Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless LAN Management w.lilakiatsakun. Topics Wireless LAN fundamental Link characteristic Band and spectrum IEEE 802.11 architecture /channel allocation.

Similar presentations


Presentation on theme: "Wireless LAN Management w.lilakiatsakun. Topics Wireless LAN fundamental Link characteristic Band and spectrum IEEE 802.11 architecture /channel allocation."— Presentation transcript:

1 Wireless LAN Management w.lilakiatsakun

2 Topics Wireless LAN fundamental Link characteristic Band and spectrum IEEE architecture /channel allocation Wireless LAN Solution Adhoc / infrastructure Load balancing /Extended Service Set (Roaming) Wireless repeater /bridge Wireless LAN security

3 Wireless Link Characteristics Differences from wired link …. decreased signal strength: radio signal attenuates as it propagates through matter (path loss) interference from other sources: standardized wireless network frequencies (e.g., 2.4 GHz) shared by other devices (e.g., phone); devices (motors) interfere as well multipath propagation: radio signal reflects off objects ground, arriving ad destination at slightly different times Transmission over wireless link induces loss and error more often

4 Wireless network characteristics A B C Hidden terminal problem B, A hear each other B, C hear each other A, C can not hear each other means A, C unaware of their interference at B A B C A’s signal strength space C’s signal strength Signal fading: B, A hear each other B, C hear each other A, C can not hear each other interfering at B

5 Unlicensed Spectrum ISM stands for Industrial Scientific and Medical Implementing ISM bands is different for countries BandFCC-Freq.(us)ETSI-Freq.(Eu)Main Use ISM MHz MHzFood Process ISM GHz GHzMicrowave Oven ISM GHz GHzMedical Scanner

6 ISM Band Only ISM-2.4 band is available for every country Microwave oven Medical equipment Communication e.g. wireless LAN, Bluetooth But, it is too crowded Communication use “Spread Spectrum” to avoid interference

7 IEEE Wireless LAN b 2.4 GHz unlicensed radio spectrum Using CCK (Complementary Code Keying) to improve data rate Backward compatible with DSSS system Not compatible with FHSS system Max. at 11 Mbps - Theoretical max capacity (raw data rate) Max data rate is only 6 Mbps. (only short range and no interference)

8 IEEE Wireless LAN a 5 GHz range,OFDM up to 54 Mbps (31 Mbps – Real throughput) g 2.4 GHz range - CCK-OFDM backward compatible with IEEE b up to 54 Mbps (31 Mbps – Real throughput) All use CSMA/CA for multiple access

9 Wireless LAN standards

10 LAN architecture wireless host communicates with base station base station = access point (AP) Basic Service Set (BSS) (aka “cell”) in infrastructure mode contains: wireless hosts access point (AP): base station ad hoc mode: hosts only BSS 1 BSS 2 Internet hub, switch or router AP

11 IEEE : multiple access avoid collisions: 2+ nodes transmitting at same time : CSMA - sense before transmitting don’t collide with ongoing transmission by other node : no collision detection! difficult to receive (sense collisions) when transmitting due to weak received signals (fading) can’t sense all collisions in any case: hidden terminal, fading goal: avoid collisions: CSMA/C(ollision)A(voidance)

12 IEEE MAC Protocol: CSMA/CA sender 1 if sense channel idle for DIFS then transmit entire frame (no CD) 2 if sense channel busy then start random backoff time timer counts down while channel idle transmit when timer expires if no ACK, increase random backoff interval, repeat receiver - if frame received OK return ACK after SIFS sender receiver DIFS data SIFS ACK

13 Avoiding collisions (more) idea: allow sender to “reserve” channel rather than random access of data frames: avoid collisions of long data frames sender first transmits small request-to-send (RTS) packets to BS using CSMA RTSs may still collide with each other (but they’re short) BS broadcasts clear-to-send CTS in response to RTS CTS heard by all nodes sender transmits data frame other stations defer transmissions Avoid data frame collisions completely using small reservation packets!

14 Collision Avoidance: RTS-CTS exchange AP A B time RTS(A) RTS(B) RTS(A) CTS(A) DATA (A) ACK(A) reservation collision defer

15 Channel partitioning in wireless LAN With DSSS modulation technique, bandwidth used for one channel is 22 Mbps In 2.4 GHz band, bandwidth is only 83 MHz available So, we need 5 channel space for non- overlapping channel Avoiding interference between each other Consider in frequency reuse and capacity increment

16

17 Channel Allocation

18 Relationship between Data rate and signal strength

19 802.11: Channels, association b: 2.4GHz-2.485GHz spectrum divided into 11 channels at different frequencies AP admin chooses frequency for AP interference possible: channel can be same as that chosen by neighboring AP! host: must associate with an AP scans channels, listening for beacon frames containing AP’s name (SSID) and MAC address selects AP to associate with may perform authentication

20 Interferences in wireless LAN Microwave oven – 2450 MHz (1000 watts) Around channel 7-10 Bluetooth device (0.01 W) Cordless Phone Toys and etc Use Network Strumbler to show signal / noise ratio on wireless LAN channels

21 Network Strumbler

22 Wireless Solution Adhoc Infrastructure Load balancing Connect wireless LAN without access point Extended Service Set Extend range with wireless repeater Wireless bridge

23 Ad hoc Configuration – set as Adhoc / Peer to peer Set BSSID and channel to use

24 Infrastructure

25 Load balancing 5 channel space Maximum 3 access point assigned on overlapped area Channel 1 /6 /11

26 Connect wireless LAN without access point Use a host act as gateway

27 Extended Service Set Support mobility

28 Extend range with Wireless repeater

29 Wireless bridge (Point to point link)

30 Wireless LAN security management (1/2) Common attack and vulnerability The weakness in WEP & key management & user behavior Sniffing, interception and eavesdropping Spoofing and unauthorized access Network hijacking and modification Denial of Service and flooding attacks

31 Wireless LAN security management (2/2) Security countermeasure Revisiting policy Analysis threat Implementing WEP Filtering MAC Using closed systems and Networks Securing user

32 The weakness in WEP & key management & user behavior Several papers were published to show vulnerabilities on WEP and tools to recover encryption key AirSnort (http://airsnort.shmoo.com)http://airsnort.shmoo.com WEPCrack IEEE outline that the secret key used by WEP needs to be controlled by external key management Normally, key management is done by user (define 4 different secret keys) RADIUS (Remote Dial-In User Service) not use in small business or home users

33 The weakness in WEP & key management & user behavior Users often operate the devices on default configuration SSID broadcast – turn on Default password as a secret key 3com product – comcomcom Lucent product is the last five digit of network ID

34 Sniffing, interception and eavesdropping Sniffing is the electronic form of eavesdropping on the communications that computer have across network Wireless networks is a broadcast (shared) link Every communication across the wireless network is viewable to anyone who is listening to the network Not even need to associated with the network

35 Sniffing tools All software packages will put network card in promiscuous mode, every packet that pass its interface is captured and displayed Ethereal OmniPeek Tcpdump Ngrep

36 Spoofing and unauthorized access Spoofing- An attacker is able to trick your network equipment into thinking that the connection is from one of allowed machines Several way to accomplish Redefine MAC address to a valid MAC address simple Registry edit for windows On unix with a simple command from root shell SMAC (software packages on windows)

37 Network hijacking and modification Malicious user able to send message to routing devices and APs stating that their MAC address is associated with a known IP address From then on, all traffic that goes through that router (switch) destined for hijacked IP address will be handoff to the hijacker machine ARP spoof or ARP poisoning

38 Network hijacking and modification If the attacker spoofs as the default gateway All machines trying to get to the network will connect to the attacker To get passwords and necessary information Use of rogue AP To receive authentication requests and information

39 Denial of Service and flooding attacks One of the original DoS attacks is known as a ping flood A large number of hosts or devices to send and ICMP echo to a specified target One of possible attack would be through a massive amount of invalid or valid authentication requests. Users attempting to authenticate themselves would have difficulties in acquiring a valid session If hacker can spoof as a default gateway, it can prevent any machine from wireless network to access the wired network

40 Revisiting policy Adjust corporate security policy to accommodate wireless networks and the users who depend on them, Because of wireless environment no visible connection – good authentication required Ease of capture of RF traffic – good policy should not broadcast SSID and should implement WEP Not use default name or password in operating AP devices

41 Analyzing the threat (1/2) Identify assets and the method of accessing these from an authorized perspective Identify the likelihood that someone other than an authorized user can access the assets Identify potential damages Defacement Modification Theft Destruction of data

42 Analyzing the threat (2/2) Identify he cost to replace, fix, or track the loss Identify security countermeasures Identify the cost in implementation of the countermeasures Hardware/software/personnel Procedures /limitations on access across the corporate structure Compare costs of securing the resources versus the cost of damage

43 Implementing WEP To protect data sniffing during session 128-bit encryption should be considered as a minimum Most APs support both 40-bit and 128-bit encryption WEP advantages All messages are encrypted so privacy is maintained Easy to implement WEP keys are user definable and unlimited

44 Implementing WEP WEP disadvantages The RC4 encryption algorithm is a known stream cipher can be broken Once the key is changed, it needs to be informed to everyone WEP does not provide adequate WLAN security Only eliminate the curious hacker who lacks the means or desire to really hack your network WEP has to be implemented on every client as well as every AP to be effective

45 Filtering MAC To minimize the a number of attack More practical on small networks It can be performed at the switch attached to the AP or on the AP itself MAC filtering advantages Predefined users are accepted/ filtered MAC do not get access MAC filtering advantages Administrative overhead- large amount of users MAC address can be reprogrammed

46 Using closed systems and networks Turn off broadcasting SSID, use proper password (WEP) Select “close wireless system” Advantages AP does not accept unrecognized network requests Preventing Netstrumbler snooping software Easy to implement Disadvantages Administration required for new users and changes

47 Securing users Educate the users to the threats and where they are at risk How proper password is set ? Provide policies that enable them to successfully secure themselves Change password on regular interval At least password length Create policies that secure user behind the scenes Filtering traffic

48 Securing users Some of the rule sets that should be in place with the respect to wireless No rogue access point Inventory all wireless cards and their corresponding MAC address No antennas without administrative consent Strong password on wireless network devices

49 Other methods VPN WEP + RADIUS WPA (Wi-Fi Protected Access) – IEE802.11i WPA + RADIUS 802.1x + RADIUS EAP-MD5, LEAP (cisco), EAP-TLS, EAP-TTLS MAC filtering +WEP + RADIUS Mahanakorn solution Web recommendation


Download ppt "Wireless LAN Management w.lilakiatsakun. Topics Wireless LAN fundamental Link characteristic Band and spectrum IEEE 802.11 architecture /channel allocation."

Similar presentations


Ads by Google