Wireless Network

Basic Concepts

Protocols

Standards

Speed

Security

Encryption

Protocols: A network protocol defines rules and conventions for communication between network devices. Protocols for computer networking all generally use packet switching techniques to send and receive messages in the form of packets. Network protocols include mechanisms for devices to identify and make connections with each other, as well as formatting rules that specify how data is packaged into messages sent and received. Some protocols also support message acknowledgement and data compression designed for reliable and/or high-performance network communication. Hundreds of different computer network protocols have been developed each designed for specific purposes and environments.

Basic Concepts:

802.11 a

IEEE 802.11a-1999 or 802.11a is an amendment to the IEEE 802.11 specification that added a higher data rate of up to 54 Mbit/s using the 5 GHz band. It has seen widespread worldwide implementation, particularly within the corporate workspace. The amendment has been incorporated into the published IEEE 802.11-2007 standard.

The 802.11a standard uses the same core protocol as the original standard, operates in 5 GHz band, with a maximum raw data rate of 54 Mbit/s, which yields realistic net achievable throughput in the mid-20 Mbit/s. 802.11a is not interoperable with 802.11b as they operate on separate bands, except if using equipment that has a dual band capability. Most enterprise class Access Points have dual band capability.Using the 5 GHz band gives 802.11a a significant advantage, since the 2.4 GHz band is heavily used to the point of being crowded. Degradation caused by such conflicts can cause frequent dropped connections and degradation of service.

Standards:

802.11 b

IEEE 802.11b-1999 or 802.11b, is an amendment to the IEEE 802.11 specification that extended throughput up to 11 Mbit/s using the same 2.4 GHz band. This specification under the marketing name of Wi-Fi has been implemented all over the world. The amendment has been incorporated into the published IEEE 802.11-2007 standard.

Standards:

802.11 g

Networks employing 802.11g operate at radio frequencies between 2.400 GHz and 2.4835 GHz, the same band as 802.11b. But the 802.11g specification employs orthogonal frequency division multiplexing (OFDM), the modulation scheme used in 802.11a, to obtain higher data speed. Computers or terminals set up for 802.11g can fall back to speeds of 11 Mbps. This feature makes 802.11b and 802.11g devices compatible within a single network. Modification of an 802.11b access point to 802.11g compliance usually involves only a firmware upgrade..

Standards:

2.4 GHz Wi-Fi channels (802.11b,g)2.4 GHz Wi-Fi channels (802.11b,g)

2.4 GHz Wi-Fi channels (802.11b,g)

802.11 n

Is an amendment to the IEEE 802.11-2007 wireless networking standard to improve network throughput over the two previous standards—802.11a and 802.11g—with a significant increase in the maximum net data rate from 54 Mbit/s to 300 Mbit/s (slightly higher gross bit rate including for example error-correction codes, and slightly lower maximum throughput) with the use of four spatial streams at a channel width of 40 MHz. and by adding multiple-input multiple-output antennas (MIMO). 802.11n operates on both the 2.4 GHz and the lesser used 5 GHz bands.

Standards / Speeds

Standard 2.4 5 Bandwidth Max. rates

802.11a 11 Mbps 54 Mbps 20 54 Mbps

802.11b 11 Mbps 20 11 Mbps

802.11g 54 Mbps 20 54

802.11n 75 Mbps 144 Mbps 20/40 300 Mbps Dual Channel

Security

Authentication:

Encryption:

Before being allowed to exchange data traffic with the wireless network, the wireless network node must be identified and (depending on the authentication method) must submit credentials that can be validated.

Before sending a wireless data packet, the wireless network node must encrypt the data to ensure data confidentiality.

Authentication

Open system Authentication

Shared Key Authentication

Does not provide authentication, only identification using the wireless adapter’s mac address.Is the default

Verifies that an authentication-initiation station has knowledge of a shared secret. The shared secret is delivered to the participating wireless clients bye means of a secure channel that is independent of IEEE 802.11

OSA request

OSA response

SKA response SKA w/encrypted challenge

SKA response w/challenge text

SKA request

Authentication

Shared Key Authentication

Verifies that an authentication-initiation station has knowledge of a shared secret. The shared secret is delivered to the participating wireless clients bye means of a secure channel that is independent of IEEE 802.11

Does not provide authentication, only identification using the wireless adapter’s mac address.Is the default

IEEE 802.1X standard

Encryption

Encryption is the process of changing data into a form that can be read only by the intended receiver. To decipher the message, the receiver of the encrypted data must have the proper decryption key (password).In traditional encryption schemes, the sender and the receiver use the same key to encrypt and decrypt data.

Example: In this case the key is the password you supply when adding files to your ZIP-file - to unzip the file the same password must be supplied.

Encryption

WEP: is a weak security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network. WEP, recognizable by the key of 10 or 26 hexadecimal digits, is widely in use and is often the first security choice presented to users by router configuration tools.

WAP: WPA replaces WEP with a strong new encryption technology called Temporal Key Integrity Protocol (TKIP) with Message Integrity Check (MIC). It also provides a scheme of mutual authentication using either IEEE 802.1X/Extensible Authentication Protocol (EAP) authentication or pre-shared key (PSK) technology.

WAP 2: WPA2 supports IEEE 802.1X/EAP authentication or PSK technology. It also includes a new advanced encryption mechanism using the Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption Standard (AES).

Encryption

WPA and WPA2 Mode Types

Enterprise Mode (Business and Government)

Authentication: IEEE 802.1X/EAP Encryption: TKIP/MIC

Authentication: IEEE 802.1X/EAP Encryption: AES-CCMP

Personal Mode (SOHO/personal)

Authentication: PSK Encryption: TKIP/MIC

Authentication: PSK Encryption: AES-CCMP

Equipment

Cisco 5500 Series Wireless Controllers

• Supports a higher client density than other wireless LAN controllers• Delivers more efficient roaming, with at least nine times the throughput of existing

802.11a/g networks • Optimizes and protects network performance by mitigating interference • Offers software license flexibility to add additional access points as business requirements

change • Supports advanced services, including OfficeExtend for secure mobile teleworking and

Enterprise Wireless Mesh solutions which allows access points to dynamically establish wireless connections in hard-to-connect locations

EquipmentCisco 4400 Series Wireless LAN Controllers :The Cisco 4400 Series Wireless LAN Controller is available in two models. The Cisco 4402 Wireless LAN Controller with two 1 GB Ethernet ports comes in configurations that support 12, 25, and 50 access points. The Cisco 4404 Wireless LAN Controller with four 1 GB Ethernet ports supports 100 access points. The Cisco 4402 controller provides one expansion slot. The Cisco 4404 controller provides two expansion slots that can be used to add VPN termination today, as well as enhanced functionality in the future. In addition, each Cisco 4400 WLAN Controller supports an optional redundant power supply to ensure maximum availability.

EquipmentCisco Aironet 1240AG Series IEEE 802.11a/b/g access points deliver the versatility, high capacity, security. Designed specifically for challenging RF environments such as factories, warehouses, and large retail establishments, they have the versatility associated with connected antennas, rugged metal enclosure, and broad operating temperature range. The Cisco Aironet 1240AG Series may also be configured to support Enterprise Wireless Mesh, providing wireless connectivity for indoor areas that are difficult or impossible to wire. Mesh access points do not require wired connections; they use the 2.4-GHz frequency to deliver network access to users in hard-to-reach areas and the 5-GHz band to backhaul traffic to traditional access points connected to Ethernet ports.The Aironet 1240AG Series is available in: A lightweight version. An autonomous version that can be field-upgraded to lightweight operation A single-band 802.11g version for use in regulatory domains that do not allow 802.11a/5 GHz operation.

Equipment

The Cisco Aironet 3500p Access Point is:• Ideal for high-density stadium and arena

deployments • Delivers greater wireless capacity to

deliver a better fan experience and facilitate 3G/4G cellular offload

• Built with directional, narrow beamwidth external antennas for targeted coverage and minimal interference

• Designed with a rugged metal housing that provides extended operating temperature

• CleanAir technology for a self-healing, self-optimizing network that avoids RF interference

• ClientLink to improve reliability and coverage for legacy clients

• BandSelect to boost 5 GHz client connections in mixed client environments

• VideoStream which uses multicast to improve multimedia applications.

Monitoring

Monitoring Tools

Wi-spy –Chanalizer 4

Wireshark

Wireshark

Insider

PRTG: Paessler

Solarwinds

Best Practices

Monitor the Network Periodically• Check WLC Log• Create a log server if Possible• Check the Switches performance (cpu, memory, bandwitdth,

etc.) • Analyze the protocols (sniff the nt)• Analyze the signal spectrum

Manage Traffic• Create Vlans to Segment the network traffic• Implement QoS

Security• Apply acls, encryption, authentication, etc.• Avoid to use generic users to authenticate for services • Plan for access-point coverage to radiate out toward

windows, but not beyond

Useful Links

http://www.computerworld.com/s/article/86951/Best_Practices_for_Wireless_Network_Security?taxonomyId=15&pageNumber=1

http://www.cisco.com/en/US/products/ps10981/index.html

http://www.cisco.com/en/US/products/ps10315/index.html

http://standards.ieee.org/about/get/802/802.11.html