Transcript Wi-Fi

Wi-Fi
• Wi-Fi (short for “Wireless Fidelity") is the popular term for a highfrequency wireless local area network (WLAN)
– Promoted by the Wi-Fi Alliance (Formerly WECA - Wireless
Ethernet Carriers Association)
• Used generically when referring to any type of 802.11 network,
whether 802.11a, 802.11b, 802.11g, dual-band, etc. The term is
promulgated by the Wi-Fi Alliance
• Wi-Fi users can roam from their networks to cellular networks. For
example, let users begin working at an airport on a laptop via a Wi-Fi
hotspot and then continue via a cellular network until they get to their
office and can switch to a traditional LAN.
• Business networking no longer happens just in offices. It occurs in
coffee shops, airports, hotels, and convention centers. Thus, as Wi-Fi
equipped laptops and PDAs become commonplace, the demand for
public Wi-Fi access points—also called hotspots—will grow.
Wi-Fi
• Wi-Fi standards use the Ethernet protocol and
CSMA/CA (carrier sense multiple access
with collision avoidance) for path sharing
• The 802.11b (Wi-Fi) technology operates in
the 2.4 GHz range offering data speeds up to
11 megabits per second.
Wi-Fi Channels
• If two access points that use the same RF channel are too close, the
overlap in their signals will cause interference, possibly confusing
wireless cards in the overlapping area.
• To avoid this potential scenario, it is important that wireless
deployments be carefully designed and coordinated.
• It is also critical to make sure that deployment does not cause
conflicts with other pre-existing wireless implementations.
Three channels on a single floor
Wireless LAN Topology
• Wireless LAN is typically deployed as an extension of an
existing wired network as shown below.
What is 802.11?
• 802.11 refers to a family of specifications developed
by the IEEE for wireless LAN technology. 802.11
specifies an over-the-air interface between a wireless
client and a base station or between two wireless
clients.
• The IEEE accepted the specification in 1997.
802.11 Standards
802.11
The original WLAN Standard. Supports 1 Mbps to 2 Mbps.
802.11a High speed WLAN standard for 5 Ghz band. Supports 54 Mbps.
802.11b WLAN standard for 2.4 Ghz band. Supports 11 Mbps.
802.11e Address quality of service requirements for all IEEE WLAN radio
interfaces.
802.11f Defines inter-access point communications to facilitate multiple
vendor-distributed WLAN networks.
802.11g Establishes an additional modulation technique for 2.4 Ghz
band. Intended to provide speeds up to 54 Mbps. Includes
much greater security.
802.11h Defines the spectrum management of the 5 Ghz band for use in
Europe and in Asia Pacific.
802.11i
Address the current security weaknesses for both authentication
and encryption protocols. The standard encompasses 802.1X,
TKIP, and AES protocols.
Ad Hoc Network
• An ad hoc network or an IBSS consists of stations within mutual
communication range of each other via the wireless medium.
• Such a network is created spontaneously, without preplanning, for ad
hoc temporary situations with limited needs to access the Internet.
• If a station moves out of its IBSS, meaning out of range, it can no
longer communicate with the other IBSS members.
Infrastructure Network
• The infrastructure network or BSS includes an access point (AP) in
addition to the stations. This AP acts as the BSS arbitrator, meaning
that the AP will handle all the BSS traffic.
• The AP integrates the BSS within the distribution network. For
example, all traffic between the BSS participants and the Internet will
be delivered through the AP.
Distribution System
• The distribution system provides mobility by connecting access points.
When a frame is given to the distribution system, it is delivered to the
right access point and relayed by that access point to the intended
destination.
Most access points currently on the market operate as bridges. They
have at least one wireless network interface and at least one Ethernet
network interface.
The Ethernet side can be connected to an existing network, and the
wireless side becomes an extension of that network. Relaying frames
between the two network media is controlled by a bridging engine.
Distribution System
• The access point has two interfaces connected by a bridging engine.
Arrows indicate the potential paths to and from the bridging engine.
• Each associated station can transmit frames to the access point. Finally,
the backbone port on the bridge can interact directly with the backbone
network.
Inter-access point protocol
• A wireless station is associated with only one access point at a time. If
a station is associated with one access point, all the other access points
in the ESS need to learn about that station.
• In Figure, AP4 must know about all the stations associated with AP1.
If a wireless station associated with AP4 sends a frame to a station
associated with AP1, the bridging engine inside AP4 must send the
frame over the backbone Ethernet to AP1 so it can be delivered to its
ultimate destination
Network Boundaries
• Because of the nature of the wireless medium, 802.11 networks have
fuzzy boundaries. In fact, some degree of fuzziness is desirable.
•
A station moving from BSS2 to BSS4 is not likely to lose
coverage; it also means that AP3 (or, for that matter, AP4)
can fail without compromising the network too badly. On
the other hand, if AP2 fails, the network is cut into two
disjoint parts, and stations in BSS1 lose connectivity when
moving out of BSS1 and into BSS3 or BSS4.
Network services
Service
Station or distribution
service?
Description
Distribution
Distribution
Service used in frame delivery to determine destination address
in infrastructure networks
Integration
Distribution
Frame delivery to an IEEE 802 LAN outside the wireless
network
Association
Distribution
Used to establish the AP which serves as the gateway to a
particular mobile station
Reassociation
Distribution
Used to change the AP which serves as the gateway to a
particular mobile station
Disassociation
Distribution
Removes the wireless station from the network
Authentication
Station
Establishes identity prior to establishing association
Deauthentication
Station
Used to terminate authentication, and by extension, association
Privacy
Station
Provides protection against eavesdropping
MSDU delivery
Station
Delivers data to the recipient
Mobility Support
• Stations continuously monitor the signal strength and quality from all
access points administratively assigned to cover an extended service area.
Within an extended service area, 802.11 provides MAC layer mobility.
• When the laptop moves out of AP1's basic service area and into AP2's at
t=2, a BSS transition occurs. The mobile station use the reassociation
service to associate with AP2, which then starts sending frames to the
mobile station.
Mobility Support
•
An ESS transition refers to the movement from one ESS to a second distinct
ESS. 802.11 does not support this type of transition, except to allow the station
to associate with an access point in the second ESS once it leaves the first.
• Maintaining higher-level connections requires support from the
protocol suites in question. In the case of TCP/IP, Mobile IP is required
to seamlessly support an ESS transition.
RF Link Quality
• On a wired Ethernet, it is reasonable to transmit a frame and assume
that the destination receives it correctly. Radio links are different,
especially when the frequencies used are unlicensed ISM bands
• In addition to the noise, multipath fading may also lead to situations in
which frames cannot be transmitted because a node moves into a dead
spot.
• Unlike many other link layer protocols, 802.11 incorporates positive
acknowledgments. All transmitted frames must be acknowledged, as
shown in Figure 3-1. If any part of the transfer fails, the frame is
considered lost.
The Hidden Node Problem
• In the figure, node 2 can communicate with both nodes 1 and 3, but
something prevents nodes 1 and 3 from communicating directly.
• The obstacle itself is not relevant; it could be as simple as nodes 1 and
3 being as far away from 2 as possible, so the radio waves cannot
reach the full distance from 1 to 3.
• From the perspective of node 1, node 3 is a "hidden" node. If a simple
transmit-and-pray protocol was used, it would be easy for node 1 and
node 3 to transmit simultaneously, thus rendering node 2 unable to
make sense of anything.
• Furthermore, nodes 1 and 3 would not have any indication of the error
because the collision was local to node 2.
The Hidden Node Problem
• In Figure , node 1 has a frame to send; it initiates the process by
sending an RTS frame. If the target station receives an RTS, it
responds with a CTS.
• Once the RTS/CTS exchange is complete, node 1 can transmit its
frames without worry of interference from any hidden nodes.
• The multiframe RTS/CTS transmission procedure consumes a fair
amount of capacity, especially because of the additional latency
incurred before transmission can commence.
• RTS/CTS procedure by setting the RTS threshold if the device driver
for your 802.11 card allows you to adjust it.
Passive Scanning
• Passive scanning saves battery power because it does not require
transmitting.
• In the passive scanning procedure, the station sweeps from channel to
channel and records information from any Beacons it receives
• Beacons are designed to allow a station to find out everything it needs
to match parameters with the basic service set (BSS) and begin
communications
Active Scanning
• Move to the channel and wait for either an indication of an incoming
frame or for the ProbeDelay timer to expire
• If the medium was never busy, there is no network. Move to the next
channel.
• In infrastructure networks, the access points transmit Beacons and thus
are also responsible for responding to itinerant stations searching the
area with Probe Requests.
IBSSs may pass around the responsibility of sending Beacon frames, so
the station that transmits Probe Response frames may vary.
Joining
• After compiling the scan results, a station can elect to join one of the
BSSs. Joining is a precursor to association
• Choosing which BSS to join is an implementation-specific decision
and may even involve user intervention.
• Common criteria used in the decision are power level and signal
strength.
Open-System Authentication
•
In open-system authentication, the access point accepts the mobile
station at face value without verifying its identity.
Shared-Key Authentication
• Shared-key authentication makes use of WEP and therefore can be
used only on products that implement WEP.
Preauthentication
• Stations can authenticate with several access points during the scanning
process so that when association is required, the station is already
authenticated.
• As a result of preauthentication, stations can reassociate with access
points immediately upon moving into their coverage area, rather than
having to wait for the authentication exchange.
Association
• Once a mobile station has authenticated to an access point, it can issue
an Association Request frame.
• When the association request is granted, the access point responds with
a status code of 0 (successful) and the Association ID (AID). The AID
is a numerical identifier used to logically identify the mobile station to
which buffered frames need to be delivered
Basic 802.11 Security
• MAC filters
– Some APs provide the capability for checking the MAC
address of the client before allowing it to connect to the
network.
– Using MAC filters is considered to be very weak security
because with many Wi-Fi client implementations it is possible
to change the MAC address by reconfiguring the card.
– An attacker could sniff a valid MAC address from the wireless
network traffic .
Recommended 802.11 Security Practices
Change the default password for the Admin account
SSID
•
•
•
•
•
•
•
•
Change the default
Disable Broadcast
Make it unique
If possible, Change it often
Enable MAC Address Filtering
Enable WEP 128-bit Data Encryption. Please note
that this will reduce your network performance
•
•
•
•
Use the highest level of encryption possible
Use a “Shared” Key
Use multiple WEP keys
Change it regularly
WEP – What?
• WEP (Wired Equivalent Privacy) referring to the intent to
provide a privacy service to wireless LAN users similar to
that provided by the physical security inherent in a wired
LAN.
• WEP is the privacy protocol specified in IEEE 802.11 to
provide wireless LAN users protection against casual
eavesdropping.
Overview of WEP Parameters
• Before enabling WEP on an 802.11 network, you must first consider
what type of encryption you require and the key size you want to use.
Typically, there are three WEP Encryption options available for 802.11
products:
– Do Not Use WEP: The 802.11 network does not encrypt data. For
authentication purposes, the network uses Open System Authentication.
– Use WEP for Encryption: A transmitting 802.11 device encrypts the data
portion of every packet it sends using a configured WEP Key. The
receiving device decrypts the data using the same WEP Key. For
authentication purposes, the wireless network uses Open System
Authentication.
– Use WEP for Authentication and Encryption: A transmitting 802.11
device encrypts the data portion of every packet it sends using a configured
WEP Key. The receiving 802.11 device decrypts the data using the same
WEP Key. For authentication purposes, the 802.11 network uses Shared
Key Authentication.
• Note: Some 802.11 access points also support Use WEP for
Authentication Only (Shared Key Authentication without data
encryption).
IV Key Hashing/Temporal Key
WEP Encryption Today
IV
BASE KEY
PLAINTEXT DATA
RC4
XOR
STREAM CIPHER
CIPHERTEXT DATA