Download presentation
Published byJanis Charlotte Cole Modified over 8 years ago
1
Is Teaching Wireless Networking in your Future?
Karl Dietrich – Lansing Community College Bill Saichek – Orange Coast College
2
Thanks to the book publishers
Cengage Sybex
3
Types of Wireless LANs Since late 1990s, IEEE has approved five standards for wireless LANs: IEEE IEEE b IEEE a IEEE g IEEE n
4
IEEE Specified that wireless transmission could take place via infrared (IR) or radio signals (RF) Operated at 1 and 2 Mbps WG formed in 1990
5
IEEE b standard’s 2 Mbps bandwidth not sufficient for most network applications 802.11b amendment added two higher speeds to original standard 5.5 Mbps and 11 Mbps 2.4-GHz band Uses ISM band Separated into 22-MHz channels DSSS Direct Sequence Spread Spectrum signaling
6
IEEE 802.11a Released after 802.11b 5-GHz frequency – UNII band
Not congested like 2.4-GHz band Lower interference, requires more transmit power Throughput 54 Mbps theoretical 11 and 18 Mbps effective Attributable to higher frequencies and unique modulating data method OFDM Orthogonal Frequency Division Multiplexing
7
802.11g Throughput 2.4-GHz frequency band 54 Mbps theoretical
20 to 25 Mbps effective 2.4-GHz frequency band Compatible with b networks Operates in the ISM band Data transfer range 350 feet or 107 meters apart Uses OFDM for transmission format Same as a but different frequency
8
IEEE 802.11n Finally ratified in September 2009
Speed of n standard will be anywhere from 100 Mbps to 600 Mbps 600 Mbps is theoretical not there yet Standard defines that all n devices must contain two radios
9
802.11n 2.4-GHz or 5-GHz frequency range
Backward compatible with a, b, g standards Compared with a, g Same data modulation techniques Compared with three standards Manages frames, channels, encoding differently Allows high throughput (HT) Greenfield mode
10
802.11n MIMO (Multiple Input-Multiple Output)
Multiple access point antennas may issue signal to one or more receivers Increases network’s throughput, access point’s range Still a one-to-one communication between devices
11
MIMO Signal Processing Techniques
Spatial Diversity: multiple redundant signals Spatial Multiplexing creates separate data streams for each transmitting antenna Maximal Ratio Combining can combine the signals of two antennas to increase the signal strength in a single stream Transmit Beamforming (TxBF) allows a MIMO transmitter to focus the transmission and send in the direction of the receiving antenna
12
IEEE 802.11ac IEEE 802.ac is in now in development
Also called Gigabit Wireless (Gigabit Wifi) IEEE ac will be a game changer
13
IEEE 802.11ac Some of the 802.11ac technologies include:
Spectrum: will operate in the less-crowded 5 GHz spectrum and not support 2.4 GHz Roughly 8 times as many channels as 2.4 GHz Increased channel bandwidth: uses channel bandwidths up to 80 MHz Error correction coding: stronger processors can handle more internal instruction code Beam forming: Transmit Beamforming (TxBF) is optional with n but will be standard for all ac devices
14
IEEE ac A MU-MIMO device can transmit to multiple sources at the same time and it can transmit different data to each end source From Tech Republic – Cheat sheet: What you need to know about ac By Michael Kassner June 18, 2013
15
IEEE 802.11ac Is there a downside to 802.11ac
There will be a significantly smaller coverage area The 5 GHz range won’t go as far Attenuation is directly proportional to the frequency Will need multiple access points in large homes and buildings 802.11ac on the Horizon; Will You Be Ready? Posted on February 25, 2013 by Nick McLain
16
Access Points Autonomous Access Points Lightweight Access Points
Also called fat access points These are quickly becoming obsolete with very limited usage Lightweight Access Points Also called thin access points Does not contain management and configuration functions Management features are contained in a central device called wireless LAN controller
17
Wireless LAN Controller
WLAN controller: used to manage devices from a central location Devices are proprietary – all lightweight APs and WLCs must be from the same vendor Cloud management: connecting wireless devices together using the Internet in order to remotely manage them Because devices can be managed remotely there is no need for multiple support teams for each location
18
Access Points - PoE Power over Ethernet (PoE) PoE+ or PoE Plus
Power delivered to AP through unused wires in standard unshielded twisted pair (UTP) Ethernet cable IEEE 802.3af – up to 15.4 watts Only watts of power is used PoE+ or PoE Plus IEEE 802.3at – up to 25.5 watts Multiple radio APs need additional power
19
Radio Signal Characteristics
Wavelength Frequency Amplitude Phase The higher the frequency the smaller the wavelength Phase is measured in distance, time, or degrees
20
Wavelength Wavelength Distance between the wave’s peaks
Can also be measured from anywhere in the wave as long as it is at the same point in each cycle
21
Frequency Frequency: Rate at which an event occurs
Number of times that a wave completes a cycle within a given amount of time When wave completes trip and returns back to starting point it has finished one cycle
22
Amplitude Amplitude: the magnitude of change of the wave
Is measured by how high or how deep the wave is Is essentially a measure of the strength of an electromagnetic wave’s signal
23
Phase Phase: the relationship between at least two signals that share the same frequency yet have different starting points
24
Analog vs. Digital Transmissions
Analog signals are continuous Digital signals are discrete WLANs use digital transmissions Analog signal Digital signal
25
RF Modulation In order for an electromagnetic wave to transmit information it must be modified Three types of modulations enable carrier signals to carry information Amplitude modulation - Height of the signal Frequency modulation – Frequency of the signal Phase modulation – change the starting point of the signal
26
Amplitude-Shift Keying (ASK)
27
Frequency-Shift Keying (FSK)
28
Phase-Shift Keying (PSK)
30
Radio Frequency Behavior: Loss
Loss: Negative difference in amplitude between signals Attenuation: loss of signal strength due to wave propagation and multipath Propagation behaviors FSPL - Natural loss of signal strength through space
31
Wave Propagation Loss Reflection Refraction Scattering Diffraction
Absorption
32
Amplification Gain: Positive difference in amplitude between two signals Technically, gain is measure of amplification Power – a constant measured in mW (milliwatts) Gain/Loss – a relative figure measured in dB Combined to become dBm Active Gain Intentionally boosting the signal Passive Gain Using the antenna to strengthen the signal
33
Types of Antennas Three basic categories of antennas:
Omnidirectional Semidirectional Highly directional Each category includes multiple types, each with different characteristics
34
Omni-directional rod antenna
Dipole Antenna
36
How is the data prepared for transmission
Segments to Packets to Frames Frames are dependent upon the standard being used to send the data Wired vs. Wireless Each wireless standard frames the data differently Are they compatible?
37
Our old friend the OSI Model
38
IEEE 802.11 Physical Layer Standards
Data Link sublayers
39
IEEE 802.11 Physical Layer Standards
PHY sublayers
40
MAC Frame Formats SDUs and PDUs
41
MAC Frame Formats – n A-MSDU and A-MPDU
42
MAC Frame Types Three categories of MAC frame types Management Frames
Used to manage access to wireless networks and to move associations between APs Control Frames Used to assist with the delivery of data frames Data Frames The actual carriers of application level data
43
WLAN Service Sets Service set: all of the devices that are associated with an WLAN Three different WLAN service set configurations: Basic service set Extended service set Independent basic service set
44
Basic Service Set Basic Service Set – BSS
One AP with one or more client stations Infrastructure Mode Service Set Identifier – SSID A logical name used to identify an wireless network Comparable to a Windows Workgroup name Up to 32 characters and is case sensitive
45
Basic Service Set Basic Service Area (BSA)
The physical area of coverage provided by an access point in a BSS Power settings affect the coverage area
46
Extended Service Set Extended Service Set (ESS)
One or more BSSs connected by a distribution system medium An overlap of 15 to 25% is needed to achieve seamless roaming between cells
47
Independent Basic Service Set
Independent Basic Service Set (IBSS): Wireless network that does not use an AP Peer-to-peer or ad hoc mode
48
MAC Operations MAC layer WLAN functions: Discovering a WLAN
Joining the WLAN Transmitting on a WLAN Remaining connected to WLAN
49
Discovering the WLAN: Scanning
Two types of scanning Passive scanning - Wireless device simply listens for beacon frame. The station will determine the AP with the best signal (RSSI) Active scanning - Wireless device first sends out a management probe request frame then waits for probe response frame The difference between passive scanning and active scanning is which device initiates the discovery
50
Joining the WLAN: Authentication and Association
Once a wireless device discovers the WLAN, it next requests to join the network Authentication Association A client must authenticate before it can associate
51
Joining the WLAN: Authentication
The original standard defined two types of authentication: Open System Authentication Device sends an association request to an AP AP responds with an association response frame A “virtual handshake” between the AP and the client Shared Key Authentication STA must get permission from the AP to join the WLAN “hitech13” for example
52
Joining the WLAN: Association
Association: Accepting a wireless device into a wireless network Final step to join WLAN The STA can send data through the AP and on to the distribution system Roaming: Moving from one AP to another The decision to roam is made by the STA Determined by the signal strength, noise level, and bit-error rate A STA can be authenticated to multiple APs but associated to only one
53
Roaming – Reassociation Deassociation - Deauthentication
Occurs when a STA roams to another AP within the same ESS Disassociation Device drops connection with one AP and establishes connection with another The new AP will then send a disassociate frame to the old access point Reassociation is always initiated by the STA Disassociation is handled by the AP
54
Connectivity Steps Windows connection process:
Scan for wireless networks Choose an access point Authenticate with the access point Associate with the access point Obtain an IP address
55
Transmitting on the WLAN
DCF is the mandatory access method for the standard The coordination of access to the WM is distributed among the wireless stations CSMA/CD cannot be used on wireless networks CSMA/CA is used on wireless networks (Virtual) Carrier Sense is the process of checking to see if the medium is in use The NAV timer must count down to zero before the device can transmit on the medium – Slot Time
56
System Throughput Acknowledgment frame (ACK): Sent by receiving device to sending device to confirm data frame arrived intact The mortal enemy of WLAN performance is retransmissions of data frames If an ACK frame is not received by the original transmitting radio, the unicast frame is NOT acknowledged and will have to be retransmitted IEEE n adds a feature known as block acknowledgment
57
Specialized Tools Spectrum Analyzers: Scans RF spectrum and provides graphical display of results Typically measure signal-to-noise ratio The noise floor can corrupt actual data Helpful in identifying interference problems Thus, helps properly position/orient AP A mandatory tool for performing site surveys
58
Spectrum Analyzer Output
USB spectrum analyzer output
59
Specialized Tools Protocol Analyzers: Can be used to pick up packets being transmitted by other WLANs in area Also called a packet sniffer Common uses of protocol analyzers: Network troubleshooting Fine-tune the network and manage bandwidth
60
Protocol analyzer output
61
What is Information Security?
Information security: Task of securing digital information Ensures protective measures properly implemented Protects confidentiality, integrity, and availability (CIA) on the devices that store, manipulate, and transmit the information through products, people, and procedures
62
Security Principles: What is Information Security?
Three more terms you need to know Authentication The verification of user/device identity Authorization Granting access to network resources Accounting Tracking the use of network resources by users
63
Five Basic Attacks Used by Hackers with Moderate Cracking Skills
Wireless network discovery Wi-Fi finders Probe requests Unauthorized access Rogue Access Point MAC address spoofing
64
Five Basic Attacks Used by Hackers with Moderate Cracking Skills
Denial of Service RF Jamming Data Flooding Hijacking Exploiting security feature weaknesses WEP/Social Engineering/Remote Administration Remote administration must be disabled Eavesdropping War Driving/Net Stumbler Man-in-the-Middle/Evil Twin
65
Legacy 802.11 Security Protections
The original IEEE standard defined three security mechanisms SSID cloaking or hiding MAC address filtering WEP – Wired Equivalent Privacy IEEE standard’s security mechanisms for wireless networks have fallen well short of their goal
66
Vulnerabilities – SSID Hiding
Some users configure their APs to prevent the beacon frame from including the SSID Known as SSID hiding Easy to discover through Active Scanning and other tools that are freely available If an attacker cannot capture an initial negotiation process, can force one to occur Many users do not change the default SSID, an attacker can try using default SSIDs
67
MAC Address Filtering MAC address filtering considered to be a basic means of controlling access Requires pre-approved authentication Difficult to provide temporary access for “guest” devices Managing the number of MAC addresses in a medium to large sized wireless network can be challenging MAC addresses can be “spoofed” or substituted – easily downloadable programs
68
IEEE Authentication Wireless authentication requires the wireless device and NOT the individual user to be authenticated prior to being connected to the network – major BYOD issues Two methods of authentication: Open System Authentication Only need SSID to connect No true authentication occurs Shared Key Authentication Key installed manually on devices Key can be discovered by examining the devices
69
Wired Equivalent Privacy (WEP)
Guard the confidentiality of information Ensure only authorized parties can view it Used in IEEE to encrypt wireless transmissions Current WEP cracking tools can crack a WEP code in less than 5 minutes
70
WEP Vulnerabilities WEP implementation violates cardinal rule of cryptography Creates detectable pattern for attackers APs end up repeating IVs - cleartext Generating a keystream using the PRNG is based on the RC4 cipher algorithm Stream Cipher PRNG does not create true random number
71
Wi-Fi Protected Access (WPA)
Two modes of WPA WPA Personal Designed for individuals or small office-home office settings WPA Enterprise Intended for large enterprises, schools, and government agencies Temporal Key Integrity Protocol (TKIP): Replaces WEP’s encryption key with 128-bit per-packet key
72
WiFi Alliance – WPA2 WPA2 was introduced in September 2004
Based on the final IEEE i standard Two modes WPA2 Personal – individuals and SOHOs WPA2 Enterprise – larger enterprises WPA2 also addresses both encryption and authentication Uses AES for data encryption Supports IEEE 802.1x for authentication or can also use PSK technology
73
IEEE 802.11i – Robust Security Network
Authentication is accomplished using the IEEE 802.1X protocol (RADIUS server) Encryption accomplished by replacing RC4 with AES – Advanced Encryption Standard Block cipher Manipulates entire block of plaintext at one time
74
Authentication 802.1x requires an authentication server
Remote Authentication Dial-In User Service (RADIUS) typically used Can be used with various EAP protocols Authentication server stores list of names and credentials of authorized users Enterprise security model using WPA2 provides most secure level of authentication and encryption available on a WLAN IEEE 802.1x is strongest type of wireless authentication currently available
75
Other Wireless Security Tools
Wireless security tools that can be used to protect a WLAN: Virtual private network Secure device management protocols Wireless intrusion detection system WIDS – Constantly monitors the RF for attacks and sounds an alert if one is detected Wireless intrusion prevention system WIPS – Monitors network traffic to immediately react to block a malicious attack
76
Security Summary WEP should not be used in any production business or home network where WPA/WPA2 is available WPA has a security weakness when used with PSK or WPA Personal The preshared key must be manually changed and is therefore seldom, if ever, changed Disable remote administration for all devices
77
Security Summary Nearly 80% of all network security breaches come from inside the organization by authorized users Weak passwords are one of the most serious security threats in networking Network protection is only as strong as the weakest link in the security chain
78
What’s Next ?? Sixty years ago video was delivered via broadcast television In the 1980’s video shifted to satellite and cable connections Today the Internet streams music, movies, and TV on demand Estimated global Internet traffic will reach nearly 1 Zettabyte and 90% of internet traffic will be video content Will RJ-45 connections go the same way as 8-tracks and vinyl records 802.11ac is going to be a game changer
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.