LAN Switching and Wireless
Jul 13, 2015
If you found any mistake’s’ on these slides or if you have any
other questions or comments, please feel free to contact me at:
[email protected] or [email protected]
Linkedin : https://www.linkedin.com/in/AbdelkhalikMosa
Twitter : https://twitter.com/AbdelkhalikMosa
Facebook : https://www.facebook.com/Abdelkhalik.Mosa
Thanks,
Abdelkhalik Mosa
Suez Canal University
Faculty of Computers and Informatics - Ismailia - Egypt
Note …
Introduction
• Wireless technologies use electromagnetic waves to carry information between devices.
• WLANs use radio frequencies (RF) instead of cables at the Physical layer and MAC sub-layer of the Data Link layer.
Wireless PAN, LAN, MAN and WAN
PAN : Personal Area NetworksLAN : Local Area NetworksWLAN : Wireless Local Area NetworksMAN : Metropolitan Area NetworksWAN : Wide Area Networks
Introduction: Infrared
• Infrared (IR) is relatively low energy and cannot penetrate through walls or other obstacles.
• A specialized communication port known as an Infrared Direct Access (IrDA) port uses IR to exchange information between devices.
• IR only allows a one-to-one type of connection.
• IR is also used for remote control devices, wireless mice, and wireless keyboards.
• IR generally used for short-range, line-of-sight, communications.
Introduction: Radio Frequency (RF)
• RF waves can penetrate through walls and other obstacles, allowing a much greater range than IR.
• Certain areas of the RF bands have been set aside for use by unlicensed devices such as WLANs, and computer peripherals.
– This includes the 900 MHz, 2.4 GHz, and the 5 GHz frequency ranges. These ranges are known as the ISM bands.
Wireless LANs (WLANs)
• 802.11 wireless LANs extend the 802.3 Ethernet LAN infrastructures to provide additional connectivity options.
Wireless LAN Standards
• The governmental agencies in countries, license some frequency bands, leaving some frequency bands unlicensed.
• Licensed bands:
– The most common are AM and FM radio, shortwave radio (for police department communications), and mobile phones.
• Unlicensed frequencies:
– Can be used by all kinds of devices; however, the devices must still conform to the rules set up by the regulatory agency.
• A device using an unlicensed band must use power levels at or below a particular setting so as not to interfere too much with other devices sharing that unlicensed band.
Wireless LAN Standards
• OFDM have faster data rates than DSSS.
• DSSS is simpler and less expensive to implement than OFDM.
Wireless Fidelity (Wi-Fi) Certification
• Wi-Fi Alliance, a global, nonprofit, industry trade association devoted to promoting the growth and acceptance of WLANs.
• The Wi-Fi Alliance is an association of vendors whose objective is to improve the interoperability of products that are based on the 802.11 standard.
• The Wi-Fi logo on a device means it meets standards and should interoperate with other devices of the same standard.
• The three key organizations influencing WLAN standards are:
ITU-R regulates allocation of RF bands.
IEEE specifies how RF is modulated to carry info.
Wi-Fi ensures that vendors make devices that are interoperable.
Wireless Infrastructure Components: Wireless NIC
Wireless NIC encodes a data stream onto an RF signal.
Wireless Infrastructure Components: Wireless Access Points
• An access point is a Layer 2 device that functions like a 802.3 Ethernet hub.
• An access point connects wireless clients to the wired LAN.
• Association is the process by which a client joins an 802.11 network.
• RF signals attenuate as they move away from their point of origin, causing the Hidden node problem.
• One means of resolving the hidden node problem is a CSMA/CAfeature called request to send/clear to send (RTS/CTS).
Wireless Infrastructure Components: Wireless Routers
• Wireless routers perform the role of access point, Ethernet switch, and router.
Client and Access Point Association: Beacons
• Beacons: Frames used by the WLAN network to advertise its presence.
Client and Access Point Association: Probes
• Probes: Frames used by WLAN clients to find their networks.
Client and Access Point Association: Association
• Association: The process for establishing the data link between an access point and a WLAN client.
Threats to Wireless Security: Unauthorized Access
• Major categories of threats that lead to unauthorized access:
1. War Drivers:• Find open networks and use them to gain free internet
access.2. Hackers:
• Exploit weak privacy measures to view sensitive WLAN information and even break into WLANs.
3. Employees:• Plug consumer-grade APIs/gateways into company
Ethernet ports to create their own WLANs.
Wireless Security Protocol Overview
• Open Authentication: no authentication.
• WEP authentication: was supposed to provide privacy to a link.
Static, crackable, and not scalable.
Cloaking SSIDs and filtering MAC addresses were used.
Encryption – TKIP and AES
• TKIP is the encryption method certified as WPA.
It encrypts the Layer 2 payload.
It carries out a message integrity check (MIC) in the encrypted packet which ensures against a message being tampered with.
• AES is the encryption method certified as WPA2.
• PSK or PSK2 with TKIP is the same as WPA.
• PSK or PSK2 with AES is the same as WPA2.
• PSK2, without an encryption method, is the same as WPA2.
Controlling Access to the Wireless LAN
• The concept of depth means having multiple solutions available.
• Implement this three-step approach:
1. SSID cloaking: Disable SSID broadcasts from access points
2. MAC address filtering: Permit or deny clients based on their MAC address
3. WLAN security implementation: WPA or WPA2.
• Neither SSID cloaking nor MAC address filtering are considered a valid means of securing a WLAN for the following reasons:
1. MAC addresses are easily spoofed.
2. SSIDs are easily discovered even they aren’t broadcasted.
Configuring Security
• "Personal“ means no AAA server is used.
• "Enterprise“ means a AAA server and EAP authentication is used.