3Com Secure Converged Network ( Wireless LAN )
December 2005 >> Mr. Anusit Ratchadalertnarong
2
Technology Forces
>Miniaturization, portability, mobile power
>Increasing bandwidth, wired and wireless
>Convergence – data, voice, video, …
>Connection and connection-less models
>Virtualization – compute, storage, network
>Service oriented architectures – integration
3
Broadband Wireless Access Evolution
EDGE HSUPA
CDMA 1x EV-DO
CDMA 1x EV-DV
GSM GPRS
CDMAIS-95A
CDMA2000 1xRTT
802.11g
802.11b802.11a
802.16e802.16a
802.20
Flash OFDM / FlarionMC-CDMA / Navini
TD-CDMA / UMTS-TDD
UMTS/WCDMA
TDMA/FDMA/SDMA / iBurst
HSDPA
802.16-2004
EDGEPh2
Mass-productionMass-production
ProductionProduction
PilotsPilots
ConceptConcept
ETSI
ETSI
IEEE
IEEE
Pro
pri
eta
ryPro
pri
eta
ry
4
What is WiMAX?
WiMAX = Worldwide Interoperability for Microwave Access
>Refers to wireless technologies based on 802.16 standard
>Standard designed to provide cost-effective fixed, portable, and eventually mobile broadband connectivity at speeds as fast or faster than cable/DSL for residential and T1/E1 for businesses
>Fixed WiMAX applications
— Residential and business connectivity where cable/DSL or fiber not available
— Rural and suburban areas of developed countries and developing countries
>Mobile WiMAX applications
— “Personal broadband” experience for consumer
— Urban areas become “MetroZones” for broadband access everywhere
5
Broadband Wireless “Sweet Spot”
6
WiMAX Network Models & Time Frames
Fixed Outdoor
Backhaul
Wi-Fi Hotspot
Access 2005 Portable 2006 Mobile 2007/8+
Metrozone
EnterpriseCampus Piconet
Fixed Indoor
Mobile
7
Measuring points:
Very good radio reception+/-0 to -85 dBm
Sufficient radio reception-85 to -100 dBm
Poor or no radio reception< -100 dBm
1 km
0,5 km
0,5 km
1 km
1,7 km
WiMAX Technology Overview
8
Broadband Wireless Access Evolution
EDGE HSUPA
CDMA 1x EV-DO
CDMA 1x EV-DV
GSM GPRS
CDMAIS-95A
CDMA2000 1xRTT
802.11g
802.11b802.11a
802.16e802.16a
802.20
Flash OFDM / FlarionMC-CDMA / Navini
TD-CDMA / UMTS-TDD
UMTS/WCDMA
TDMA/FDMA/SDMA / iBurst
HSDPA
802.16-2004
EDGEPh2
Mass-productionMass-production
ProductionProduction
PilotsPilots
ConceptConcept
ETSI
ETSI
IEEE
IEEE
Pro
pri
eta
ryPro
pri
eta
ry
9
Choose Your 802.11 Flavor with No Limit to Your Security Preference
802.11a 802.11b 802.11g
Standard Ratified
2002 1999 2003
Radio Band 5GHz 2.4GHz 2.4GHz
Data Rates Up to 54Mbps Up to 11Mbps Up to 54Mbps
Coverage Area Up to 50 Meters Up to 100 Meters Up to 100 Meters
Pros > Less potential for interference
> Good support for multimedia apps and densely populated user environments
> Large installed base
> Compatible with 802.11b
> High data rates and broad coverage area
Cons > Requires hardware upgrade
> Less coverage area
> Slower data rate
> Interference in 2.4GHz band
> Interference in 2.4GHz band
10
More Channels Avoids Interference
802.11b/g802.11a/g
13
3
32
221
1 1
11
1
1
1
1
1
1
133
2
2
2
3
3
33
3
3
32
2
2
2 2 2
2nd Ring
1st Ring
Distance to Center Cell:
— 16 non-overlapping channels and 408.5MHz of spectrum at 2.4 and 5GHz makes it possible to set up networks without co-channel interference for enterprises, public hot spots, and other large installations
— 3 non-overlapping channels and 83.5MHz of spectrum at 2.4GHz make co-channel interference and performance degradation inevitable
12
3
5
72
46
10
5 8
1411
8
10
134
1076
4
13
8
1
15
69
10
16
143
12
13
15 3 9
1
1
3rd Ring
11
802.11X Standards
WLAN Systems> 802.11a 5GHz System, 54 Mbps> 802.11b 2.4GHz System, 11 Mbps> 802.11g 2.4GHz System, 54 MbpsWLAN Enhancements> 802.11c MAC Routing (moved to 802.1c)> 802.11d Country compatibility (roaming) for 802.11b> 802.11e Enhanced MAC for QoS> 802.11f Inter Access Point Protocol> 802.11h Channel Selection and Transmit Power for 802.11a> 802.11i Secure MAC> 802.11j Channel Selection for Japan> 802.11k Client feedback> 802.11n High speed> 802.11r Roaming> 802.11s Defines a MAC and PHY for meshed networks> 802.1X Authentication
12
WLAN Deployment Considerations
>Site planning
— Coverage and Capacity
>Mobility
— Roaming & User management
>RF Management
— Rogue detection
— Power & Channel management
>Security
— Authentication & Encryption
>Network Management
>Network Extension
13
3Com Secure Converge Network
3Com Router
3Com Switch 7750/8800
3Com SuperStack 3
Switch
3Com VCX System
Wi-Fi Phone
Wi-Fi PDA
Mobile User
Video Server
Multicast User
Mobile User
3Com TippingPoint
3Com AP 8250/7250
3Com AP 27503Com AP 2750
3Com AP 3750
WirelessSwitch
CorporateNetwork
802.11 a/b/g
Antenna
Encryption
Mobile IP, IPSec, Certs
802.1X, TKIP, 802.11e, 802.11f, 802.11h
Site Surveys Per-user Firewall
Self-Healing RF Management
Rogue Wireless Protection
‘Fit’ APs
More Managed Wireless Solutions
CorporateNetwork
Layer 2Switch
802.11 a/b/g
Mobile IP, IPSec, Certs
802.1X, TKIP, 802.11e, 802.11f, 802.11h
Antenna
Encryption
‘Fat’ APs Traditional Wireless Switching
Lower Cost APs
14
Site Planning
15
3Com Secure Converge Network
3Com Router
3Com Switch 7750/8800
3Com SuperStack 3
Switch
3Com VCX System
Wi-Fi Phone
Wi-Fi PDA
Mobile User
Video Server
Multicast User
Mobile User
3Com Wireless Switch Manager
3Com TippingPoint
3Com AP 8250/7250
3Com AP 27503Com AP 2750
3Com AP 3750
3Com Wireless Switch
16
Easy and Powerful Site Planning
>Plan and Configure— Enter building plans,
including walls & wall materials
— Result:>AP location
recommendations for coverage pattern
— Predictive modeling capabilities allow user to try different scenarios
>Deploy and Manage— Install APs as described in
the deployment plan
— Management software will sweep the environment and adjust channel and power settings to optimize the network
3Com’s Wireless Switch Manager Deployment Software Tool
17
Mobility
18
3Com Secure Converge Network
3Com Router
3Com Switch 7750/8800
3Com SuperStack 3
Switch
3Com VCX System
Wi-Fi PDA
Mobile User
Video Server
Multicast User
Mobile User
3Com Wireless Switch Manager
3Com TippingPoint
3Com AP 8250/7250
3Com AP 27503Com AP 2750
3Com AP 3750
3Com Wireless Switch
Wi-Fi Phone
Wireless Roaming
Wi-Fi Multimedia ( WMM)
19
RF Management
20
RF Management:Centralized Control of AP Environment
>Dynamic real time control of RF environment>Centralized control of AP radios, including
— Channel selection and amplification— Automatic channel assignment— Load balancing based on # of users and traffic to optimize throughput— Adjust radio power to eliminate coverage gaps, even on large networks
>Allows direct control of RF optimization— Control of all radio channels & gain
3Com Wireless Switch
21
3Com Secure Converge Network
3Com Router
3Com Switch 7750/8800
3Com SuperStack 3
Switch
Wi-Fi Phone
Wi-Fi PDA Mobile
User
Video Server
Multicast User
Mobile User
3Com Wireless Switch Manager
3Com TippingPoint
3Com AP 8250/7250
3Com AP 27503Com AP 2750
3Com AP 3750
3Com Wireless Switch
Rogue AP
22
Intrusion Detection System ( IDS )
>RF Management— Listen to all communication
— Correlate Data
>Identify — Rogue APs
— Users of rogue APs
— Ad hoc user groups
>Locate — Triangulation
— Improves with density
>Active Scan — Utilization of all radios all the time
RF Management
23
3Com Secure Converge Network
3Com Router
3Com Switch 7750/8800
3Com SuperStack 3
Switch
Wi-Fi Phone
Wi-Fi PDA Mobile
User
Video Server
Multicast User
Mobile User
3Com Wireless Switch Manager
3Com TippingPoint
3Com AP 8250/7250
3Com AP 27503Com AP 2750
3Com AP 3750
3Com Wireless Switch
Rogue AP
Rogue Detection and Containment
24
Security
25
Two Key Elements in Security Protection:Authentication & Encryption
>Authentication— Is this a valid user of your
network?
— Is this user who you think he is?
— Verify with password control & access lists
>Encryption— Wireless data is by nature
broadcast
— Scramble data to safeguard the data & network
— Need sophisticated algorithms for best protection
Valid User???Valid User???
Safeguard Data Broadcast
Safeguard Data Broadcast
Need both Authentication & Encryption for ProtectionNeed both Authentication & Encryption for Protection
27
Auto VLAN and QoS Assignment using 802.1X
RedVLAN
User ID: ?Pwd: ?
User ID: BulePWD: @#$%^
User ID: BulePWD: @#$%^
Valid UserVLAN ID: Bule VLAN
QoS Profile: Email LowP, Web LowP, Student
Records Server HighP
BuleVLAN
28
Auto VLAN Assignment using 802.1X with Wireless Access Points
RedVLAN
BuleVLAN
User ID: ?Pwd: ?
User ID: BulePWD: @#$%^
User ID: BulePWD: @#$%^
Valid UserVLAN ID: Bule VLAN
29
3Com Secure Converge Network
3Com Router
3Com Switch 7750/8800
3Com SuperStack 3
Switch
3Com VCX System
Wi-Fi Phone
Wi-Fi PDA
Video Server
Multicast User
3Com Wireless Switch Manager
3Com TippingPoint
3Com AP 8250/7250
3Com AP 27503Com AP 2750
3Com AP 3750
3Com Wireless Switch
Mobile User
IEEE 802.1x ( User name + Password )
&
Radius Authenticated Devices Access
( RADA)
30
Radius Authenticated Devices Access ( RADA )
RedVLAN
User ID: ?Pwd: ?
User ID: MAC AddressPWD: MAC Address
User ID: MAC AddressPWD: MAC AddressValid User
VLAN ID: Bule VLANQoS Profile: Email LowP,
Web LowP, Student Records Server HighP
BuleVLAN
31
What Types of Wireless Security Options Do I Have?
>OPEN— No authentication— CRC message checking— No encryption
>WEP/WEP2— Optional MAC address filtering (aka: local MAC authentication)— CRC message checking— Static shared key encryption (password)
> 40/104-bit RC4 cipher key> WEP2 adds a rotating key (e.g.: DSL or LEAP)
>WPA (ratified July 2003)— 802.1X authentication (requires EAP)— MIC/CRC message checking— TKIP (128-bit RC4 cipher rotating, 128-bit AES optional)
>802.11i (ratified June 2004)— 802.1X authentication (requires EAP)
— MIC/CRC message checking
— TKIP or AES (256-bit AES is mandatory)
Remember•Authenticate•Message Integrity Check•Encrypt
Stro
ng
er Secu
rity
32
WarChalking
33
Wireless Tools
>Types of Monitoring tools
— Stumbling
— Sniffing
— Handheld
>Hacking tools
— WEP Cracking
— ARP Spoofing
34
Netstumbler
http://www.netstumbler.com— Free
— Window based
— Very simple GUI
— GPS capable
35
Wellenreiter
http://www.remote-exploit.org — Free
— Linux based
— Supports many
wireless cards
— GPS capable
36
AirMagnet
http://www.airmagnet.com/
— Pocket PC based
37
WEP Cracking Tools
>WEPCrack
http://wepcrack.sourceforge.net/
>AirSnort
http://sourceforge.net/projects/airsnort/
>BSD-Tools dweputils
http://www.dachb0den.com/projects/dweputils.html
38
New 802.11i Security
>Addresses the main problems of WEP and Shared-Key Authentication
— Temporal Key Integrity Protocol (TKIP)
— Message Integrity Control ~ Michael
— AES Encryption replacement for RC4
— Robust Security Network (RSN)
>Require new wireless hardware
>Ratification ~ YE 2004
39
Information Security Hype Cycle
Less than two years
Two to five years
Five to 10 years
More than 10 years
Obsolete before Plateau
Key: Time to Plateau
Technology Trigger
Peak of Inflated Expectations
Trough of Disillusionment
Slope of Enlightenment
Plateau of Productivity
Maturity
Visibility
Acronym KeyVPN virtual private networkWPA Wi-Fi Protected Access
As of June 2004
All-in-One Security Appliances
Biometrics
Compliance Tools
Data-at-Rest Encryption Appliances
Deep Packet Inspection Firewalls
Digital Rights Management (enterprise)
Federated Identity
Identity Management
Instant Messaging Security
Intrusion Detection Systems
Managed Security Service Providers
Patch Management
Personal Intrusion Prevention
Public Key Operations/ Soft Tokens
Reduced Sign-On
Scan and Block
Secure Sockets Layer VPNs
Secure Sockets Layer/Trusted Link Security
Security Platforms
Security Smart Cards
Spam Filtering
Trusted Computing Group
Vulnerability Management
Web Services Security Standards
WPA Security
Hardware Tokens
40
3Com Secure Converge Network
3Com Router
3Com Switch 7750/8800
3Com SuperStack 3
Switch
3Com VCX System
Wi-Fi Phone
Wi-Fi PDA
Mobile User
Video Server
Multicast User
Mobile User
3Com Wireless Switch Manager
3Com TippingPoint
3Com AP 8250/7250
3Com AP 27503Com AP 2750
3Com AP 3750
3Com Wireless Switch
41
3Com IPS’ Primary Function – Block Malicious Traffic
TippingPoint blocks malicious traffic in the
network before it damages your company’s information
assets
DNS FTP HTTP
SNMP SMB Telnet
Web Services DMZ
IBM DB2 MS SQL
Applications
Operating Systems
Wireless
Infrastructure
External Attackers• Industrial Spies• Gov’t Spies• Terrorists• Cyber Thieves• Pranksters
Internal Attackers• Disgruntled Employees• Dishonest Employees
Valid User & Application
Traffic
Good traffic passes through
The IPS blocks malicious traffic based
on filters settings.Cisco IOS
42
3Com TippingPoint Quarantine ServiceSecure Converged Networks
>TippingPoint Intrusion Protection Systems works with 3Com switches for Quarantine Protection
>Quarantine protects endpoints and enforces policy
>Requires no software client or agent
>Protection is flexible, automatic and fast
Switch7750/5500
43
3Com Wireless Enterprise Solution
44
3Com Wireless Switch Solution
•Enterprise WLAN controller•4 Gigabit-port switch•3.6Gbps throughput•24-96 MAPs
3Com Wireless LAN Controller WX4400
•Enterprise/SMB WLAN Switch•2-port 10/100Mbps x 6-port 10/100Mbps PoE switch•200Mbps throughput•12 MAPs
3Com Wireless LAN Switch WX1200
Access Point 2750/3750
3Com Wireless Switch Manger3CWXM
Access Point 7250 & Access Point 8250
•Remote Office WLAN Switch•2-port 10/100Mbps•3 MAPs
3Com Wireless LAN Switch WXR100
45
Security Management
System
TippingPoint Product Line
50 Mbps1x10/100/1000
Copper
100 Mbps1x10/100/1000
Copper
200 Mbps2x10/100/1000
Copper
400 Mbps4x10/100/1000Copper/Fiber
1.2 Gbps4x10/100/1000Copper/Fiber
2.0 Gbps4x10/100/1000Copper/Fiber
5.0 Gbps4x10/100/1000Copper/Fiber
Wire Speed IPS
46
3Com 802.11 Client
>802.11 a/b/g PC Card & PCI
>XJACK® dual band antenna (PC Card)— Power management build into XJACK
>USB Adapter
>Wireless 11g Travel Router
>Wireless Print ServerPC Card
PCI Card
USB Adapter
OC 11g Travel Router OC 11g Print
server