Is Teaching Wireless Networkingin your Future?

Karl Dietrich – Lansing Community CollegeBill Saichek – Orange Coast College

Thanks to the book publishers

Cengage Sybex

Types of Wireless LANs

Since late 1990s, IEEE has approved five standards for wireless LANs: IEEE 802.11 IEEE 802.11b IEEE 802.11a IEEE 802.11g IEEE 802.11n

IEEE 802.11

Specified that wireless transmission could take place via infrared (IR) or radio signals (RF)

Operated at 1 and 2 Mbps WG formed in 1990

IEEE 802.11b 802.11 standard’s 2 Mbps bandwidth

not sufficient for most network applications

802.11b amendment added two higher speeds to original 802.11 standard 5.5 Mbps and 11 Mbps

2.4-GHz band Uses ISM band Separated into 22-MHz channels

DSSS Direct Sequence Spread Spectrum signaling

IEEE 802.11a Released after 802.11b 5-GHz frequency – UNII band

Not congested like 2.4-GHz band Lower interference, requires more transmit

power Throughput

54 Mbps theoretical 11 and 18 Mbps effective

Attributable to higher frequencies and unique modulating data method

OFDM Orthogonal Frequency Division Multiplexing

802.11g Throughput

54 Mbps theoretical 20 to 25 Mbps effective

2.4-GHz frequency band Compatible with 802.11b networks Operates in the ISM band Data transfer range

350 feet or 107 meters apart Uses OFDM for transmission format

Same as 802.11a but different frequency

IEEE 802.11n

Finally ratified in September 2009 Speed of 802.11n standard will be

anywhere from 100 Mbps to 600 Mbps 600 Mbps is theoretical not there yet

Standard defines that all 802.11n devices must contain two radios

802.11n 2.4-GHz or 5-GHz frequency range

Backward compatible with 802.11a, b, g standards

Compared with 802.11a, 802.11g Same data modulation techniques

Compared with three 802.11 standards Manages frames, channels, encoding

differently Allows high throughput (HT) Greenfield mode

802.11n

MIMO (Multiple Input-Multiple Output) Multiple access point antennas may

issue signal to one or more receivers Increases network’s throughput, access

point’s range Still a one-to-one communication

between devices

MIMO Signal Processing Techniques

Spatial Diversity: multiple redundant signals Spatial Multiplexing creates separate data

streams for each transmitting antenna Maximal Ratio Combining can combine the

signals of two antennas to increase the signal strength in a single stream

Transmit Beamforming (TxBF) allows a MIMO transmitter to focus the transmission and send in the direction of the receiving antenna

IEEE 802.ac is in now in development Also called Gigabit Wireless (Gigabit

Wifi) IEEE 802.11ac will be a game changer

IEEE 802.11ac

IEEE 802.11ac Some of the 802.11ac technologies

include: Spectrum: will operate in the less-crowded

5 GHz spectrum and not support 2.4 GHz Roughly 8 times as many channels as 2.4 GHz

Increased channel bandwidth: uses channel bandwidths up to 80 MHz

Error correction coding: stronger processors can handle more internal instruction code

Beam forming: Transmit Beamforming (TxBF) is optional with 802.11n but will be standard for all ac devices

IEEE 802.11ac A MU-MIMO device can transmit to multiple

sources at the same time and it can transmit different data to each end source

From Tech Republic – Cheat sheet: What you need to know about 802.11ac By Michael Kassner June 18, 2013

IEEE 802.11ac Is there a downside to 802.11ac

There will be a significantly smaller coverage area

The 5 GHz range won’t go as far Attenuation is directly proportional to

the frequency Will need multiple access points in

large homes and buildings

802.11ac on the Horizon; Will You Be Ready? Posted on February 25, 2013 by Nick McLain

Access Points Autonomous Access Points

Also called fat access points These are quickly becoming obsolete

with very limited usage Lightweight Access Points

Also called thin access points Does not contain management and

configuration functions Management features are contained in

a central device called wireless LAN controller

Wireless LAN Controller WLAN controller: used to manage

devices from a central location Devices are proprietary – all lightweight APs

and WLCs must be from the same vendor

Cloud management: connecting wireless devices together using the Internet in order to remotely manage them Because devices can be managed

remotely there is no need for multiple support teams for each location

Access Points - PoE Power over Ethernet (PoE)

Power delivered to AP through unused wires in standard unshielded twisted pair (UTP) Ethernet cable

IEEE 802.3af – up to 15.4 watts Only 12.95 watts of power is used

PoE+ or PoE Plus IEEE 802.3at – up to 25.5 watts Multiple radio APs need additional power

Radio Signal Characteristics

Wavelength Frequency Amplitude Phase

The higher the frequency the smaller the wavelength

Phase is measured in distance, time, or degrees

Wavelength Wavelength

Distance between the wave’s peaks Can also be measured from anywhere

in the wave as long as it is at the same point in each cycle

Frequency Frequency: Rate at which an event

occurs Number of times that a wave completes a

cycle within a given amount of time When wave completes trip and returns

back to starting point it has finished one cycle

Amplitude Amplitude: the magnitude of change

of the wave Is measured by how high or how deep

the wave is Is essentially a measure of the strength

of an electromagnetic wave’s signal

Phase Phase: the relationship between at

least two signals that share the same frequency yet have different starting points

Analog vs. Digital Transmissions

Analog signals are continuous Digital signals are discrete WLANs use digital transmissions

Digital signal

Analog signal

RF Modulation In order for an electromagnetic wave to

transmit information it must be modified Three types of modulations enable

carrier signals to carry information Amplitude modulation - Height of the signal Frequency modulation – Frequency of the

signal Phase modulation – change the starting

point of the signal

Amplitude-Shift Keying (ASK)

Frequency-Shift Keying (FSK)

Phase-Shift Keying (PSK)

Radio Frequency Behavior: Loss

Loss: Negative difference in amplitude between signals Attenuation: loss of signal strength

due to wave propagation and multipath Propagation behaviors FSPL - Natural loss of signal strength

through space

Wave Propagation Loss

Reflection Refraction Scattering Diffraction Absorption

Amplification Gain: Positive difference in amplitude

between two signals Technically, gain is measure of amplification

Power – a constant measured in mW (milliwatts) Gain/Loss – a relative figure measured in dB Combined to become dBm

Active Gain Intentionally boosting the signal

Passive Gain Using the antenna to strengthen the signal

Types of Antennas

Three basic categories of antennas: Omnidirectional Semidirectional Highly directional

Each category includes multiple types, each with different characteristics

Dipole Antenna

Omni-directional rod antenna

Segments to Packets to Frames Frames are dependent upon the

standard being used to send the data

Wired vs. Wireless Each wireless standard frames the

data differently Are they compatible?

How is the data prepared for transmission

Our old friend the OSI Model

IEEE 802.11Physical Layer Standards

Data Link sublayers

PHY sublayers

IEEE 802.11Physical Layer Standards

SDUs and PDUs

MAC Frame Formats

MAC Frame Formats – 802.11n

A-MSDU and A-MPDU

MAC Frame Types Three categories of MAC frame types

Management Frames Used to manage access to wireless networks

and to move associations between APs Control Frames

Used to assist with the delivery of data frames

Data Frames The actual carriers of application level data

WLAN Service Sets

Service set: all of the devices that are associated with an 802.11 WLAN

Three different WLAN service set configurations: Basic service set Extended service set Independent basic service set

Basic Service Set

Basic Service Set – BSS One AP with one or more client stations Infrastructure Mode

Service Set Identifier – SSID A logical name used to identify an

802.11 wireless network Comparable to a Windows Workgroup

name Up to 32 characters and is case

sensitive

Basic Service Set Basic Service Area (BSA)

The physical area of coverage provided by an access point in a BSS

Power settings affect the coverage area

Extended Service Set Extended Service Set (ESS)

One or more BSSs connected by a distribution system medium

An overlap of 15 to 25% is needed to achieve seamless roaming between cells

Independent Basic Service Set Independent Basic Service Set

(IBSS): Wireless network that does not use an AP Peer-to-peer or ad hoc mode

MAC Operations

MAC layer WLAN functions: Discovering a WLAN Joining the WLAN Transmitting on a WLAN Remaining connected to WLAN

Discovering the WLAN: Scanning

Two types of scanning Passive scanning - Wireless device

simply listens for beacon frame. The station will determine the AP with the best signal (RSSI)

Active scanning - Wireless device first sends out a management probe request frame then waits for probe response frame

The difference between passive scanning and active scanning is which device initiates the discovery

Joining the WLAN:Authentication and Association Once a wireless device discovers the

WLAN, it next requests to join the network Authentication Association

A client must authenticate before it can associate

Joining the WLAN: Authentication

The original 802.11 standard defined two types of authentication: Open System Authentication

Device sends an association request to an AP

AP responds with an association response frame

A “virtual handshake” between the AP and the client

Shared Key Authentication STA must get permission from the AP to

join the WLAN “hitech13” for example

Joining the WLAN: Association Association: Accepting a wireless

device into a wireless network Final step to join WLAN The STA can send data through the AP

and on to the distribution system Roaming: Moving from one AP to

another The decision to roam is made by the STA

Determined by the signal strength, noise level, and bit-error rate

A STA can be authenticated to multiple APs but associated to only one

Reassociation Occurs when a STA roams to another AP

within the same ESS Disassociation

Device drops connection with one AP and establishes connection with another

The new AP will then send a disassociate frame to the old access point

Reassociation is always initiated by the STA Disassociation is handled by the AP

Roaming – ReassociationDeassociation - Deauthentication

Connectivity Steps

Windows connection process:1. Scan for wireless networks2. Choose an access point3. Authenticate with the access point4. Associate with the access point5. Obtain an IP address

Transmitting on the WLAN DCF is the mandatory access method for

the 802.11 standard The coordination of access to the WM is

distributed among the wireless stations CSMA/CD cannot be used on wireless

networks CSMA/CA is used on wireless networks

(Virtual) Carrier Sense is the process of checking to see if the medium is in use

The NAV timer must count down to zero before the device can transmit on the medium – Slot Time

System Throughput Acknowledgment frame (ACK): Sent by

receiving device to sending device to confirm data frame arrived intact

The mortal enemy of WLAN performance is retransmissions of data frames

If an ACK frame is not received by the original transmitting radio, the unicast frame is NOT acknowledged and will have to be retransmitted

IEEE 802.11n adds a feature known as block acknowledgment

Specialized Tools Spectrum Analyzers: Scans RF

spectrum and provides graphical display of results Typically measure signal-to-noise ratio

The noise floor can corrupt actual data Helpful in identifying interference

problems Thus, helps properly position/orient AP

A mandatory tool for performing site surveys

USB spectrum analyzer output

Spectrum Analyzer Output

Specialized Tools

Protocol Analyzers: Can be used to pick up packets being transmitted by other WLANs in area Also called a packet sniffer

Common uses of protocol analyzers: Network troubleshooting Fine-tune the network and manage

bandwidth

Protocol analyzer output

What is Information Security?

Information security: Task of securing digital information Ensures protective measures properly

implemented Protects confidentiality, integrity, and

availability (CIA) on the devices that store, manipulate, and transmit the information through products, people, and procedures

Security Principles: What is Information Security?

Three more terms you need to know Authentication

The verification of user/device identity Authorization

Granting access to network resources Accounting

Tracking the use of network resources by users

Five Basic Attacks Used by Hackers with Moderate Cracking

Skills Wireless network discovery

Wi-Fi finders Probe requests http://www.wigle.net

Unauthorized access Rogue Access Point MAC address spoofing

Five Basic Attacks Used by Hackers with Moderate Cracking

Skills Denial of Service

RF Jamming Data Flooding Hijacking

Exploiting security feature weaknesses WEP/Social Engineering/Remote Administration Remote administration must be disabled

Eavesdropping War Driving/Net Stumbler Man-in-the-Middle/Evil Twin

Legacy 802.11 Security Protections

The original IEEE 802.11 standard defined three security mechanisms SSID cloaking or hiding MAC address filtering WEP – Wired Equivalent Privacy

IEEE 802.11 standard’s security mechanisms for wireless networks have fallen well short of their goal

Vulnerabilities – SSID Hiding Some users configure their APs to

prevent the beacon frame from including the SSID Known as SSID hiding Easy to discover through Active Scanning

and other tools that are freely available If an attacker cannot capture an initial

negotiation process, can force one to occur Many users do not change the default SSID,

an attacker can try using default SSIDs

MAC Address Filtering MAC address filtering considered to be

a basic means of controlling access Requires pre-approved authentication Difficult to provide temporary access for

“guest” devices Managing the number of MAC addresses in

a medium to large sized wireless network can be challenging

MAC addresses can be “spoofed” or substituted – easily downloadable programs

IEEE 802.11 Authentication Wireless authentication requires the

wireless device and NOT the individual user to be authenticated prior to being connected to the network – major BYOD issues

Two methods of authentication: Open System Authentication

Only need SSID to connect No true authentication occurs

Shared Key Authentication Key installed manually on devices Key can be discovered by examining the devices

Wired Equivalent Privacy (WEP)

Guard the confidentiality of information Ensure only authorized parties can view

it Used in IEEE 802.11 to encrypt

wireless transmissions Current WEP

cracking tools can crack a WEP code in less than 5 minutes

WEP Vulnerabilities

WEP implementation violates cardinal rule of cryptography Creates detectable pattern for attackers APs end up repeating IVs - cleartext

Generating a keystream using the PRNG is based on the RC4 cipher algorithm Stream Cipher PRNG does not create true random number

Wi-Fi Protected Access (WPA)

Two modes of WPA WPA Personal

Designed for individuals or small office-home office settings

WPA Enterprise Intended for large enterprises, schools, and

government agencies

Temporal Key Integrity Protocol (TKIP): Replaces WEP’s encryption key with 128-bit per-packet key

WiFi Alliance – WPA2 WPA2 was introduced in September

2004 Based on the final IEEE 802.11i standard Two modes

WPA2 Personal – individuals and SOHOs WPA2 Enterprise – larger enterprises

• WPA2 also addresses both encryption and authentication Uses AES for data encryption Supports IEEE 802.1x for authentication

or can also use PSK technology

IEEE 802.11i – Robust Security Network

Authentication is accomplished using the IEEE 802.1X protocol (RADIUS server)

Encryption accomplished by replacing RC4 with AES – Advanced Encryption Standard Block cipher Manipulates entire block of plaintext at one

time

Authentication 802.1x requires an authentication server Remote Authentication Dial-In User

Service (RADIUS) typically used Can be used with various EAP protocols Authentication server stores list of names and

credentials of authorized users Enterprise security model using WPA2 provides

most secure level of authentication and encryption available on a WLAN

IEEE 802.1x is strongest type of wireless authentication currently available

Other Wireless Security Tools

Wireless security tools that can be used to protect a WLAN: Virtual private network Secure device management protocols Wireless intrusion detection system

WIDS – Constantly monitors the RF for attacks and sounds an alert if one is detected

Wireless intrusion prevention system WIPS – Monitors network traffic to

immediately react to block a malicious attack

Security Summary WEP should not be used in any

production business or home network where WPA/WPA2 is available

WPA has a security weakness when used with PSK or WPA Personal The preshared key must be manually

changed and is therefore seldom, if ever, changed

Disable remote administration for all devices

Security Summary

Nearly 80% of all network security breaches come from inside the organization by authorized users

Weak passwords are one of the most serious security threats in networking

Network protection is only as strong as the weakest link in the security chain

Sixty years ago video was delivered via broadcast television

In the 1980’s video shifted to satellite and cable connections

Today the Internet streams music, movies, and TV on demand

Estimated global Internet traffic will reach nearly 1 Zettabyte and 90% of internet traffic will be video content

Will RJ-45 connections go the same way as 8-tracks and vinyl records

802.11ac is going to be a game changer

What’s Next ??