Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Wireless LAN Management

advertisement 
Wireless LAN Management
w.lilakiatsakun
Topics
• Wireless LAN fundamental
– Link characteristic
– Band and spectrum
– IEEE 802.11 architecture /channel allocation
• Wireless LAN Solution
– Adhoc / infrastructure
– Load balancing /Extended Service Set (Roaming)
– Wireless repeater /bridge
• Wireless LAN Management
• Wireless LAN security
Wireless Link Characteristics
Differences from wired link ….
– decreased signal strength: radio signal
attenuates as it propagates through matter
(path loss)
– interference from other sources: standardized
wireless network frequencies (e.g., 2.4 GHz)
shared by other devices (e.g., phone); devices
(motors) interfere as well
– multipath propagation: radio signal reflects off
objects ground, arriving ad destination at
slightly different times
Transmission over wireless link induces loss and
error more often
Wireless network characteristics
A
B
A
C
B
Hidden terminal problem
• B, A hear each other
• B, C hear each other
• A, C can not hear each
other
means A, C unaware of their
interference at B
C
C’s signal
strength
A’s signal
strength
space
Signal fading:
• B, A hear each other
• B, C hear each other
• A, C can not hear each
other interfering at B
Unlicensed Spectrum
• ISM stands for Industrial Scientific and Medical
• Implementing ISM bands is different for
countries
Band
FCC-Freq.(us) ETSI-Freq.(Eu) Main Use
ISM-900
902-908MHz
890-906MHz
Food Process
ISM-2.4
2.4-2.4835GHz
2.4-2.5GHz
Microwave
Oven
ISM-5.8
5.725-5.850
GHz
5.725-5.875GHz
Medical
Scanner
ISM Band
• Only ISM-2.4 band is available for
every country
– Microwave oven
– Medical equipment
– Communication e.g. wireless LAN, Bluetooth
• But, it is too crowded
– Communication use “Spread Spectrum” to
avoid interference
IEEE 802.11 Wireless LAN
• 802.11b
– 2.4 GHz unlicensed radio spectrum
– Using CCK (Complementary Code Keying) to improve
data rate
– Backward compatible with DSSS system
– Not compatible with FHSS system
– Max. at 11 Mbps - Theoretical max capacity (raw data
rate)
– Max data rate is only 6 Mbps. (only short range and no
interference)
IEEE 802.11 Wireless LAN
• 802.11a
– 5 GHz range ,OFDM
– up to 54 Mbps (31 Mbps – Real throughput)
• 802.11g
– 2.4 GHz range - CCK-OFDM backward compatible
with IEEE 802.11b
– up to 54 Mbps (31 Mbps – Real throughput)
• All use CSMA/CA for multiple access
Wireless LAN standards
802.11 LAN architecture
• wireless host communicates
Internet
AP
hub, switch
or router
BSS 1
AP
BSS 2
with base station
– base station = access
point (AP)
• Basic Service Set (BSS) (aka
“cell”) in infrastructure mode
contains:
– wireless hosts
– access point (AP): base
station
– ad hoc mode: hosts only
IEEE 802.11: multiple access
• avoid collisions: 2+ nodes transmitting at same
•
time
802.11: CSMA - sense before transmitting
– don’t collide with ongoing transmission by other node
• 802.11: no collision detection!
– difficult to receive (sense collisions) when
transmitting due to weak received signals (fading)
– can’t sense all collisions in any case: hidden terminal,
fading
– goal: avoid collisions: CSMA/C(ollision)A(voidance)
IEEE 802.11 MAC Protocol: CSMA/CA
802.11 sender
1 if sense channel idle for DIFS then
transmit entire frame (no CD)
2 if sense channel busy then
start random backoff time
timer counts down while channel idle
transmit when timer expires
if no ACK, increase random backoff
interval, repeat 2
sender
receiver
DIFS
802.11 receiver
- if frame received OK return ACK after SIFS
data
SIFS
ACK
Avoiding collisions (more)
idea: allow sender to “reserve” channel rather than random
•
•
•
access of data frames: avoid collisions of long data frames
sender first transmits small request-to-send (RTS) packets to
BS using CSMA
– RTSs may still collide with each other (but they’re short)
BS broadcasts clear-to-send CTS in response to RTS
CTS heard by all nodes
– sender transmits data frame
– other stations defer transmissions
Avoid data frame collisions completely
using small reservation packets!
Collision Avoidance: RTS-CTS
exchange
A
AP
B
reservation collision
DATA (A)
time
defer
Channel partitioning in wireless
LAN
• With DSSS modulation technique, bandwidth
used for one channel is 22 Mbps
• In 2.4 GHz band , bandwidth is only 83 MHz
available
• So, we need 5 channel space for nonoverlapping channel
– Avoiding interference between each other
• Consider in frequency reuse and capacity
increment
Channel Allocation
Relationship between Data rate
and signal strength
802.11: Channels, association
• 802.11b: 2.4GHz-2.485GHz spectrum divided into
11 channels at different frequencies
– AP admin chooses frequency for AP
– interference possible: channel can be same as
that chosen by neighboring AP!
• host: must associate with an AP
– scans channels, listening for beacon frames
containing AP’s name (SSID) and MAC address
– selects AP to associate with
– may perform authentication
Interferences in wireless LAN
• Microwave oven – 2450 MHz (1000 watts)
– Around channel 7-10
• Bluetooth device (0.01 W)
• Cordless Phone
• Toys and etc
• Use Network Strumbler to show signal / noise
ratio on wireless LAN channels
Network Strumbler
Wireless Solution
• Adhoc
• Infrastructure
• Load balancing
• Connect wireless LAN without access point
• Extended Service Set
• Extend range with wireless repeater
• Wireless bridge
Ad hoc
• Configuration – set as Adhoc / Peer to peer
• Set BSSID and channel to use
Infrastructure
Load balancing
• 5 channel space
• Maximum 3 access
•
point assigned on
overlapped area
Channel 1 /6 /11
Connect wireless LAN without
access point
• Use a host act
as gateway
Extended Service Set
Support mobility
Extend range with Wireless
repeater
Wireless bridge
(Point to point link)
Wireless LAN Management
• WLAN Management may involves three
primary functions:
– Discovering the WLAN devices
– Monitoring the WLAN devices
– Configuring the WLAN devices
Discovering the WLAN devices
• ICMP, SNMP, Telnet, CLI, AP Scan, RF
Scan, CDP etc. are used to discover
devices in your WLAN.
• The dedicated RF sensors that come as
additional hardware components with WiFi
Manager perform the RF scan and discover
every element that is transmitting on the
air and ensures a 100% complete
discovery of WLAN devices.
Monitoring the WLAN devices (1/2)
• Threshold monitoring: Set threshold values for
key parameters and alerts you when the actual
values exceed the set threshold levels.
• Service monitoring: Monitors the services
running in the Access Points such as the web
service.
• Performance monitoring: Monitors the WLAN
devices for various parameters such as Tx/Rx
traffic and utilization, datarate, channel usage,
errors etc.
Monitoring the WLAN devices (2/2)
• Trap reception: Receive trap and alert the
operator
• Alarms: Show severity to every network
failure and generates alarms
• Email-based notification: Notifies operators
through email when a fault occurs
Configuring the WLAN devices
• It consists of
– AP configuration
– Firmware upgrade
• For management perspective, it can be
done as
– Group management
– Individual
Access Point Configuration
• AP basic configuration
• AP ACL configuration
• AP security configuration
• AP services configuration
AP basic configuration (1/2)
• SSID – service set identifier for the access point
• Allow broadcast SSID – enable/disable AP to
broadcast the SSID
• Allow auto channel select –enable/disable AP to
auto select the channel
• Channel – specify the channel at which the AP
•
operates (applicable only if allow autochannel
select is NO)
Name – name of the access point
AP basic configuration (2/2)
• System Location – sysLocation value of the
•
•
•
•
•
•
accesspoint
System Contact – sysContact value of the access
point
Use DHCP – enable/disable DHCP mode in AP
LAN IP –IP address of the AP (applicable only if
Use DHCP is NO)
Subnet Mask – mask value
Gateway IP – IP address of the gateway
DNS server IP – IP address of the DNS server
AP ACL configuration
• WLAN administrators can deny or allow
network access to wireless clients by
configuring the ACL settings in the access
points.
• Block – prevents access to specified MAC
addresses and allows others
• Pass through – allows only the specified
MAC addresses and blocks others
AP Security Configuration
• WEP – Encrypts data. provide WEP keys
• 802.1x – Enables user authentication.
– at least one RADIUS server is provided
• WPA – 802.1x + TKIP + dynamic key
distributionWPA PSK
– Uses pre-shared key instead of RADIUS
• Mixed mode – Allows both WPA as well as
non-WPA clients
AP Service Configuration
• Management services such as SNMP, HTTP,
Telnet, and NTP running in access points can
be configured.
• SNMP: Enable/Disable, Read/Read-Write
Community, Trap Destination/ Community,
Enable Trap Notifications
• HTTP: Enable/Disable, HTTP Port
• Telnet: Enable/Disable, Telnet Port
• NTP: Enable/Disable, NTP Server Address
Wireless LAN security
management (1/2)
• Common attack and vulnerability
– The weakness in WEP & key management & user
behavior
– Sniffing, interception and eavesdropping
– Spoofing and unauthorized access
– Network hijacking and modification
– Denial of Service and flooding attacks
Wireless LAN security
management (2/2)
• Security countermeasure
– Revisiting policy
– Analysis threat
– Implementing WEP
– Filtering MAC
– Using closed systems and Networks
– Securing user
The weakness in WEP & key
management & user behavior
• Several papers were published to show vulnerabilities
on WEP and tools to recover encryption key
– AirSnort (http://airsnort.shmoo.com)
– WEPCrack http://sourceforge.net/projects/wepcrack/
• IEEE 802.11 outline that the secret key used by WEP
needs to be controlled by external key management
– Normally, key management is done by user (define 4
different secret keys)
– RADIUS (Remote Dial-In User Service) not use in small
business or home users
The weakness in WEP & key
management & user behavior
• Users often operate the devices on default
configuration
– SSID broadcast – turn on
– Default password as a secret key
• 3com product – comcomcom
• Lucent product is the last five digit of network ID
Sniffing, interception and
eavesdropping
• Sniffing is the electronic form of
eavesdropping on the communications that
computer have across network
• Wireless networks is a broadcast (shared) link
• Every communication across the wireless
network is viewable to anyone who is listening
to the network
• Not even need to associated with the network
Sniffing tools
• All software packages will put network card in
•
promiscuous mode, every packet that pass its
interface is captured and displayed
Ethereal
– www.ethereal.com/
• OmniPeek
– http://www.wildpackets.com/products/omnipeek
• Tcpdump
– www.tcpdump.org/
• Ngrep
– http://ngrep.sourceforge.net/
Spoofing and unauthorized
access
• Spoofing- An attacker is able to trick your
network equipment into thinking that the
connection is from one of allowed machines
• Several way to accomplish
– Redefine MAC address to a valid MAC address
– simple Registry edit for windows
– On unix with a simple command from root shell
– SMAC (software packages on windows)
Network hijacking and
modification
• Malicious user able to send message to
routing devices and APs stating that their MAC
address is associated with a known IP address
• From then on, all traffic that goes through that
router (switch) destined for hijacked IP
address will be handoff to the hijacker
machine
• ARP spoof or ARP poisoning
Network hijacking and
modification
• If the attacker spoofs as the default gateway
– All machines trying to get to the network will
connect to the attacker
– To get passwords and necessary information
• Use of rogue AP
– To receive authentication requests and information
Denial of Service and flooding
attacks
• One of the original DoS attacks is known as a ping
flood
– A large number of hosts or devices to send and ICMP echo
to a specified target
• One of possible attack would be through a massive
amount of invalid or valid authentication requests.
– Users attempting to authenticate themselves would have
difficulties in acquiring a valid session
• If hacker can spoof as a default gateway, it can
prevent any machine from wireless network to
access the wired network
WLAN Security countermeasure
• Security countermeasure
– Revisiting policy
– Analysis threat
– Implementing WEP
– Filtering MAC
– Using closed systems and Networks
– Securing user
Revisiting policy
• Adjust corporate security policy to
accommodate wireless networks and the users
who depend on them
• Because of wireless environment
– no visible connection – good authentication
required
– Ease of capture of RF traffic – good policy should
not broadcast SSID and should implement WEP
– Not use default name or password in operating AP
devices
Analyzing the threat (1/2)
• Identify assets and the method of accessing
these from an authorized perspective
• Identify the likelihood that someone other
than an authorized user can access the assets
• Identify potential damages
– Defacement
– Modification
– Theft
– Destruction of data
Analyzing the threat (2/2)
• Identify he cost to replace, fix, or track the
loss
• Identify security countermeasures
• Identify the cost in implementation of the
countermeasures
– Hardware/software/personnel
– Procedures /limitations on access across the
corporate structure
• Compare costs of securing the resources
versus the cost of damage
Implementing WEP
• To protect data sniffing during session
• 128-bit encryption should be considered as a
minimum
– Most APs support both 40-bit and 128-bit
encryption
• WEP advantages
– All messages are encrypted so privacy is
maintained
– Easy to implement
– WEP keys are user definable and unlimited
Implementing WEP
• WEP disadvantages
– The RC4 encryption algorithm is a known stream
cipher can be broken
– Once the key is changed, it needs to be informed
to everyone
– WEP does not provide adequate WLAN security
• Only eliminate the curious hacker who lacks the means
or desire to really hack your network
– WEP has to be implemented on every client as
well as every AP to be effective
Filtering MAC
• To minimize the a number of attack
– More practical on small networks
• It can be performed at the switch attached to
the AP or on the AP itself
• MAC filtering advantages
– Predefined users are accepted/ filtered MAC do not
get access
• MAC filtering disadvantages
– Administrative overhead- large amount of users
– MAC address can be reprogrammed
Using closed systems and
networks
• Turn off broadcasting SSID, use proper
password (WEP)
• Select “close wireless system”
• Advantages
– AP does not accept unrecognized network
requests
– Preventing Netstrumbler snooping software
– Easy to implement
• Disadvantages
– Administration required for new users and changes
Securing users
• Educate the users to the threats and where
they are at risk
– How proper password is set ?
• Provide policies that enable them to
successfully secure themselves
– Change password on regular interval
– At least password length
• Create policies that secure user behind the
scenes
– Filtering traffic
Securing users
• Some of the rule sets that should be in place
with the respect to wireless 802.11
– No rogue access point
– Inventory all wireless cards and their
corresponding MAC address
– No antennas without administrative consent
– Strong password on wireless network devices
Other methods
•
•
•
•
•
VPN
WEP + RADIUS
WPA2 (Wi-Fi Protected Access)
WPA + RADIUS
802.1x
– EAP-MD5, LEAP (cisco), EAP-TLS, EAP-TTLS
• MAC +WPA + RADIUS
– Mahanakorn solution
Web recommendation
http://www.thaicert.nectec.or.th/paper/wireless/IEEE80211_4.php
802.11i
• Known As WPA2 and also called RSN (Robust
•
Security Network).
802.11i makes use of the Advanced Encryption
Standard (AES) block cipher, whereas WEP and
WPA use the RC4 stream cipher
• The 802.11i architecture contains the
following components:
– 802.1X for authentication
– RSN for keeping track of associations,
– AES-based CCMP to provide confidentiality
integrity and origin authentication.
802.1x (1/2)
• It provides an authentication mechanism
to devices wishing to attach to a LAN port.
• Either establishing a point-to-point
connection or preventing access from that
port if authentication fails.
• It is used for most wireless 802.11 access
points and is based on the Extensible
Authentication Protocol (EAP).
802.1x (2/2)
802.11n (new WLAN standard)
• To improve performance and security for WLAN
– Net bandwidth 248Mbps
– Operate both5 Ghz and 2.4Ghz band
• Technology changes:
– MIMO (Multiple input Multiple Output)
– Channel Bonding can simultaneously use two
separate non-overlapping channels to transmit data.
– Frame Aggregation
– Backward Compatibility
Related documents
Allowing others to connect to my DLINK wireless network
Allowing others to connect to my DLINK wireless network
WAEA
WAEA
ZigBee Based Intelligent Helmet for Coal Miners
ZigBee Based Intelligent Helmet for Coal Miners
Dr. Luk R. Arnaut
Dr. Luk R. Arnaut
Wireless structural health monitoring system(Literature review
Wireless structural health monitoring system(Literature review
wireless - Home and Learn
wireless - Home and Learn
Chapter 10
Chapter 10
CIS 464 Wireless Communications
CIS 464 Wireless Communications
Download
advertisement