Presentation is loading. Please wait.

Presentation is loading. Please wait.

CCNA3-1 Chapter 7-2 Chapter 7 Basic Wireless Concepts and Configuration Part II.

Published byGordon Clyde Ryan Modified over 9 years ago

Similar presentations

Presentation on theme: "CCNA3-1 Chapter 7-2 Chapter 7 Basic Wireless Concepts and Configuration Part II."— Presentation transcript:

1 CCNA3-1 Chapter 7-2 Chapter 7 Basic Wireless Concepts and Configuration Part II

2 CCNA3-2 Chapter 7-2 Basic Wireless Concepts and Configuration Wireless LAN Security War Drivers Hackers/CrackersHackers/Crackers EmployeesEmployees Consumer Devices

3 CCNA3-3 Chapter 7-2 Wireless LAN Security Three Major Categories of Security Threats: Three Major Categories of Security Threats: War Drivers:War Drivers: War driving means driving around a neighborhood with a wireless laptop and looking for an unsecured 802.11b/g system.War driving means driving around a neighborhood with a wireless laptop and looking for an unsecured 802.11b/g system. Hackers/Crackers:Hackers/Crackers: Malicious intruders who enter systems as criminals and steal data or deliberately harm systems.Malicious intruders who enter systems as criminals and steal data or deliberately harm systems. Employees:Employees: Set up and use Rogue Access Points without authorization. Either interfere with or compromise servers and files.Set up and use Rogue Access Points without authorization. Either interfere with or compromise servers and files.

4 CCNA3-4 Chapter 7-2 Threats to Wireless Security War Drivers: War Drivers: "War driving" originally referred to using a scanning device to find cellular phone numbers to exploit."War driving" originally referred to using a scanning device to find cellular phone numbers to exploit. War driving now also means driving around a neighborhood with a laptop and an 802.11b/g client card looking for an unsecured 802.11b/g system to exploit.War driving now also means driving around a neighborhood with a laptop and an 802.11b/g client card looking for an unsecured 802.11b/g system to exploit. Software is readily available.Software is readily available. Totally and completely ILLEGAL!!!!!!!!

5 CCNA3-5 Chapter 7-2 Threats to Wireless Security Man-in-the-Middle Attacks: Man-in-the-Middle Attacks: Attackers select a host as a target and position themselves logically between the target and the router of the target.Attackers select a host as a target and position themselves logically between the target and the router of the target. In a wired LAN, the attacker needs to be able to physically access the LAN to insert a device logically into the topology.In a wired LAN, the attacker needs to be able to physically access the LAN to insert a device logically into the topology. With a WLAN, the radio waves emitted by access points can provide the connection.With a WLAN, the radio waves emitted by access points can provide the connection. Because access points act like Ethernet hubs, each NIC in a BSS hears all the traffic.Because access points act like Ethernet hubs, each NIC in a BSS hears all the traffic. Attackers can modify the NIC of their laptop with special software so that it accepts all traffic.Attackers can modify the NIC of their laptop with special software so that it accepts all traffic. In effect, the NIC has been modified to act as an Access Point.

6 CCNA3-6 Chapter 7-2 Threats to Wireless Security Denial of Service (DoS): Denial of Service (DoS): 802.11b/g WLANs use the unlicensed 2.4 GHz band.802.11b/g WLANs use the unlicensed 2.4 GHz band. This is the same band used by most baby monitors, cordless phones, and microwave ovens.This is the same band used by most baby monitors, cordless phones, and microwave ovens. With these devices crowding the RF band, attackers can create noise on all the channels in the band with commonly available devices.With these devices crowding the RF band, attackers can create noise on all the channels in the band with commonly available devices.

7 CCNA3-7 Chapter 7-2 Threats to Wireless Security Denial of Service (DoS): Denial of Service (DoS): An attacker can turn a NIC into an access point.An attacker can turn a NIC into an access point. The attacker, using a PC as an AP, can flood the BSS with clear-to-send (CTS) messages, which defeat the CSMA/CA function used by the stations.The attacker, using a PC as an AP, can flood the BSS with clear-to-send (CTS) messages, which defeat the CSMA/CA function used by the stations. The actual AP, floods the BSS with simultaneous traffic, causing a constant stream of collisions.The actual AP, floods the BSS with simultaneous traffic, causing a constant stream of collisions.

8 CCNA3-8 Chapter 7-2 Threats to Wireless Security Denial of Service (DoS): Denial of Service (DoS): Another DoS attack that can be launched in a BSS is when an attacker sends a series of disassociate commands that cause all stations to disconnect.Another DoS attack that can be launched in a BSS is when an attacker sends a series of disassociate commands that cause all stations to disconnect. When the stations are disconnected, they immediately try to reassociate, which creates a burst of traffic.When the stations are disconnected, they immediately try to reassociate, which creates a burst of traffic. The attacker sends another disassociate and the cycle repeats itself.The attacker sends another disassociate and the cycle repeats itself.

9 CCNA3-9 Chapter 7-2 Wireless Security Protocols

10 CCNA3-10 Chapter 7-2 Authenticating to the Wireless LAN In an open network, such as a home network, association may be all that is required to grant a client access to devices and services on the WLAN. In an open network, such as a home network, association may be all that is required to grant a client access to devices and services on the WLAN.

11 CCNA3-11 Chapter 7-2 Authenticating to the Wireless LAN In networks that have stricter security requirements, an additional authentication or login is required to grant clients such access. In networks that have stricter security requirements, an additional authentication or login is required to grant clients such access. This login process is managed by the Extensible Authentication Protocol (EAP). This login process is managed by the Extensible Authentication Protocol (EAP). A central repository of User IDs and Passwords. Used by all network login processes.

12 CCNA3-12 Chapter 7-2 Wireless Encryption Two Encryption Mechanisms: Two Encryption Mechanisms: TKIP is the encryption method certified as Wi-Fi Protected Access (WPA). TKIP is the encryption method certified as Wi-Fi Protected Access (WPA). Provides support for legacy WLAN equipment by addressing the original flaws associated with the 802.11 WEP encryption method.Provides support for legacy WLAN equipment by addressing the original flaws associated with the 802.11 WEP encryption method. Encrypts the Layer 2 payload.Encrypts the Layer 2 payload. Message integrity check (MIC) in the encrypted packet that helps ensure against a message tampering.Message integrity check (MIC) in the encrypted packet that helps ensure against a message tampering.

13 CCNA3-13 Chapter 7-2 Wireless Encryption Two Encryption Mechanisms: Two Encryption Mechanisms: The AES encryption of WPA2 is the preferred method. The AES encryption of WPA2 is the preferred method. WLAN encryption standards used in IEEE 802.11i.WLAN encryption standards used in IEEE 802.11i. Same functions as TKIP.Same functions as TKIP. Uses additional data from the MAC header that allows destination hosts to recognize if the non-encrypted bits have been tampered with.Uses additional data from the MAC header that allows destination hosts to recognize if the non-encrypted bits have been tampered with. Also adds a sequence number to the encrypted data header.Also adds a sequence number to the encrypted data header.

14 CCNA3-14 Chapter 7-2 Wireless Encryption When you configure Linksys access points or wireless routers you may not see WPA or WPA2. When you configure Linksys access points or wireless routers you may not see WPA or WPA2. Instead you may see references to something called pre-shared key (PSK).Instead you may see references to something called pre-shared key (PSK). Types of PSKs:Types of PSKs: PSK or PSK2 with TKIP is the same as WPA.PSK or PSK2 with TKIP is the same as WPA. PSK or PSK2 with AES is the same as WPA2.PSK or PSK2 with AES is the same as WPA2. PSK2, without an encryption method specified, is the same as WPA2.PSK2, without an encryption method specified, is the same as WPA2.

15 CCNA3-15 Chapter 7-2 Controlling Access to the Wireless LAN When controlling access, the concept of depth means having multiple solutions available. When controlling access, the concept of depth means having multiple solutions available. Three step approach:Three step approach: SSID cloaking:SSID cloaking: Disable SSID broadcasts from access points.Disable SSID broadcasts from access points. MAC address filtering:MAC address filtering: Tables are manually constructed on the access point to allow or disallow clients based on their physical hardware address.Tables are manually constructed on the access point to allow or disallow clients based on their physical hardware address. WLAN Security:WLAN Security: Implement WPA or WPA2.Implement WPA or WPA2.

16 CCNA3-16 Chapter 7-2 Controlling Access to the Wireless LAN SSID Cloaking MAC Address Filtering WPA/WPA2WPA/WPA2

17 CCNA3-17 Chapter 7-2 Controlling Access to the Wireless LAN An additional consideration is to configure access points that are near outside walls of buildings to transmit on a lower power setting than other access points closer to the middle of the building. An additional consideration is to configure access points that are near outside walls of buildings to transmit on a lower power setting than other access points closer to the middle of the building. This is to merely reduce the RF signature on the outside of the building. This is to merely reduce the RF signature on the outside of the building. Anyone running an application such as Netstumbler, Wireshark, or even Windows XP can map WLANs.Anyone running an application such as Netstumbler, Wireshark, or even Windows XP can map WLANs.

18 CCNA3-18 Chapter 7-2 Basic Wireless Concepts and Configuration Configuring Wireless LAN Access

19 CCNA3-19 Chapter 7-2 Configuring the Wireless Access Point In this topic, you will learn: In this topic, you will learn: How to configure a wireless access point.How to configure a wireless access point. How to set the SSID.How to set the SSID. How to enable security.How to enable security. How to configure the channel.How to configure the channel. How to adjust the power settings.How to adjust the power settings. How to back up and restore the configuration.How to back up and restore the configuration.

20 CCNA3-20 Chapter 7-2 Configuring the Wireless Access Point The basic approach to wireless implementation, as with any basic networking, is to configure and test incrementally. The basic approach to wireless implementation, as with any basic networking, is to configure and test incrementally. Verify the existing network and Internet access for the wired hosts.Verify the existing network and Internet access for the wired hosts. Start the WLAN implementation process with a single access point and a single client, without enabling wireless security.Start the WLAN implementation process with a single access point and a single client, without enabling wireless security. Verify that the wireless client has received a DHCP IP address and can ping the local wired default router and then browse to the external Internet.Verify that the wireless client has received a DHCP IP address and can ping the local wired default router and then browse to the external Internet. Finally, configure wireless security with WPA2.Finally, configure wireless security with WPA2. Use WEP only if the hardware does not support WPA.Use WEP only if the hardware does not support WPA.

21 CCNA3-21 Chapter 7-2 Configuring the Wireless Access Point The remainder of the configuration as outlined in the text and online curriculum will be addressed during the lab.

22 CCNA3-22 Chapter 7-2 Basic Wireless Concepts and Configuration Troubleshooting Simple WLAN Problems

23 CCNA3-23 Chapter 7-2 A Systematic Approach Eliminate the User’s PC as the source of the problem. Network configuration. Can it connect to a wired network? Is the NIC O.K? Are the proper drivers loaded? Do the security settings match? Network configuration. Can it connect to a wired network? Is the NIC O.K? Are the proper drivers loaded? Do the security settings match? How far is the PC from the Access Point? Check the channel settings. Any interference from other devices? How far is the PC from the Access Point? Check the channel settings. Any interference from other devices?

24 CCNA3-24 Chapter 7-2 A Systematic Approach Eliminate the User’s PC as the source of the problem. Confirm the physical status of the devices. Are all devices actually in place? Is there power to all the devices? Are all devices actually in place? Is there power to all the devices?

25 CCNA3-25 Chapter 7-2 A Systematic Approach Eliminate the User’s PC as the source of the problem. Confirm the physical status of the devices. Inspect the wired links. Cables damaged or missing? Can you ping the AP from a cabled device? Cables damaged or missing? Can you ping the AP from a cabled device? If all of this fails, perhaps the AP is faulty or the configuration is in error. The AP may also require a firmware upgrade.

26 CCNA3-26 Chapter 7-2 A Systematic Approach Updating the Access Point Download Select the Firmware Run the Upgrade Download Select the Firmware Run the Upgrade DO NOT upgrade the firmware unless you are experiencing problems with the access point or the new firmware has a feature you want to use.

27 CCNA3-27 Chapter 7-2 A Systematic Approach Incorrect Channel Settings

28 CCNA3-28 Chapter 7-2 RF Interference Issues Many other devices operate on Channel 6.

29 CCNA3-29 Chapter 7-2 RF Interference Issues Site Survey: Site Survey: “How to” not addressed in this course.“How to” not addressed in this course. The first thing that should be done in the planning stage.The first thing that should be done in the planning stage. RF interference.RF interference. Physical Interference (cabinets, walls with metal girders).Physical Interference (cabinets, walls with metal girders). Multiple WLANs.Multiple WLANs. Variances in usage (day/night shifts).Variances in usage (day/night shifts). Two Types:Two Types: Manual.Manual. Utility Assisted.Utility Assisted. With a utility assisted site Survey, you can obtain RF band usage and make provisions for it.

30 CCNA3-30 Chapter 7-2 Access Point Placement A WLAN that just did not seem to perform like it should. A WLAN that just did not seem to perform like it should. You keep losing association with an access pointYou keep losing association with an access point Your data rates are much slower than they should be.Your data rates are much slower than they should be.

31 CCNA3-31 Chapter 7-2 Access Point Placement Some additional specific details: Some additional specific details: Not mounted closer than 7.9 inches (20 cm) from the body of all persons.Not mounted closer than 7.9 inches (20 cm) from the body of all persons. Do not mount the access point within 3 feet (91.4 cm) of metal obstructions.Do not mount the access point within 3 feet (91.4 cm) of metal obstructions. Install the access point away from microwave ovens.Install the access point away from microwave ovens. Always mount the access point vertically..Always mount the access point vertically.. Do not mount the access point outside of buildings.Do not mount the access point outside of buildings. Do not mount the access point on building perimeter walls, unless outside coverage is desired.Do not mount the access point on building perimeter walls, unless outside coverage is desired. When mounting an access point in the corner of a right- angle hallway intersection, mount it at a 45-degree angle.When mounting an access point in the corner of a right- angle hallway intersection, mount it at a 45-degree angle.

32 CCNA3-32 Chapter 7-2 Authentication and Encryption The WLAN authentication and encryption problems you are most likely to encounter, and that you will be able to solve, are caused by incorrect client settings. The WLAN authentication and encryption problems you are most likely to encounter, and that you will be able to solve, are caused by incorrect client settings. Remember, all devices connecting to an access point must use the same security type as the one configured on the access point.

Download ppt "CCNA3-1 Chapter 7-2 Chapter 7 Basic Wireless Concepts and Configuration Part II."

Similar presentations

Chaper 11-Wireless LANS Wireless LAN Concepts Deploying WLANs

Chaper 11-Wireless LANS Wireless LAN Concepts Deploying WLANs
Jaringan Komputer Lanjut Jaringan Nirkabel (Wireless LAN) -Aurelio Rahmadian-

Jaringan Komputer Lanjut Jaringan Nirkabel (Wireless LAN) -Aurelio Rahmadian-
WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”

WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.
1 15-May-15 S Ward Abingdon and Witney College Wireless CCNA Exploration Semester 3 Chapter 7.

1 15-May-15 S Ward Abingdon and Witney College Wireless CCNA Exploration Semester 3 Chapter 7.
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.

Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino

CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
1 Configuring Linksys Wireless Router Prof. Valencia Community College.

1 Configuring Linksys Wireless Router Prof. Valencia Community College.
Wireless Network Security Lab Last Update 2011.06.01 1.0.0 1Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com.

Wireless Network Security Lab Last Update Copyright 2011 Kenneth M. Chipps Ph.D.
Fundamentals of Networking Discovery 1, Chapter 9 Troubleshooting.

Fundamentals of Networking Discovery 1, Chapter 9 Troubleshooting.
Dainis Krakops’ Wireless Network MOTOROLA SURFboard SB5101 CABLE MODEM Enables cable operators to provide broadband Internet connection for my LAN devices.

Dainis Krakops’ Wireless Network MOTOROLA SURFboard SB5101 CABLE MODEM Enables cable operators to provide broadband Internet connection for my LAN devices.
TAX-AIDE Network Router Setup Network Printer Setups July 2013 2013 SMT/TCS Training - Dallas1.

TAX-AIDE Network Router Setup Network Printer Setups July SMT/TCS Training - Dallas1.

Similar presentations

Ads by Google