Wireless LANs

Overview What is Wireless?

The term wireless refers to telecommunication technology, in which radio waves, infrared waves and microwaves, instead of cables or wires, are used to carry a signal to connect communication devices.

These devices include pagers, cell phones, portable PCs, computer networks, location devices, satellite systems and handheld digital assistants.

Wireless networking is the transmission of data using a physical topology, not direct physical links.

Wireless LandscapeWireless Technology Transmission Distance Speed

Bluetooth 33 feet 1 Mbps

Satellite Worldwide 290ms latency

1G Analog cellular Nationwide

2G digital cellular Nationwide 14 Kbps

2.5G digital cellular Nationwide 384 Kbps

3G digital cellular Nationwide 2-10 Mbps

WLAN 802.11b 375 feet 11 Mbps

WLAN 802.11a, g 300 feet 54/128 Mbps

Fixed broadband Wireless (BWA)

35 miles 1 Gbps

WAP Nationwide 384 Kbps

WiMax 802.16

4G

10 miles 75 Mbps

WiMAX as a last-mile alternative for remote areas not currently served by DSL or cable

2.5 GHz Service2.5 GHz Service

Wireless Data Networks

LocalLocal WideWideCoverage AreaCoverage AreaCoverage AreaCoverage Area

SatelliteSatellite

Dat

a R

ates

Dat

a R

ates

Dat

a R

ates

Dat

a R

ates

9.6 Kbps9.6 Kbps

19.6 Kbps19.6 Kbps

56 Kbps56 Kbps

1 Mbps1 Mbps

2 Mbps2 Mbps

10 Mbps10 Mbps

50 Mbps50 Mbps

Broadband PCSBroadband PCS

Spread Spread Spectrum Spectrum Wireless Wireless

LANsLANs

Spread Spread Spectrum Spectrum Wireless Wireless

LANsLANsInfrared Infrared Wireless Wireless

LANsLANs

Narrow Band Narrow Band Wireless LANsWireless LANs

Circuit and Packet DataCircuit and Packet DataCellular, CDPD, Mobitex, DataTacCellular, CDPD, Mobitex, DataTac

Narrowband PCSNarrowband PCSNarrowband PCSNarrowband PCS

802.11 is WiFi

WAP is small handhelds

Wireless Technologies

PAN(Personal Area

Network)

PAN(Personal Area

Network)

LAN(Local Area Network)

LAN(Local Area Network)

WAN(Wide Area Network)

WAN(Wide Area Network)

MAN(Metropolitan Area Network)

MAN(Metropolitan Area Network)

PANPAN LANLAN MANMAN WANWAN

BluetoothBluetooth

Peer-to-PeerDevice-to-Device

Peer-to-PeerDevice-to-Device

ShortShort

<1 Mbps<1 Mbps

802.11a, 11b, 11gHiperLAN2

802.11a, 11b, 11gHiperLAN2

Enterprise Networks

Enterprise Networks

MediumMedium

2–54+ Mbps2–54+ Mbps

802.11MMDS, LMDS

802.11MMDS, LMDS

Fixed, LastMile AccessFixed, LastMile Access

Medium–LongMedium–Long

22+ Mbps22+ Mbps

GSM, GPRS,CDMA, 2.5–3GGSM, GPRS,

CDMA, 2.5–3G

PDAs, MobilePhones, Cellular

Access

PDAs, MobilePhones, Cellular

Access

LongLong

10–384 Kbps10–384 Kbps

StandardsStandards

SpeedSpeed

RangeRange

ApplicationsApplications

Wireless Two of the most common point-to-

multipoint systems are: Wireless Application Protocol (WAP)

a system developed to send data to small handheld devices such as cellular phones, wireless e-mail handhelds, and PDAs.

IEEE 802.11 The 802.11 protocol has been

standardized by the IEEE for wireless local area networks and has three versions currently in production, 802.11b, 802.11a, and the most recent 802.11g.

Bluetooth Bluetooth wireless technology is a short-range radio technology.

Bluetooth wireless technology makes it possible to transmit signals over short distances between telephones, computers and other devices and thereby simplify communication and synchronization between devices.

The Bluetooth wireless technology comprises hardware, software and interoperability requirements.

Transmits at up to 1 Mbps over a distance of 33 feet and is not impeded by physical barriers

Bluetooth – Blue Snarfing Blue-snarfing, the technique leaves no trace

of intrusion, steals the contents of a cellphone's address book , or even gain access to a user's laptop.

"Bluejacking" allows a user to send an anonymous and unauthorized message to another cell user. It has become primarily a means of entertainment for some individuals in crowded places - who'll send anonymous comments like "I like your tie" to people nearby.

Bluetooth was named after the 10th century Danish King Harold Bluetooth, who was responsible for unifying Scandinavia

Applications

Home Wireless Network

Advantages and Disadvantages of Wireless Home NetworksAdvantages Freedom – work anywhere Quick, effortless installation No cables to buy Save cabling time and hassle Easy to expand Available in Hotspots at coffee

shops, businesses, airports Great on the road

Disadvantages Higher cost Slower speed Shorter range Least efficient way to move

large amounts of data Less Secure

http://www.linksys.com/edu/ourhouse.asp

A few San Diego HotSpots

Sorrento Valley Food Court - corner of Mira Mesa Boulevard and Scranton Road near the 5/805 junctionSorrento Mesa area building campus near Karl StraussSanta Fe Depot - Amtrak StationOne America Plaza - 600 West BroadwayGelato Vero Caffe - 3753 India St. - 619-295-9269Influx - 1948 BroadwayLittle Italy Wi-Fi - free for introductory period - India Street between Cedar & FirUniversity of San Diego campusMount Etna Park - 4741 Mount Etna DriveBest Western Hacienda - lobby area - Old TownGolden Hill neighborhood - 4 locations - near 2035, 2426 Broadway, 26th and Broadway, 2302 C StSherman Heights neighborhood - 20th between Island and J StreetTravel University International - 3870 Murphy Canyon Road Suite 310 - 858-292-9755 Aztec Coin Laundry - 6931 El Cajon BlvdLestat's Coffee House - 3343 Adams Avenue - (619) 282-0437San Diego Public Library locations (eventual plans for all branches)Mission Valley Branch - 2123 Fenton ParkwayPoint Loma/Hervey Branch - 3701 Voltaire St.San Diego Technical Bookstore - 7512 Clairemont Mesa Blvd. - (858) 279-4990It's a Grind Coffeeshop - 13350 Camino Del Sur, Suite 9. - 858.780.2601Bandwidth Bay project provides access at the outdoor sitting area on the east side of the building at 225 BroadwayHotel Del Coronado - lobby area - Coronado Island

http://www.socalfreenet.org/

Wi-Fi™

Wi-Fi™ Alliance Wireless Fidelity Alliance 170+ members Over 350 products certified

Wi-Fi’s™ Mission Certify interoperability of

WLAN products (802.11) Wi-Fi™ is the “stamp of

approval” Promote Wi-Fi™ as the

global standard

Components

WLAN Devices

In-building Infrastructure

Access Points

• Combo (802.11a and 802.11b)

• (802.11b)

• (802.11b) not shown

Bridge

WLAN DevicesAntenna

•2.4GHz

•5 GHz Antennas

Clients

• 2.4 GHz client adapter (802.11b)

• 5 GHz client adapter (802.11a)

• Workgroup bridge (802.11b)

Cable, Accessories, Wireless IP Phone Cable and Accessories

• Low Loss Cable

• Antenna Mounts

• Lightening Arrestor

• Wireless IP Phone

Optional 2.4GHz Antennas for Long Range

• 13.5 dBi YagiDistances over

7.3 miles @ 2 Mbps11.7 Km @ 2 Mbps3.6 miles @ 11 Mbps5.8 Km @ 11 Mbps

• 21 dBi Solid DishFor distances up to

25+ miles @ 2 Mbps40+ Km @ 2 Mbps 20.5 miles @ 11 Mbps33 Km @ 11 Mbps

Note: Distances include 50 feet of low loss cable and 10 dB fade margin

WLAN Standards

802.11

Introduced in 1990 Defined cable-free local area network with either fixed or mobile locations that

transmit at either 1 or 2 Mbps which was insufficient for most network applications

A new standard was developed for sending packetsized data traffic over radio waves in the unlicensed 2.4 Ghz band.

Unlicensed, means it does not have to be certified by the FCC, and devices could possible share the bandwidth with other devices such as cordless phones, baby monitors etc.

IEEE 802.11 Standards Activities 802.11a: 5GHz, 54Mbps 802.11b: 2.4GHz, 11Mbps 802.11d: Multiple regulatory domains 802.11e: Quality of Service (QoS) 802.11f: Inter-Access Point Protocol (IAPP) 802.11g: 2.4GHz, 54Mbps 802.11h: Dynamic Frequency Selection (DFS) and

Transmit Power Control (TPC) 802.11i: Security 802.11j: Japan 5GHz Channels (4.9-5.1 GHz) 802.11k: Measurement

Which Standard is right for me?

The Laws of Radio Dynamics:Higher Data Rates = Shorter Transmission RangeHigher Power Output = Increased Range, but Lower Battery LifeHigher Frequency Radios = Higher Data Rates Shorter Ranges

802.11b 802.11a 802.11g

2.4 GHz 5 GHz 2.4 GHz

Worldwide US/AP Worldwide

11 Mbps 54 Mbps 54 Mbps

FrequencyBand

Availability

MaximumData rate

Other Services(Interference)

Cordless Phones Microwave Ovens Wireless Video Bluetooth Devices

Cordless Phones Microwave Ovens Wireless Video Bluetooth Devices

HyperLAN Devices

Topology

Ad Hoc Topology Peer-to-Peer (Ad Hoc)

TopologyCan consist of 2 or more PCs with wireless network adapters.Sometimes called an Independent BSS (IBSS).Limited range.

Infrastructure

802.11 Authentication and Association The 802.11 standard includes

rudimentary authentication and confidentiality controls. Authentication is handled in its most

basic form by the 802.11 access point (AP).

It forces the clients to perform a handshake when attempting to “associate” to the AP. Association is the process needed before the AP will allow the client to talk across the AP to the network.

Association occurs only if the client has all the correct parameters needed such as the service set identifier (SSID) in the handshake.

Challenges and Issues

Performance

The actual performance of your wireless network depends on a number of factors, including:

In an Infrastructure environment, your distance from the access point. As you get farther away, the transmission speed will decrease.

Structural interference. The shape of your building or structure, the type of construction, and the building materials used may have an adverse impact on signal quality and speed.

The placement and orientation of the wireless devices.

Radio Signal Interference

Since the frequency is unlicensed, any device operating in the 2.4 GHz spectrum may cause network interference with a 802.11b wireless device. Some devices that may prove troublesome include 2.4 GHz cordless phones, microwave ovens, adjacent public hotspots, and neighboring 802.11b wireless LANs.

Interference (cont.)

CardboardWood Paper

Electrical Transformers

Microwave Ovens

Fluorescent Lighting

Firewalls

Health Issues

The Security Attack—Recon and Access

War Chalking, War Driving, War Flying, Blue Snarfing

Wireless LAN Security - War Driving

“War Driving”

Hacking into WEP

War driving (drive-by hacking or LAN-jacking) is a play on “war dialing”. War dialing, in turn, comes from the 1983 movie War Games, now a classic in computer cracking circles.

Literally, war driving is using a laptop‘s to pick up unsecured wireless networks for anonymous and free high-speed Internet access, akin to stealing long-distance phone service.

War Chalking

Welcome to Warchalking! Warchalking is the practice of marking a series of symbols on sidewalks and walls to indicate nearby wireless access. That way, other computer users can pop open their laptops and connect to the Internet wirelessly. It was inspired by the practice of hobos during the Great Depression to use chalk marks to indicate which homes were friendly.

War Flying War flying uses airplanes to

find the wireless access points. The obvious advantage is the extra height provides an unobstructed line.

Some people think war driving is illegal. Actually accessing someone's network is illegal, but detecting the network is not. You can think of war driving as walking up to a house, and checking to see if the door is unlocked. If you find an unlocked door, you write down the address and move to the next house. It becomes illegal when you open the door and walk in, which is similar to accessing the Internet through a AP without the owner's permission.

WLAN Security Hierarchy

VirtualPrivate

Network (VPN)

No Encryption, Basic Authentication

Public “Hotspots”

Open Access 40-bit or 128-bitStatic WEP Encryption

Home Use

Basic Security 802.1x,TKIP/WPA Encryption,Mutual Authentication,

Scalable Key Mgmt., etc.

Business

Enhanced Security

Remote Access

Business Traveler,

Telecommuter

Using a Sniffer Specialized sniffer tools have emerged recently, with a single objective, to crack

WEP keys.

A sniffer and a wireless network card are a powerful attack tool.

A shared media wireless network exposes all packets to interception and

logging.

They work by exploiting weak initialization vectors in the encryption algorithm.

To exploit this weakness, you need a certain number of ciphertext packets.

However, once you have captured enough packets, the program can decipher

the encryption key being used very quickly.

Popular wireless sniffers are Ethereal, WildPackets AiroPeek and Sniffer Pro 4.0.

NetStumbler

The most widely used of these programs is called Netstumbler by Marius

Milner.

It listens for access point beacon frames in a range and logs all

available information about the access point for later analysis.

If the computer has a GPS unit attached to it, the program also logs the

coordinates of the access point.

This information can be used to return to the access point, or to plot

maps of access points in a city.

This is a Windows-based application, but there are programs that work on

the same principle for Mac, BSD, Linux, and other operating systems.

802.11 Security Tools

WEP WPA, 802.11i SSID MAC Filtering VPN Userid and Password

Product Review

Linksys - http://www.linksys.com/products DLink – http://www.dlink.com/products Netgear – http://www.netgear.com/products/wireless.php Belkin – http://www.belkin.com Cisco – http://www.cisco.com Review -

http://reviews-zdnet.com.com/Routers/4540-3319_16-20817312-4.html?tag=tab

Installation

DHCP ( Dynamic Host Configuration Protocol)

DHCP's purpose is to enable individual computers on an IP network to extract their configurations from a server (the 'DHCP server') or servers, in particular, servers that have no exact information about the individual computers until they request the information.

The overall purpose of this is to reduce the work necessary to administer a large IP network. The most significant piece of information distributed in this manner is the IP address.

DNS (Domain Name Server)and DDNS (Dynamic Domain Name Server)

DNS – translates more or less alphabetic domain names into IP addresses. Because the internet is based on IP addresses, everytime a URL (www.cuyamaca.net) is used, a DNS server must translate the name into a corresponding IP.

DDNS - DDNS lets you assign a fixed host and domain name to a dynamic Internet IP address. It is useful when you are hosting your own website, FTP server, or other server behind the Gateway.

MAC Addresses

Short for Media Access Control address, a hardware address that uniquely identifies each node of a network.

MAC addresses are in Hexadecimal which can represent binary numbers in a more readable form.

Hexadecimal is a base16 number system, 0-9 and A-F.

SSID

Service Set Identifier. A unique identifier that stations must use to be able to communicate with an Access Point. The SSID can be an alphanumeric entry up to a maximum of 32 character.

If broadcast is enabled, most Wi-Fi cards will see them. If disabled, other cards won’t see your router and you are in a kind of stealth mode. If broadcast is on, then WEP is mandatory.

Firewall Security The term firewall is a blanket term describing security

measures that protect a network. A router with a built-in firewall protects your entire local

network, like an alarm system for your house. Software firewalls implemented on individual computers

protect the computers themselves. Using SPI (stateful packet inspection), the firewall in the

WRT54GS will inspect the source and destination addresses of data packets passing through from the internal network and the Internet.  If an incoming packet from the Internet does not belong to a

currently opened connection from the internal network, it is dropped and not allowed to pass.

WEP WEP is a key. WEP scrambles

communications between AP and client.

AP and client must use same WEP keys.

WEP keys encrypt unicast and multicast.

WEP is easily attacked

Port Forwarding and Port Triggering Port forwarding is a method that allows you to run a server behind

the router.  Port Forwarding opens a specific port to a computer behind the router, allowing all Incoming Traffic on that port to be sent directly to that server.  It should be used to setup servers behind the router, typically Port

Triggering is a better choice for non server applications (Such as instant messengers and game servers).

Port Triggering is a method which allows multiple computers on your LAN to access a server (Such as a game server or an instant messenger).  Port triggering will only work if an out going, "Trigger" request is made.  Once the trigger request is sent out, the router will open the "Incoming" ports for that computer. 

VPN

When you use a VPN, you are creating a secure connection between your network and another one over the Internet. This is done by creating a "tunnel".

A VPN tunnel connects the two PCs and allows data to be transmitted over the Internet as if it were still within those networks. Not a literal tunnel, it is a connection secured by encrypting the data sent between the two networks. This encrypted data "tunnels" through the open region of the Internet.