1. Is Teaching Wireless Networking in your Future?
Karl Dietrich – Lansing Community College
Bill Saichek – Orange Coast College

2. Thanks to the book publishers
Cengage
Sybex

3. Types of Wireless LANs
Since late 1990s, IEEE has approved five standards for wireless LANs:
IEEE
IEEE b
IEEE a
IEEE g
IEEE n

4. IEEE
Specified that wireless transmission could take place via infrared (IR) or radio signals (RF)
Operated at 1 and 2 Mbps
WG formed in 1990

5. IEEE b
standard’s 2 Mbps bandwidth not sufficient for most network applications
802.11b amendment added two higher speeds to original standard
5.5 Mbps and 11 Mbps
2.4-GHz band
Uses ISM band
Separated into 22-MHz channels
DSSS
Direct Sequence Spread Spectrum signaling

6. IEEE 802.11a Released after 802.11b 5-GHz frequency – UNII band
Not congested like 2.4-GHz band
Lower interference, requires more transmit power
Throughput
54 Mbps theoretical
11 and 18 Mbps effective
Attributable to higher frequencies and unique modulating data method
OFDM
Orthogonal Frequency Division Multiplexing

7. 802.11g Throughput 2.4-GHz frequency band 54 Mbps theoretical
20 to 25 Mbps effective
2.4-GHz frequency band
Compatible with b networks
Operates in the ISM band
Data transfer range
350 feet or 107 meters apart
Uses OFDM for transmission format
Same as a but different frequency

8. IEEE 802.11n Finally ratified in September 2009
Speed of n standard will be anywhere from 100 Mbps to 600 Mbps
600 Mbps is theoretical not there yet
Standard defines that all n devices must contain two radios

9. 802.11n 2.4-GHz or 5-GHz frequency range
Backward compatible with a, b, g standards
Compared with a, g
Same data modulation techniques
Compared with three standards
Manages frames, channels, encoding differently
Allows high throughput (HT)
Greenfield mode

10. 802.11n MIMO (Multiple Input-Multiple Output)
Multiple access point antennas may issue signal to one or more receivers
Increases network’s throughput, access point’s range
Still a one-to-one communication between devices

11. MIMO Signal Processing Techniques
Spatial Diversity: multiple redundant signals
Spatial Multiplexing creates separate data streams for each transmitting antenna
Maximal Ratio Combining can combine the signals of two antennas to increase the signal strength in a single stream
Transmit Beamforming (TxBF) allows a MIMO transmitter to focus the transmission and send in the direction of the receiving antenna

12. IEEE 802.11ac IEEE 802.ac is in now in development
Also called Gigabit Wireless (Gigabit Wifi)
IEEE ac will be a game changer

13. IEEE 802.11ac Some of the 802.11ac technologies include:
Spectrum: will operate in the less-crowded 5 GHz spectrum and not support 2.4 GHz
Roughly 8 times as many channels as 2.4 GHz
Increased channel bandwidth: uses channel bandwidths up to 80 MHz
Error correction coding: stronger processors can handle more internal instruction code
Beam forming: Transmit Beamforming (TxBF) is optional with n but will be standard for all ac devices

14. IEEE ac
A MU-MIMO device can transmit to multiple sources at the same time and it can transmit different data to each end source
From Tech Republic – Cheat sheet: What you need to know about ac By Michael Kassner June 18, 2013

15. IEEE 802.11ac Is there a downside to 802.11ac
There will be a significantly smaller coverage area
The 5 GHz range won’t go as far
Attenuation is directly proportional to the frequency
Will need multiple access points in large homes and buildings
802.11ac on the Horizon; Will You Be Ready? Posted on February 25, 2013 by Nick McLain

16. Access Points Autonomous Access Points Lightweight Access Points
Also called fat access points
These are quickly becoming obsolete with very limited usage
Lightweight Access Points
Also called thin access points
Does not contain management and configuration functions
Management features are contained in a central device called wireless LAN controller

17. Wireless LAN Controller
WLAN controller: used to manage devices from a central location
Devices are proprietary – all lightweight APs and WLCs must be from the same vendor
Cloud management: connecting wireless devices together using the Internet in order to remotely manage them
Because devices can be managed remotely there is no need for multiple support teams for each location

18. Access Points - PoE Power over Ethernet (PoE) PoE+ or PoE Plus
Power delivered to AP through unused wires in standard unshielded twisted pair (UTP) Ethernet cable
IEEE 802.3af – up to 15.4 watts
Only watts of power is used
PoE+ or PoE Plus
IEEE 802.3at – up to 25.5 watts
Multiple radio APs need additional power

19. Radio Signal Characteristics
Wavelength
Frequency
Amplitude
Phase
The higher the frequency the smaller the wavelength
Phase is measured in distance, time, or degrees

20. Wavelength Wavelength Distance between the wave’s peaks
Can also be measured from anywhere in the wave as long as it is at the same point in each cycle

21. Frequency Frequency: Rate at which an event occurs
Number of times that a wave completes a cycle within a given amount of time
When wave completes trip and returns back to starting point it has finished one cycle

22. Amplitude Amplitude: the magnitude of change of the wave
Is measured by how high or how deep the wave is
Is essentially a measure of the strength of an electromagnetic wave’s signal

23. Phase
Phase: the relationship between at least two signals that share the same frequency yet have different starting points

24. Analog vs. Digital Transmissions
Analog signals are continuous
Digital signals are discrete
WLANs use digital transmissions
Analog signal
Digital signal

25. RF Modulation
In order for an electromagnetic wave to transmit information it must be modified
Three types of modulations enable carrier signals to carry information
Amplitude modulation - Height of the signal
Frequency modulation – Frequency of the signal
Phase modulation – change the starting point of the signal

26. Amplitude-Shift Keying (ASK)

27. Frequency-Shift Keying (FSK)

28. Phase-Shift Keying (PSK)

30. Radio Frequency Behavior: Loss
Loss: Negative difference in amplitude between signals
Attenuation: loss of signal strength due to wave propagation and multipath
Propagation behaviors
FSPL - Natural loss of signal strength through space

31. Wave Propagation Loss Reflection Refraction Scattering Diffraction
Absorption

32. Amplification
Gain: Positive difference in amplitude between two signals
Technically, gain is measure of amplification
Power – a constant measured in mW (milliwatts)
Gain/Loss – a relative figure measured in dB
Combined to become dBm
Active Gain
Intentionally boosting the signal
Passive Gain
Using the antenna to strengthen the signal

33. Types of Antennas Three basic categories of antennas:
Omnidirectional
Semidirectional
Highly directional
Each category includes multiple types, each with different characteristics

34. Omni-directional rod antenna
Dipole Antenna

36. How is the data prepared for transmission
Segments to Packets to Frames
Frames are dependent upon the standard being used to send the data
Wired vs. Wireless
Each wireless standard frames the data differently
Are they compatible?

37. Our old friend the OSI Model

38. IEEE 802.11 Physical Layer Standards
Data Link sublayers

39. IEEE 802.11 Physical Layer Standards
PHY sublayers

40. MAC Frame Formats
SDUs and PDUs

41. MAC Frame Formats – n
A-MSDU and A-MPDU

42. MAC Frame Types Three categories of MAC frame types Management Frames
Used to manage access to wireless networks and to move associations between APs
Control Frames
Used to assist with the delivery of data frames
Data Frames
The actual carriers of application level data

43. WLAN Service Sets
Service set: all of the devices that are associated with an WLAN
Three different WLAN service set configurations:
Basic service set
Extended service set
Independent basic service set

44. Basic Service Set Basic Service Set – BSS
One AP with one or more client stations
Infrastructure Mode
Service Set Identifier – SSID
A logical name used to identify an wireless network
Comparable to a Windows Workgroup name
Up to 32 characters and is case sensitive

45. Basic Service Set Basic Service Area (BSA)
The physical area of coverage provided by an access point in a BSS
Power settings affect the coverage area

46. Extended Service Set Extended Service Set (ESS)
One or more BSSs connected by a distribution system medium
An overlap of 15 to 25% is needed to achieve seamless roaming between cells

47. Independent Basic Service Set
Independent Basic Service Set (IBSS): Wireless network that does not use an AP
Peer-to-peer or ad hoc mode

48. MAC Operations MAC layer WLAN functions: Discovering a WLAN
Joining the WLAN
Transmitting on a WLAN
Remaining connected to WLAN

49. Discovering the WLAN: Scanning
Two types of scanning
Passive scanning - Wireless device simply listens for beacon frame. The station will determine the AP with the best signal (RSSI)
Active scanning - Wireless device first sends out a management probe request frame then waits for probe response frame
The difference between passive scanning and active scanning is which device initiates the discovery

50. Joining the WLAN: Authentication and Association
Once a wireless device discovers the WLAN, it next requests to join the network
Authentication
Association
A client must authenticate before it can associate

51. Joining the WLAN: Authentication
The original standard defined two types of authentication:
Open System Authentication
Device sends an association request to an AP
AP responds with an association response frame
A “virtual handshake” between the AP and the client
Shared Key Authentication
STA must get permission from the AP to join the WLAN
“hitech13” for example

52. Joining the WLAN: Association
Association: Accepting a wireless device into a wireless network
Final step to join WLAN
The STA can send data through the AP and on to the distribution system
Roaming: Moving from one AP to another
The decision to roam is made by the STA
Determined by the signal strength, noise level, and bit-error rate
A STA can be authenticated to multiple APs but associated to only one

53. Roaming – Reassociation Deassociation - Deauthentication
Occurs when a STA roams to another AP within the same ESS
Disassociation
Device drops connection with one AP and establishes connection with another
The new AP will then send a disassociate frame to the old access point
Reassociation is always initiated by the STA
Disassociation is handled by the AP

54. Connectivity Steps Windows connection process:
Scan for wireless networks
Choose an access point
Authenticate with the access point
Associate with the access point
Obtain an IP address

55. Transmitting on the WLAN
DCF is the mandatory access method for the standard
The coordination of access to the WM is distributed among the wireless stations
CSMA/CD cannot be used on wireless networks
CSMA/CA is used on wireless networks
(Virtual) Carrier Sense is the process of checking to see if the medium is in use
The NAV timer must count down to zero before the device can transmit on the medium – Slot Time

56. System Throughput
Acknowledgment frame (ACK): Sent by receiving device to sending device to confirm data frame arrived intact
The mortal enemy of WLAN performance is retransmissions of data frames
If an ACK frame is not received by the original transmitting radio, the unicast frame is NOT acknowledged and will have to be retransmitted
IEEE n adds a feature known as block acknowledgment

57. Specialized Tools
Spectrum Analyzers: Scans RF spectrum and provides graphical display of results
Typically measure signal-to-noise ratio
The noise floor can corrupt actual data
Helpful in identifying interference problems
Thus, helps properly position/orient AP
A mandatory tool for performing site surveys

58. Spectrum Analyzer Output
USB spectrum analyzer output

59. Specialized Tools
Protocol Analyzers: Can be used to pick up packets being transmitted by other WLANs in area
Also called a packet sniffer
Common uses of protocol analyzers:
Network troubleshooting
Fine-tune the network and manage bandwidth

60. Protocol analyzer output

61. What is Information Security?
Information security: Task of securing digital information
Ensures protective measures properly implemented
Protects confidentiality, integrity, and availability (CIA) on the devices that store, manipulate, and transmit the information through products, people, and procedures

62. Security Principles: What is Information Security?
Three more terms you need to know
Authentication
The verification of user/device identity
Authorization
Granting access to network resources
Accounting
Tracking the use of network resources by users

63. Five Basic Attacks Used by Hackers with Moderate Cracking Skills
Wireless network discovery
Wi-Fi finders
Probe requests
Unauthorized access
Rogue Access Point
MAC address spoofing

64. Five Basic Attacks Used by Hackers with Moderate Cracking Skills
Denial of Service
RF Jamming
Data Flooding
Hijacking
Exploiting security feature weaknesses
WEP/Social Engineering/Remote Administration
Remote administration must be disabled
Eavesdropping
War Driving/Net Stumbler
Man-in-the-Middle/Evil Twin

65. Legacy 802.11 Security Protections
The original IEEE standard defined three security mechanisms
SSID cloaking or hiding
MAC address filtering
WEP – Wired Equivalent Privacy
IEEE standard’s security mechanisms for wireless networks have fallen well short of their goal

66. Vulnerabilities – SSID Hiding
Some users configure their APs to prevent the beacon frame from including the SSID
Known as SSID hiding
Easy to discover through Active Scanning and other tools that are freely available
If an attacker cannot capture an initial negotiation process, can force one to occur
Many users do not change the default SSID, an attacker can try using default SSIDs

67. MAC Address Filtering
MAC address filtering considered to be a basic means of controlling access
Requires pre-approved authentication
Difficult to provide temporary access for “guest” devices
Managing the number of MAC addresses in a medium to large sized wireless network can be challenging
MAC addresses can be “spoofed” or substituted – easily downloadable programs

68. IEEE Authentication
Wireless authentication requires the wireless device and NOT the individual user to be authenticated prior to being connected to the network – major BYOD issues
Two methods of authentication:
Open System Authentication
Only need SSID to connect
No true authentication occurs
Shared Key Authentication
Key installed manually on devices
Key can be discovered by examining the devices

69. Wired Equivalent Privacy (WEP)
Guard the confidentiality of information
Ensure only authorized parties can view it
Used in IEEE to encrypt wireless transmissions
Current WEP cracking tools can crack a WEP code in less than 5 minutes

70. WEP Vulnerabilities
WEP implementation violates cardinal rule of cryptography
Creates detectable pattern for attackers
APs end up repeating IVs - cleartext
Generating a keystream using the PRNG is based on the RC4 cipher algorithm
Stream Cipher
PRNG does not create true random number

71. Wi-Fi Protected Access (WPA)
Two modes of WPA
WPA Personal
Designed for individuals or small office-home office settings
WPA Enterprise
Intended for large enterprises, schools, and government agencies
Temporal Key Integrity Protocol (TKIP): Replaces WEP’s encryption key with 128-bit per-packet key

72. WiFi Alliance – WPA2 WPA2 was introduced in September 2004
Based on the final IEEE i standard
Two modes
WPA2 Personal – individuals and SOHOs
WPA2 Enterprise – larger enterprises
WPA2 also addresses both encryption and authentication
Uses AES for data encryption
Supports IEEE 802.1x for authentication or can also use PSK technology

73. IEEE 802.11i – Robust Security Network
Authentication is accomplished using the IEEE 802.1X protocol (RADIUS server)
Encryption accomplished by replacing RC4 with AES – Advanced Encryption Standard
Block cipher
Manipulates entire block of plaintext at one time

74. Authentication 802.1x requires an authentication server
Remote Authentication Dial-In User Service (RADIUS) typically used
Can be used with various EAP protocols
Authentication server stores list of names and credentials of authorized users
Enterprise security model using WPA2 provides most secure level of authentication and encryption available on a WLAN
IEEE 802.1x is strongest type of wireless authentication currently available

75. Other Wireless Security Tools
Wireless security tools that can be used to protect a WLAN:
Virtual private network
Secure device management protocols
Wireless intrusion detection system
WIDS – Constantly monitors the RF for attacks and sounds an alert if one is detected
Wireless intrusion prevention system
WIPS – Monitors network traffic to immediately react to block a malicious attack

76. Security Summary
WEP should not be used in any production business or home network where WPA/WPA2 is available
WPA has a security weakness when used with PSK or WPA Personal
The preshared key must be manually changed and is therefore seldom, if ever, changed
Disable remote administration for all devices

77. Security Summary
Nearly 80% of all network security breaches come from inside the organization by authorized users
Weak passwords are one of the most serious security threats in networking
Network protection is only as strong as the weakest link in the security chain

78. What’s Next ??
Sixty years ago video was delivered via broadcast television
In the 1980’s video shifted to satellite and cable connections
Today the Internet streams music, movies, and TV on demand
Estimated global Internet traffic will reach nearly 1 Zettabyte and 90% of internet traffic will be video content
Will RJ-45 connections go the same way as 8-tracks and vinyl records
802.11ac is going to be a game changer