Page 1

WIRELESS TECHNOLOGIES – Part II EC301 – Computer Network Fundamental By : Syazaliah Salim


Objective 5.2.10

5.3

5.4

Create WLAN in a selected environment:

a. Survey the area (user’s area, access point location) b. Install Access Points c. Configure WLAN clients d. Test signal strengths and connectivity Understand security on a wireless LAN. 5.3.1 Describe how to avoid WLAN attack using: a. Limited access to a WLAN b. Authentication on a WLAN c. Encryption on a WLAN d. Test signal strengths and connectivity 5.3.2 Construct security plan for a home network. 5.3.3 Configure the wireless Access Point portion of a multi-function device using security Understand Integrated Access Point and Wireless client 5.4.1 Arrange the WLAN of a selected scenario by considering the types of wireless standard, most efficient layout of devices, installation and security plan and strategy for backing up and updating the firmware of the wireless devices.


WLAN Deployment Environment

Private Wireless LAN Network

Semi-private Wireless LAN Network Public Access Wireless LAN Network

Community Wireless LAN Network


Private Wireless LAN Network • Wireless network privately deployed by corporations for internal employee’s usage. • A prerequisite for private WLAN is security. • Access is rigorously restricted to a limited number of users.

• Access is granted only to a controlled number of MAC addresses assigned to WLAN cards. • The authorized MAC addresses are defined in a database within each access point.


Semi-Private Wireless LAN Network • Semi-private are those WLANs deployed in organization or institutions open to public, such as University campuses and high school. • Users of these networks are not only the members of the institution (students, teacher, etc) but also other people who approach the institution and have a right equipment. • People are not charged for accessing the Internet via a semiprivate network. • Semi-private wireless networks institutions are not supplying the wireless cards to the users.


Public Access Wireless LAN Network • Public Access WLANs are wireless networks deployed in highly frequented places, such as airports, hotels, convention center, cafes, etc. • Users are charged for accessing broadband Internet. • There are various business models implemented upon this type of network, the most popular of which consist in charging customers either a flat monthly fee or per usage a fee.


Community Wireless LAN Network • Community network imply sharing broadband Internet connection (like DSL or cable modem). • There are different levels of sharing the high speed Internet connection. • A limited sharing is when a WLAN is deployed in a neighborhood and two or more neighbors are splitting the costs of the equipment and the monthly broadband Internet access fee. • Save money by dividing the costs for the broadband access.


WLAN Client Access to the Network •

Discover Access Point (AP) : – Scan all the channels – Listen for the beacons from the Aps. – Associate itself with the AP that has the strongest signal. Once connected (call roaming): – Monitors the signal strength of the AP to which it is connected. – If signal strength become too low, repeat the scanning process to discover an AP with a stronger signal. 802.11 defines only two authentication methods for Aps to authentication clients: – Open Authentication: Exchanging four hello packets that contain no verification (basically no security at all) – Shared Key Authentication: A static encryption key is used with the Wireless Equivalency Privacy (WEP or Wireless Encryption Protocol) which is very week by today’s standards


Security Solution •

A good WLAN security solution should provide for the following: – – –

Encryption: Protect data transmitted between the edge WLAN device and the access point, providing privacy and confidentiality. Authentication: Control who is allowed to access LANs behind the WLAN access points. Intrusion Prevention System (IPS): Protect the network by detecting and preventing network and unauthorized access attacks.

Common WLAN Security Solutions below:WEP

802.1x EAP

WPA

802.11i/WPA2

Introduced

1997

2001

2003

2004

Encryption

Static keys, breakable

Dynamic keys

Dynamics, per packet

Dynamic, per packet, most secure

User Authentication

None (optional MAC address filtering)

Usernames/ passwords, certificates, preshared keys (PSK)

Usernames/ passwords, certificates, PSK

Usernames/ passwords, certificates, PSK


SSID and MAC Address Filtering WLAN Security – Limited Access • Aps and client must use same SSID to authenticate. • Aps can broadcast their SSID. – Administrator would turn off the SSID broadcast function to prevent rogue devices from accessing the AP called SSID cloaking.

• Multiple APs with same SSID form Extended Service Set. • Access points have Access Control Lists (ACL). • ACL is list of allowed MAC addresses.  E.g. Allow access to: 00:01:42:0E:12:1F 00:01:42:F1:72:AE 00:01:42:4F:E2:01 • MAC address listing those devices allowed access in a security table on the AP. • A rogue device can easily sniff the airwave to see the valid MAC addresses and change its MAC address to match one of the valid ones. This called MAC address spoofing.


Wireless LAN Security - Authentication

• • • • • •

This process requires a client to present credentials in order to use the network. Most common is a username and password, but for a wireless network, this is handled differently. Because the transaction is wireless and can be “heard” by anyone, the authentication is done before connecting. Three (3) types of Authentication: –Open Used for Public Networks Networks where another method of authentication is used. –PSK –EAP


Wireless LAN Security - Authentication PSK (Pre-Shared Key)

EAP (Extensible Authentication Protocol)

Both client and AP are configured with a shared key

Authentication is 2-way

Password is encrypted by client using shared key, then sent to AP, where it is decrypted using the same key.

Client communicates through AP to (usually) a RADIUS server which has list of authorized users and clients.

Doesn’t authenticate AP or User, only one way

Client communicates through AP to (usually) a RADIUS server which has list of authorized users and clients.


Wireless LAN Security – Data Encryption • Use of Wireless Authentication –Authentication can prevent unauthorized users from accessing WLAN, but data is still transmitted to anyone with a receiver. –Encryptions methods were developed to encrypt wireless communications to prevent snooping by outsiders. • Two (2) main encryption methods: –WEP (Wired Equivalency Protocol) –WPA (Wi-FI Protected Access)


Wireless LAN Security – Data Encryption WEP (Wired Equivalency Protocol) –Uses pre-configured 64, 128, or 256 bit keys to encrypt data before transmission. –WEP keys are just a string of letters or numbers and can also be automatically generated using a passphrase. –WEP is not a secure protocol and can easily be cracked by a knowledgeable wireless hacker.

WPA (Wi-Fi Protected Access) –Also uses a 64 to 256 encryption key. –WPA doesn’t always use the same key, but generates new, dynamic keys each time a client connects. –WPA is considered the current standard of encryption for wireless networks.


Wireless LAN Security – Traffic filtering Allows control of traffic types sent across WLAN • Blocks undesirable traffic from entering or leaving network • Filtered using –MAC Addresses –IP Addresses –Port Numbers

Chapter 5 part 2  
Read more
Read more
Similar to
Popular now
Just for you