Wireless LANs

Introducing WLANs
Wireless Data Technologies
Wireless Data Technologies (Cont.)
WAN
(Wide Area Network)
MAN
(Metropolitan Area Network)
LAN
(Local Area Network)
PAN
(Personal Area
Network)

PAN LAN MAN WAN

IEEE 802.11a, 802.16 GSM, GPRS,
Standards Bluetooth
802.11b, 802.11g MMDS, LMDS CDMA, 2.5–3G
Speed <1 Mbps 1–54+ Mbps 22+ Mbps 10–384 kbps
Range Short Medium Medium–long Long
PDAs, mobile
Peer to peer, Enterprise Fixed, last-
Applications device to device networks mile access
phones, cellular
access
 Wireless LAN (WLAN)

• A WLAN is a shared
network.
• An access point is a
shared device and
functions like a shared
Ethernet hub.
• Data is transmitted
over radio waves.
• Two-way radio
communications
(half-duplex) are used.
• The same radio
frequency is used for
sending and receiving
(transceiver).
WLAN Evolution

• Warehousing
• Retail
• Health care
• Education
• Businesses
• Home
What Are WLANs?
They are:
• Local
• In building or campus for
mobile users
• Radio or infrared
• Not required to have RF
licenses in most countries
• Using equipment owned by
customers
They are not:
• WAN or MAN networks
• Cellular phones networks
• Packet data transmission
via celluar phone networks
– Cellular digital packet
data (CDPD)
– General packet radio
service (GPRS)
– 2.5G to 3G services
Similarities Between WLAN and LAN

• A WLAN is an 802 LAN.

– Transmits data over the air vs. data over the wire
– Looks like a wired network to the user
– Defines physical and data link layer
– Uses MAC addresses
• The same protocols/applications run over both WLANs and
LANs.
– IP (network layer)
– IPSec VPNs (IP-based)
– Web, FTP, SNMP (applications)
Differences Between WLAN and LAN

• WLANs use radio waves as the physical layer.

– WLANs use CSMA/CA instead of CSMA/CD to access the
network.
• Radio waves have problems that are not found on wires.
– Connectivity issues.
• Coverage problems
• Multipath issues
• Interference, noise
– Privacy issues.
• WLANs use mobile clients.
– No physical connection.
– Battery-powered.
• WLANs must meet country-specific RF regulations.
WLAN Topologies

• Wireless client access

– Mobile user
connectivity
• Wireless bridging
– LAN-to-LAN
connectivity
• Wireless mesh
networking
– Combination of
bridging and user
connectivity
Service Set Identifier (SSID)
• SSID is used to logically separate
WLANs.
• The SSID must match on client and
access point.
• Access point broadcasts one SSID
in beacon.
• Client can be configured without
SSID.
• Client association steps:
1. Client sends probe request.
2. A point sends probe
response.
3. Client initiates association.
4. A point accepts association.
5. A point adds client MAC
address to association table.
Components and Structure of a WLAN
Identify and describe various wireless modes and the
importance of the SSID
• IBSS – ad hoc
• BSS - infrastructure
Components and Structure of a WLAN
ESS – Extended Service Set
Frequency Band
Wireless Encoding

• When a WLAN NIC or AP sends data, it can modulate the

radio signal’s frequency, amplitude, and phase to encode a
binary 0 or 1
• There are 3 type of Encoding
• Frequency Hopping Spread Spectrum (FHSS)
• Direct Sequence Spread Spectrum (DSSS)
• Orthogonal Frequency Division Multiplexing (OFDM)
FHSS

• Uses all frequencies in the band, hopping to different ones

• By using slightly different frequencies for consecutive
transmissions, a device can hopefully avoid interference
from other devices that use the same unlicensed band
• The original 802.11 standards used FHSS, but the current
standards (802.11a, 802.11b, 802.11g) do not
DSSS

• The next class of encoding

• Designed for use in the 2.4 GHz unlicensed band
• DSSS uses one of several separate channels or frequencies
• Has a bandwidth of 82 MHz, from 2.402 GHz to 2.483 GHz
• Can have 11 different overlapping DSSS channels
OFDM

• Orthogonal frequency division multiplexing, or OFDM, is not

a spread spectrum technology, though it is often called such,
but is sometimes said to be spread spectrum–like because of
its similar resilience against interference. A special
implementation of OFDM is used in IEEE 802.11g, and it has
been widely implemented in IEEE 802.11a technology as well.
• OFDM offers high data rates and exceptional resistance to
interference and corruption. OFDM is actually a digital
modulation method that splits the signal into multiple
narrowband subcarriers at different frequencies. Another
way of saying this is to say that OFDM splits a high-speed
information signal into multiple lower-speed information
signals and then transmits these lower-speed signals in
parallel.
Media Access

• With wireless communications, devices cannot be separated

onto different cable segments to prevent collisions
• The solution to the media access problem with WLANs is to
use the Carrier sense multiple access with collision
avoidance (CSMA/CA) algorithm
• Each WLAN device listens for the acknowledgement. If no
acknowledgement is received, the sending device assumes
that the frame was lost or collided, and it resends the frame
CSMA/CA

1. Listen to ensure that the medium (space) is not busy (no

radio waves currently are being received at the frequencies
to be used)
2. Set a random wait timer before sending a frame to
statistically reduce the chance of devices all trying to send
at the same time
3. When the random timer has passed, listen again to ensure
that the medium is not busy. If it isn’t, send the frame
4. After the entire frame has been sent, wait for an
acknowledgement
5. If no acknowledgement is received, resend the frame, using
CSMA/CA logic to wait for the appropriate time to send
again
Organizations

Organizations that set or influence WLAN standards

802.11a Standard

• Standard was ratified September 1999

• Operates in the 5-GHz band
• Uses orthogonal frequency-division multiplexing (OFDM)
• Uses eight data rates of up to 54 Mbps
– 6, 9, 12, 18, 24, 36, 48, 54 Mbps
• Has from 12 to 23 nonoverlapping channels (FCC)
• Has up to 19 nonoverlapping channels (ETSI)
• Regulations different across countries
– Transmit (Tx) power control and dynamic frequency
selection required (802.11h)
802.11b Standard

• Standard was ratified in September 1999

• Operates in the 2.4-GHz band
• Specifies direct sequence spread spectrum (DSSS)
• Specifies four data rates up to 11 Mbps
– 1, 2, 5.5, 11 Mbps
• Provides specifications for vendor interoperability (over
the air)
• Defines basic security, encryption, and authentication for the
wireless link
• Is the most commonly deployed WLAN standard
 802.11g Standard

• Standard was ratified June 2003

• Operates in the 2.4-GHz band as
802.11b
– Same three nonoverlapping
channels: 1, 6, 11
• DSSS (CCK) and OFDM transmission
• 12 data rates of up to 54 Mbps
– 1, 2, 5.5, 11 Mbps (DSSS / 802.11b)
– 6, 9, 12, 18, 24, 36, 48, 54 Mbps
(OFDM)
• Full backward compatiblity to 802.11b
standard
 802.11 RF Comparison

802.11b – 2.4 GHz 802.11g – 2.4 GHz 802.11a – 5 GHz

• Most commonly • Higher throughput • Highest throughput
deployed WLAN • OFDM technology • OFDM technology
standard reduces multipath reduces multipath
Pro

issues issues
• Provides up to 23
nonoverlapping
channels
• Interference and noise • Lower market
• Interference and noise from other services in penetration
from other services in the 2.4-GHz band
the 2.4-GHz band • Only three
Con

• Only 3 nonoverlapping nonoverlapping

channels channels
• Distance limited by • Throughput degraded
multipath issues in the presence of
802.11b clients
 802.11 Standards Comparison

802.11b 802.11g 802.11a

Ratified 1999 2003 1999

Frequency band 2.4 GHz 2.4 GHz 5 GHz

No of channels 3 3 Up to 23

Transmission DSSS DSSS OFDM OFDM

6, 9, 12, 18, 24, 6, 9, 12, 18, 24,

Data rates [Mbps] 1, 2, 5.5, 11 1, 2, 5.5, 11
36, 48, 54 36, 48, 54

Throughput
Up to 6 Up to 22 Up to 28
[Mbps]
Components and Structure of a WLAN

Configure an integrated wireless access point

Components and Structure of a WLAN
Configure a wireless client
WLAN Security Issues

War Drivers
Wireless LAN Security Issues and Mitigation
Strategies

• Hackers: The motivation for hackers is to either find

information or deny services. The end goal may be to
compromise the hosts inside the wired network, using the
wireless network as a way to access the Enterprise
network without going through Internet connections that
have firewalls
• Employees: Can install the AP in his office, using
default setting of no security, and create small wireless
LAN. This would allow hacker to gain access to the rest
of the Enterprise from the outside.
• Rogue AP: The attacker captures packets in the
existing WLAN, find the SSID and cracking security keys
(if any). Then the attacker setup his own AP, with the
same settings, and get the Enterprise’s clients to use it.
Mitigation Strategies

• Mutual Authentication
• Encryption
• Intrusion Tools
WLAN Security Standards
Wired Equivalent Privacy

• The original 802.11 security standard, providing

authentication and encryption services
• Provide only weak authentication and encryption.
Can be cracked by a hacker today, using easily
downloaded tools. The main problems:
– Static Preshared Keys (PSK): The key value had to be
configured on each client and each AP, no dynamic way to
exchange the keys without human intervention
– Easily cracked keys: The key value were short (64 and 128
bits). This made it easier to predict the key’s value based
on the frame copied from WLAN
• Because of the problems with WEP, and the fact that the later
standards include much better features, WEP should not be
used today.
Authentication Method

• The IEEE 802.11 standard specifies two methods of

authentication:
– Open System authentication
– Shared Key authentication.
Open System Authentication
Shared Key Authentication
SSID Cloaking
Before the client can communicate with the AP, it
must know something about the AP – the AP’s SSID.
The association process occur like this:
1. The AP sends a periodic Beacon frame (default:
100ms) that lists the AP’s SSID and other
configuration information
2. The client listens for Beacons on all channels,
learning about all Aps in range
3. The client associates with the AP with the
strongest signal (the default) or with the AP with
the strongest signal for the currently preferred
SSID
4. The authentication process occurs as soon as the
client has associated with the AP
SSID Cloaking (cont)

• The Beacons allow an attacker to easily and quickly

find out information about the APs to begin trying
to associate and again access to the network
• SSID cloaking is an AP feature that tells the AP to
stop sending periodic Beacon frames => seems to
solve the problem.
• However, client can still sends a Probe message,
which causes each AP to respond with its SSID
Wireless LAN Security Issues and Mitigation
Strategies

Limiting access to a WLAN

• MAC address filtering
Cisco Interim Solution

• Because of the problems with WEP, vendors such

as Cisco, and the Wi-Fi Alliance industry
association, looked to solve the problem with their
own standards
• The main features of Cisco enhancements include:
– Dynamic key exchanged (instead of static preshared keys)
– User authentication using 802.1x
– A new encryption key for each packet
Wi-Fi Protected Access (WPA)

• WPA essentially performed the same functions as

the Cisco proprietary interim solution, but with
different details
• WPA dynamic key exchange uses Temporal Key
Integrity Protocol (TKIP). Cisco use a proprietary
version of TKIP
• WPA allows for the use of either IEEE 802.1X user
authentication or simple device authentication
using preshared keys
• The encryption algorithm uses the Message
Integrity Check (MIC) algorithm, similar to Cisco
solution
IEEE 802.11 I & Wi-Fi Protected Access 2
(WPA-2)

• Like Cisco-proprietary solution and Wi-Fi

Alliance’s WPA, 802.11i includes dynamic key
exchange, much stronger encryption and user
authentication. But 802.11i is not backward-
compatible with the other two.
• 802.11i encryption use Advanced Encryption
Standard (AES), with longer keys and much more
secure encryption algorithms
• The Wi-Fi Alliance continues its product
certification role for 802.11i, which call 802.11i
WPA2
Comparison of WLAN Security Standards
Wireless LAN Security Issues and Mitigation
Strategies

Describe authentication and its purpose

Wireless LAN Security Issues and Mitigation
Strategies

Describe encryption and its purpose on a wireless

network.
Wireless LAN Security Issues and Mitigation
Strategies

Describe traffic filtering and its purpose

Planning the WLAN

Plan for a wireless LAN implementation

Configure an Integrated Wireless Access Point
and Wireless Client

Installing and securing the AP

Configure an Integrated Wireless Access Point
and Wireless Client

Describe options for backing-up and restoring AP

configurations
Configure an Integrated Wireless Access Point
and Wireless Client

Identify current version of firmware and describe how

to update firmware