Presentation is loading. Please wait.

Presentation is loading. Please wait.

3Com Secure Converged Network ( Wireless LAN ) December 2005 >>Mr. Anusit Ratchadalertnarong

Published byAmara Mores Modified over 11 years ago

Similar presentations

Presentation on theme: "3Com Secure Converged Network ( Wireless LAN ) December 2005 >>Mr. Anusit Ratchadalertnarong"— Presentation transcript:

1 3Com Secure Converged Network ( Wireless LAN ) December 2005 >>Mr. Anusit Ratchadalertnarong Anusit_ratchadalertnarong@3com.com

2 2 Technology Forces  Miniaturization, portability, mobile power  Increasing bandwidth, wired and wireless  Convergence – data, voice, video, …  Connection and connection-less models  Virtualization – compute, storage, network  Service oriented architectures – integration

3 3 Broadband Wireless Access Evolution EDGE HSUPA CDMA 1x EV-DO CDMA 1x EV-DV GSMGPRS CDMA IS-95A CDMA 2000 1xRTT 802.11g802.11b802.11a 802.16e802.16a 802.20 Flash OFDM / Flarion MC-CDMA / Navini TD-CDMA / UMTS-TDD UMTS/ WCDMA TDMA/FDMA/SDMA / iBurst HSDPA 802.16-2004 EDGE Ph2 Mass-productionProductionPilotsConcept ETSI IEEE Proprietary

4 4 What is WiMAX? WiMAX = Worldwide Interoperability for Microwave Access  Refers to wireless technologies based on 802.16 standard  Standard designed to provide cost-effective fixed, portable, and eventually mobile broadband connectivity at speeds as fast or faster than cable/DSL for residential and T1/E1 for businesses  Fixed WiMAX applications —Residential and business connectivity where cable/DSL or fiber not available —Rural and suburban areas of developed countries and developing countries  Mobile WiMAX applications —“Personal broadband” experience for consumer —Urban areas become “MetroZones” for broadband access everywhere

5 5 Broadband Wireless “Sweet Spot”

6 6 WiMAX Network Models & Time Frames Fixed Outdoor Backhaul Wi-Fi Hotspot Access 2005Portable 2006Mobile 2007/8+ Metrozone Enterprise Campus Piconet Fixed Indoor Mobile

7 7 Measuring points: Very good radio reception +/-0 to -85 dBm Sufficient radio reception -85 to -100 dBm Poor or no radio reception < -100 dBm 1 km 0,5 km 1 km 1,7 km WiMAX Technology Overview

8 8 Broadband Wireless Access Evolution EDGE HSUPA CDMA 1x EV-DO CDMA 1x EV-DV GSMGPRS CDMA IS-95A CDMA 2000 1xRTT 802.11g802.11b802.11a 802.16e802.16a 802.20 Flash OFDM / Flarion MC-CDMA / Navini TD-CDMA / UMTS-TDD UMTS/ WCDMA TDMA/FDMA/SDMA / iBurst HSDPA 802.16-2004 EDGE Ph2 Mass-productionProductionPilotsConcept ETSI IEEE Proprietary

9 9 Choose Your 802.11 Flavor with No Limit to Your Security Preference 802.11a802.11b802.11g Standard Ratified 200219992003 Radio Band 5GHz2.4GHz Data Rates Up to 54MbpsUp to 11MbpsUp to 54Mbps Coverage Area Up to 50 MetersUp to 100 Meters Pros  Less potential for interference  Good support for multimedia apps and densely populated user environments  Large installed base  Compatible with 802.11b  High data rates and broad coverage area Cons  Requires hardware upgrade  Less coverage area  Slower data rate  Interference in 2.4GHz band

10 10 More Channels Avoids Interference 802.11b/g 802.11a/g 1 3 3 3 2 22 1 1 1 1 1 1 1 1 1 1 1 1 33 2 2 2 3 3 3 3 3 3 3 2 2 2 222 2nd Ring 1 st Ring Distance to Center Cell: —16 non-overlapping channels and 408.5MHz of spectrum at 2.4 and 5GHz makes it possible to set up networks without co-channel interference for enterprises, public hot spots, and other large installations —3 non-overlapping channels and 83.5MHz of spectrum at 2.4GHz make co-channel interference and performance degradation inevitable 12 3 5 7 2 46 10 5 8 14 11 8 10 13 4 10 76 4 13 8 1 15 6 9 10 16 14 3 12 13 153 9 1 1 3rd Ring

11 11 802.11X Standards WLAN Systems  802.11a5GHz System, 54 Mbps  802.11b2.4GHz System, 11 Mbps  802.11g2.4GHz System, 54 Mbps WLAN Enhancements  802.11cMAC Routing (moved to 802.1c)  802.11dCountry compatibility (roaming) for 802.11b  802.11eEnhanced MAC for QoS  802.11fInter Access Point Protocol  802.11hChannel Selection and Transmit Power for 802.11a  802.11iSecure MAC  802.11jChannel Selection for Japan  802.11kClient feedback  802.11nHigh speed  802.11rRoaming  802.11sDefines a MAC and PHY for meshed networks  802.1XAuthentication

12 12 WLAN Deployment Considerations  Site planning —Coverage and Capacity  Mobility —Roaming & User management  RF Management —Rogue detection —Power & Channel management  Security —Authentication & Encryption  Network Management  Network Extension

13 13 3Com Secure Converge Network 3Com Router 3Com Switch 7750/8800 3Com SuperStack 3 Switch 3Com VCX System Wi-Fi Phone Wi-Fi PDA Mobile User Video Server Multicast User Mobile User 3Com TippingPoint 3Com AP 8250/7250 3Com AP 2750 3Com AP 3750 Wireless Switch Corporate Network 802.11 a/b/g Antenna Encryption Mobile IP, IPSec, Certs 802.1X, TKIP, 802.11e, 802.11f, 802.11h Site SurveysPer-user Firewall Self-HealingRF Management Rogue Wireless Protection ‘Fit’ APs More Managed Wireless Solutions Corporate Network Layer 2 Switch 802.11 a/b/g Mobile IP, IPSec, Certs 802.1X, TKIP, 802.11e, 802.11f, 802.11h Antenna Encryption ‘Fat’ APs TraditionalWireless Switching Lower Cost APs

14 14 Site Planning

15 15 3Com Secure Converge Network 3Com Router 3Com Switch 7750/8800 3Com SuperStack 3 Switch 3Com VCX System Wi-Fi Phone Wi-Fi PDA Mobile User Video Server Multicast User Mobile User 3Com Wireless Switch Manager 3Com TippingPoint 3Com AP 8250/7250 3Com AP 2750 3Com AP 3750 3Com Wireless Switch

16 16 Easy and Powerful Site Planning  Plan and Configure —Enter building plans, including walls & wall materials —Result:  AP location recommendations for coverage pattern —Predictive modeling capabilities allow user to try different scenarios  Deploy and Manage —Install APs as described in the deployment plan —Management software will sweep the environment and adjust channel and power settings to optimize the network 3Com’s Wireless Switch Manager Deployment Software Tool

17 17 Mobility

18 18 3Com Secure Converge Network 3Com Router 3Com Switch 7750/8800 3Com SuperStack 3 Switch 3Com VCX System Wi-Fi PDA Mobile User Video Server Multicast User Mobile User 3Com Wireless Switch Manager 3Com TippingPoint 3Com AP 8250/7250 3Com AP 2750 3Com AP 3750 3Com Wireless Switch Wi-Fi Phone Wireless Roaming Wi-Fi Multimedia ( WMM)

19 19 RF Management

20 20 RF Management: Centralized Control of AP Environment  Dynamic real time control of RF environment  Centralized control of AP radios, including —Channel selection and amplification —Automatic channel assignment —Load balancing based on # of users and traffic to optimize throughput —Adjust radio power to eliminate coverage gaps, even on large networks  Allows direct control of RF optimization —Control of all radio channels & gain 3Com Wireless Switch

21 21 3Com Secure Converge Network 3Com Router 3Com Switch 7750/8800 3Com SuperStack 3 Switch Wi-Fi Phone Wi-Fi PDA Mobile User Video Server Multicast User Mobile User 3Com Wireless Switch Manager 3Com TippingPoint 3Com AP 8250/7250 3Com AP 2750 3Com AP 3750 3Com Wireless Switch Rogue AP

22 22 Intrusion Detection System ( IDS )  RF Management —Listen to all communication —Correlate Data  Identify —Rogue APs —Users of rogue APs —Ad hoc user groups  Locate —Triangulation —Improves with density  Active Scan —Utilization of all radios all the time RF Management

23 23 3Com Secure Converge Network 3Com Router 3Com Switch 7750/8800 3Com SuperStack 3 Switch Wi-Fi Phone Wi-Fi PDA Mobile User Video Server Multicast User Mobile User 3Com Wireless Switch Manager 3Com TippingPoint 3Com AP 8250/7250 3Com AP 2750 3Com AP 3750 3Com Wireless Switch Rogue AP Rogue Detection and Containment

24 24 Security

25 25 Two Key Elements in Security Protection: Authentication & Encryption  Authentication Authentication —Is this a valid user of your network? —Is this user who you think he is? —Verify with password control & access lists  Encryption Encryption —Wireless data is by nature broadcast —Scramble data to safeguard the data & network —Need sophisticated algorithms for best protection Valid User??? Safeguard Data Broadcast Safeguard Data Broadcast Need both Authentication & Encryption for Protection

26 26 What Types of Authentication are There?  Authenticate to prove user identity —802.11 Authentication  Shared key based (password)  Happens before Access Point association  Open system (no authentication)  MAC address filtering (aka: local MAC authentication)  Shared key (encrypted challenge with WEP key) —802.1X Authentication  Certificate based  Happens after Access Point association  Uses Extended Authentication Protocol (EAP)  Offers full suite of secure authentication protocols –LEAP, PEAP, EAP-TLS, EAP-TTLS,  Much better than 802.11 authentication

27 27 Auto VLAN and QoS Assignment using 802.1X Red VLAN User ID: ? Pwd: ? User ID: Bule PWD: @#$%^ User ID: Bule PWD: @#$%^ Valid User VLAN ID: Bule VLAN QoS Profile: Email LowP, Web LowP, Student Records Server HighP Bule VLAN

28 28 Auto VLAN Assignment using 802.1X with Wireless Access Points Red VLAN Bule VLAN User ID: ? Pwd: ? User ID: Bule PWD: @#$%^ User ID: Bule PWD: @#$%^ Valid User VLAN ID: Bule VLAN

29 29 3Com Secure Converge Network 3Com Router 3Com Switch 7750/8800 3Com SuperStack 3 Switch 3Com VCX System Wi-Fi Phone Wi-Fi PDA Video Server Multicast User 3Com Wireless Switch Manager 3Com TippingPoint 3Com AP 8250/7250 3Com AP 2750 3Com AP 3750 3Com Wireless Switch Mobile User IEEE 802.1x ( User name + Password ) & Radius Authenticated Devices Access ( RADA)

30 30 Radius Authenticated Devices Access ( RADA ) Red VLAN User ID: ? Pwd: ? User ID: MAC Address PWD: MAC Address User ID: MAC Address PWD: MAC Address Valid User VLAN ID: Bule VLAN QoS Profile: Email LowP, Web LowP, Student Records Server HighP Bule VLAN

31 31 What Types of Wireless Security Options Do I Have?  OPEN —No authentication —CRC message checking —No encryption  WEP/WEP2 —Optional MAC address filtering (aka: local MAC authentication) —CRC message checking —Static shared key encryption (password)  40/104-bit RC4 cipher key  WEP2 adds a rotating key (e.g.: DSL or LEAP)  WPA (ratified July 2003) —802.1X authentication (requires EAP) —MIC/CRC message checking —TKIP (128-bit RC4 cipher rotating, 128-bit AES optional)  802.11i (ratified June 2004) —802.1X authentication (requires EAP) —MIC/CRC message checking —TKIP or AES (256-bit AES is mandatory) Remember •Authenticate •Message Integrity Check •Encrypt Stronger Security

32 32 WarChalking

33 33 Wireless Tools  Types of Monitoring tools —Stumbling —Sniffing —Handheld  Hacking tools —WEP Cracking —ARP Spoofing

34 34 Netstumbler http://www.netstumbler.com — Free — Window based — Very simple GUI — GPS capable

35 35 Wellenreiter http://www.remote-exploit.org — Free — Linux based — Supports many wireless cards — GPS capable

36 36 AirMagnet http://www.airmagnet.com/ — Pocket PC based

37 37 WEP Cracking Tools > WEPCrack http://wepcrack.sourceforge.net/ > AirSnort http://sourceforge.net/projects/airsnort/ > BSD-Tools dweputils http://www.dachb0den.com/projects/dweputils.html

38 38 New 802.11i Security  Addresses the main problems of WEP and Shared-Key Authentication —Temporal Key Integrity Protocol (TKIP) —Message Integrity Control ~ Michael —AES Encryption replacement for RC4 —Robust Security Network (RSN)  Require new wireless hardware  Ratification ~ YE 2004

39 39 Information Security Hype Cycle Less than two years Two to five years Five to 10 years More than 10 years Obsolete before Plateau Key: Time to Plateau Technology Trigger Peak of Inflated Expectations Trough of Disillusionment Slope of Enlightenment Plateau of Productivity Maturity Visibility Acronym Key VPNvirtual private network WPAWi-Fi Protected Access As of June 2004 All-in-One Security Appliances Biometrics Compliance Tools Data-at-Rest Encryption Appliances Deep Packet Inspection Firewalls Digital Rights Management (enterprise) Federated Identity Identity Management Instant Messaging Security Intrusion Detection Systems Managed Security Service Providers Patch Management Personal Intrusion Prevention Public Key Operations/ Soft Tokens Reduced Sign-On Scan and Block Secure Sockets Layer VPNs Secure Sockets Layer/Trusted Link Security Security Platforms Security Smart Cards Spam Filtering Trusted Computing Group Vulnerability Management Web Services Security Standards WPA Security Hardware Tokens

40 40 3Com Secure Converge Network 3Com Router 3Com Switch 7750/8800 3Com SuperStack 3 Switch 3Com VCX System Wi-Fi Phone Wi-Fi PDA Mobile User Video Server Multicast User Mobile User 3Com Wireless Switch Manager 3Com TippingPoint 3Com AP 8250/7250 3Com AP 2750 3Com AP 3750 3Com Wireless Switch

41 41 3Com IPS’ Primary Function – Block Malicious Traffic TippingPoint blocks malicious traffic in the network before it damages your company’s information assets DNSFTPHTTP SNMPSMBTelnet Web Services DMZ IBM DB2MS SQL Applications Operating Systems Wireless Infrastructure External Attackers • Industrial Spies • Gov’t Spies • Terrorists • Cyber Thieves • Pranksters Internal Attackers •Disgruntled Employees •Dishonest Employees Valid User & Application Traffic Good traffic passes through The IPS blocks malicious traffic based on filters settings. Cisco IOS

42 42 3Com TippingPoint Quarantine Service Secure Converged Networks  TippingPoint Intrusion Protection Systems works with 3Com switches for Quarantine Protection  Quarantine protects endpoints and enforces policy  Requires no software client or agent  Protection is flexible, automatic and fast Switch 7750/5500

43 43 3Com Wireless Enterprise Solution

44 44 3Com Wireless Switch Solution •Enterprise WLAN controller •4 Gigabit-port switch •3.6Gbps throughput •24-96 MAPs 3Com Wireless LAN Controller WX4400 •Enterprise/SMB WLAN Switch •2-port 10/100Mbps x 6-port 10/100Mbps PoE switch •200Mbps throughput •12 MAPs 3Com Wireless LAN Switch WX1200 Access Point 2750/3750 3Com Wireless Switch Manger 3CWXM Access Point 7250 & Access Point 8250 •Remote Office WLAN Switch •2-port 10/100Mbps •3 MAPs 3Com Wireless LAN Switch WXR100

45 45 Security Management System TippingPoint Product Line 50 Mbps 1x10/100/1000 Copper 100 Mbps 1x10/100/1000 Copper 200 Mbps 2x10/100/1000 Copper 400 Mbps 4x10/100/1000 Copper/Fiber 1.2 Gbps 4x10/100/1000 Copper/Fiber 2.0 Gbps 4x10/100/1000 Copper/Fiber 5.0 Gbps 4x10/100/1000 Copper/Fiber Wire Speed IPS

46 46 3Com 802.11 Client  802.11 a/b/g PC Card & PCI  XJACK ® dual band antenna (PC Card) —Power management build into XJACK  USB Adapter  Wireless 11g Travel Router  Wireless Print Server PC Card PCI Card USB Adapter OC 11g Travel Router OC 11g Print server

Download ppt "3Com Secure Converged Network ( Wireless LAN ) December 2005 >>Mr. Anusit Ratchadalertnarong"

Similar presentations

INTRODUCTION TO Wi-Fi TECHNOLOGY.

INTRODUCTION TO Wi-Fi TECHNOLOGY.
Anatomy of an 802.11 Wi-Fi Enterprise Wireless LAN Chris De Herrera Pacific Crest Bank Chief Information Officer Webmaster, Tablet PC Talk, CEWindows.NET.

Anatomy of an Wi-Fi Enterprise Wireless LAN Chris De Herrera Pacific Crest Bank Chief Information Officer Webmaster, Tablet PC Talk, CEWindows.NET.
Wi-Fi Technology.

Wi-Fi Technology.
Is Wi-Fi Ready for This?.

Is Wi-Fi Ready for This?.
Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)

Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)
Computer Concepts – Illustrated 8th edition

Computer Concepts – Illustrated 8th edition
Introduction to the WatchGuard AP Device

Introduction to the WatchGuard AP Device
Chapter 14 무선 LAN (Wireless LAN).

Chapter 14 무선 LAN (Wireless LAN).
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.

© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.
1 UNIT I (Contd..) High-Speed LANs. 2 Introduction Fast Ethernet and Gigabit Ethernet Fast Ethernet and Gigabit Ethernet Fibre Channel Fibre Channel High-speed.

1 UNIT I (Contd..) High-Speed LANs. 2 Introduction Fast Ethernet and Gigabit Ethernet Fast Ethernet and Gigabit Ethernet Fibre Channel Fibre Channel High-speed.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
1 Wireless LAN --which standard to follow? Avirup Dasgupta IT Department, Jadavpur University. Guide: Utpal K. Ray 29 th June,2004 www.geocities.com/asoke_dasgupta/termpaper2.doc.

1 Wireless LAN --which standard to follow? Avirup Dasgupta IT Department, Jadavpur University. Guide: Utpal K. Ray 29 th June,2004
1 Introducing the Specifications of the Metro Ethernet Forum MEF 19 Abstract Test Suite for UNI Type 1 February 2008.

1 Introducing the Specifications of the Metro Ethernet Forum MEF 19 Abstract Test Suite for UNI Type 1 February 2008.
Joint ITU/ECA Regional Workshop on Information and Communication Technologies (ICT) Indicators Gaborone, Botswana 26-29 October 2004

Joint ITU/ECA Regional Workshop on Information and Communication Technologies (ICT) Indicators Gaborone, Botswana October 2004
Network Security.

Network Security.
Faculty of Computer Science & Engineering

Faculty of Computer Science & Engineering
A Journey into Wireless JD Chaves. 2 Introduction Wireless Wireless a. Types a. Types b. Which one to use b. Which one to use c. Security Types c. Security.

A Journey into Wireless JD Chaves. 2 Introduction Wireless Wireless a. Types a. Types b. Which one to use b. Which one to use c. Security Types c. Security.
300Mbps n Wireless Micro-size USB Adapter

300Mbps n Wireless Micro-size USB Adapter
1 Vidar Stokke Senior Engineer at the Norwegian University of Science and Technology, IT-division, Networking Programme: 1.History of wireless networks.

1 Vidar Stokke Senior Engineer at the Norwegian University of Science and Technology, IT-division, Networking Programme: 1.History of wireless networks.
ACT User Meeting June 2011. Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.

ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.

Similar presentations

Ads by Google