Transcript Salwa Abdelrahim Samia Nur Eldayim Supervisor Prof. Cafatori

Northeastern Illinois University
Authors
Salwa Abdelrahim
Samia Nur Eldayim
Supervisor
Prof. Cafatori
Introduction
 Who are we ?
 What is the project about?
 Presentation highlights.
Wireless Networking
 What is Wireless Local Area Network
(WLAN)?
Differences between WLANs and
LANs




Privacy issues.
Connectivity issues.
Mobility.
National regulatory requirements.
Similarities between LAN and WLAN
 Same Ethernet standard.
 Share common network Protocols.
Why Wireless?





Mobility
Flexibility
Ease and Speed of Deployment
Cost Saving
Scalability
Wireless Local Area Network
(WLAN) Standards
IEEE 802.11 Standard.
What Exactly Does 802.11 Define?
IEEE WLAN Standards.
Decision on Which WLAN Hardware is
Best.
 Update on New Standards.




802.11 a/b/g
802.11b
802.11a
802.11g
Frequency
2.4 GHz
5 GHz
2.4 GHz
Maximum link speed
11 Mbps
54 Mbps
54 Mbps
Typical link speed
4-5 Mbps
20 Mbps
20 Mbps
Optimal throughput
6 Mbps
32 Mbps
32 Mbps
Coverage (inside)
300-500 ft
100-164 ft
300-500 ft
Strengths
Less expensive, most widely
installed base
Faster than 802.11b, less
interference
Faster than and compatible
with 802.11b, price going
down
Weaknesses
Limited bandwidth,
interference
Expensive, not compatible
with 802.11b and 802.11 g,
shorter range
Less devices to choose from,
more expensive, interference
Security options





MAC filtering
Disabled clients
Local authentication
Radius authentication
Access control list
Security strategy






open Authentication
pre- shared key authentication (WEP)
web authentication
public key infrastructure (PKI)
802.1X
WI-FI protected access authentication:
 WPA
 WPA2 (802.11i)
WEP vs WPA
Encryption
Authentication
WEP
WPA
Flawed, cracked by
scientist and hackers
Fixes all WEP flaws
40-bit keys
128-bit keys
Static- same key used by
every one on the network.
Dynamic session keys. Per
user, per session, per
packet keys.
Manual distribution of
keys- hand typed into each
device.
Automatic distribution of
keys
Flawed, used WEP key
itself for authentication
Strong user authentication,
utilizing 802.1x and EAP.
WPA vs WPA2
WPA
WPA2
Enterprise mode (Business
and Government)
Authentication: IEEE
802.1x /EAP
Encryption: TKIP /MIC
Authentication: IEEE
802.1x /EAP
Encryption: AES-CCMP
Personal Mode
(SOHO/personal)
Authentication: PSK
Encryption: TKIP /MIC
Authentication: PSK
Encryption: AES-CCMP
Open Area Vs Closed area.
 802.11 signal range in a free space
incur minimum or no loss e.g. a
warehouse.
 Caution is needed when there are
some obstructions in the area e.g.
campus buildings.
 Loss of 3 db means half of the
transmission has been lost.
Obstruction loss of 3.0 DB or more
Partition
Loss (DB)
Fixed walls
3.00
Metal partitions
5.00
Exterior walls
10.00
Basement walls
20.00
WLAN Setup steps
Define Requirements.
Design.
Perform site survey.
Deployment.
Improve the network based site
survey results.
 Periodic site survey.





Deployment
Site Survey
 Preliminary plan.
 System requirements.
 Analysis features:
- Access point location.
- Signal strength.
- Strongest Access point.
- SNR.
- Interference.
- Transmission Speed.
- Signals at channels.
- Access point placement tips.
- Access point count.
Received signal strength intensity
Campus Project
 Available Technologies in the market e.g.
Cisco, Alcatel, Aruba, etc.
 Why did we choose Alcatel Technologies.
 Components Required:
-Existing network infrastructure.
DHCP, AAA,DNS,VPN.
-Clients (PC, PDA, Handset, etc).
-Access points.
- WLAN switches.
Access points (AP) mounting
considerations
 Mount AP standing or hanging either
straight up or down and above
obstructions.
 Consider the antenna gain when
mounting for proper radio orientation.
 Mount AP in the same location as
clients.
Continue AP mounting
 Position AP in the center of covered
area.
 Do not position the AP more than 140
feet apart or higher than 16 feet.
 Do not mount the AP within 3 feet of
any metal obstruction e.g. metal
ducts, electric conduit, water pipes,
elevator shafts and metal walls.
AP Approach to contain
Vulnerability and unauthorized
access
 Avoid placing AP against exterior
walls or windows to avoid leak.
 Reduce the broadcast strength of AP
to keep within the area of coverage
and avoid parking lot coverage.
 Change the default SSID and allow
AP’s to broadcast their SSID.
 Change default management
password on AP’s.
Steps and tools for WPA and WPA2
Deployment
1.
2.
3.
4.
5.
6.
7.
Security mechanism and credentials.
User authentication database.
Client operating system.
Supplicants.
EAP types.
Authentication server.
Access points and clients NIC card.
Switch administration
 Switch features.
 Switch configuration management.
 Using CLI.
 Using switch web interface.
Monitor Menu
Wlan Menu
 New SSID being created
Conclusion
Designing a wireless network is not an
easy task. Many wireless attributes should
be considered throughout the design
process:
 Following the steps needed to setup a
wireless local area network.
 Making the right decision in choosing the
appropriate hardware and software which
are suitable to the coverage area.
Cont,
 As wireless regulations continually
change it is important to reference
the activities of the regularity
committees before designing WLAN,
nationally this include the Federal
Communications Commission (FCC)
and National Telecommunications and
Information Administration (NTIA).
Cont,
 WPA enhances data protection and
access control on existing and future
WI-FI wlan.
 WPA2 provides improved encryption
with AES and a high level of
assurance.
 WPA2 able to meet government and
enterprise security requirements.
Recommendations
 Alcatel with POE.
 Deploy Wlan in NEIU using WPA and
WPA2.
 Periodic site survey.
 Documentations for deployment and
trouble shouting.
 Implement the complete site survey
recommendations for AP count.
References








Alcatel internetworking,Inc. Omni Access 4000/4100 introduction, installation,
administration and maintenance Student guide 2.0.2
Arunesh Mishra, William A.Arbaugh, An initial security Analysis of the
IEEE802.1x standard, 6 Feb 2002
Jeffrey Wheat, Designing a wireless network Mattbews.Gast,802.11 wireless
network
www.cisco.com, wi fi protected access,WPA2 and IEEE 802.11i
www.wi-fi.org, Deploying wi fi protected access (WPA) and (WPA2) IN
THE
Enterprise, March 2005
www.wi-fi.org, Enterprise solutions for wireless LAN security , wi-fi Alliance Feb
6 2003
www.wi-fi.org , wi-fi protected access, strong standards-based, interoperable
security for today wi-fi networks , wi-fi Alliance April 29,2003
15 www.wi-fi.org/open section/secure.asp TID = 2 wi-fi security
Questions?