Chapter 6 Concepts

Wi-Fi network security

1. 802.11 standard security: -- none by default -- SSID: only item required 2. Authentication -- process of comparing and matching a client's credentials with the credentials in a database 3. MAC filtering -- prevents the AP from authenticating any device whose MAC address is not listed 4. Encryption -- use of an algorithm to scramble data

RFID tag types

1. ARPT - active reader passive tag 2. PRAT - passive reader active tag 3. ARAT - active reader active tag

Mesh

Several access points work as peer devices on the same network

Obstacles

When obstacles are in a signal's way, the signal may: 1. pass through them 2. be absorbed into them 3. be subject to any of the phenomena

WLANs

Wireless networks - networks that transmit signals through the air via RF (radio frequency) waves. Wired and wireless signals share many similarities - use of the same Layer 3 and higher protocols. The nature of the atmosphere makes transmission different from wired transmission.

Bluetooth

- Operates in the radio band of 2.4 - 2.4835 GHz - Hops between frequencies within that band to help reduce interference - Requires close proximity to form a connection - Exact distance requirements depend on the class of Bluetooth device - Before Bluetooth devices can connect, they must be paired - Bluetooth interfaces are susceptible to a range of security risks: -- Bluejacking - a connection is used to send unsolicited data -- Bluesnarfing - a connection is used to download data without permission

Frame aggregation

1. Combine multiple frames into one larger frame 2. Two techniques: -- A-MSDU (Aggregated MAC Service Data Unit) -- A-MPDU (Aggregated MAC Protocol Data Unit) 3. Advantage: reduces overhead

802.11 data frame

1. Four address fields: -- Source address, transmitter address, receiver address, and destination address 2. Sequence control field -- how large a packet is fragmented 3. Error checking and fragmentation are handled at the MAC sublayer of the Data Link layer

Wireless controller

A wireless controller can provide: 1. Centralized authentication for wireless clients 2. Load balancing 3. Channel management 4. Detection of rouge access points

Configure Wi-Fi connectivity devices

APs vary in which wireless standards they support, their antenna strength, and other features. Variables set during installation: 1. Administrator password 2. SSID 3. Whether or not the SSID is broadcast 4. Security options 5. Whether or not DHCP is used

BSS

Basic Service Set. 1. Group of stations sharing an access point 2. BSSID (basic service set identifier) -- Group of stations identifier

Troubleshooting Wi-Fi Networks

Cable continuity and performance testers will tell nothing about wireless connections, stations, or APs on a network. To troubleshoot wireless LANs, you need tools that contain wireless NICs and run wireless protocols.

Determine the design

Consider the following when deciding where to install an AP: 1. distance 2. type and number of obstacles 3. coverage 4. interference Larger WLANs warrant a more systematic approach to access point placement.

IR

Infrared. IR is used primarily to collect data through various sensors. - exists just below the spectrum visible to the human eye IR sensors are used to collect info such as: 1. presence or level of liquid 2. variations in reflections from skin caused by variations in blood flow 3. proximity to the device 4. commands from a control device

Channel management

Most wireless devices implement one of two technologies: 1. FHSS (frequency hopping spread spectrum) 2. DSSS (direct sequence spread spectrum) How each wireless standard in the 2.4 GHz range uses its allotted brand: - Wi-Fi uses DSSS - Bluetooth uses FHSS - ZigBee uses DSSS - ANT+ uses a fixed fequency (does not use DSSS or FHSS)

NFC

Near-field communication. A form of RFID that transfers data wirelessly over very short distances. Signal can be transmitted one way by an NFC tag, or smart tag (when employees need access to a secure area). The NFC tag collects power from the smartphone or other device by magnetic induction.

Radiation pattern

Relative strength over three-dimensional area of all electromagnetic energy that antenna sends, receives

WPA2

Replacement for WPA. A stronger encryption protocol. Most secure communication is made possible by combining a RADIUS server with WPA/WPA2 (known as WPA-Enterprise or WPA2-Enterprise). Additional security options: 1. Create a separate guest network through a Wi-Fi router/access point 2. Set up a captive portal -- first page a new client sees in the browser when connecting to a guest network -- requires user to agree to a set of terms and conditions before gaining further access

Ad hoc

Small number of nodes closely positioned transmit directly to each other

Avoid pitfalls

Wireless configuration pitfalls to avoid: 1. Wrong SSID 2. Security type mismatch 3. Wrong passphrase 4. Overlapping channels or mismatched frequencies 5. Mismatched standards 6. Incorrect antenna placement 7. Interference 8. Simultaneous wired and wireless connections 9. Problems with firmware updates 10. Unoptimizwed access point power levels 11. Inappropriate antenna type 12. Client saturation

Antennas

Wireless signals originate from electrical current traveling along a conductor: 1. Travels from the transmitter to an antenna 2. Antenna emits the signal as a series of electromagnetic waves into the atmosphere 3. At the destination, another antenna accepts the signal and a receiver converts it back to current Two antennas must be tuned to the same frequency in order to use the same channel

Propagation

The way in which a wave travels from one point to another

The wireless spectrum

The wireless spectrum is the frequency range of electromagnetic waves used for data/voice communication - spans frequency ranges or bands between 9 kHz and 300 GHz. Some bands have only a single frequency (called a fixed frequency) for that band.

Channel bonding

Two adjacent 20-MHz channels can be bonded to make 40-MHz channel. - More than doubles the bandwidth available in single 20-MHz channel

TRS/CTS

Request to Send/Clear to Send protocol: 1. Ensures packets not inhibited by other transmissions 2. Efficient for large transmission packets 3. Further decreases overall 802.11 efficiency

SSID

Service Set Identifier. 1. Unique character string identifying access point -- in beacon frame information 2. Configured in access point 3. Better security, easier network management

Site surevey:

- Assesses client requirements, facility characteristics, coverage areas - Determines access point arrangement ensuring reliable wireless connectivity (within given area) - A thorough site survey might include: -- studying building blueprints to identify potential obstacles -- consider whether Wi-Fi access points will be used as wireless bridges to create remote wired access to the network -- determine whether certain floors require multiple APs -- measure the signal coverage and strength from other WLANs -- test proposed access point locations -- test wireless access from the farthest corners of your space -- consider the materials used in objects that aren't always present in the environment -- consider how the wireless portions of the LAN will integrate with the wired portions - After site survey has identified and verified the quantity and location of access points, you are ready to install them -- must belong to same ESS and share an ESSID -Enterprise-wide WLAN design considerations -- how wireless LAN portions will integrate with wired portions

ZigBee

- Based on the 802.15.4 standard - A low-powered, battery-conserving wireless technology - Designed to handle small amounts of data - Ideal for use in ISM (industrial, scientific, and medical) sensors - Used in IoT devices for building automation, HVAC control, AMR (automatic meter reading) and fleet management

Bluetooth power classes

- Class 1 - 100mW - up to 100m - used for industrial purposes - Class 2 - 2.5mW - up to 10m - used for mobile devices - Class 3 - 1mW - up to 1m - rarely used

IEEE 802.11 Frames

- Types of overhead required to manage access to an 802.11 network (ACKs, probes, and beacons). - 802.11 specifies MAC sublayer frame type - Multiple frame type groups: --1. Management frams: association and reassociation --2. Control frames: medium access and data delivery (AKS and RTS/CTS frames) --3. Data frames: carry data sent between stations

802.11 WLAN Standards

- WLANs work at OSI layers 1 and 2. -- support TCP/IP higher-layer OSI protocols and operating systems - Most popular standards used by WLANs is Wi-Fi -- developed by IEEE's 802.11 committee

Access Method

1. 802.11 MAC services -- Append 48-bit physical addresses to frame to identify source and destination 2. Same physical addressing scheme as other Ethernet networks -- Allows easy combination with other IEEE networks 3. Wireless devices: -- Not designed to simultaneously transmit and receive -- Cannot prevent collisions -- Use different access method than Ethernet

Notable Wi-Fi standards:

1. 802.11b, 802.11a, 802.11g, 802.11n, and 802.11ac 2. 802.11n and later modify the way frames are used at the MAC sublayer (lower portion of the Data Link layer) 3. LLC sublayer is primarily concerned with multiplaexing, flow and error control, and reliability

Configure Wi-Fi clients

1. Configuration varies from one client type to another 2. As long as an AP is broadcasting its SSID -- clients in its vicinity will detect it and offer the user the option to associate with it 3. On-boarding: -- installing a specific program or app onto a device to give it trusted access to certain portions of the network 4. Off-boarding: -- removing programs that gave devices special permissions on the network -- administrators need a freature that allows them to off-board remotely (in case AP is lost or stolen) - called a remote wipe.

Signal propagation phenomena

1. Fading: -- As signal runs into obstacles, its energy will gradually fade -- Excessive fading can cause dropped connections or slow data transmission 2. Attenuation: -- Signal weakens moving away from tranmission antenna -- Correctional signal attenuation increase the power of the transmission and repeat the signal from a closer broadcast point called a wireless range extender 3. Interference: -- Wireless signals are more vulnerable to noise (no wireless conduit, shielding) -- Signal-to-noise ratio (SNR) = proportion of noise to the strength of the signal 4. Refraction: -- As a wave travels through objects the wave's direction, speed, and wavelength are altered (or refracted) 5. Reflection: -- Signal bounces back toward its source 6. Scattering: -- Diffusion in multiple different directions 7. Diffraction -- signal splits into secondary waves 8. Multipath signals: -- wireless signals follow different paths to destination -- advantage - better chance of reaching destination -- disadvantage - signal delay result in data errors

List of capabilities common to wireless testing tools:

1. Identify transmitting access points, stations, and channels over which they are communicating 2. Measure signal strength from an AP 3. Indicate the effects of attenuation, signal loss, and noise 4. Interpret signal strength information 5. Ensure proper association and reassociation between APs 6. Capture and interpret traffic 7. Measure throughput and assess data transmission errors 8. Analyze characteristics of each channel

Association

1. Packet exchanged between computer and access point in order to gain Internet access. -- Another function of the MAC sublayer 2. Scanning: -- Surveys surroundings for access point -- Active scanning transmits special frame (known as a probe) -- Passive scanning listens for special signal (known as a beacon frame)

Security threats to Wi-Fi Networks:

1. War driving -- a hacker searches for unprotected wireless networks by driving around with a laptop configured to receive and capture wireless data transmissions 2. War chalking -- hackers draw symbols with chalk on the sidewalk or wall near a vulnerable AP -- To make it known to other hackers 3. Evil twin -- a rogue AP planted in a network's geological area to pose as an authorized AP 4. WPA attack: -- incvolves an interception of the network keys communicated between stations and APs -- also called WPA cracking 5. WPS attack: -- cracking a PIN in order to access an APs settings -- cracked through a brute force attack

Infrastructure

A WAP (wireless access point) or AP (access point) accepts wireless signals from multiple nodes and retransmits them to the rest of the network

Z-Wave

A smart home protocol that provides two basic types of functions: 1. Signaling to manage wireless connections 2. Control to transmit data and commands between devices A Z-Wave network controller (called a hub) -- Receives commands from a smartphone or computer and relays the commands to various smart devices on its network Z-Wave tranmissions have a range of up to 100 m per hop -- Can tolerate up to four hops through repeaters

Wireless USB

Based on UWB (ultra-wideband) radio platform. Certified W-USB products mimic wired USB 2.0 connections - similar speeds, security, ease of use, and compatibility. UWB radios transmit in the range between 3.1 and 10.6 GHz.

CSMA/CA

Carrier Sense Multiple Access/Collision Avoidance. 1. Minimizes collision potential 2. Uses ACK packet to verify every transmission -- Requires more overhead than 802.3 -- Real throughput less than theoretical maximum

Centralized wireless management

Centralized wireless management is made possible by a lightweight wireless protocol. - such as Cisco's LWAPP (Lightweight Access Point Protocol) or Cisco's CAPWAP (Control and Provisioning of Wireless Access Points)

ESS

Extended Service Set. 1. Group of access points connected to same LAN -- share ESSID (extended service set identifier) 2. Allows roaming -- station moving from one BSS to another without losing connectivity As devices are moved between BSSs within a single ESS: - Connecting to a different AP requires reassociation - Occurs by simply moving; high error rate

Home/small office

Home or small office network might call for only one access point: 1. Often combined with switching, routing functions 2. Connects wireless clients to LAN 3. Acts as Internet gateway

IoT

Internet of things. Made up of any device that can be connected to the internet. - Personal monitoring devices - one of the fastest growing areas of IoT - Smart home devices - interlink devices such as locks and lights, security cameras, etc. - HAN (home area network) - connected devices within a home create a type of LAN - WPAN (wireless personal area network) - include short-range wireless technologies such as Bluetooth and ZigBee - PANs rarely exceed about 10 meters in any direction - Most common wireless technologies used to connect WPAN and HAN devices are discussed next

Unidirectional (directional antenna)

Issues wireless signals along single direction

Omnidirectional antenna

Issues, receives wireless signals with equal strength, clarity in all directions

LOS

Line of Sight. Signal travels in straight line directly from transmitter to receiver

MIMO

Multiple Input-Multiple Output. 1. multiple access point and client device antennas may issue to one or more receivers 2. Increases range and network's throughput

MU-MIMO

Multiuser MIMO. 1. Newer technology that allows multiple antennas to service multiple clients simultaneously 2. Reduces congestion and contributes to faster data transmission 3. Available with WAVE 2 802.11ac products

RFID

Radio frequency identification. RFID uses electromagnetic fields to store data on a small chip (RFID tag). - includes an antenna that can transmit and receive, and possibly a battery Commonly used for inventory management. An RFID tag might also be embedded in a credit card - allowing for so-called "contactless" payment.

Range

Reachable geographical area

Wi-Fi network tools

Two types of software tools you should have: 1. Spectrum analyzer -- Can assess the quality of the wireless signal 2. Wireless analyzer (Wi-Fi analyzer) -- Can evaluate Wi-Fi network availability, optimize Wi-Fi signal settings, and help identify Wi-Fi security threats

WPA

Wi-Fi Protected Access. Dynamically assigns every transmission its own key

Wireless topologies

Wireless networks are not laid out using the same topologies as wired networks. Wireless topologies: 1. Ad hoc 2. Infrastructure 3. Mesh Wireless technology can be used to connect two different parts of a LAN or two separate LANs