LAN Switching and Wireless: Ch7 - Basic Wireless Concepts and Configuration

LAN Switching and Wireless

If you found any mistake’s’ on these slides or if you have any

other questions or comments, please feel free to contact me at:

[email protected] or [email protected]

Linkedin : https://www.linkedin.com/in/AbdelkhalikMosa

Twitter : https://twitter.com/AbdelkhalikMosa

Facebook : https://www.facebook.com/Abdelkhalik.Mosa

Thanks,

Abdelkhalik Mosa

Suez Canal University

Faculty of Computers and Informatics - Ismailia - Egypt

Note …

Introduction

• Wireless technologies use electromagnetic waves to carry information between devices.

• WLANs use radio frequencies (RF) instead of cables at the Physical layer and MAC sub-layer of the Data Link layer.

Wireless LAN Vs. Ethernet LAN

Wireless PAN, LAN, MAN and WAN

PAN : Personal Area NetworksLAN : Local Area NetworksWLAN : Wireless Local Area NetworksMAN : Metropolitan Area NetworksWAN : Wide Area Networks

Introduction: Infrared

• Infrared (IR) is relatively low energy and cannot penetrate through walls or other obstacles.

• A specialized communication port known as an Infrared Direct Access (IrDA) port uses IR to exchange information between devices.

• IR only allows a one-to-one type of connection.

• IR is also used for remote control devices, wireless mice, and wireless keyboards.

• IR generally used for short-range, line-of-sight, communications.

Introduction: Radio Frequency (RF)

• RF waves can penetrate through walls and other obstacles, allowing a much greater range than IR.

• Certain areas of the RF bands have been set aside for use by unlicensed devices such as WLANs, and computer peripherals.

– This includes the 900 MHz, 2.4 GHz, and the 5 GHz frequency ranges. These ranges are known as the ISM bands.

Benefits of Wireless Technology

Limitations of Wireless Technology

Wireless LANs (WLANs)

• 802.11 wireless LANs extend the 802.3 Ethernet LAN infrastructures to provide additional connectivity options.

Wireless LAN Standards

• The governmental agencies in countries, license some frequency bands, leaving some frequency bands unlicensed.

• Licensed bands:

– The most common are AM and FM radio, shortwave radio (for police department communications), and mobile phones.

• Unlicensed frequencies:

– Can be used by all kinds of devices; however, the devices must still conform to the rules set up by the regulatory agency.

• A device using an unlicensed band must use power levels at or below a particular setting so as not to interfere too much with other devices sharing that unlicensed band.

Wireless LAN Standards

• OFDM have faster data rates than DSSS.

• DSSS is simpler and less expensive to implement than OFDM.

Wireless Fidelity (Wi-Fi) Certification

• Wi-Fi Alliance, a global, nonprofit, industry trade association devoted to promoting the growth and acceptance of WLANs.

• The Wi-Fi Alliance is an association of vendors whose objective is to improve the interoperability of products that are based on the 802.11 standard.

• The Wi-Fi logo on a device means it meets standards and should interoperate with other devices of the same standard.

• The three key organizations influencing WLAN standards are:

ITU-R regulates allocation of RF bands.

IEEE specifies how RF is modulated to carry info.

Wi-Fi ensures that vendors make devices that are interoperable.

Wireless Infrastructure Components: Wireless NIC

Wireless NIC encodes a data stream onto an RF signal.

Wireless Infrastructure Components: Wireless Access Points

• An access point is a Layer 2 device that functions like a 802.3 Ethernet hub.

• An access point connects wireless clients to the wired LAN.

• Association is the process by which a client joins an 802.11 network.

• RF signals attenuate as they move away from their point of origin, causing the Hidden node problem.

• One means of resolving the hidden node problem is a CSMA/CAfeature called request to send/clear to send (RTS/CTS).

Wireless Infrastructure Components: Wireless Access Points

• The hidden node problem

Wireless Infrastructure Components: Wireless Routers

• Wireless routers perform the role of access point, Ethernet switch, and router.

Configurable Parameters for Wireless Endpoints

Network Modes

Channels

SSID

802.11 Topologies: Ad Hoc (IBSS)

Independent Basic Service Set (IBSS)

802.11 Topologies: BSS

Basic Service Set (BSS)

802.11 Topologies: ESS

Extended Basic Service Set (ESS)

Client and Access Point Association: Beacons

• Beacons: Frames used by the WLAN network to advertise its presence.

Client and Access Point Association: Probes

• Probes: Frames used by WLAN clients to find their networks.

Client and Access Point Association: Authentication

Client and Access Point Association: Association

• Association: The process for establishing the data link between an access point and a WLAN client.

Threats to Wireless Security: Unauthorized Access

• Major categories of threats that lead to unauthorized access:

1. War Drivers:• Find open networks and use them to gain free internet

access.2. Hackers:

• Exploit weak privacy measures to view sensitive WLAN information and even break into WLANs.

3. Employees:• Plug consumer-grade APIs/gateways into company

Ethernet ports to create their own WLANs.

Threats to Wireless Security: Man-in-the-Middle Attacks

Threats to Wireless Security: Denial of Service

Wireless Security Protocol Overview

• Open Authentication: no authentication.

• WEP authentication: was supposed to provide privacy to a link.

Static, crackable, and not scalable.

Cloaking SSIDs and filtering MAC addresses were used.

Authenticating to the Wireless LAN

Authenticating to the Wireless LAN

• EAP is a framework for authenticating network access.

Encryption – TKIP and AES

• TKIP is the encryption method certified as WPA.

It encrypts the Layer 2 payload.

It carries out a message integrity check (MIC) in the encrypted packet which ensures against a message being tampered with.

• AES is the encryption method certified as WPA2.

• PSK or PSK2 with TKIP is the same as WPA.

• PSK or PSK2 with AES is the same as WPA2.

• PSK2, without an encryption method, is the same as WPA2.

Controlling Access to the Wireless LAN

• The concept of depth means having multiple solutions available.

• Implement this three-step approach:

1. SSID cloaking: Disable SSID broadcasts from access points

2. MAC address filtering: Permit or deny clients based on their MAC address

3. WLAN security implementation: WPA or WPA2.

• Neither SSID cloaking nor MAC address filtering are considered a valid means of securing a WLAN for the following reasons:

1. MAC addresses are easily spoofed.

2. SSIDs are easily discovered even they aren’t broadcasted.

Configuring the Wireless Access Point

Setu

p

Configuring the Wireless Access Point

Man

ag

em

en

t

Configuring Basic Wireless Settings

Netw

ork

Mo

de

Configuring Basic Wireless Settings

Netw

ork

Nam

e (S

SID

)

Configuring Basic Wireless Settings

Rad

io B

an

d

Configuring Basic Wireless Settings

Wid

e C

han

nel

Configuring Basic Wireless Settings

Sta

nd

ard

Ch

an

nel

Configuring Security

• "Personal“ means no AAA server is used.

• "Enterprise“ means a AAA server and EAP authentication is used.

Configuring Security

Configuring a wireless NIC

Scan for SSIDsSelecting the Wireless

Security Protocol

WLAN Troubleshooting: Incorrect Channel Settings

WLAN Troubleshooting: Incorrect Channel Settings

WLAN Troubleshooting: Incorrect Channel Settings

WLAN Troubleshooting: Solving RF Interference

WLAN Troubleshooting: Solving RF Interference

WLAN Troubleshooting: Solving RF Interference

WLAN Troubleshooting: Access Point Misplacement

WLAN Troubleshooting: Access Point Misplacement

WLAN Troubleshooting: Access Point Misplacement

WLAN Troubleshooting: Authentication and Encryption

WLAN Troubleshooting: Authentication and Encryption

WLAN Troubleshooting: Authentication and Encryption