WIRELESS NETWORKS
OBJECTIVES Define terms associated with wireless networks. Explain strengths and weaknesses of various wireless mediums. Discuss the hardware necessary to build a wireless network. Understand the two basic modes of WLAN operation. Discuss the importance of wireless security. Explain several methods/tools available to harden wireless networks.
Intro to 802.11 What is wireless? Infrared Data Association (IrDA) Bluetooth Satellite Wi-fi
IrDA Uses infrared light Very short range PANs only Requires a direct line-of-sight (LOS) from sender to receiver Much more secure than RF transmissions in most cases due to the LOS requirement 2.4 kbit/s to 1 Gbit/s Newer implementations are very fast—sub-second time to transfer a picture! Source: http://www.usbgear.com/usb-irda.cfm PAN: Personal Area Network
Bluetooth Bluetooth is a wireless technology for short-range (max of 100 meters) PANs Bluetooth provides a way to connect and exchange information between devices such as mobile phones, laptops, PC’s, printers, digital cameras and video game consoles. Uses short wavelength radio transmissions Originally designed to wirelessly replace RS-232 cables Source: 1. http://en.wikipedia.org/wiki/Bluetooth 2. http://www.simplesat.co.uk/index.php?main_page=product_info&products_id=17 3. http://en.wikipedia.org/wiki/File:Bluetooth_headset.jpg RS-232: Serial standard. Shown is a Serial cable.
Satellite Communication Expensive! Time delay Maybe the only path for data you have Ship Remote Locations
Intro to 802.11 The “Governing” bodies Institute of Electrical and Electronics Engineers (IEEE) Regulate the standards that drive IEEE 802.11 devices http://www.ieee.org/portal/site Federal Communications Commission (FCC) Regulates and sets rules for numerous radio wave technologies, including WLANs! http://www.fcc.gov/
What is a wireless LAN? Same as wired LAN except: Different medium used to send data from one node to another. No wires! Layer 2 and below is different Data Link layer Coordinates access between nodes to a common medium and recovery from errors introduced during travel through the wireless medium. IEEE 802.11 Institute of Electrical and Electronics Engineers a, b, g, n Oldest (a) to newest standard (n) Wi-Fi Superset of IEEE 802.11 Typically--means the same thing as IEEE 802.11 Source: http://www.ciscopress.com/articles/article.asp?p=344242&seqNum=2
Intro to 802.11 Standard Year* Frequency Max Data Rate Security Backwards Compatible? 802.11 1997 2.4 GHz 2 Mbps WEP N/A 802.11a 1999 5 GHz 54 Mbps WEP and WPA N 802.11b 11 Mbps Y** (802.11) 802.11g 2003 Y** (802.11,b) 802.11i 2004 2.4 & 5 GHz --- WPA2 Y (a, b, g) 802.11n 2009 300+ Mbps WPA and WPA2 Y**(a, b, g) Source: http://www.ieee802.org/11/ *Year first ratified, as 802.11 is now known as 802.11-1997 (802.11 legacy) **Although each standard is backwards compatible with previous standards, throughput may be limited by the older standard in use
802.11 Frame Source: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_11-4/114_wifi.html
Hardware Station Wireless Network Interface Card (WNIC) Any wireless device that can be connected to a network Needs a WNIC to function Wireless Network Interface Card (WNIC) Also called a wireless network adapter Connects your station (computer) to the wireless network Every computer on a wired network has a NIC as well Most laptops have NIC’s that are compatible with both IEEE 802.11 AND Ethernet Wireless router/access point (AP) Typically connected via wire to the internet Connects stations to the internet via some wireless medium
Hardware Bridges Used to connect sections of wired Ethernet Most commonly Point-to-Point Other varieties exist: Point-to-Multipoint Wireless Workgroup Bridge Clients usually can’t connect with a bridge, but can to a WWGB Source: http://img.zdnet.com/techDirectory/WLESBRIG.GIF
Hardware Repeaters Re-transmits signal from the primary AP Source: http://www.microsoft.com/library/media/5129/nz/digitallife/images/need/tips_to_improve_your_wireless_network_4.jpg
Architecture Basic Service Set (BSS) One access point, along with all the stations that are connected to that access point Basic Service Set ID (BSSID) “MAC address of the AP servicing the BSS” (1) Router/access point broadcasts an SSID (Service Set Identifier) Name of your wireless LAN Plain text When a router/AP advertises its SSID Stations can “find” or “see” your network when not connected Can turn SSID advertising on/off at the router/AP Source: 1. http://en.wikipedia.org/wiki/Wireless_LAN#Basic_service_set 2. http://en.wikipedia.org/wiki/Service_set_%28802.11_network%29
Infrastructure Mode Internet AP hub, switch or router AP BSS 1 BSS 2
Architecture Extended Service Set (ESS) One or more BSS’s connected together Common SSID Two major modes of WLAN operation Infrastructure What we’ve described so far (home/office wireless LAN) One or more router(s)/AP(s) that connect stations to the internet Ad-hoc Sometimes called peer-to-peer (P2P) Stations connect to each other when “in range” No connection to an AP/router This station-only BSS, called an IBSS or Independent BSS cannot connect to other BSS’s Examples: wireless sensor networks Group of employees with laptops convene for a meeting; employees link computers in a temporary network for duration of meeting
Wireless Security Why is it important? The accessibility of wireless networks make them juicy/visible targets Access to a wireless network can lead to: Access to the nodes on the LAN Access to the wired network behind the AP that is servicing a given BSS
Wireless Security Wireless Security Measures: SSID Cloaking MAC Filtering 802.11 Encryption VPN Wireless Intrusion Prevention System (WIPS) RF Shielding Many others Source: http://en.wikipedia.org/wiki/Wireless_security
Wireless Security Service Set Identifier (SSID) Cloaking Stops router/AP from advertising network name Windows clients and Netstumbler will not detect the wireless network Stations must request to join the WLAN with the correct SSID (like a secret door hidden behind a bookshelf, that only opens when you pull on the right book) If a cracker doesn’t know your LAN is there, they will not try to break in!
Wireless Security Media Access Control (MAC) Filtering Restricts which clients can link to the AP based on MAC address Not easy to implement on large networks Must type all MAC addresses with access into a list stored in the AP/router
Wireless Security 802.11 Encryption None WEP40 WEP104/128 WEP+ WPA-PSK “Weakest to Strongest”* None WEP40 WEP104/128 WEP+ WPA-PSK WPA2-PSK WPA Enterprise WPA2 Enterprise *In the most secured standalone state. In some cases, it is easier to attack WPA-PSK networks than WEP40 networks. Source: http://luxsci.com/images/extranet/info/BrokenLock.gif PSK: Pre-Shared Key
Wireless Security Wired Equivalent Privacy (WEP) Designed as a basic, low tradeoff (throughput vs. security) encryption Two mainstream flavors 64-bit 128-bit Not suitable for securing a WLAN segment anymore Relies on a single shared key among users 24 bit key has a 50% probability of repeating every 5000 packets Can be broken by sniffing < 10 min of traffic Takes only a few seconds if you utilize packet injection
Wireless Security Wi-fi Protected Access (WPA) Two mainstream flavors Designed as an upgrade over WEP 48 bit key versus 24 bit key Sequence Counter Added (so you can’t “replay” data without knowing count) Actual key is not used for each packet Derived from actual key Two mainstream flavors Pre-Shared Key (PSK) Ideal for the small office and home user Strong pass-phrase can make network pretty impenetrable Enterprise Requires an external authentication server (i.e. Radius) Complex setup Typically only used in large companies/government organizations
Wireless Security Wi-fi Protected Access v2 (WPA2) Common name for the 802.11i RSN Uses Advanced Encryption Standard (AES) instead of RC4 (Rivest Cipher 4) But still allows for RC4 backwards compatibility Two mainstream flavors Pre-Shared Key (PSK) Enterprise
Wireless Security Virtual Private Network (VPN) Designed to protect switched networks at Layer 3. Does not protect WLANs at Layer 1 or Layer 2 Fairly secure if “split tunneling” is disabled. If disabled, the user cannot access the internet through his/her local connection while logged into the VPN Source: http://law.gsu.edu/technology/images/wireless-vpn.gif
Wireless Security Wireless Intrusion Prevention System (WIPS) “A network device that monitors the radio spectrum for the presence of unauthorized APs (intrusion detection), and can automatically take countermeasures (intrusion prevention)” (2) RF Shielding “Special paint or film (for windows) that attenuates wireless signals” (1) Source: 1. http://en.wikipedia.org/wiki/Wireless_security 2. http://en.wikipedia.org/wiki/Wireless_Intrusion_Prevention_System
OBJECTIVES Define terms associated with wireless networks. Explain strengths and weaknesses of various wireless mediums. Discuss the hardware necessary to build a wireless network. Understand the two basic modes of WLAN operation. Discuss the importance of wireless security. Explain several methods/tools available to harden wireless networks.