Presentation is loading. Please wait.

Presentation is loading. Please wait.

BZUpages.com “In the name of ALLAH, most Beneficent and Merciful”

Published byBruno Bond Modified over 9 years ago

Similar presentations

Presentation on theme: "BZUpages.com “In the name of ALLAH, most Beneficent and Merciful”"— Presentation transcript:

1 BZUpages.com “In the name of ALLAH, most Beneficent and Merciful”

2 BZUpages.com Technology ON

3 BZUpages.com Group Members Taha Khan Taha Khan Danish Hussain Danish Hussain Saleem Qadeer Saleem Qadeer Farrukh Ali Farrukh Ali Imran Khan Imran Khan Shah Mehmood Shah Mehmood

4 BZUpages.com Contents Introduction Wi-Fi Technologies Wi-Fi Architecture & Types Wi-Fi Network Elements How a Wi-Fi Network Works Wi-Fi Network Topologies Wi-Fi Configurations Applications of Wi-Fi Wi-Fi Security Advantages/ Disadvantages of Wi-Fi

5 Introduction Wireless Technology is an alternative to Wired Technology, which is commonly used, for connecting devices in wireless mode. Wireless Technology is an alternative to Wired Technology, which is commonly used, for connecting devices in wireless mode. Wi-Fi (Wireless Fidelity) is a generic term that refers to the IEEE 802.11 communications standard for Wireless Local Area Networks (WLANs). Wi-Fi (Wireless Fidelity) is a generic term that refers to the IEEE 802.11 communications standard for Wireless Local Area Networks (WLANs). Wi-Fi Network connect computers to each other, to the internet and to the wired network. Wi-Fi Network connect computers to each other, to the internet and to the wired network.

6 BZUpages.com What is Wi-Fi Wi-Fi or 802.11b/g is the wireless standard used for local area networks operating at 2.4GHz. Virtually every new laptop and mobile being sold today comes already equipped with a compatible wireless WiFi adapter. The WiFi dial-up wireless router is compatible with either 802.11b or 802.11g adapters and allows local network data transfers at speeds of up to 11Mbps (megabits per second). All Intel Centrino laptops as well as adapters marked 802.11a/g are compatible.

7 BZUpages.com The Wi-Fi Technology Wi-Fi Networks use Radio Technologies to transmit & receive data at high speed: IEEE 802.11b IEEE 802.11a IEEE 802.11g

8 IEEE 802.11b Appear in late 1999 Appear in late 1999 Operates at 2.4GHz radio spectrum Operates at 2.4GHz radio spectrum 11 Mbps (theoretical speed) - within 30 m Range 11 Mbps (theoretical speed) - within 30 m Range 4-6 Mbps (actual speed) 4-6 Mbps (actual speed) 100 -150 feet range 100 -150 feet range Most popular, Least Expensive Most popular, Least Expensive Interference from mobile phones and Bluetooth devices which can reduce the transmission speed. Interference from mobile phones and Bluetooth devices which can reduce the transmission speed.

9 BZUpages.com IEEE 802.11a Introduced in 2001 Introduced in 2001 Operates at 5 GHz (less popular) Operates at 5 GHz (less popular) 54 Mbps (theoretical speed) 54 Mbps (theoretical speed) 15-20 Mbps (Actual speed) 15-20 Mbps (Actual speed) 50-75 feet range 50-75 feet range More expensive More expensive Not compatible with 802.11b Not compatible with 802.11b

10 BZUpages.com IEEE 802.11g Introduced in 2003 Introduced in 2003 Combine the feature of both standards (a,b) Combine the feature of both standards (a,b) 100-150 feet range 100-150 feet range 54 Mbps Speed 54 Mbps Speed 2.4 GHz radio frequencies 2.4 GHz radio frequencies Compatible with ‘b’ Compatible with ‘b’

11 BZUpages.com Wi-Fi Architecture & Types

12 BZUpages.com WLAN Architecture We can manage the WLAN (wireless local area network) with several types: Ad-Hoc Mode Mesh Mode Infrastructure Mode

13 BZUpages.com Ad-Hoc Mode  Peer-to-peer setup where clients can connect to each other directly. Generally not used for business networks.

14 BZUpages.com Ad Hoc Structure Mobile stations communicate to each other directly. Mobile stations communicate to each other directly. It’s set up for a special purpose and for a short period of time. It’s set up for a special purpose and for a short period of time. For example, the participants of a meeting in a conference room may create an ad hoc network at the beginning of the meeting and dissolve it when the meeting ends. For example, the participants of a meeting in a conference room may create an ad hoc network at the beginning of the meeting and dissolve it when the meeting ends.

15 BZUpages.com Mesh Mode  Every client in the network also acts as an access or relay point, creating a “self- healing” and (in theory) infinitely extensible network.  Not yet in widespread use, unlikely to be in homes.

16 BZUpages.com WLAN Architecture-Infrastructure Mode There is an Access Point (AP), which becomes the hub of a “star topology.” which becomes the hub of a “star topology.”

17 BZUpages.com Infrastructure network There is an Access Point (AP), which becomes the hub of a “star topology.” There is an Access Point (AP), which becomes the hub of a “star topology.” Any communication has to go through AP. If a Mobile Station (MS), like a computer, a PDA, or a phone, wants to communicate with another MS, it needs to send the information to AP first, then AP sends it to the destination MS Any communication has to go through AP. If a Mobile Station (MS), like a computer, a PDA, or a phone, wants to communicate with another MS, it needs to send the information to AP first, then AP sends it to the destination MS Multiple APs can be connected together and handle a large number of clients. Multiple APs can be connected together and handle a large number of clients. Used by the majority of WLANs in homes and businesses. Used by the majority of WLANs in homes and businesses.

18 BZUpages.com Elements of a WI-FI Network Access Point (AP) - The AP is a wireless LAN “base station” that can connect one or many wireless devices simultaneously to the Internet. Access Point (AP) - The AP is a wireless LAN “base station” that can connect one or many wireless devices simultaneously to the Internet. Wi-Fi cards - They accept the wireless signal and relay information.They can be internal and external.(e.g PCMCIA Card for Laptop and PCI Card for Desktop PC) Wi-Fi cards - They accept the wireless signal and relay information.They can be internal and external.(e.g PCMCIA Card for Laptop and PCI Card for Desktop PC) Safeguards - Firewalls and anti-virus software protect networks from uninvited users and keep information secure. Safeguards - Firewalls and anti-virus software protect networks from uninvited users and keep information secure.

19 BZUpages.com Antennas, Antennas come in all shapes and styles: Omni-directional: Vertical Whip Ceiling mount Directional: Yagi (“Pringles can”) Wall mounted panel Parabolic dish

20 Types of Hardware

21 BZUpages.com How a Wi-Fi Network Works Basic concept is same as Walkie talkies. Basic concept is same as Walkie talkies. A Wi-Fi network is created by installing an access point to an internet connection. A Wi-Fi network is created by installing an access point to an internet connection. An access point acts as a base station. An access point acts as a base station.

22 BZUpages.com A single access point can support up to 30 users and can function within a range of 100 – 150 feet indoors and up to 300 feet outdoors.A single access point can support up to 30 users and can function within a range of 100 – 150 feet indoors and up to 300 feet outdoors. Many access points can be connected to each other via Ethernet cables to create a single large network. Many access points can be connected to each other via Ethernet cables to create a single large network.

23 BZUpages.com Wi-Fi Network Topologies Wi-Fi Network Topologies

24 BZUpages.com Wi-Fi Network Topologies AP-based topology (Infrastructure Mode) AP-based topology (Infrastructure Mode) Peer-to-peer topology (Ad-hoc Mode) Peer-to-peer topology (Ad-hoc Mode) Point-to-multipoint bridge topology Point-to-multipoint bridge topology

25 BZUpages.com AP-based topology The client communicate through Access Point. The client communicate through Access Point. BSA-RF coverage provided by an AP. BSA-RF coverage provided by an AP. ESA-It consists of 2 or more BSA. ESA-It consists of 2 or more BSA. ESA cell includes 10-15% overlap to allow roaming. ESA cell includes 10-15% overlap to allow roaming.

26 BZUpages.com Peer-to-peer topology AP is not required. AP is not required. Client devices within a cell can communicate directly with each other. Client devices within a cell can communicate directly with each other. It is useful for setting up of a wireless network quickly and easily. It is useful for setting up of a wireless network quickly and easily.

27 BZUpages.com Point-to-multipoint bridge topology This is used to connect a LAN in one building to a LANs in other buildings even if the buildings are miles apart.These conditions receive a clear line of sight between buildings. The line-of-sight range varies based on the type of wireless bridge and antenna used as well as the environmental conditions.

28 BZUpages.com Wi-Fi Configurations

29 BZUpages.com Wi-Fi Applications Home Home Small Businesses Small Businesses Large Corporations & Campuses Large Corporations & Campuses Health Care Health Care Wireless ISP (WISP) Wireless ISP (WISP) Travellers Travellers

30 BZUpages.com Wireless Security Wireless Security

31 BZUpages.com Wi-Fi Security Threats Wireless technology doesn’t remove any old security issues, but introduces new ones Wireless technology doesn’t remove any old security issues, but introduces new ones Eavesdropping Eavesdropping Man-in-the-middle attacks Man-in-the-middle attacks Denial of Service Denial of Service

32 BZUpages.com Eavesdropping Easy to perform, almost impossible to detect Easy to perform, almost impossible to detect By default, everything is transmitted in clear text By default, everything is transmitted in clear text Usernames, passwords, content... Usernames, passwords, content... No security offered by the transmission medium No security offered by the transmission medium Different tools available on the internet Different tools available on the internet Network sniffers, protocol analysers... Network sniffers, protocol analysers... Password collectors Password collectors With the right equipment, it’s possible to eavesdrop traffic from few kilometers away With the right equipment, it’s possible to eavesdrop traffic from few kilometers away

33 BZUpages.com Man-in-the-middle attacks 1. Attacker spoofes a disassociate message from the victim 2. The victim starts to look for a new access point, and the attacker advertises his own AP on a different channel, using the real AP’s MAC address 3. The attacker connects to the real AP using victim’s MAC address

34 BZUpages.com Denial of Service Attack on transmission frequecy used Attack on transmission frequecy used Frequency jamming Frequency jamming Not very technical, but works Not very technical, but works Attack on MAC layer Attack on MAC layer Spoofed deauthentication / disassociation messages Spoofed deauthentication / disassociation messages can target one specific user can target one specific user Attacks on higher layer protocol (TCP/IP protocol) Attacks on higher layer protocol (TCP/IP protocol) SYN Flooding SYN Flooding

35 BZUpages.com Wi-Fi Security The requirements for Wi-Fi network security can be broken down into two primary components: The requirements for Wi-Fi network security can be broken down into two primary components: Authentication Authentication  User Authentication  Server Authentication Privacy Privacy

36 BZUpages.com Authentication Keeping unauthorized users off the network Keeping unauthorized users off the network User Authentication User Authentication Authentication Server is used Authentication Server is used Username and password Username and password Risk: Risk: Data (username & password) send before secure channel established Data (username & password) send before secure channel established Prone to passive eavesdropping by attacker Prone to passive eavesdropping by attacker Solution Solution Establishing a encrypted channel before sending username and password Establishing a encrypted channel before sending username and password

37 BZUpages.com Server Authentication Server Authentication Digital Certificate is used Digital Certificate is used Validation of digital certificate occurs automatically within client software Validation of digital certificate occurs automatically within client software

38 BZUpages.com Security Techniques

39 BZUpages.com Wi-Fi Security Techniques Service Set Identifier (SSID) Service Set Identifier (SSID) Wired Equivalent Privacy (WEP) Wired Equivalent Privacy (WEP) 802.1X Access Control 802.1X Access Control Wireless Protected Access (WPA) Wireless Protected Access (WPA) IEEE 802.11i IEEE 802.11i

40 BZUpages.com Service Set Identifier (SSID) SSID is used to identify an 802.11 network SSID is used to identify an 802.11 network It can be pre-configured or advertised in beacon broadcast It can be pre-configured or advertised in beacon broadcast It is transmitted in clear text It is transmitted in clear text Provide very little security Provide very little security

41 BZUpages.com Wired Equivalent Privacy (WEP) Provide same level of security as by wired network Provide same level of security as by wired network Original security solution offered by the IEEE 802.11 standard Original security solution offered by the IEEE 802.11 standard Uses RC4 encryption with pre-shared keys and 24 bit initialization vectors (IV) Uses RC4 encryption with pre-shared keys and 24 bit initialization vectors (IV) key schedule is generated by concatenating the shared secret key with a random generated 24-bit IV key schedule is generated by concatenating the shared secret key with a random generated 24-bit IV 32 bit ICV (Integrity check value) 32 bit ICV (Integrity check value) No. of bits in keyschedule is equal to sum of length of the plaintext and ICV No. of bits in keyschedule is equal to sum of length of the plaintext and ICV

42 BZUpages.com Wired Equivalent Privacy (WEP) 64 bit preshared key-WEP 64 bit preshared key-WEP 128 bit preshared key-WEP2 128 bit preshared key-WEP2 Encrypt data only between 802.11 stations.once it enters the wired side of the network (between access point) WEP is no longer valid Encrypt data only between 802.11 stations.once it enters the wired side of the network (between access point) WEP is no longer valid Security Issue with WEP Security Issue with WEP Short IV Short IV Static key Static key Offers very little security at all Offers very little security at all

43 BZUpages.com 802.1x Access Control Designed as a general purpose network access control mechanism Designed as a general purpose network access control mechanism Not Wi-Fi specific Not Wi-Fi specific Authenticate each client connected to AP (for WLAN) or switch port (for Ethernet) Authenticate each client connected to AP (for WLAN) or switch port (for Ethernet) Authentication is done with the RADIUS server, which ”tells” the access point whether access to controlled ports should be allowed or not Authentication is done with the RADIUS server, which ”tells” the access point whether access to controlled ports should be allowed or not AP forces the user into an unauthorized state AP forces the user into an unauthorized state user send an EAP start message user send an EAP start message AP return an EAP message requesting the user’s identity AP return an EAP message requesting the user’s identity Identity send by user is then forwared to the authentication server by AP Identity send by user is then forwared to the authentication server by AP Authentication server authenticate user and return an accept or reject message back to the AP Authentication server authenticate user and return an accept or reject message back to the AP If accept message is return, the AP changes the client’s state to authorized and normal traffic flows If accept message is return, the AP changes the client’s state to authorized and normal traffic flows

44 BZUpages.com 802.1x Access Control

45 BZUpages.com Wireless Protected Access (WPA) WPA is a specification of standard based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN system. WPA is a specification of standard based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN system. User Authentication User Authentication 802.1x 802.1x EAP EAP TKIP (Temporal Key Integrity Protocol) encryption TKIP (Temporal Key Integrity Protocol) encryption RC4, dynamic encryption keys (session based) RC4, dynamic encryption keys (session based) 48 bit IV 48 bit IV per packet key mixing function per packet key mixing function Fixes all issues found from WEP Fixes all issues found from WEP Uses Message Integrity Code (MIC) Michael Uses Message Integrity Code (MIC) Michael Ensures data integrity Ensures data integrity Old hardware should be upgradeable to WPA Old hardware should be upgradeable to WPA

46 BZUpages.com Wireless Protected Access (WPA) WPA comes in two flavors WPA comes in two flavors WPA-PSK WPA-PSK use pre-shared key use pre-shared key For SOHO environments For SOHO environments Single master key used for all users Single master key used for all users WPA Enterprise WPA Enterprise For large organisation For large organisation Most secure method Most secure method Unique keys for each user Unique keys for each user Separate username & password for each user Separate username & password for each user

47 BZUpages.com WPA and Security Threats Data is encrypted Data is encrypted Protection against eavesdropping and man-in-the- middle attacks Protection against eavesdropping and man-in-the- middle attacks Denial of Service Denial of Service Attack based on fake massages can not be used. Attack based on fake massages can not be used. As a security precaution, if WPA equipment sees two packets with invalid MICs within a second, it disassociates all its clients, and stops all activity for a minute As a security precaution, if WPA equipment sees two packets with invalid MICs within a second, it disassociates all its clients, and stops all activity for a minute Only two packets a minute enough to completely stop a wireless network Only two packets a minute enough to completely stop a wireless network

48 BZUpages.com 802.11i Provides standard for WLAN security Provides standard for WLAN security Authentication Authentication 802.1x 802.1x Data encryption Data encryption AES protocol is used AES protocol is used Secure fast handoff-This allow roaming between APs without requiring client to fully reauthenticate to every AP. Secure fast handoff-This allow roaming between APs without requiring client to fully reauthenticate to every AP. Will require new hardware Will require new hardware

49 BZUpages.com Advantages Mobility Mobility Ease of Installation Ease of Installation Flexibility Flexibility Cost Cost Reliability Reliability Security Security Use unlicensed part of the radio spectrum Use unlicensed part of the radio spectrum Roaming Roaming Speed Speed

50 BZUpages.com Disadvantages Interference Interference Degradation in performance Degradation in performance High power consumption High power consumption Limited range Limited range

51 BZUpages.com AnY Qu3sTioN??

Download ppt "BZUpages.com “In the name of ALLAH, most Beneficent and Merciful”"

Similar presentations

Wi-Fi Technology.

Wi-Fi Technology.
Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)

Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)
BZUPAGES.COM BSIT 07-11. BZUPAGES.COM BSIT 07-11 ON.

BZUPAGES.COM BSIT BZUPAGES.COM BSIT ON.
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.

LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Fidelity (Wi-Fi)

Wireless Fidelity (Wi-Fi)
Wi-Fi the 802.11 Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.

Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
WIRELESS NETWORKING Presenter: Nhan Nguyên Phương.

WIRELESS NETWORKING Presenter: Nhan Nguyên Phương.
Wireless Networking 102.

Wireless Networking 102.
Wireless Versus Wired Network Components By: Steven R. Yasoni & Dario Strazimiri.

Wireless Versus Wired Network Components By: Steven R. Yasoni & Dario Strazimiri.
1 Chapter Overview Wireless Technologies Wireless Security.

1 Chapter Overview Wireless Technologies Wireless Security.

Similar presentations

Ads by Google