Presentation is loading. Please wait.

Presentation is loading. Please wait.

CWSP Guide to Wireless Security Enterprise Wireless Hardware Security.

Similar presentations

Presentation on theme: "CWSP Guide to Wireless Security Enterprise Wireless Hardware Security."— Presentation transcript:

1 CWSP Guide to Wireless Security Enterprise Wireless Hardware Security

2 CWSP Guide to Wireless Security2 Objectives List and describe the functions of the different types of wireless LAN hardware used in an enterprise Tell how access control and protocol filtering can protect a WLAN Describe the functions of Quality of Service, handoffs, and power features of wireless networking hardware

3 CWSP Guide to Wireless Security3 Enterprise WLAN Hardware Wireless hardware –Access points –Remote wireless bridges –Wireless routers –Wireless gateways –Wireless switches –Wireless mesh routers

4 CWSP Guide to Wireless Security4 Access Point AP parts –An antenna and a radio transmitter/receiver to send and receive signals –An RJ-45 wired network interface that allows it to connect by cable to a standard wired network –Special bridging software to interface wireless devices to other devices Basic functions –Acts as the base station for the wireless network –Acts as a bridge between wireless and wired network

5 CWSP Guide to Wireless Security5 Access Point (continued) Range of an access point depends on: –Type of wireless network that is supported –Walls, doors, and other solid objects can reduce the distance the signal may travel Number of wireless clients supported varies –Theoretical: 100 clients –For light traffic: 50 clients –For heavy traffic: 20 clients

6 CWSP Guide to Wireless Security6 Remote Wireless Bridge Bridge –Connects two network segments together –Segments can use different types of physical media –Software for transmitting and receiving signals Remote wireless bridge –Wireless device designed to connect two or more wired or wireless networks –Transmits at higher power than APs –Uses a highly directional or semi-directional antenna

7 CWSP Guide to Wireless Security7 Remote Wireless Bridge (continued) Highly directional antennas –Usually concave, dish-shaped devices used for long distance, point-to-point wireless links Semi-directional antenna –Focuses the energy in one direction –Does not have the high power level of a highly directional antenna –Primarily used for short- and medium-range remote wireless bridge networks

8 CWSP Guide to Wireless Security8 Remote Wireless Bridge (continued)

9 CWSP Guide to Wireless Security9 Remote Wireless Bridge (continued) Delay spread –Minimizes the spread of the signal so that it can reach farther distances Remote wireless bridges support two types of connections –Point-to-point connections –Point-to-multipoint connections

10 CWSP Guide to Wireless Security10 Remote Wireless Bridge (continued)

11 CWSP Guide to Wireless Security11 Remote Wireless Bridge (continued)

12 CWSP Guide to Wireless Security12 Remote Wireless Bridge (continued) Remote wireless bridge modes –Access point mode Standard AP –Root mode Acts as a root bridge and can communicate only with other non-root bridges –Non-root mode Can transmit only to a root bridge –Repeater mode Extends the distance between LAN segments

13 CWSP Guide to Wireless Security13 Remote Wireless Bridge (continued)

14 CWSP Guide to Wireless Security14 Remote Wireless Bridge (continued)

15 CWSP Guide to Wireless Security15 Remote Wireless Bridge (continued) Remote wireless bridges –Cost-effective alternative to expensive leased wired options for connecting remote buildings –Distance can be up to 29 kilometers (18 miles) transmitting at 11 Mbps Or up to 40 kilometers (25 miles) transmitting at 2 Mbps

16 CWSP Guide to Wireless Security16 Wireless Router Router –Transfers packets between networks –Selects the best link (route) to send packets Wireless router –Combines an access point with a router –Typically with multiple ports Advantages –Connects multiple networks –Improves network performance –Shares single IP address

17 CWSP Guide to Wireless Security17 Wireless Router (continued)

18 CWSP Guide to Wireless Security18 Wireless Router (continued)

19 CWSP Guide to Wireless Security19 Wireless Gateway Gateway –Acts as an entrance to another network Wireless gateway –Combines an access point, router, network address translation, and other networking features Enterprise wireless gateway functions –Authentication –Encryption –Intrusion detection and malicious program protection –Bandwidth management –Centralized network management

20 CWSP Guide to Wireless Security20 Wireless Switch Switch –Joins multiple computers within one LAN –Contains more intelligence than a hub Types of switches –Unmanaged switch One of the challenges of a wireless LAN in an enterprise setting –Integrates management of wired and wireless networks vides no management capabilities of the switch –Managed switch Provides all of the features of an unmanaged switch along with enhanced management features Supports both control and monitoring of the network

21 CWSP Guide to Wireless Security21 Wireless Switch (continued) Wireless switch –Often a rack-mounted unit –Performs user authentication and encryption Thin access point (used when authentication is done by switch, instead of regular AP) –Simplified radios with a media converter for the wired network

22 CWSP Guide to Wireless Security22 Wireless Switch (continued)

23 CWSP Guide to Wireless Security23 Wireless Switch (continued) Advantages –Simplified wireless network management –Eliminates handoff procedures Disadvantages –All thin APs and wireless switches are proprietary –Thin APs do not provide true convergence of the wired and wireless networks

24 CWSP Guide to Wireless Security24 Wireless Switch (continued) IEEE 802.1v protocol –Assists the management of WLAN devices via protocol features: –Load balancing –Automatic configuration –Preserves battery life

25 CWSP Guide to Wireless Security25 Wireless Mesh Routers Limitations of connecting APs to a router via the wired network –Placement of APs is limited –APs have a limited range Mesh networks –Solve these limitations –Provide multiple paths through which data can travel –Best example: the Internet Wireless mesh network –Allows for multiple paths for wireless transmissions

26 CWSP Guide to Wireless Security26 Wireless Mesh Routers (continued)

27 CWSP Guide to Wireless Security27 Wireless Mesh Routers (continued)

28 CWSP Guide to Wireless Security28 Wireless Mesh Routers (continued) Wireless mesh network types –Ad hoc wireless mesh network Allows greater distances away from the access point Each client device can act as a relay station for signals Advantages –Decentralized network –Can decrease costs –Can also be reliable

29 CWSP Guide to Wireless Security29 Wireless Mesh Routers (continued)

30 CWSP Guide to Wireless Security30 Wireless Mesh Routers (continued) Wireless mesh network types (continued) –Backhaul wireless mesh network Connects special access points, known as wireless mesh routers –In a mesh configuration Provides alternative data paths for the backside connection to the Internet Backhaul –Connection from the routers to the Internet Used extensively in outdoor municipal WLANs Can be quickly deployed in an emergency

31 CWSP Guide to Wireless Security31 Wireless Mesh Routers (continued)

32 CWSP Guide to Wireless Security32 Wireless Mesh Routers (continued) IEEE s task group works on standards for mesh networks Over 70 different wireless mesh routing protocols –Differ in the following features: Algorithm Management data versus transmit data Number of radios

33 CWSP Guide to Wireless Security33 Hardware Security Features Features include: –Controlling access to hardware –Protocol filtering

34 CWSP Guide to Wireless Security34 Controlling Access to Hardware Access control –Restricts the user to accessing only the resources essential for the user to do his or her job –Limits access to resources based on the users identities and their membership in various groups Mandatory access control (MAC) –Most restrictive model –User is not allowed to give access to another user to use or access anything on the network –All controls are fixed in place –Typically used in military environments

35 CWSP Guide to Wireless Security35 Controlling Access to Hardware (continued) Role based access control (RBAC) –Administrator assigns permissions to a position (role) Assign users and other objects to that role Discretionary access control (DAC) –Least restrictive model –User can adjust the permissions for other users over network devices –Poses risks in that incorrect permissions may be granted or given

36 CWSP Guide to Wireless Security36 Controlling Access to Hardware (continued)

37 CWSP Guide to Wireless Security37 Protocol Filtering Filtering restricts the traffic on a network based on specific criteria Types of filtering –Address filtering –Data filtering –Protocol filtering Some access points can be configured to filter unwanted protocols –From either entering or leaving the wireless network

38 CWSP Guide to Wireless Security38 Protocol Filtering (continued)

39 CWSP Guide to Wireless Security39 Other Hardware Features Features include: –Quality of service –Fast handoff –Power features

40 CWSP Guide to Wireless Security40 Quality of Service (IEEE e) IEEE standard was intended to be fair –Not appropriate for real-time traffic Quality of Service (QoS) –Capability to prioritize different types of frames IEEE e task group has two new modes of operation for the MAC layer –Enhanced Distributed Channel Access (EDCA) –Hybrid Coordination Function Controlled Channel Access (HCCA)

41 CWSP Guide to Wireless Security41 Quality of Service (IEEE e) (continued) Enhanced Distributed Channel Access (EDCA) –Contention-based –Supports four different streams (types) of traffic Voice Video Best effort Background –Provides relative QoS but cannot guarantee its service

42 CWSP Guide to Wireless Security42 Quality of Service (IEEE e) (continued) Hybrid Coordination Function Controlled Channel Access (HCCA) –Based upon polling –Serves as a centralized scheduling mechanism Wi-Fi Multimedia (WMM) –Wi-Fi Alliances own QoS specification –Modeled after a wired network QoS prioritization scheme –Subset of IEEE e –Defines new Arbitrary Inter-frame Space Number (AIFSN) and contention window values

43 CWSP Guide to Wireless Security43 Quality of Service (IEEE e) (continued)

44 CWSP Guide to Wireless Security44 Handoffs Inter-Access Point Protocol (IAPP) (IEEE F) – standard did not specify how communications were to take place between access points –802.11F specified information that access points need to exchange to support WLAN roaming Fast Handoff (IEEE r) –VoWLAN mobile phones need fast handoff –Allows a wireless client to determine the QoS (and security) being used at a different AP Before making the transition

45 CWSP Guide to Wireless Security45 Power Features Dynamic Frequency and Power Control (IEEE h) –802.11h is designed to enable WLAN devices to share the 5 GHz spectrum –Mechanisms Dynamic frequency selection (DFS) –Switches the WLAN to another channel if necessary Transmit power control (TPC) –Designed to reduce interference –Reduces radio transmit power used by devices

46 CWSP Guide to Wireless Security46 Power Features (continued) Power over Ethernet (IEEE 802.3af) –APs are typically mounted high off the ground To reduce interference from surrounding objects –Electrical power outlets are generally not found in these locations –Power over Ethernet (PoE) Delivers direct current (DC) to the AP through the unused wires in a standard UTP Ethernet cable –End-span Ethernet switch that has embedded PoE technology

47 CWSP Guide to Wireless Security47 Power Features (continued) Power over Ethernet (IEEE 802.3af) (continued) –Failover support Has duplicate equipment alongside the main equipment –Hot standby

48 CWSP Guide to Wireless Security48 Summary Wireless hardware –Access points –Remote wireless bridges –Wireless routers –Wireless gateways –Wireless switches –Wireless mesh routers Access control limits access to resources –Based on the users identities and membership

49 CWSP Guide to Wireless Security49 Summary (continued) Some access points can be configured to filter unwanted protocols The capability to prioritize different types of frames is known as Quality of Service Inter-Access Point Protocol (used in IEEE F) sets standards for handoffs between access points –Fast handoff is based on the IEEE r standard Power management types –IEEE h standard –Power over Ethernet (IEEE 802.3af)

Download ppt "CWSP Guide to Wireless Security Enterprise Wireless Hardware Security."

Similar presentations

Ads by Google