Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless LAN Management

Published byDrusilla Brook Porter Modified over 6 years ago

Similar presentations

Presentation on theme: "Wireless LAN Management"— Presentation transcript:

1 Wireless LAN Management
w.lilakiatsakun

2 Topics Wireless LAN fundamental Wireless LAN Solution
Link characteristic Band and spectrum IEEE architecture /channel allocation Wireless LAN Solution Adhoc / infrastructure Load balancing /Extended Service Set (Roaming) Wireless repeater /bridge Wireless LAN Management Wireless LAN security

3 Wireless Link Characteristics
Differences from wired link …. decreased signal strength: radio signal attenuates as it propagates through matter (path loss) interference from other sources: standardized wireless network frequencies (e.g., 2.4 GHz) shared by other devices (e.g., phone); devices (motors) interfere as well multipath propagation: radio signal reflects off objects ground, arriving ad destination at slightly different times Transmission over wireless link induces loss and error more often

4 Wireless network characteristics
B C A B C A’s signal strength space C’s signal Hidden terminal problem B, A hear each other B, C hear each other A, C can not hear each other means A, C unaware of their interference at B Signal fading: B, A hear each other B, C hear each other A, C can not hear each other interfering at B

5 Unlicensed Spectrum ISM stands for Industrial Scientific and Medical
Implementing ISM bands is different for countries Band FCC-Freq.(us) ETSI-Freq.(Eu) Main Use ISM-900 MHz MHz Food Process ISM-2.4 GHz GHz Microwave Oven ISM-5.8 GHz GHz Medical Scanner

6 ISM Band Only ISM-2.4 band is available for every country
Microwave oven Medical equipment Communication e.g. wireless LAN, Bluetooth But, it is too crowded Communication use “Spread Spectrum” to avoid interference

7 IEEE 802.11 Wireless LAN 802.11b 2.4 GHz unlicensed radio spectrum
Using CCK (Complementary Code Keying) to improve data rate Backward compatible with DSSS system Not compatible with FHSS system Max. at 11 Mbps - Theoretical max capacity (raw data rate) Max data rate is only 6 Mbps. (only short range and no interference)

8 IEEE Wireless LAN 802.11a 5 GHz range ,OFDM up to 54 Mbps (31 Mbps – Real throughput) 802.11g 2.4 GHz range - CCK-OFDM backward compatible with IEEE b All use CSMA/CA for multiple access

9 Wireless LAN standards

10 802.11 LAN architecture wireless host communicates with base station
Internet wireless host communicates with base station base station = access point (AP) Basic Service Set (BSS) (aka “cell”) in infrastructure mode contains: wireless hosts access point (AP): base station ad hoc mode: hosts only AP hub, switch or router AP BSS 1 BSS 2

11 IEEE : multiple access avoid collisions: 2+ nodes transmitting at same time 802.11: CSMA - sense before transmitting don’t collide with ongoing transmission by other node 802.11: no collision detection! difficult to receive (sense collisions) when transmitting due to weak received signals (fading) can’t sense all collisions in any case: hidden terminal, fading goal: avoid collisions: CSMA/C(ollision)A(voidance)

12 IEEE 802.11 MAC Protocol: CSMA/CA
sender 1 if sense channel idle for DIFS then transmit entire frame (no CD) 2 if sense channel busy then start random backoff time timer counts down while channel idle transmit when timer expires if no ACK, increase random backoff interval, repeat 2 receiver - if frame received OK return ACK after SIFS sender receiver DIFS data SIFS ACK

13 Avoiding collisions (more)
idea: allow sender to “reserve” channel rather than random access of data frames: avoid collisions of long data frames sender first transmits small request-to-send (RTS) packets to BS using CSMA RTSs may still collide with each other (but they’re short) BS broadcasts clear-to-send CTS in response to RTS CTS heard by all nodes sender transmits data frame other stations defer transmissions Avoid data frame collisions completely using small reservation packets!

14 Collision Avoidance: RTS-CTS exchange
B AP RTS(A) RTS(B) reservation collision RTS(A) CTS(A) DATA (A) ACK(A) defer time

15 Channel partitioning in wireless LAN
With DSSS modulation technique, bandwidth used for one channel is 22 Mbps In 2.4 GHz band , bandwidth is only 83 MHz available So, we need 5 channel space for non-overlapping channel Avoiding interference between each other Consider in frequency reuse and capacity increment

16

17 Channel Allocation

18 Relationship between Data rate and signal strength

19 802.11: Channels, association
802.11b: 2.4GHz-2.485GHz spectrum divided into 11 channels at different frequencies AP admin chooses frequency for AP interference possible: channel can be same as that chosen by neighboring AP! host: must associate with an AP scans channels, listening for beacon frames containing AP’s name (SSID) and MAC address selects AP to associate with may perform authentication

20 Interferences in wireless LAN
Microwave oven – 2450 MHz (1000 watts) Around channel 7-10 Bluetooth device (0.01 W) Cordless Phone Toys and etc Use Network Strumbler to show signal / noise ratio on wireless LAN channels

21 Network Strumbler

22 Wireless Solution Adhoc Infrastructure Load balancing
Connect wireless LAN without access point Extended Service Set Extend range with wireless repeater Wireless bridge

23 Ad hoc Configuration – set as Adhoc / Peer to peer
Set BSSID and channel to use

24 Infrastructure

25 Load balancing 5 channel space
Maximum 3 access point assigned on overlapped area Channel 1 /6 /11

26 Connect wireless LAN without access point
Use a host act as gateway

27 Extended Service Set Support mobility

28 Extend range with Wireless repeater

29 Wireless bridge (Point to point link)

30 Wireless LAN Management
WLAN Management may involves three primary functions: Discovering the WLAN devices Monitoring the WLAN devices Configuring the WLAN devices

31 Discovering the WLAN devices
ICMP, SNMP, Telnet, CLI, AP Scan, RF Scan, CDP etc. are used to discover devices in your WLAN. The dedicated RF sensors that come as additional hardware components with WiFi Manager perform the RF scan and discover every element that is transmitting on the air and ensures a 100% complete discovery of WLAN devices.

32 Monitoring the WLAN devices (1/2)
Threshold monitoring: Set threshold values for key parameters and alerts you when the actual values exceed the set threshold levels. Service monitoring: Monitors the services running in the Access Points such as the web service. Performance monitoring: Monitors the WLAN devices for various parameters such as Tx/Rx traffic and utilization, datarate, channel usage, errors etc.

33 Monitoring the WLAN devices (2/2)
Trap reception: Receive trap and alert the operator Alarms: Show severity to every network failure and generates alarms -based notification: Notifies operators through when a fault occurs

34 Configuring the WLAN devices
It consists of AP configuration Firmware upgrade For management perspective, it can be done as Group management Individual

35 Access Point Configuration
AP basic configuration AP ACL configuration AP security configuration AP services configuration

36 AP basic configuration (1/2)
SSID – service set identifier for the access point Allow broadcast SSID – enable/disable AP to broadcast the SSID Allow auto channel select –enable/disable AP to auto select the channel Channel – specify the channel at which the AP operates (applicable only if allow autochannel select is NO) Name – name of the access point

37 AP basic configuration (2/2)
System Location – sysLocation value of the accesspoint System Contact – sysContact value of the access point Use DHCP – enable/disable DHCP mode in AP LAN IP –IP address of the AP (applicable only if Use DHCP is NO) Subnet Mask – mask value Gateway IP – IP address of the gateway DNS server IP – IP address of the DNS server

38 AP ACL configuration WLAN administrators can deny or allow network access to wireless clients by configuring the ACL settings in the access points. Block – prevents access to specified MAC addresses and allows others Pass through – allows only the specified MAC addresses and blocks others

39 AP Security Configuration
WEP – Encrypts data. provide WEP keys 802.1x – Enables user authentication. at least one RADIUS server is provided WPA – 802.1x + TKIP + dynamic key distributionWPA PSK Uses pre-shared key instead of RADIUS Mixed mode – Allows both WPA as well as non-WPA clients

40 AP Service Configuration
Management services such as SNMP, HTTP, Telnet, and NTP running in access points can be configured. SNMP: Enable/Disable, Read/Read-Write Community, Trap Destination/ Community, Enable Trap Notifications HTTP: Enable/Disable, HTTP Port Telnet: Enable/Disable, Telnet Port NTP: Enable/Disable, NTP Server Address

41 Wireless LAN security management (1/2)
Common attack and vulnerability The weakness in WEP & key management & user behavior Sniffing, interception and eavesdropping Spoofing and unauthorized access Network hijacking and modification Denial of Service and flooding attacks

42 Wireless LAN security management (2/2)
Security countermeasure Revisiting policy Analysis threat Implementing WEP Filtering MAC Using closed systems and Networks Securing user

43 The weakness in WEP & key management & user behavior
Several papers were published to show vulnerabilities on WEP and tools to recover encryption key AirSnort ( WEPCrack IEEE outline that the secret key used by WEP needs to be controlled by external key management Normally, key management is done by user (define 4 different secret keys) RADIUS (Remote Dial-In User Service) not use in small business or home users

44 The weakness in WEP & key management & user behavior
Users often operate the devices on default configuration SSID broadcast – turn on Default password as a secret key 3com product – comcomcom Lucent product is the last five digit of network ID

45 Sniffing, interception and eavesdropping
Sniffing is the electronic form of eavesdropping on the communications that computer have across network Wireless networks is a broadcast (shared) link Every communication across the wireless network is viewable to anyone who is listening to the network Not even need to associated with the network

46 Sniffing tools All software packages will put network card in promiscuous mode, every packet that pass its interface is captured and displayed Ethereal OmniPeek Tcpdump Ngrep

47 Spoofing and unauthorized access
Spoofing- An attacker is able to trick your network equipment into thinking that the connection is from one of allowed machines Several way to accomplish Redefine MAC address to a valid MAC address simple Registry edit for windows On unix with a simple command from root shell SMAC (software packages on windows)

48 Network hijacking and modification
Malicious user able to send message to routing devices and APs stating that their MAC address is associated with a known IP address From then on, all traffic that goes through that router (switch) destined for hijacked IP address will be handoff to the hijacker machine ARP spoof or ARP poisoning

49 Network hijacking and modification
If the attacker spoofs as the default gateway All machines trying to get to the network will connect to the attacker To get passwords and necessary information Use of rogue AP To receive authentication requests and information

50 Denial of Service and flooding attacks
One of the original DoS attacks is known as a ping flood A large number of hosts or devices to send and ICMP echo to a specified target One of possible attack would be through a massive amount of invalid or valid authentication requests. Users attempting to authenticate themselves would have difficulties in acquiring a valid session If hacker can spoof as a default gateway, it can prevent any machine from wireless network to access the wired network

51 WLAN Security countermeasure
Revisiting policy Analysis threat Implementing WEP Filtering MAC Using closed systems and Networks Securing user

52 Revisiting policy Adjust corporate security policy to accommodate wireless networks and the users who depend on them Because of wireless environment no visible connection – good authentication required Ease of capture of RF traffic – good policy should not broadcast SSID and should implement WEP Not use default name or password in operating AP devices

53 Analyzing the threat (1/2)
Identify assets and the method of accessing these from an authorized perspective Identify the likelihood that someone other than an authorized user can access the assets Identify potential damages Defacement Modification Theft Destruction of data

54 Analyzing the threat (2/2)
Identify he cost to replace, fix, or track the loss Identify security countermeasures Identify the cost in implementation of the countermeasures Hardware/software/personnel Procedures /limitations on access across the corporate structure Compare costs of securing the resources versus the cost of damage

55 Implementing WEP To protect data sniffing during session
128-bit encryption should be considered as a minimum Most APs support both 40-bit and 128-bit encryption WEP advantages All messages are encrypted so privacy is maintained Easy to implement WEP keys are user definable and unlimited

56 Implementing WEP WEP disadvantages
The RC4 encryption algorithm is a known stream cipher can be broken Once the key is changed, it needs to be informed to everyone WEP does not provide adequate WLAN security Only eliminate the curious hacker who lacks the means or desire to really hack your network WEP has to be implemented on every client as well as every AP to be effective

57 Filtering MAC To minimize the a number of attack
More practical on small networks It can be performed at the switch attached to the AP or on the AP itself MAC filtering advantages Predefined users are accepted/ filtered MAC do not get access MAC filtering disadvantages Administrative overhead- large amount of users MAC address can be reprogrammed

58 Using closed systems and networks
Turn off broadcasting SSID, use proper password (WEP) Select “close wireless system” Advantages AP does not accept unrecognized network requests Preventing Netstrumbler snooping software Easy to implement Disadvantages Administration required for new users and changes

59 Securing users Educate the users to the threats and where they are at risk How proper password is set ? Provide policies that enable them to successfully secure themselves Change password on regular interval At least password length Create policies that secure user behind the scenes Filtering traffic

60 Securing users Some of the rule sets that should be in place with the respect to wireless No rogue access point Inventory all wireless cards and their corresponding MAC address No antennas without administrative consent Strong password on wireless network devices

61 Other methods VPN WEP + RADIUS WPA2 (Wi-Fi Protected Access)
WPA + RADIUS 802.1x EAP-MD5, LEAP (cisco), EAP-TLS, EAP-TTLS MAC +WPA + RADIUS Mahanakorn solution Web recommendation

62 802.11i The 802.11i architecture contains the following components:
Known As WPA2 and also called RSN (Robust Security Network). 802.11i makes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher The i architecture contains the following components: 802.1X for authentication RSN for keeping track of associations, AES-based CCMP to provide confidentiality integrity and origin authentication.

63 802.1x (1/2) It provides an authentication mechanism to devices wishing to attach to a LAN port. Either establishing a point-to-point connection or preventing access from that port if authentication fails. It is used for most wireless access points and is based on the Extensible Authentication Protocol (EAP).

64 802.1x (2/2)

65 802.11n (new WLAN standard) To improve performance and security for WLAN Net bandwidth 248Mbps Operate both5 Ghz and 2.4Ghz band Technology changes: MIMO (Multiple input Multiple Output) Channel Bonding can simultaneously use two separate non-overlapping channels to transmit data. Frame Aggregation Backward Compatibility

Download ppt "Wireless LAN Management"

Similar presentations

Wireless LAN Management w.lilakiatsakun. Topics Wireless LAN fundamental Link characteristic Band and spectrum IEEE 802.11 architecture /channel allocation.

Wireless LAN Management w.lilakiatsakun. Topics Wireless LAN fundamental Link characteristic Band and spectrum IEEE architecture /channel allocation.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks A note on the use of these ppt slides: We’re making these slides freely available.

6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks A note on the use of these ppt slides: We’re making these slides freely available.
Overview r Ethernet r Hubs, bridges, and switches r Wireless links and LANs.

Overview r Ethernet r Hubs, bridges, and switches r Wireless links and LANs.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
20 – Collision Avoidance, 802.11 6: Wireless and Mobile Networks6-1.

20 – Collision Avoidance, : Wireless and Mobile Networks6-1.
6: Wireless and Mobile Networks6-1 Chapter 6: Wireless and Mobile Networks Background: r # wireless (mobile) phone subscribers now exceeds # wired phone.

6: Wireless and Mobile Networks6-1 Chapter 6: Wireless and Mobile Networks Background: r # wireless (mobile) phone subscribers now exceeds # wired phone.
1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may be stationary (non- mobile) or.

1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may be stationary (non- mobile) or.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
6/2/05CS118/Spring051 Chapter 6: Wireless and Mobile Networks r Cover the following sections only:  6.3: 802.11 wireless LANs  6.5: mobility management:

6/2/05CS118/Spring051 Chapter 6: Wireless and Mobile Networks r Cover the following sections only:  6.3: wireless LANs  6.5: mobility management:
5-1 Data Link Layer r Wireless Networks m Wi-Fi (Wireless LAN) Example Problems m RTS/CTS.

5-1 Data Link Layer r Wireless Networks m Wi-Fi (Wireless LAN) Example Problems m RTS/CTS.
5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.

5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.
8/7/20151 Mobile Computing COE 446 Wireless Multiple Access Tarek Sheltami KFUPM CCSE COE hthttp://faculty.kfupm.edu.sa/coe/tarek/coe446.htm Principles.

8/7/20151 Mobile Computing COE 446 Wireless Multiple Access Tarek Sheltami KFUPM CCSE COE hthttp://faculty.kfupm.edu.sa/coe/tarek/coe446.htm Principles.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Management w.lilakiatsakun. Topics Wireless LAN fundamental Wireless LAN fundamental –Link characteristic –Band and spectrum –IEEE 802.11.

Wireless LAN Management w.lilakiatsakun. Topics Wireless LAN fundamental Wireless LAN fundamental –Link characteristic –Band and spectrum –IEEE
6: Wireless and Mobile Networks6-1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may.

6: Wireless and Mobile Networks6-1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may.
Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.

Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.
Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Wireless,

Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Wireless,
6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition.

6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition.

Similar presentations

Ads by Google