.6 kbps) GPRS (14.4 115 kbps) CDMA UMTS (14.4 kbps 2 Mbps) 15.10.02 I.Meier: WLAN at DESY Zeuthen 9 802.11 Task Group Outline 802.11a 54 Mbps, 5 GHz (PHY for UNII), ratified in 1999 802.11b 11 Mbps, 2.4 GHz, ratified in 1999 802.11d additional regulatory domains 802.11e MAC Enhancements, Quality of Service (Draft 4.0) 802.11f Inter Access Point Protocol (IAPP) (Draft 4.0) 802.11g higher datarate (> 20 Mbps), 2.4 GHz (Draft 3.0) 802.11h Managed Spectrum for 802.11a, Dynamic Channel Selection and Transmit Power Control Mechanisms 802.11i Authentication and Security 802.11j 802.11a/HiperLAN Internetworking 15.10.02 I.Meier: WLAN at DESY Zeuthen 10 5

802.11 Task Group Outline 802.11 WLAN Media Access Control (MAC) and Physical Layer (PHY) Specifications (1997, 1999) 802.11d Regulatory Domains 2.4 GHz PHYs 802.11b Physical Layer 2.4 GHz, 11 Mbps Layer 3 and higher 802.11f Inter Access Point Protocol MAC layer extensions 802.11e Quality of Service 802.11i Security Extensions 802.11g Physical Layer 2.4 GHz, 54 Mbps 5 GHz PHYs 802.11a Highspeed Physical Layer, 5 GHz 802.11h Spectrum Managed 802.11a (DFS/TCP) 802.11j 802.11a/Hiperlan Internetworking 15.10.02 I.Meier: WLAN at DESY Zeuthen 11 Wireless LAN Standards IEEE 802.11 1 or 2 Mbps 2.4 GHz IEEE WLAN IEEE 802.11b 1, 2, 5.5, 11 Mbps (22+ Mbps in future) 2.4 GHz IEEE WLAN IEEE 802.11g 1 54 Mbps 2.4 GHz IEEE WLAN IEEE 802.11a 1 54 Mbps (100 Mbps in future) 5 GHz IEEE WLAN HiperLAN-1 24 Mbps 5.2 GHz ETSI WLAN HiperLAN-2 20-54 Mbps 5.2 GHz ETSI WLAN -- ATM HomeRF 1.2 0.8 or 1.6 Mbps 2.4 GHz HomeRF home HomeRF 2.0 0.8, 1.6, 5, 10 Mbps 2.4 GHz HomeRF home Bluetooth 1 Mbps 2.4 GHz Bluetooth SIG personal 15.10.02 I.Meier: WLAN at DESY Zeuthen 12 6

5 GHz Frequence Band HiperLAN & IEEE 802.11a 5 GHz UNII Unlicensed National Information Infrastructure (USA) IEEE 802.11a 1 W 250 mw 50 mw 5.000 5.100 5.200 5.300 5.400 5.500 5.600 5.700 5.800 5.900 6.000 GHz Aeronautical Satellite Radar,Space Aeron. Radionavigation, Radiolocation, Navigation FSS Research Navigation Maritime Navig. Amateur 15.10.02 I.Meier: WLAN at DESY Zeuthen 13 5 GHz Frequence Band HiperLAN & IEEE 802.11a 5 GHz Spectrum Europe HiperLAN HiperLAN HiperLAN 200 mw 1 W Indoor/Outdoor Indoor ISM 25 mw 5.000 5.100 5.200 5.300 5.400 5.500 5.600 5.700 5.800 5.900 6.000 GHz Aeronautical Satellite Radar,Space Aeron. Radionavigation, Radiolocation, Navigation FSS Research Navigation Maritime Navig. Amateur 15.10.02 I.Meier: WLAN at DESY Zeuthen 14 7

5 GHz Frequence Band HiperLAN & IEEE 802.11a HiperLAN ETSI (European Telecommunications Standards Institute) standard Ratified in 1996 HiperLAN-1 5 GHz radio band up to 24 Mbps HiperLAN-2 5 GHz radio band up to 54 Mbps connection-oriented protocol for sharing access among end-user devices 15.10.02 I.Meier: WLAN at DESY Zeuthen 15 5 GHz Frequence Band HiperLAN & IEEE 802.11a IEEE 802.11a 5 GHz radio band up to 54 Mbps (100 Mbps in future) Orthogonal Frequency-Division Multiplexing (OFDM) 3 UNII bands per 100 MHz bandwidth and 4 nonoverlapping channels of 20 MHz each 20 MHz channel comprises 52 300-kHz-wide subchannels 48 subchannels for data transmission, 4 subchannels for error correction UNII-1: 5.15-5.25 GHz frequency range maximum transmit power: 50 mw maximum antenna gain: 6 dbi only indoors 15.10.02 I.Meier: WLAN at DESY Zeuthen 16 8

5 GHz Frequence Band HiperLAN & IEEE 802.11a UNII-2: 5.25-5.35 GHz frequency range maximum transmit power: 250 mw removeable antennas possible maximum antenna gain: 6 dbi indoors and outdoors UNII-3: 5.725-5.825 GHz frequency range maximum transmit power: 1W removeable antennas maximum antenna gain: 23 dbi for point-to-point installations 6 dbi for point-to-multipoint inst. only outdoors 15.10.02 I.Meier: WLAN at DESY Zeuthen 17 HiperLAN IEEE 802.11a Implementation Comparison HiperLAN/2 & 802.11a share common components Similar Physical Layer (Orthogonal-Frequency-Division-Multiplexing modulation (OFDM), similar radio) different MAC implementation HiperLAN/2: QoS and Radio Link Control Features 802.11a: MAC classic Ethernet Hiperlan/2: uses ATM like scheme 15.10.02 I.Meier: WLAN at DESY Zeuthen 18 9

2.4 GHz Frequence Band IEEE 802.11g provides higher data rates at 2.4 GHz similar speeds as 802.11a backward compatible with 802.11b modulation BPSK (Binary Phase Shift Keying) 1 Mbps QPSK (differential Quaternary Phase Shift Keying) 2 Mbps CCK (Complementary Code Keying) 5.5 Mbps, 11 Mbps OFDM (Orthogonal Frequency Devision Multiplexing) 12 54 Mbps same modulation as 802.11a (OFDM) Draft-Status (3.0) more information: IEEE 802.11 website www.ieee802.org/11 15.10.02 I.Meier: WLAN at DESY Zeuthen 19 2.4 GHz Frequence Band IEEE 802.11b IEEE 802.11b Standard 2.4 GHz-ISM-Band (Industrial, Scientific and Medical) frequency spectrum classed as unlicensed anyone can use it as it complies with FCC regulations (public radio spectrum) max. transmit power of radios, type of encoding and frequency modulation WECA (Wireless Ethernet Compatibilty Alliance) Wi-Fi (Wireless- Fidelity) compliant devices LLC-Layer (Logical-Link-Control Layer 2) 48 bit MAC address (classic Ethernet) max. 11 Mbps Wireless LAN Radio Frequency Methods FHSS (Frequency Hopping Spread Spectrum) 2 Mbps DSSS (Direct-Sequence-Spread-Spectrum) 1, 2, 5.5, 11 Mbps 15.10.02 I.Meier: WLAN at DESY Zeuthen 20 10

2.4 GHz Frequence Band IEEE 802.11b spread spectrum technology 2.4 GHz ISM band has other primary owners, operates at 600 W power level; IEEE 802.11b: max. 100 mw spread-spectrum-technology power signal after spread spectrum Spectrum after modulation F F frequence non-sensitive against narrow-band interference (e.g. noise) 15.10.02 I.Meier: WLAN at DESY Zeuthen 21 2.4 GHz Frequence Band IEEE 802.11b 2 different types of layer 1 physical interfaces Frequency-hopping architecture Direct-sequencing architecture (single-frequency approach) DSSS Frequency Hopping 2.4 GHz ISM band provides 83.5 MHz of available frequency spectrum frequency-hopping-architecture: transmit radio on 1 of 79x 1-MHz-wide frequencies (channel) for max. 0.4 sec interference tolerant network one channel stumbles across an interference => because frequencyhopping data retransmission is realized on another frequency achievable data rate: 2 Mbps 15.10.02 I.Meier: WLAN at DESY Zeuthen 22 11

2.4 GHz Frequence Band IEEE 802.11b Direct-Sequence-Spread-Spectrum (DSSS) 11x 22-MHz overlapping channels of 83.5 MHz (2.4 GHz 2.4835 GHz) 3x 22-MHz-wide non-overlapping channels large bandwidth & modulation based on Complementary Code Keying (CCK) primary reason for higher data rates (11 Mbps) 3 channels without overlap 3 Access Points can be used to provide aggregate data rate of combination of the 3 available channels 11/22/33 Mbps data rate 15.10.02 I.Meier: WLAN at DESY Zeuthen 23 WLAN Media Access Control Router Router broadcast-domain Ethernet HUB Access Point broadcast-domain 10 Mbps shared bandwidth CSMA/CD 11 Mbps shared bandwidth CSMA/CA 15.10.02 I.Meier: WLAN at DESY Zeuthen 24 12

WLAN Media Access Control CSMA/CA - Carrier-Sense-Multiple-Access with Collision Avoidence frames data frames control frames (RTS,- CTS-, ACK-frames) management frames (beacon frames) frame format Praeambel PLCP-header MAC-data CRC Praeambel: - 80 bit synchronization sequence - 16 bit start-delimeter-frame PLCP-header: - contains information about encryption on physical layer, packet length 15.10.02 I.Meier: WLAN at DESY Zeuthen 25 WLAN Media Access Control MAC-data field frame duration address1 address2 address3 sequence address4 frame body CRC control control control frames RTS CTS ACK Request to Send packet Clear to Send packet Acknowledgement packet frame format Byte 2 2 6 6 4 Frame Control Duration Receiver Sender CRC 15.10.02 I.Meier: WLAN at DESY Zeuthen 26 13

Wireless LAN Components and Features 15.10.02 I.Meier: WLAN at DESY Zeuthen 27 WLAN Components Components Bridge Access Point Workgroup-Bridge NIC (WLAN Network Interface Card (ISA, PCI, PCMCIA)) Router with WLAN-extension (xdsl-router, ISDN-Router) 15.10.02 I.Meier: WLAN at DESY Zeuthen 28 14

WLAN Components and Features Wired LAN Building A WLAN Bridge L2 Access Switch Access Point ISA, PCI or PCMCI Point-to-point Point-to-multipoint WLAN Bridge Workgroup Bridge L2 Access Switch L2 Access Switch Building B Building C 15.10.02 I.Meier: WLAN at DESY Zeuthen 29 WLAN Components and Features point-to-point and point-to-multipoint installation inline power over Ethernet, up to 100 m with Cat.5 selectable transmit power (1, 5, 20, 30, 50, 100 mw) antenna flexibility variable data rate (1, 2, 5.5, 11 Mbps) aggregate bandwidth 33 Mbps hot standby implementation, increase availability roaming load balancing but: no Quality of Service Voice over IP & multimedia applications supported on best efford 15.10.02 I.Meier: WLAN at DESY Zeuthen 30 15

Availability LAN active standby access points with identical configuration hot standby access point per RF channel transparent failover from active to standby access point 15.10.02 I.Meier: WLAN at DESY Zeuthen 31 Roaming Media Access Control CSMA/CA Beacon Frames are broadcast from access point at regular intervals contain access-point information (e.g. Service Set Identifier (SSID), supported data rates and Radio Frequency Methods (FHSS, DSSS), capacity) AP-A AP-B client triggers Roaming Event (max. retries) starting scanning process for available access points new association to AP-B based on criteria such Signal strength 20% better? Fewer hops to backbone? Count of associations (AP-B) + 4 < count of associations (AP-A)? 15.10.02 I.Meier: WLAN at DESY Zeuthen 32 16

Load Balancing only 3 non-overlapping cells available max. Bandwidth for single client 11 Mbps load balance criteria signal strength number of users transmit load hops to backbone AP AP AP 1 6 11 15.10.02 I.Meier: WLAN at DESY Zeuthen 33 Wireless LAN & Security 15.10.02 I.Meier: WLAN at DESY Zeuthen 34 17

Wireless LAN & Security... As standardized by the IEEE, security for 802.11 networks can be simplified into two main components: encryption and authentication. The implementation of these components has been proven and documented as insecure by the security community at large.... SAFE: Wireless LAN Security in Depth, White Paper Cisco Systems, Inc., 2001 http://www.cisco.com/go/safe 15.10.02 I.Meier: WLAN at DESY Zeuthen 35 Security Mechanisms SSID AP-Auth none WEP VPN static dynamic (EAP) SSID AP-Auth WEP static WEP dynamic WEP Service Set Identifier Access Point Authentication (open/shared key authentication) Wired Equivalent Privacy (encryption) static key dynamic key derivation EAP (Extensible Authentication Protocol) / LEAP (Ligth EAP) 15.10.02 I.Meier: WLAN at DESY Zeuthen 36 18

Network Selection Service Set Identifier (SSID) defines the name of the network, ASCII-string SSID is not a security mechanism transmitted as clear text in Probe & Probe Response frames Broadcast SSID disabled stops SSID in beacon frames only association to dedicated networks/access points 15.10.02 I.Meier: WLAN at DESY Zeuthen 37 Open authentication Access Point Authentication open authentication = null authentication authentication request packet authentication response packet Shared Key Authentication and static WEP-encryption challenge text packet for authentication cryptographically insecure plaintext and corresponding encrypted text are visible authentication request packet challenge text packet (plaintext) challenge response packet with predet. WEP authentication response packet 15.10.02 I.Meier: WLAN at DESY Zeuthen 38 19

Static Wired Equivalent Privacy (WEP) header: use key3 data: encrypted using key3 trailer Key1 = 123... Key2 = 432... Key3 = 987... trailer data: encrypted using key2 header: use key2 Key1 = 123... Key2 = 432... Key3 = 987... knowledge of WEP key required key needs to be changed frequently key distribution and management problematic 15.10.02 I.Meier: WLAN at DESY Zeuthen 39 MAC Authentication MAC address filter on Access Points Cisco supports centralized configuration and management of permitted MAC addresses in RADIUS database (Remote Access Dial-In User Service) easily spoofed 15.10.02 I.Meier: WLAN at DESY Zeuthen 40 20

2 nd Generation Security Mechanisms WLAN IEEE 802.11b is in secure security extensions necessary Backend infrastructure (kerberos, RADIUS,...) IEEE 802.1x TLS GSS_API IKE LEAP VPN EAP PPP 802.3 802.11... Method Layer EAP APIs EAP Layer NDIS APIs Media Layer 15.10.02 I.Meier: WLAN at DESY Zeuthen 41 EAP/LEAP EAP - Extensible Authentication Protocol (centralized authentication and dynamic key distribution) LEAP Ligth Extensible Authentication Protocol (Cisco) EAP/LEAP RADIUS client Radius Sever client authenticates to access point which disables all further IP requests next step: user network logon (username, password; Radius-Server) WEP session key calculation based on username/password Radius server sends key to access point Access point enables network connection 15.10.02 I.Meier: WLAN at DESY Zeuthen 42 21

VPN - Virtual Private Network support a variety of cryptographically strong options to authenticate the client at the VPN concentrator encrypted IP-tunnel client VPN concentrator Triple DES encryption connection access point VPN concentrator is not authenticated 15.10.02 I.Meier: WLAN at DESY Zeuthen 43 WLAN installation at DESY Zeuthen 15.10.02 I.Meier: WLAN at DESY Zeuthen 44 22

deficits security policies security zones Firewall Intrusion Detection System (IDS) mobile computing notebooks, PDA, Bluetooth Benutzerordnung central notebook support (MS Windows/Linux) system installation/administration security patches root password application software 15.10.02 I.Meier: WLAN at DESY Zeuthen 45 Supported network features network access - Ethernet - RADIUS - analogous modem - EAP - ISDN - VLAN - DSL - WLAN - DHCP IEEE 802.11b (11 Mbps, 2.4 GHz) support meetings, workshops, conferences seminar room SR1, SR2, SR3, Foyer 15.10.02 I.Meier: WLAN at DESY Zeuthen 46 23

Network Structure (Phase I, August 2002) GWIN 34 Mbit/s GWIN-Router Remote Access Server 10/100 Mbit/s 100 Mbit/s Telecom dial-in/mobile user 56 kbit/s (anal. Modem) Backbone Router/Switch 64/128 kbit/s (ISDN) SAP-User Gigabit Ethernet Access Switch (Layer 2 Switch) 10/100/1000 Mbit/s PC-Cluster Batch-Farm Server 15.10.02 I.Meier: WLAN at DESY Zeuthen 47 Network Structure (Phase II, October 2002) GWIN 34 Mbit/s GWIN-Router 100 Mbit/s Remote Access Server Firewall Telecom Gigabit Ethernet dial-in/mobile user 56 kbit/s (anal. Modem) Gigabit Ethernet Backbone Router/Switch 64/128 kbit/s (ISDN) Gigabit Ethernet SAP-User Access Switch (Layer 2 Switch) 10/100/1000 Mbit/s PC-Cluster Batch-Farm Server 15.10.02 I.Meier: WLAN at DESY Zeuthen 48 24

Network Structure (Phase III) GWIN 34 Mbit/s 100 Mbit/s GWIN-Router Remote Access Server Telecom dial-in/mobile user 56 kbit/s (anal. Modem) Firewall 64/128 kbit/s (ISDN) Gigabit Ethernet Access Point Gigabit Ethernet Backbone Router/Switch WLAN user Gigabit Ethernet SAP-User Access Switch (Layer 2 Switch) 10/100/1000 Mbit/s PC-Cluster Batch-Farm Server 15.10.02 I.Meier: WLAN at DESY Zeuthen 49 Abbreviations ETSI European Telecommunication Standards Institute ( Hiperlan1/2) IEEE Institute of Electrical and Electronic Engineers, Inc. ITU International Telecommunication Union (CCITT, CCIR) RegTP Regulierungsbehörde für Telekommunikation und Post TKG Telekommunikationsgesetz WRC World Radio Conference (Verwaltung der Funkfrequenzen) Bluetooth SIG Bluetooth Special Interest Group RR Radio Regulations (weltweit gültiges Regelwerk für den Funkverkehr, vom WRC erarbeitet) Wi-Fi Wireless-Fidelity ÍSM-Band 2.4 GHz Frequence-Band for Industrial, Scientific and Medical, unlicensed UNII-Band 5-GHz Frequence-Band for Unlicensed-National-Information- Infrastructure 15.10.02 I.Meier: WLAN at DESY Zeuthen 50 25

Abbreviations DSSS Direct Sequencing Spread Spectrum WEP Wired Equivalent Privacy (40/128 bit encryption) RC4 encryption algorithm invented by Ron Rivest of RSA Data Security Inc. (RSADSI) IPSec IP Security Protocol (framework of open standards for secure communication over IP networks) VPN Vitual Private Network DES Data Encryption Standard 3DES Triple DES, encrypts data 3 times with up to 3 different keys 15.10.02 I.Meier: WLAN at DESY Zeuthen 51 Abbreviations SSID Service Set Identifier (32 char ASCII-string) AP Access Point CSMA/CD Carrier-Sense-Multiple-Access with Collision Detection CSMA/CA Carrier-Sense-Multiple-Access with Collision-Avoidence EAP/802.1X Extensible Authentication Protocol (centralized authentication and dynamic key distribution) LEAP Ligth Extensible Authentication Protocol (Cisco) MIC Message-Integrity-Protocol TKIP Temporal-Key- Integrity-Protocol EAP-TLS EAP Transport Level Security RADIUS Remote Access Dial-In User Service DHCP Dynamic Host Configuration protocol 15.10.02 I.Meier: WLAN at DESY Zeuthen 52 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback