Post on 15-Jan-2016
transcript
Is Teaching Wireless Networkingin your Future?
Karl Dietrich – Lansing Community CollegeBill Saichek – Orange Coast College
Thanks to the book publishers
Cengage Sybex
Types of Wireless LANs
Since late 1990s, IEEE has approved five standards for wireless LANs: IEEE 802.11 IEEE 802.11b IEEE 802.11a IEEE 802.11g IEEE 802.11n
IEEE 802.11
Specified that wireless transmission could take place via infrared (IR) or radio signals (RF)
Operated at 1 and 2 Mbps WG formed in 1990
IEEE 802.11b 802.11 standard’s 2 Mbps bandwidth
not sufficient for most network applications
802.11b amendment added two higher speeds to original 802.11 standard 5.5 Mbps and 11 Mbps
2.4-GHz band Uses ISM band Separated into 22-MHz channels
DSSS Direct Sequence Spread Spectrum signaling
IEEE 802.11a Released after 802.11b 5-GHz frequency – UNII band
Not congested like 2.4-GHz band Lower interference, requires more transmit
power Throughput
54 Mbps theoretical 11 and 18 Mbps effective
Attributable to higher frequencies and unique modulating data method
OFDM Orthogonal Frequency Division Multiplexing
802.11g Throughput
54 Mbps theoretical 20 to 25 Mbps effective
2.4-GHz frequency band Compatible with 802.11b networks Operates in the ISM band Data transfer range
350 feet or 107 meters apart Uses OFDM for transmission format
Same as 802.11a but different frequency
IEEE 802.11n
Finally ratified in September 2009 Speed of 802.11n standard will be
anywhere from 100 Mbps to 600 Mbps 600 Mbps is theoretical not there yet
Standard defines that all 802.11n devices must contain two radios
802.11n 2.4-GHz or 5-GHz frequency range
Backward compatible with 802.11a, b, g standards
Compared with 802.11a, 802.11g Same data modulation techniques
Compared with three 802.11 standards Manages frames, channels, encoding
differently Allows high throughput (HT) Greenfield mode
802.11n
MIMO (Multiple Input-Multiple Output) Multiple access point antennas may
issue signal to one or more receivers Increases network’s throughput, access
point’s range Still a one-to-one communication
between devices
MIMO Signal Processing Techniques
Spatial Diversity: multiple redundant signals Spatial Multiplexing creates separate data
streams for each transmitting antenna Maximal Ratio Combining can combine the
signals of two antennas to increase the signal strength in a single stream
Transmit Beamforming (TxBF) allows a MIMO transmitter to focus the transmission and send in the direction of the receiving antenna
IEEE 802.ac is in now in development Also called Gigabit Wireless (Gigabit
Wifi) IEEE 802.11ac will be a game changer
IEEE 802.11ac
IEEE 802.11ac Some of the 802.11ac technologies
include: Spectrum: will operate in the less-crowded
5 GHz spectrum and not support 2.4 GHz Roughly 8 times as many channels as 2.4 GHz
Increased channel bandwidth: uses channel bandwidths up to 80 MHz
Error correction coding: stronger processors can handle more internal instruction code
Beam forming: Transmit Beamforming (TxBF) is optional with 802.11n but will be standard for all ac devices
IEEE 802.11ac A MU-MIMO device can transmit to multiple
sources at the same time and it can transmit different data to each end source
From Tech Republic – Cheat sheet: What you need to know about 802.11ac By Michael Kassner June 18, 2013
IEEE 802.11ac Is there a downside to 802.11ac
There will be a significantly smaller coverage area
The 5 GHz range won’t go as far Attenuation is directly proportional to
the frequency Will need multiple access points in
large homes and buildings
802.11ac on the Horizon; Will You Be Ready? Posted on February 25, 2013 by Nick McLain
Access Points Autonomous Access Points
Also called fat access points These are quickly becoming obsolete
with very limited usage Lightweight Access Points
Also called thin access points Does not contain management and
configuration functions Management features are contained in
a central device called wireless LAN controller
Wireless LAN Controller WLAN controller: used to manage
devices from a central location Devices are proprietary – all lightweight APs
and WLCs must be from the same vendor
Cloud management: connecting wireless devices together using the Internet in order to remotely manage them Because devices can be managed
remotely there is no need for multiple support teams for each location
Access Points - PoE Power over Ethernet (PoE)
Power delivered to AP through unused wires in standard unshielded twisted pair (UTP) Ethernet cable
IEEE 802.3af – up to 15.4 watts Only 12.95 watts of power is used
PoE+ or PoE Plus IEEE 802.3at – up to 25.5 watts Multiple radio APs need additional power
Radio Signal Characteristics
Wavelength Frequency Amplitude Phase
The higher the frequency the smaller the wavelength
Phase is measured in distance, time, or degrees
Wavelength Wavelength
Distance between the wave’s peaks Can also be measured from anywhere
in the wave as long as it is at the same point in each cycle
Frequency Frequency: Rate at which an event
occurs Number of times that a wave completes a
cycle within a given amount of time When wave completes trip and returns
back to starting point it has finished one cycle
Amplitude Amplitude: the magnitude of change
of the wave Is measured by how high or how deep
the wave is Is essentially a measure of the strength
of an electromagnetic wave’s signal
Phase Phase: the relationship between at
least two signals that share the same frequency yet have different starting points
Analog vs. Digital Transmissions
Analog signals are continuous Digital signals are discrete WLANs use digital transmissions
Digital signal
Analog signal
RF Modulation In order for an electromagnetic wave to
transmit information it must be modified Three types of modulations enable
carrier signals to carry information Amplitude modulation - Height of the signal Frequency modulation – Frequency of the
signal Phase modulation – change the starting
point of the signal
Amplitude-Shift Keying (ASK)
Frequency-Shift Keying (FSK)
Phase-Shift Keying (PSK)
Radio Frequency Behavior: Loss
Loss: Negative difference in amplitude between signals Attenuation: loss of signal strength
due to wave propagation and multipath Propagation behaviors FSPL - Natural loss of signal strength
through space
Wave Propagation Loss
Reflection Refraction Scattering Diffraction Absorption
Amplification Gain: Positive difference in amplitude
between two signals Technically, gain is measure of amplification
Power – a constant measured in mW (milliwatts) Gain/Loss – a relative figure measured in dB Combined to become dBm
Active Gain Intentionally boosting the signal
Passive Gain Using the antenna to strengthen the signal
Types of Antennas
Three basic categories of antennas: Omnidirectional Semidirectional Highly directional
Each category includes multiple types, each with different characteristics
Dipole Antenna
Omni-directional rod antenna
Segments to Packets to Frames Frames are dependent upon the
standard being used to send the data
Wired vs. Wireless Each wireless standard frames the
data differently Are they compatible?
How is the data prepared for transmission
Our old friend the OSI Model
IEEE 802.11Physical Layer Standards
Data Link sublayers
PHY sublayers
IEEE 802.11Physical Layer Standards
SDUs and PDUs
MAC Frame Formats
MAC Frame Formats – 802.11n
A-MSDU and A-MPDU
MAC Frame Types Three categories of MAC frame types
Management Frames Used to manage access to wireless networks
and to move associations between APs Control Frames
Used to assist with the delivery of data frames
Data Frames The actual carriers of application level data
WLAN Service Sets
Service set: all of the devices that are associated with an 802.11 WLAN
Three different WLAN service set configurations: Basic service set Extended service set Independent basic service set
Basic Service Set
Basic Service Set – BSS One AP with one or more client stations Infrastructure Mode
Service Set Identifier – SSID A logical name used to identify an
802.11 wireless network Comparable to a Windows Workgroup
name Up to 32 characters and is case
sensitive
Basic Service Set Basic Service Area (BSA)
The physical area of coverage provided by an access point in a BSS
Power settings affect the coverage area
Extended Service Set Extended Service Set (ESS)
One or more BSSs connected by a distribution system medium
An overlap of 15 to 25% is needed to achieve seamless roaming between cells
Independent Basic Service Set Independent Basic Service Set
(IBSS): Wireless network that does not use an AP Peer-to-peer or ad hoc mode
MAC Operations
MAC layer WLAN functions: Discovering a WLAN Joining the WLAN Transmitting on a WLAN Remaining connected to WLAN
Discovering the WLAN: Scanning
Two types of scanning Passive scanning - Wireless device
simply listens for beacon frame. The station will determine the AP with the best signal (RSSI)
Active scanning - Wireless device first sends out a management probe request frame then waits for probe response frame
The difference between passive scanning and active scanning is which device initiates the discovery
Joining the WLAN:Authentication and Association Once a wireless device discovers the
WLAN, it next requests to join the network Authentication Association
A client must authenticate before it can associate
Joining the WLAN: Authentication
The original 802.11 standard defined two types of authentication: Open System Authentication
Device sends an association request to an AP
AP responds with an association response frame
A “virtual handshake” between the AP and the client
Shared Key Authentication STA must get permission from the AP to
join the WLAN “hitech13” for example
Joining the WLAN: Association Association: Accepting a wireless
device into a wireless network Final step to join WLAN The STA can send data through the AP
and on to the distribution system Roaming: Moving from one AP to
another The decision to roam is made by the STA
Determined by the signal strength, noise level, and bit-error rate
A STA can be authenticated to multiple APs but associated to only one
Reassociation Occurs when a STA roams to another AP
within the same ESS Disassociation
Device drops connection with one AP and establishes connection with another
The new AP will then send a disassociate frame to the old access point
Reassociation is always initiated by the STA Disassociation is handled by the AP
Roaming – ReassociationDeassociation - Deauthentication
Connectivity Steps
Windows connection process:1. Scan for wireless networks2. Choose an access point3. Authenticate with the access point4. Associate with the access point5. Obtain an IP address
Transmitting on the WLAN DCF is the mandatory access method for
the 802.11 standard The coordination of access to the WM is
distributed among the wireless stations CSMA/CD cannot be used on wireless
networks CSMA/CA is used on wireless networks
(Virtual) Carrier Sense is the process of checking to see if the medium is in use
The NAV timer must count down to zero before the device can transmit on the medium – Slot Time
System Throughput Acknowledgment frame (ACK): Sent by
receiving device to sending device to confirm data frame arrived intact
The mortal enemy of WLAN performance is retransmissions of data frames
If an ACK frame is not received by the original transmitting radio, the unicast frame is NOT acknowledged and will have to be retransmitted
IEEE 802.11n adds a feature known as block acknowledgment
Specialized Tools Spectrum Analyzers: Scans RF
spectrum and provides graphical display of results Typically measure signal-to-noise ratio
The noise floor can corrupt actual data Helpful in identifying interference
problems Thus, helps properly position/orient AP
A mandatory tool for performing site surveys
USB spectrum analyzer output
Spectrum Analyzer Output
Specialized Tools
Protocol Analyzers: Can be used to pick up packets being transmitted by other WLANs in area Also called a packet sniffer
Common uses of protocol analyzers: Network troubleshooting Fine-tune the network and manage
bandwidth
Protocol analyzer output
What is Information Security?
Information security: Task of securing digital information Ensures protective measures properly
implemented Protects confidentiality, integrity, and
availability (CIA) on the devices that store, manipulate, and transmit the information through products, people, and procedures
Security Principles: What is Information Security?
Three more terms you need to know Authentication
The verification of user/device identity Authorization
Granting access to network resources Accounting
Tracking the use of network resources by users
Five Basic Attacks Used by Hackers with Moderate Cracking
Skills Wireless network discovery
Wi-Fi finders Probe requests http://www.wigle.net
Unauthorized access Rogue Access Point MAC address spoofing
Five Basic Attacks Used by Hackers with Moderate Cracking
Skills Denial of Service
RF Jamming Data Flooding Hijacking
Exploiting security feature weaknesses WEP/Social Engineering/Remote Administration Remote administration must be disabled
Eavesdropping War Driving/Net Stumbler Man-in-the-Middle/Evil Twin
Legacy 802.11 Security Protections
The original IEEE 802.11 standard defined three security mechanisms SSID cloaking or hiding MAC address filtering WEP – Wired Equivalent Privacy
IEEE 802.11 standard’s security mechanisms for wireless networks have fallen well short of their goal
Vulnerabilities – SSID Hiding Some users configure their APs to
prevent the beacon frame from including the SSID Known as SSID hiding Easy to discover through Active Scanning
and other tools that are freely available If an attacker cannot capture an initial
negotiation process, can force one to occur Many users do not change the default SSID,
an attacker can try using default SSIDs
MAC Address Filtering MAC address filtering considered to be
a basic means of controlling access Requires pre-approved authentication Difficult to provide temporary access for
“guest” devices Managing the number of MAC addresses in
a medium to large sized wireless network can be challenging
MAC addresses can be “spoofed” or substituted – easily downloadable programs
IEEE 802.11 Authentication Wireless authentication requires the
wireless device and NOT the individual user to be authenticated prior to being connected to the network – major BYOD issues
Two methods of authentication: Open System Authentication
Only need SSID to connect No true authentication occurs
Shared Key Authentication Key installed manually on devices Key can be discovered by examining the devices
Wired Equivalent Privacy (WEP)
Guard the confidentiality of information Ensure only authorized parties can view
it Used in IEEE 802.11 to encrypt
wireless transmissions Current WEP
cracking tools can crack a WEP code in less than 5 minutes
WEP Vulnerabilities
WEP implementation violates cardinal rule of cryptography Creates detectable pattern for attackers APs end up repeating IVs - cleartext
Generating a keystream using the PRNG is based on the RC4 cipher algorithm Stream Cipher PRNG does not create true random number
Wi-Fi Protected Access (WPA)
Two modes of WPA WPA Personal
Designed for individuals or small office-home office settings
WPA Enterprise Intended for large enterprises, schools, and
government agencies
Temporal Key Integrity Protocol (TKIP): Replaces WEP’s encryption key with 128-bit per-packet key
WiFi Alliance – WPA2 WPA2 was introduced in September
2004 Based on the final IEEE 802.11i standard Two modes
WPA2 Personal – individuals and SOHOs WPA2 Enterprise – larger enterprises
• WPA2 also addresses both encryption and authentication Uses AES for data encryption Supports IEEE 802.1x for authentication
or can also use PSK technology
IEEE 802.11i – Robust Security Network
Authentication is accomplished using the IEEE 802.1X protocol (RADIUS server)
Encryption accomplished by replacing RC4 with AES – Advanced Encryption Standard Block cipher Manipulates entire block of plaintext at one
time
Authentication 802.1x requires an authentication server Remote Authentication Dial-In User
Service (RADIUS) typically used Can be used with various EAP protocols Authentication server stores list of names and
credentials of authorized users Enterprise security model using WPA2 provides
most secure level of authentication and encryption available on a WLAN
IEEE 802.1x is strongest type of wireless authentication currently available
Other Wireless Security Tools
Wireless security tools that can be used to protect a WLAN: Virtual private network Secure device management protocols Wireless intrusion detection system
WIDS – Constantly monitors the RF for attacks and sounds an alert if one is detected
Wireless intrusion prevention system WIPS – Monitors network traffic to
immediately react to block a malicious attack
Security Summary WEP should not be used in any
production business or home network where WPA/WPA2 is available
WPA has a security weakness when used with PSK or WPA Personal The preshared key must be manually
changed and is therefore seldom, if ever, changed
Disable remote administration for all devices
Security Summary
Nearly 80% of all network security breaches come from inside the organization by authorized users
Weak passwords are one of the most serious security threats in networking
Network protection is only as strong as the weakest link in the security chain
Sixty years ago video was delivered via broadcast television
In the 1980’s video shifted to satellite and cable connections
Today the Internet streams music, movies, and TV on demand
Estimated global Internet traffic will reach nearly 1 Zettabyte and 90% of internet traffic will be video content
Will RJ-45 connections go the same way as 8-tracks and vinyl records
802.11ac is going to be a game changer
What’s Next ??