WLANs connect to Access Points (APs).
802.11 details collision-avoidance instead of collision-detection found in 802.3 standards.
WLANs use a different frame format that requires extra Layer 2 information.
802.11 is an IEEE standard that describes the use of RF as a physical and MAC sub-layer standard.
Pro-cons of 2.4GHz vs. 5 GHz RF
• 2.4 GHz travels through walls better
• 2.4 GHz travels farther distance
• 2.4 GHz can have interference because so many devices use same RF
• 5 GHz is not widely supported
The ITU-R allocates RF bands, the following are unlicensed frequency bands 9MHz, 2.4 GHz, 5GHz. Locally the FCC administrates the use of these bands and in Europe the ETSI.
“The Wi-Fi Alliance is an association of vendors whose objective is to improve the interoperability of products that are based on the 802.11 standard by certifying vendors for conformance to industry norms and adherence to standards.”
Wireless End Devices
You can make an end device through the following methods:
• PCMCIA slot (older method of inserting a wireless NIC into laptop)
• Internal Pre-installed (laptops)
Similar to 802.3 Ethernet hub. RF is a shared medium. Instead of detecting collisions 802.11 helps avoid collisions (CSMA/CA). APs send acknowledgements to sending devices that data has been received.
RF signals attenuate, therefore the further you are from the AP the weaker your signal and the less bandwidth you have access to.
Home wireless routers are actually three devices in one: AP, switch, router.
SSID – shared service identifier
Each network should have its own unique identifier to differentiate between other networks. Multiple APs can share this SSID.
In the US the 2.4GHz band is broken down into 11 channels. Each of these channels is separated by 5MHz but has a channel bandwidth of 22MHz, this implies that channels overlap. Because channels overlap if you have more than one AP you must configure them to operate on different channels. In a situation of 3 or more APs you should use the following channels for APs near each other: 1, 6, 11. In a 2 or less AP environment you can use channels 5 and 10.
Basic Service Sets
A single access point in infrastructure mode manages the wireless parameters and the topology is simply a BSS. The coverage area for all IBSSs and BSSs is a basic service area (BSA). An IBSS is an independent BSS such as ad hoc networks that do not connect through an AP.
When one AP does not provide enough coverage more APs can be used through a common distribution system into an extended service set (ESS). Each AP is differentiated by it’s unique BSSID, which is the APs MAC address. The coverage area of an ESS is an extended service area (ESA).
To create roaming capabilities between APs a 15% non-similar channel overlap should be created.
Primary components for connecting and advertising networks are:
• Beacons – used by APs to advertise networks
• Probes – used by end devices to find networks
• Authentication – artifact of 802.11 but still required
• Association – process of establishing data link between end device and AP
3 Stage Join Process (Association)
• Client probes for AP
• Authentication (NULL or WEP Key) – WEP key is not recommended because it is flawed.
• Association – client learns BSSID and AP maps an association identifier (AID) to a logical port, this allows the infrastructure switch to keep track of frames destined for the WLAN client.
Three major categories
1. War drivers
2. Hackers (Crackers)
Rogue access points – unintended APs installed in or around your WLAN.
Man-in-the-middle attacks are very easy to produce on a WLAN meanwhile on a wired network it is required that the middle man has physical access to a switchport.
Prevent man-in-the-middle attacks: Force all devices on a WLAN to authenticate and monitor for any unknown devices.
Denial of Service (DoS) on RF signals is simulated by an attacker creating noise preventing users from connecting to APs.
Flawed Security Protection
• Shared WEP keys, easily cracked and 32 bit manually installed creates many man made errors.
• Cloaking SSIDs – not true security (Disable SSID broadcasts from access points.
• Filtering MAC addresses – MAC address cloning and management issue.
The security standard that should be used today is 802.11i, which is similar to Wi-Fi Alliance WPA2 standard. For enterprises this includes connection to a RADIUS server (Remote Authentication Dial in User Service).
|802.11i incorporates a RADIUS server for enterprise authentication.|
- Default SSIDs on specific manufacturer APs are generally known and may permit hostile wireless connections.
- Manually adding a network and setting the known SSID on a wireless client makes the network visible even if the SSID is not being broadcast.
Extensible Authentication Protocol (EAP) is a framework for authenticating network access.
• Virtual port is created between client and AP.
• AP blocks all data except 802.1x based traffic.
• 802.1x traffic is sent to a AAA server running a RADIUS protocol.
• After successful authentication an EAP success message is sent from AAA to AP, which allows data to now travel through virtual port.
• Before opening port, data link encryption is activated to prevent another user from connecting to virtual port.
IEEE 802.11i-2004 or 802.11i, implemented as WPA2, is an amendment to the original IEEE 802.11.
802.11i supersedes the previous security specification, Wired Equivalent Privacy (WEP), which was shown to have severe security vulnerabilities. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. WPA implemented a subset of a draft of 802.11i. The Wi-Fi Alliance refers to their approved, interoperable implementation of the full 802.11i as WPA2, also called RSN (Robust Security Network). 802.11i makes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher.
In cryptography, RC4 (also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks).
RC4 has become part of some commonly used encryption protocols and standards, including WEP and WPA(TKIP) for wireless cards and TLS.
TKIP is an integrity check, AES is an encryption algorithm
1. Temporal Key Integrity Protocol (TKIP) – provides support for legacy WLAN equipment
2. Advanced Encryption Standard (AES-CCMP) – today’s standard in defense
TKIP Primary Functions
1. Encrypts Layer 2 payload
2. Carries out Message Integrity Check (MIC)
WPA uses TKIP, which includes both broadcast key rotation (dynamic key that change) and sequencing of frames.
WPA includes authentication by PSK and it specifies the use of dynamic encryption keys that change each time a client establishes a connection
AES has same functions as TKIP but includes more Layer 2 from the MAC header to allow destination hosts to recognize if non-encrypted bits have been tampered with.
On some Linksys devices WPA or WPA2 may not be present visibly but they are available through pre-shared keys (PSK).
Configure Basic Wi-Fi AP
2) Basic Authentication: Open with WEP encryption
3) RF (Radio Frequency) channel
Configuring Wireless Linksys Routers
Difference between “Personal” and “Enterprise” is that enterprise uses a AAA server.
PSK2 matches up with WPA2 standard. After March 2006 all WLAN devices must support WPA2.
Mounting your APs
Keep the following in mind:
• Ensure that access points are not mounted closer than 7.9 inches (20 cm) from the body of all persons.
• Do not mount the access point within 3 feet (91.4 cm) of metal obstructions.
• Install the access point away from microwave ovens. Microwave ovens operate on the same frequency as the access point and can cause signal interference.
• Always mount the access point vertically (standing up or hanging down).
• Do not mount the access point outside of buildings.
• Do not mount the access point on building perimeter walls, unless outside coverage is desired.
• When mounting an access point in the corner of a right-angle hallway intersection, mount it at a 45-degree angle to the two hallways. The access point internal antennas are not omni directional and cover a larger area when mounted this way.