Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless LAN, WLAN Security, and VPN

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Wireless LAN, WLAN Security, and VPN"— Presentation transcript:

1 Wireless LAN, WLAN Security, and VPN
麟瑞科技 台南辦事處 技術經理 張晃崚

2 WLAN & VPN FAQ What is WLAN?802.11a?802.11b?802.11g?
Which standard (product) should we use? How to deploy WLAN? How to block intruders? How to authenticate users? How to keep data secure? What is roaming? How to provide a fast path for some VIP users? How to exchange data securely between offices?

3 Agenda Introduction to Wireless LAN WLAN deployments
WLAN security issues WLAN security solutions VPN solutions

4 Agenda Introduction to Wireless LAN WLAN deployments
WLAN security issues WLAN security solutions VPN solutions

5 What is Wireless Network
802.11x standards (Wi-Fi) Cell phones Bluetooth HomeRF Fixed Broadband wireless, IEEE Mobile broadband Optical point-to-point wireless

6 What is Wireless LAN IEEE 802.11-based networks
Bluetooth is regarded as a PAN (Personal Area Network) Need Wireless NIC and Access Point(AP)

7 Wireless LAN vs. Wired LAN
Media Access CSMA/CA CSMA/CD -10 Bit error rate 0.1% 10 Duplex half half/full Speed slow fast Throughput Reduce 50-60% N/A

8 Wireless LAN vs. Wired LAN
All 802 WLANs employ handshaked transmission to compensate WLAN just like PUSH-to-TALK radio WLAN will be a step backward: slower speed, half duplex, shared media. BUT, gain FREEDOM AP usually is a Layer 2 bridge (between wired LAN and wireless LAN) Spanning Tree Protocol issue

9 Distance for half speed
Wireless LAN Standards 802.11b 802.11a 802.11g Frequency 2.4 GHz 5 GHz 2.4 GHz Channel 3 8 3 Max speed 11Mbps 54Mbps 54Mbps Real throughput 4-6 Mbps 22-27 Mbps 22-27 Mbps Interference Yes No Yes Distance for max speed ft. 1-2 ft. ft. ft. 60 ft. ??? ft. Distance for half speed Maturity Very mature Early No product

10 802.11b+ IEEE 802.11g will be finalized in May 2003
Not a formal IEEE specification Texas Instruments (TI) applied PBCC to enable 22Mbps data rate Interoperable with b device at 11Mbps Must use TI’s chip to enable 22Mbps

11 Other 802.11x standard 802.11d: Multiple regulatory domains
802.11e: QoS 802.11f: Inter-Access Point Protocol (IAPP) 802.11h: Dynamic Frequency Selection(DFS) and Transmit Power Control (TPC) 802.11i: Security

12 Which Technology should you use?
Decision should be based on requirements of system/users User bandwidth requirements User density Overall implementation cost Upgrade requirements Client availability Client platform features

13 Agenda Introduction to Wireless LAN WLAN deployments
WLAN security issues WLAN security solutions VPN solutions

14 Typical WLAN Topologies
Wireless “Cell” Wireless “Cell” Channel 1 Channel 6 LAN Backbone Access Point Access Point Wireless Clients Wireless Clients

15 Wireless Repeater Topology
Wireless Repeater “Cell” Channel 1 LAN Backbone Channel 1 Access Point Access Point Wireless Clients

16 Hot Standby LAN Backbone Monitored AP Standby AP Wireless Clients

17 Multi-rate Implementations
2 Mbps 5.5 Mbps 11 Mbps

18 Vendor Offering Higher and variable transmission power
External antennas Little throughput degradation with encryption Line-power via the wired Ethernet cable Dual-band: b a AP load balancing Roaming between IP subnets Hot Standby AP VLAN support Lockable case Enhanced security features: 802.1x, i draft, etc.

19 Agenda Introduction to Wireless LAN WLAN deployments
WLAN security issues WLAN security solutions VPN solutions

20 WLAN Security Issues Wireless is like having an RJ45 jack in the parking lot Need to deny access to intruders Need to secure message with good encryption technology

21 WLAN Security Issues Managing the security side of you networks requires several things Protecting the ‘network’ from intruders Requires authentication for users Protecting the Wireless DATA from sniffers Requires some type of encryption Protecting you RF networks from being detected The ability to MANAGE you users credentials Includes WEP keys, users names, passwords, etc. Protecting your wireless infrastructure from improper configuration Required a good user manager interface on APs

22 WLAN Security Issues Managing the security side of you networks requires several things To dynamically assign user’s IP address, gateway, etc. Deploy DHCP server To let roaming users be authenticated by their original account and passwords Requires authentication roaming features for authentication servers

23 Agenda Introduction to Wireless LAN WLAN deployments
WLAN security issues WLAN security solutions VPN solutions

24 Authentication Techniques
Open System Authentication No security SSID Authentication SSID is broadcast in clear text form Can be obtained by snooping on traffic Shared key Authentication (WEP) Key stolen Employee leaves

25 Authentication Techniques
MAC address Authentication MAC is sent in clear form Can be obtained be snooping Attackers may change their MAC to match Not flexible and scalable 802.1x and Extensible Authentication Protocol (EAP) Secure not only client but also devices Only Windows XP and few vendors support this technique

26 Authentication Techniques
VPN client Authentication Does good authentication and encryption Variable authentication and encryption method to choose Need VPN client software installed Wireless Gateway Authentication No need to install any client software Pop up authentication window when initiating connection (use web browser) Easy to install and configure One wireless gateway for a subnet

27 Wireless Gateway Topology

28 Blocking Inter-client communication
PSPF—Publicly Secure Packet Forwarding Prevents WLAN inter-client communication Relies on MAC address Same subnet devices only

29 Encryption Techniques
Key Management Can be painful Requires a power tool to manage keys Easy to hack with well-know single key Key Rotation Changing the user’s key periodically Broadcast Key Rotation WEP Encryption 128 bit WEP IPsec

30 Encryption Techniques
IEEE i TKIP (Data Integrity) MIC (Data Integrity) AES (Encryption) Not yet complete

31 WLAN Security Solution Product
Wireless Gateway Bluesocket Vernier ReefEdge VPN Cisco VPN concentrator/router/client NetScreen Authentication Server Cisco ACS (RADIUS, TACACS, LEAP) RADIUS

32 WLAN Security Solution Product
Campus switch DHCP&AAA Server Wireless Gateway (Bluesocket) Or VPN Gateway (Cisco/NetScreen) Cisco Aironet 1100 (802.11b, 802.11g) Mobile IP VLAN Cisco Aironet 1200 (802.11a, 802.11b, 802.11g) External Antenna

33 Cisco Aironet 1200 AP Modular platform for single or dual band operation Field upgradeable radios Modular design enhances future upgrade ability Simultaneous dual radio operation 10/100 Ethernet LAN uplink

34 Cisco Aironet 1100 AP VLAN support 802.11b, g (2.4 GHz)

35 Bluesocket Wireless Gateway

36 Agenda Introduction to Wireless LAN WLAN deployments
WLAN security issues WLAN security solutions VPN solutions

37 Extend Connectivity Increased Bandwidth
VPN Type and Applications Type Application As Alternative To Benefits Remote Access VPN Dedicated Dial ISDN Remote Dial Connectivity Ubiquitous Access Lower Cost Site-to-Site Internal Connectivity Leased Line Frame Relay ATM Site-to-Site VPN Extend Connectivity Increased Bandwidth Lower Cost Biz-to-Biz External Connectivity Fax Mail EDI Extranet VPN Facilitates E-Commerce

38 VPN Type and Applications
Extranet Business Partner Central Site Mobile User POP Internet VPN DSL Cable Home Telecommuter Site-to-Site Remote Office

39 Microsoft Win 9x/NT (PPTP)
Remote Access VPN Cisco VPN Clients Microsoft Win 2000 (IPSec) Microsoft Win 9x/NT (PPTP) WAN Router PIX Firewall Cisco VPN 3000 Concentrator Cisco Secure ACS (AAA) Telecommuter Internet VPN POP Central Site Mobile Customer

40 Site-to-Site VPN Remote Campus Main Campus Remotel Campus Internet
Small Office/ Home Office

41 Extranet VPN ISP Network DMZ Corporate Intranet Remote Office Supplier
ISP Gateway Firewall Security Server Supplier ISP Network DMZ Corporate Intranet

Download ppt "Wireless LAN, WLAN Security, and VPN"

Similar presentations

Wireless Technology.

Wireless Technology.
Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.

Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.

1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.

LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
Allied Telesyn Wireless LAN Solutions AT-WL2411 Access Point AT-WR2411 Wireless LAN PCMCIA Card.

Allied Telesyn Wireless LAN Solutions AT-WL2411 Access Point AT-WR2411 Wireless LAN PCMCIA Card.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
VIRTUAL PRIVATE NETWORKS (VPN). GROUP MEMBERS ERVAND AKOPYAN ORLANDO CANTON JR. JUAN DAVID OROZCO.

VIRTUAL PRIVATE NETWORKS (VPN). GROUP MEMBERS ERVAND AKOPYAN ORLANDO CANTON JR. JUAN DAVID OROZCO.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems Communications and Networks Chapter 8.

Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems Communications and Networks Chapter 8.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Wi-Fi Structures.

Wi-Fi Structures.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN bridge.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN bridge.
Remote Networking Architectures

Remote Networking Architectures
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Virtual Private Network

Virtual Private Network
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Similar presentations

Ads by Google