© 2009 Pearson Education, Inc. Publishing as Prentice Hall Wireless LANs (WLANs)

Wireless LANs (WLANs) Wireless LAN Technology – is the dominant WLAN technology today –Standardized by the Working Group –Popularly known as Wi-Fi

Wireless LANs (WLANs) Wireless hosts connect by radio to access points Wireless hosts connect by radio to access points

Wireless Access Points and NICs

Wireless LANs (WLANs) WLANs usually supplement wired LANs instead of replacing them. The access point connects wireless users to the firm’s main wired LAN (Ethernet) WLANs usually supplement wired LANs instead of replacing them. The access point connects wireless users to the firm’s main wired LAN (Ethernet) This gives the mobile client access to the servers on the wired LAN and the firm’s router for Internet access This gives the mobile client access to the servers on the wired LAN and the firm’s router for Internet access 1

Wireless LANs (WLANs) Transmission speed: up to 300 Mbps but usually 10 Mbps to 100 Mbps. Distances between station and access point: 30 to 100 meters. Transmission speed: up to 300 Mbps but usually 10 Mbps to 100 Mbps. Distances between station and access point: 30 to 100 meters.

5-7 Recap of Radio Propagation Concepts Frequency –Radio waves are measured in terms of frequency –Measured in hertz (Hz)—the number of complete cycles per second Most Common Frequency Range for WLANs: –High megahertz to low gigahertz range

5-8 The Frequency Spectrum, Service Bands, and Channels

5-9 Channel Bandwidth and Speed Channel Bandwidth –Channel bandwidth is the highest frequency in a channel minus the lowest frequency –An 88.0 MHz to 88.2 MHz channel has a bandwidth of 0.2 MHz (200 kHz)

5-10 Channel Bandwidth Speed Broadband and Narrowband Channels –Broadband means wide channel bandwidth and therefore high speed –Narrowband means narrow channel bandwidth and therefore low speed –Today, any speed, whether in channels or not, is called narrowband or broadband Narrowband is below 200 kbps Broadband is above 200 kbps

5-11 Licensed and Unlicensed Bands Licensed Radio Bands –If two nearby radio hosts transmit in the same channel, their signals will interfere –Most radio bands are licensed bands, in which hosts need a license to transmit –The government limits licenses to avoid interference –Television bands, AM radio bands, etc., are licensed –In cellular telephone bands, which are licensed, only the central transceivers are licensed, not the mobile phones

5-12 Licensed and Unlicensed Bands Unlicensed Radio Bands –Some service bands are set aside as unlicensed bands –Hosts do not need to be licensed to be turned on or moved – operates in unlicensed radio bands –This allows access points and hosts to be moved freely

in the 2.4 GHz and 5 GHz Unlicensed Bands The 2.4 GHz Unlicensed Band –Defined the same in almost all countries (2.400 GHz to GHz) –This sameness reduces radio costs –Propagation characteristics are good –For 20 MHz channels, only three nonoverlapping channels are possible Channels 1, 6, and 11

5-14 Mutual Interference in the 2.4 GHz Unlicensed Band If two nearby access points operate on the same channel, the access points and their stations will interfere with each other

in the 2.4 GHz and 5 GHz Unlicensed Bands The 5 GHz Unlicensed Band –Radios in the 5 GHz band are expensive because frequencies in different countries are different and because higher-frequency technology is more expensive than lower-frequency technology –Also, smaller market sales mean more expensive devices –Shorter propagation distance than in the 2.4 GHz band because of greater absorptive attenuation at higher frequencies –Deader shadow zones because of higher frequencies

in the 2.4 GHz and 5 GHz Unlicensed Bands The 5 GHz Unlicensed Band –More bandwidth than in the 2.4 GHz band, so between 11 and 24 non-overlapping channels –Allows many nearby access points to operate on non- overlapping channels –Or, some access points can operate on two channels They serve some clients with one channel, some with the other This allows them to serve more clients with good throughput

5-17 Spread Spectrum Transmission Methods Early spread spectrum products used one of two slow methods. In frequency hopping spread spectrum, the signal was kept narrow, but it hopped around in frequency every two or three frames. In direct sequence spread spectrum, the signal is spread over The entire spread spectrum band. Both have technical limits and all newer standards use a different type of spread spectrum transmission.

5-18 Spread Spectrum Transmission Methods Newer standards use OFDM: Orthogonal Frequency Division Multiplexing. OFDM divides the entire channel into smaller subcarriers (subchannels). It sends part of the signal in each subcarrier. Information is sent redundantly among the subcarriers, so the whole message will get through even if some subcarriers are bad Using smaller channels gives more precise signal spreading than spreading the signal over the entire channel. This in turn allows much faster transmission speeds.

5-19 Typical Wireless LAN Operation with Wireless Access Points and have different frames 1. The access point receives an frame carrying the packet 2. The access point removes the packet, places the packet into an frame and passes the frame on to the Ethernet switch 3. The Ethernet switch sends the frame to the server.

5-20 Hosts and Access Points Transmit in a Single Channel The access point and all the hosts it serves transmit in a single channel If two devices transmit at the same time, their signals will collide, becoming unreadable Media access control (MAC) methods govern when a device may transmit; It only lets one device transmit at a time

5-21 CSMA/CA+ACK in Wireless LANs CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) –Sender listens for traffic 1. If there is traffic, the sender waits 2. If there is no traffic: –2a. If there has been no traffic for less than a present amount of time, waits a random amount of time, then returns to Step 1. –2b, If there has been no traffic for more than a preset amount of time, sends without waiting –This avoids collision that would result if hosts could transmit as soon as one host finishes transmitting Box

5-22 CSMA/CA+ACK in Wireless LANs ACK (Acknowledgement) –Receiver immediately sends back an acknowledgement If sender does not receive the acknowledgement, retransmits using CSMA –CSMA/CA plus ACK is a reliable protocol CSMA/CA+ACK must be reliable because radio transmission is unreliable Box

5-23 Request to Send/Clear to Send

5-24 Specific Wireless LAN Standards Characteristic a802.11b802.11g802.11n802.11ac Spread Spectrum Method, etc. FHSSOFDMDSSSOFDMOFDM + MIMO Unlicensed Band 2.4 GHz 5 GHz 2.4 GHz 2.4 GHz and 5 GHz 5 GHz only RemarksDead and gone Little market accep- tance Bloomed briefly Now obsolete Today’s dominant standard Growing rapidly

5-25 Specific Wireless LAN Standards Characteristic a802.11b802.11g802.11n802.11ac Rated Speed2 Mbps 54 Mbps 11 Mbps 54 Mbps 100 to 600 Mbps 433 Mbps to 6.93 Gbps Actual Throughput, 3 m 1 Mbps 25 Mbps 6 Mbps25 Mbps Mbps Closer to rated speed than earlier standards Actual Throughput, 30 m ?12 Mbps 6 Mbps20 Mbps 50 Mbps Mbps

5-26 Specific Wireless LAN Standards g –Obsolete today –54 Mbps rated speed with much slower throughput –Generally sufficient for Web browsing –Inexpensive –All access points support it

5-27 Specific Wireless LAN Standards n –Uses MIMO to give higher throughputs and longer transmission distances –Also uses 40 MHz channels instead of normal 20 MHz channels to further increase throughput –100 Mbps throughputs are common –Today, the dominant standard –802.11ac growing, the wave of the future.

5-28 Mesh Wireless Network In mesh wireless networks, the access points do all routing There is no need for a wired network The s standard for mesh networking is under development In mesh wireless networks, the access points do all routing There is no need for a wired network The s standard for mesh networking is under development

5-29 Smart Antenna

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Security

5-31 WLAN Security Threats Drive-By Hackers –Sit outside the corporate premises and read network traffic –Can send malicious traffic into the network –Easily done with readily available downloadable software War Drivers –Merely discover unprotected access points—become drive-by hackers only if they break in

Core Security Standards Provide Security between the Wireless Station and the Wireless Access Point –Client (and perhaps access point) authentication –Passes key to client –Subsequent encryption of messages for confidentiality Authentication Protected Communication

Core Security Standards Protection Does Not Extend Beyond Access Point –Only protects the wireless client—access point connection Protected Communication No Protection

Core Security Standards Wired Equivalent Privacy (WEP) –Initial rudimentary core security provided with in 1997 –Everyone shared the same secret encryption key, and this key could not be changed automatically –Because secret key was shared, it does not seem to be secret Users often give out freely –Key initially could be cracked in 1–2 hours; now can be cracked in 3–10 minutes using readily available software

Core Security Standards Wireless Protected Access (WPA) –The Wi-Fi Alliance Normally certifies interoperability of equipment –Certified products get to use the Wi-Fi logo Created WPA as a stop-gap core security standard in 2002 until i was finished

Core Security Standards i (WPA2) –Uses AES-CCMP with 128-bit keys for confidentiality and key management –Gold standard in core security –But companies have large installed bases of WPA- configured equipment –Now that WPA has been partially cracked, companies should upgrade to i

Security in 802.1X and PSK Modes 802.1X Mode –Uses a central authentication server for consistency –Wi-Fi Alliance calls this enterprise mode –Both WPA and i use 802.1X mode 5-37

Security in 802.1X and PSK Modes 802.1X Mode –However, with wireless transmission, protection is needed between the wireless supplicant and the access point because radio transmissions are easy to tap 5-38

5-39 WLAN Security Threats Rogue Access Points –Unauthorized access points that are set up by a department or an individual –They often fail to implement core security –This gives drive-by hackers free access to the internal network, bypassing both the border firewall and access point security –Often operate at high power, attracting many hosts to their low-security service

5-40 Evil Twin Access Point An attacker makes his or her computer act as an access point. It operates at very high power. Victim wireless clients within the victim building associate with the evil twin access point instead of with a legitimate access point within the building. An attacker makes his or her computer act as an access point. It operates at very high power. Victim wireless clients within the victim building associate with the evil twin access point instead of with a legitimate access point within the building.

5-41 Evil Twin Access Point 1. The victim sends its authentication credentials to the evil twin. 2. The evil twin passes the credentials on to the legitimate access point. 3. The legitimate access point sends back a secret key. 4. The evil twin remembers the key, then sends it to the client.

5-42 Added Wireless Protection: VPNs and VLANs Virtual Private Networks (VPNs) –VPN protection defeats evil twins because the two devices preshared a key that is never transmitted EAP Protected Communication VPN Protection Preshared VPN Key Preshared VPN Key Frustrated Evil Twin

5-43 Added Wireless Protection: VPNs and VLANs Virtual LANs (VLANs) –With VLANs, clients can only talk to some servers –Wireless clients who first come can be assigned to a VLAN in which they can only connect to a single server- an authentication server –When the client authenticates itself to the authentication server, they are taken off the restrictive VLAN Pre- Authentication VLAN Rest of the network Authentication Server