LAN Switching and Wireless: Ch7 - Basic Wireless Concepts and Configuration
-
Upload
abdelkhalik-mosa -
Category
Technology
-
view
479 -
download
0
Transcript of LAN Switching and Wireless: Ch7 - Basic Wireless Concepts and Configuration
If you found any mistake’s’ on these slides or if you have any
other questions or comments, please feel free to contact me at:
[email protected] or [email protected]
Linkedin : https://www.linkedin.com/in/AbdelkhalikMosa
Twitter : https://twitter.com/AbdelkhalikMosa
Facebook : https://www.facebook.com/Abdelkhalik.Mosa
Thanks,
Abdelkhalik Mosa
Suez Canal University
Faculty of Computers and Informatics - Ismailia - Egypt
Note …
Introduction
• Wireless technologies use electromagnetic waves to carry information between devices.
• WLANs use radio frequencies (RF) instead of cables at the Physical layer and MAC sub-layer of the Data Link layer.
Wireless PAN, LAN, MAN and WAN
PAN : Personal Area NetworksLAN : Local Area NetworksWLAN : Wireless Local Area NetworksMAN : Metropolitan Area NetworksWAN : Wide Area Networks
Introduction: Infrared
• Infrared (IR) is relatively low energy and cannot penetrate through walls or other obstacles.
• A specialized communication port known as an Infrared Direct Access (IrDA) port uses IR to exchange information between devices.
• IR only allows a one-to-one type of connection.
• IR is also used for remote control devices, wireless mice, and wireless keyboards.
• IR generally used for short-range, line-of-sight, communications.
Introduction: Radio Frequency (RF)
• RF waves can penetrate through walls and other obstacles, allowing a much greater range than IR.
• Certain areas of the RF bands have been set aside for use by unlicensed devices such as WLANs, and computer peripherals.
– This includes the 900 MHz, 2.4 GHz, and the 5 GHz frequency ranges. These ranges are known as the ISM bands.
Wireless LANs (WLANs)
• 802.11 wireless LANs extend the 802.3 Ethernet LAN infrastructures to provide additional connectivity options.
Wireless LAN Standards
• The governmental agencies in countries, license some frequency bands, leaving some frequency bands unlicensed.
• Licensed bands:
– The most common are AM and FM radio, shortwave radio (for police department communications), and mobile phones.
• Unlicensed frequencies:
– Can be used by all kinds of devices; however, the devices must still conform to the rules set up by the regulatory agency.
• A device using an unlicensed band must use power levels at or below a particular setting so as not to interfere too much with other devices sharing that unlicensed band.
Wireless LAN Standards
• OFDM have faster data rates than DSSS.
• DSSS is simpler and less expensive to implement than OFDM.
Wireless Fidelity (Wi-Fi) Certification
• Wi-Fi Alliance, a global, nonprofit, industry trade association devoted to promoting the growth and acceptance of WLANs.
• The Wi-Fi Alliance is an association of vendors whose objective is to improve the interoperability of products that are based on the 802.11 standard.
• The Wi-Fi logo on a device means it meets standards and should interoperate with other devices of the same standard.
• The three key organizations influencing WLAN standards are:
ITU-R regulates allocation of RF bands.
IEEE specifies how RF is modulated to carry info.
Wi-Fi ensures that vendors make devices that are interoperable.
Wireless Infrastructure Components: Wireless NIC
Wireless NIC encodes a data stream onto an RF signal.
Wireless Infrastructure Components: Wireless Access Points
• An access point is a Layer 2 device that functions like a 802.3 Ethernet hub.
• An access point connects wireless clients to the wired LAN.
• Association is the process by which a client joins an 802.11 network.
• RF signals attenuate as they move away from their point of origin, causing the Hidden node problem.
• One means of resolving the hidden node problem is a CSMA/CAfeature called request to send/clear to send (RTS/CTS).
Wireless Infrastructure Components: Wireless Routers
• Wireless routers perform the role of access point, Ethernet switch, and router.
Client and Access Point Association: Beacons
• Beacons: Frames used by the WLAN network to advertise its presence.
Client and Access Point Association: Probes
• Probes: Frames used by WLAN clients to find their networks.
Client and Access Point Association: Association
• Association: The process for establishing the data link between an access point and a WLAN client.
Threats to Wireless Security: Unauthorized Access
• Major categories of threats that lead to unauthorized access:
1. War Drivers:• Find open networks and use them to gain free internet
access.2. Hackers:
• Exploit weak privacy measures to view sensitive WLAN information and even break into WLANs.
3. Employees:• Plug consumer-grade APIs/gateways into company
Ethernet ports to create their own WLANs.
Wireless Security Protocol Overview
• Open Authentication: no authentication.
• WEP authentication: was supposed to provide privacy to a link.
Static, crackable, and not scalable.
Cloaking SSIDs and filtering MAC addresses were used.
Encryption – TKIP and AES
• TKIP is the encryption method certified as WPA.
It encrypts the Layer 2 payload.
It carries out a message integrity check (MIC) in the encrypted packet which ensures against a message being tampered with.
• AES is the encryption method certified as WPA2.
• PSK or PSK2 with TKIP is the same as WPA.
• PSK or PSK2 with AES is the same as WPA2.
• PSK2, without an encryption method, is the same as WPA2.
Controlling Access to the Wireless LAN
• The concept of depth means having multiple solutions available.
• Implement this three-step approach:
1. SSID cloaking: Disable SSID broadcasts from access points
2. MAC address filtering: Permit or deny clients based on their MAC address
3. WLAN security implementation: WPA or WPA2.
• Neither SSID cloaking nor MAC address filtering are considered a valid means of securing a WLAN for the following reasons:
1. MAC addresses are easily spoofed.
2. SSIDs are easily discovered even they aren’t broadcasted.
Configuring Security
• "Personal“ means no AAA server is used.
• "Enterprise“ means a AAA server and EAP authentication is used.