TestOut Network+ Chapter 9: WIRELESS NETWORKING

Rogue Access Point

- An attacker or an employee with access to the wired network installs a wireless AP on an unused access port. - An attacker near a valid wireless AP installs an AP with the same (or similar) service set identifier (SSID). - An attacker configures a wireless AP in a public location, monitors the traffic of users who connect to the wireless AP, and captures sensitive information, such as usernames and passwords. Rouge APs can be used to carry out pharming attacks. In a pharming attack, users are redirected to fake websites that prompt for credentials, allowing the attacker to steal those credentials. Mitigate and protect a network against rogue APs: - Monitor nearby radio frequencies to identify APs broadcasting in the area. - Put APs in separate VLANs and implement some type of intrusion detection to help identify when an attacker sets up a rouge AP or uses a brute force attack to gain access. - Disable rogue APs when you find them. You can unplug the Ethernet cable on the AP to disconnect it from the wired network.

Configuring Wireless Devices - Configure security

- Configure a MAC access list. - Disable SSID broadcast. - Configure the passphrase WPA or WPA2. When configuring encryption, select the strongest method supported by all devices. - AES is the strongest encryption method currently available, and it is used with WPA2. When using AES, all devices must be WPA2 capable. - TKIP is used with WPA or WPA2. TKIP encryption is not as strong as AES encryption. - Public networks may not use any encryption.

Steps to Designing a Wireless Network - Conduct initial RF modeling and mapping

- Document available asset information. - This includes existing mounting locations, network media, and network hardware. - Create an initial RF model. - RF modeling is the process of identifying initial access point locations, assigning frequencies, and planning power levers.

Wireless Survey Considerations - Testing procedure

- Mount - Align - Test - Move - Test - Perform a spectrum analysis While testing, measure goodput. Goodput refers to the number of useful bits delivered from the sender to the receiver over the wireless network connection. Errors due to lost, corrupt, or dropped packets require retransmission and reduce the goodput of the connection.

Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA)

1. The sending device listens to the media to make sure that no other device is transmitting. If another device is transmitting, the device waits a random period of time (called a backoff period) before attempting to send. 2. If no other device is transmitting, the sending device broadcasts a request to send (RTS) message to the receiver or AP. The RTS includes the source destination, as well as information on the duration of the requested communication. 3. The receiving device responds with a clear to send (CTS) message. The CTS also includes the communication duration period. Other devices use the information in the RTS and CTS to delay send attempts until the communication duration period (subsequent acknowledgement) has passed. 4. The sending device transmits the data. The receiving device resends with an acknowledgement (ACK). If the acknowledgement is not received, the sending device assumes a collision and retransmit the packet. 5. After the time interval specified in the RTS and CTS has passed, other devices can start the process to attempt to transmit.

Types of Authentication and Implementation - Extensible Authentication (EAP) Protocol 802.1x

802.1x authentication requires the following components: - A RADIUS server to centralize user account and authentication information. - A centralized database allows wireless clients to roam between cells and authenticate using the same account information. - A PKI for issuing certificates. - At a minimum, the RADIUS server must have a server certificate. - To support mutual authentication, each client must also have a certificate. Use 802.1x authentication on large, private networks.

Configuring Wireless Devices - Configure the beacon

A beacon is a frame that is sent out by the AP periodically. The beacon announces the AP and the characteristics of the network, like the SSID, supported speeds, and the signaling method used. - When you turn off SSID broadcast, you prevenet the AP from including the SSID in the beacon. - Wireless clients listen for beacons to identify APs in the area. - The beacon is sent at periodic intervals (typically 100 ms by default). - Sending the beacon uses some of the available bandwidth of the wireless network. - You can reduce the traffic generated by the beacon by increasing the beacon interval. - Increasing the beacon interval can increase the time it takes wireless clients to locate the wireless network. - To improve access times, decrease the beacon interval.

Hub-and-spoke infrastructure

A configuration in which a wireless controller is connected to all APs through a wired link. The individual APs contain very little embedded intelligence and are sometimes referred to as lightweight points (LWAPs). An alternative to LWAP is the Control and Provisioning of Wireless Access Points (CAPWAP) More efficient than independent access points and allows for larger wireless networks. The controller itself can become a bottleneck. All wireless data must pass through it. The APs are not able to communicate directly with each other. If the controller goes down, the entire wireless network ceases to function even if the APs remain functional.

Access point (AP)

A device that coordinates all communication between wireless devices, as well as the connection to the wired network. Sometimes called a wireless access point (WAP). It acts like a hub on the wireless side and a bridge, switch, or even a router on the wired side. It also synchronizes the stations within a network to minimize collisions.

Bluejacking

A harmless practice that anonymously sends messages to a Bluetooth recipient within a distance of 10-100 meters. - Are not susceptible to bluejacking if they are set to non-discoverable mode.

2.4 GHz range

A longer frequency that can travel through physical barriers like walls and floors. Its bandwidth is smaller, which reduces the amount of data that can be transferred at one time.

Wireless Bridges

A model that connects wired and/or wireless networks. You can create a wireless link between two buildings with a wireless bridge. Using a directional antenna, a wireless signal can be transmitted directly between two buildings, connecting both LANs together. Because the wireless link is a bridge, only the frames addressed to a host on the remote LAN are forwarded across the link. Locally addressed frames remain on the local link.

Common Wireless Topologies - Infrastructure

A network that contains a wireless router as an access point (AP) and enables devices to connect with one another using radio signals. It functions like a hub on an Ethernet network. - The network uses a physical star topology with a logical bus. - You can add hosts without increasing administrative efforts. - The AP can be easily connected to a wired network, allowing clients to access both wired and wireless hosts. - The placement and configuration of APs require planning to implement effectively.

Key Installation Attack (KRACK)

A replay attack that finds vulnerabilities of the Wi-Fi Access protocol. - The KRACK attack exploits the third step in the WPA2 handshake allowing an attacker to gradually match encryption packets that have been sent by another device. - The attacker keeps repeating this handshake to reset the WPA-2 encryption key by requesting a reset. - This repeated process continues to expose more of the keychain until the entire key is known. - The attacker is then able to read the targeted traffic on that connection.

802.11n

A result of combining 802.11a (5 GHz) and 802.11g (2.4 GHz) standards to increase potential bandwith and transmission distance. Multiple-input, multiple-output (MIMO): - 802.11n specifications allow up to four sending and four receiving antennas. - The benefit of adding additional antennas declines as the number increases. - Going above 3x3 provides only a negligible performance increase. Channel Bonding: - Combines two non-overlapping 20 MHz channels into a single 40 MHz channel. - This results in slightly more than double the bandwidth. Frame Composition: - 802.11n changes the frame composition. - This results in increased efficiency of data transmissions (less overhead).

Wireless distribution system (WDS)

A system that enables wireless interconnection of multiple APs. Consist of: - A main base station is an AP that is usually connected to a wired network. - A relay base station relays data between other wireless devices such as client machines, other relay stations, or a main base station. - A remote base station accepts connections from a client device and passes them to relay stations or a main station using the MAC address of the devices. Repeater/Booster/Extender are good examples of distribution systems. - A bridge talks only to other APs. - A repeater can talk to both STAs and APs.

Replay Attack

A type of attack that fraudulently delays or resends a transmission to misdirect the receiver into doing what the attacker wants.

Types of Authentication and Implementation - Open

A type of authentication that does not require a key or password to authenticate the client on a wireless network. - Typically used on public networks. - You can implement MAC address filtering to restrict access to the AP to only known (or allowed) MAC addresses.

Idependent Basic Service Set (IBSS)

A wireless network in which devices communicate with each other without an access point (ad-hoc). - NIC-to-NIC communication. - Can have multiple stations in a physical area communicating with each other one at a time. - One STA will broadcast while to other STAs listen. - Communicates at half duplex. - The first IBSS randomly generates a BSSID in the MAC address format.

Common Wireless Devices

A wireless network interface card sends and receives radio signals. A wireless access point that is equivalent to an Ethernet hub. The wireless card connects to the AP; the AP manages network communication. A wireless bridge connects two APs into a single network or connects a wireless AP to a wired network. Most APs include bridging features.

Basic Service Set (BSS)

A wireless network that uses only one AP for all devices to communicate with each other. The AP is the central point for all devices on the network.

Configuring Wireless Devices - Set the SSID

All devices on the same network must use the same SSID. The SSID is case sensitive. The provide some level of security, consider using a cryptic name for the SSID. Using your business name for your network SSID makes it too easy to identify the network owner and could help hackers gain access.

Service Set Identifier (SSID)

Also called a network name, groups wireless devices together in the same logical network. - For devices to communicate on the same network, they must share the same SSID. - The SSID is a 32-character value that is inserted into each frame. It is case sensitive. - Depending on the distribution system and operating mode of the wireless devices, the SSID can become an extended service set indentifier (ESSID) or a basic service set identifier (BSSID). These identifiers all refer to the type of medium in which the wireless devices communicate over the network. - Even though these SSIDs serve the same purpose, the way in which these devices communicate are technically different.

Radio Frequency Interference (RFI)

Cause by radio signals using the same radio channel as the wireless network. Sources include cordless phones or microwave ovens.

Electromagnetic Interference (EMI)

Caused by motors, heave machinery, and flourescent lights.

Wireless Security Measures

Change the default name and password. Change default SSID and SSID broadcast. Enable MAC address filtering. Update the firmware. Enable the firewall on the AP. Disable DHCP. Geofencing.

What does a consumer-grade access point combine into a single device?

Combines many functions into a single device, such as a wireless access point (WAP) and a NAT router.

Bluetooth

Communicate within a personal area network (PAN). - Is designed for longer distances than IR and for lower power consumption. - Operates in the 2.4 GHz frequency range and uses adaptive frequency hopping (AFH). Eavesdropping on Bluetooth is difficult because: - Implements authentication and key derivation with custom algorithms based on the SAFER+ block cipher - Uses to E0 stream cipher for encrypting packets. Mitigate Bluetooth Risks: - Disable bluetooth completely if it is not required. - Turn off discovery mode - Bluetooth and the 802.11b wireless standard both operate on the same frequency range, which can lead to signal interference.

Radio Waves

Considered unbounded media because they are not encased by wires or shielding.

Channel Interference

Cordless telephones that operate in the 2.4 GHz range (900 MHz cordless phones do not cause interference). Other APs in the area. Microwave ovens. Bluetooth devices. Wireless game controllers.

Wireless Survey Considerations - Site survey report

Create a site survey report containing: - A physical network diagram, including each access point, controller, and the media that connects them. - An RF model that includes a frequency/channel plan. - The spectrum analysis results. - A logical network diagram containing SSIDs, IP addressing, and VLAN information. - Photographs and diagrams of each access point mounting site. - A list of structural modifications required to build the network. - A list of alternate mounting locations (if needed). - A list of equipment that must be purchased. - A cost estimate for equipment and labor.

Common Wireless Topologies - Wireless mesh network (WMN)

Defines a wireless mesh network that does not require devices to be in radio range of one another. Smart home devices use the 802.11s standard. - Uses a physical mesh topology with a logical bus topology. Has nodes called mesh stations that discover other devices. These nodes create a Mesh Basic Service Set that: - Can perform path discovery and forwarding between peers using routing protocols. - Uses the Hybrid Wireless Mesh Protocol. - Adds another layer of scalability over ad hoc since devices no longer have to be in range of each other to interface.

Atmospheric / EMI conditions and AP placement

Devices often get better reception from APs that are above or below them. Placing APs higher up prevents interference problems caused by going through buildings foundations. For security reasons, do not place APs near outside walls. The signal will emanate beyond the walls.

Steps to Designing a Wireless Network - Identify Expectations

Document network expectations. Continue to meet with all stakeholders regularly throughout the process to communicate status, discuss anticipated changes, and review expectations. Document all discussions and decisions.

Signaling Methods - Orthogonal Frequency Division Multiplexing (OFDM)

Encodes data over a wireless network using non-overlapping channels. - Operates on the 5 GHz channels 20 MHz wide. These are also called subcarriers. They can transmit multiple signals simultaneously. - Has the ability to send and receive data at much higher speeds. - Is limited to short distances. - Is used with the 802.11ac standard and 4G and 5G technologies. - Minimizes interference within its range while having a nominal data rate of 54 Mbps.

Configuring Wireless Devices - Select the network mode

For the 5-GHz band, you can typically select: - Mixed, which supports connections from 802.11a, 802.11n or 802.11ax clients. - 802.11a only. - 802.11n only. - 802.11ax only. - Disabled. For the 2.4-GHz band, you can typically select: - Mixed. - 802.11b/g only. - 802.11b only. - 802.11g only. - 802.11n only. -802.11ax only. - Disabled.

Wireless Standards and Specifications - 802.11n

Frequency: - 2.4 GHz or 5 GHz. Maximum Speed: - 600 Mbps. Maximum Distance: - 300 ft. Channels (non-overlapped): - 2.4 GHz: 11 (3 or 1). - 5 GHz: 23 (12 or 6). Modulation Technique: - OFDM (and other, depending on implementation). Backwards Compatibility: - 802.11a/b/g, depending on implementation.

Wireless Standards and Specifications - 802.11b

Frequency: - 2.4 GHz. Maximum Speed: - 11 Mbps. Maximum Distance: - 150 ft. Channels (non-overlapped): - 11 (3). Modulation Technique: - DSSS, CCK, DQPSK, DBPSK. Backwards Compatibility: - none.

Wireless Standards and Specifications - 802.11g

Frequency: - 2.4 GHz. Maximum Speed: - 54 Mbps. Maximum Distance: - 150 ft. Channels (non-overlapped): - 11(3). Modulation Technique: - DSSS (and others at lower data rates). - OFDM, QPSK, BPSK at higher rates. Backwards Compatibility: - 802.11b.

Wireless Standards and Specifications - 802.11ac

Frequency: - 5 GHz. Maximum Speed: - 1.3 Gbps. Maximum Distance: - 150 ft. Channels (non-overlapped): - Depends on configuration. Modulation Technique: - OFDM. Backwards Compatibility: - 802.11b/g/n

Wireless Standards and Specifications - 802.11a

Frequency: - 5 GHz. Maximum Speed: - 54 Mbps. Maximum Distance: - 100 ft. Channels (non-overlapped): - 24 (24). Modulation Technique: - OFDM. Backwards Compatibility: - N/A.

Wireless Standards and Specifications - 802.11ax

Frequency: 2.4 GHz or 5 GHz. Maximum Speed: - 9.6 Gbps. Maximum Distance: - 150 ft. Channels (non-overlapped): - Despedns on configuration. Modulation Technique: - OFDMA Backwards Compatibility: - 802.11a/b/g/n/ac

Bluebugging

Give an attacker access to all mobile phone commands that use Bluetooth technology. - Initiating phone calls; sending and receiving messages; listening to phone calls; and reading and writing phonebook contacts. - Only highly skilled individuals can perform bluebugging.

5.0 GHz range

Has a faster transfer rate, allowing it to move data more quickly. A shorter frequency and more prone to interference.

Steps to Designing a Wireless Network - Gather network requirements

Identify how the wireless network will be used. Identify the location of wireless service areas. Estimate the number of wireless devices to be supported in each area. Discuss the future needs of the network and plan for expansion. Discuss data encryption and network security requirements.

Steps to Designing a Wireless Network - Identify key design considerations

Identify key wireless design considerations. - Environmental conditions. - Radio frequency (RF) obstructions that could disrupt a wireless signal. - Dynamic RF obstructions that could appear randomly in the environment. - Future construction that might affect or disprupt the RF signals. - Sources of RF interference, both internal and external. - The availability of mounting points for networking hardware, such as poles, suspended tile ceilings, and so on. - Zoning and permit requirements. This typically applies only for outdoor deployments.

Wireless Survey Considerations - Core network planning

Identify the IP addressing scheme and the VLAN configuration. Avoid a VLAN configuration that has a large number of wireless clients in the same VLAN because it may result in an excessive amount of broadcast traffic. - Create multiple, smaller VLANs. Will require additional routers to route traffic between VLANs. - Implement VLAN pooling.

Wireless Survey Considerations - Equipment list

Identify the equipment you need: - Wireless controllers - Access points - Connecting media

To determine the noise floor

Identify the: Receive signal level (RSL): - Identifies how strong the radio signal is at the receiver. - The closer you are to the transmitter, the stronger the RSL. - The farther away you are, the lower the RSL. Signal to noise ratio (SNR): - Compares the level of the wireless network signal (RSL) to the level of background noise (measured in decibels). An SNR higher than 1:1 indicates more signal than noise, which is desireable. If RSL falls below the noise floor, connectivity is lost.

Troubleshooting Wireless Connectivity and Considerations

If a signal drops below 2 Mbps, the connection could be terminated.

802.11ax

Improves the ability to broadcast in more populated areas. Also called high efficiency Wi-Fi and is designed to operate between 1 and 7.125 GHz range. Orthogonal frequency-division multiples access (OFDMA): - Improves wireless network performance by making wireless channels into sub channels. - Divides channels into 30 segments. - Can assign each segment to a single device. - Can transmit or receive signals simultaneously using the MU-MIMO technology. Basic Service Set Color (BSS Color): - Lets an access point (AP) identify the clients to listen to by the color being transmitted by the client. - Allows multiple APs to function in the same RF channel. - Helps with the latency between APs and wireless devices. Target wake time (TWT): - A scheduler that allows wireless devices to communicate with the AP at specific times. - This allows Wi-Fi transponders to remain inactive (sleep), conserving battery life. - TWT is beneficial to smart home devices and large organizations that use devices that need constant connections for updates and activation.

Obstructions

In situations where there is no clear line of sight between transmitter and receiver due to obstructions (such as concrete, window film, or metal studs), the wireless signal is reflected along multiple paths before finally being received. Two Common Antenna Diversity Implementations: - Spatial diversity uses multiple antennas that are physcially separated from one another. - Pattern diversity uses two or more co-located antennas with different radiation patterns.

VLAN pooling

In this configuration, each wireless client is randomly assigned a VLAN from a pool of VLANs on the same SSID. This strategy automatically partitions a single broadcast domain into multiple VLANs.

Independent Access Points

Individual, standalone APs that negotiate wireless traffic and require that a device must get a new Internet Protocol (IP) address every time it moves to a different AP. Independent APs must be configured individually and can be difficult to manage. In order to enable roaming from one AP to another AP, the APs must be individually set up and share: - The same service set identifier (SSID). - The same channel. - The same IP subnet.

Wi-Fi Protected Access (WPA3) or 802.11s

It replaces the PSK with Simultaneous Authentication of Equals (SAE) exchange. This results in a more secure intitial key exchange in personal mode and forward secrecy. - Comes in a personal and enterprise version. Enterprise is more robust for authentication. - Was created to help with vulnerability in four-way handshake connections that use a pre-shared key. It help protect against brute force attacks. - Uses 128-Bit encryption for WPA3 Personal. - Uses 192-bit encryption key sizes during authentication stage for WPA3 Enterprise. This makes it harder to crack. - Incorporates forward secrecy which changes the encryption with every new connection to a device. - Enhances security on connected devices. - Easily manages connected devices. - Allows you to add passswords or QR codes for adding new devices. - Provides more secure connections for hot spots on public networks by using the Wireless Fidelity Alliance (WFA) Wi-Fi Enhance Open, a new wireless fidelity standard that is based on a standard called Opportunistc Wireless Encryption (OWE).

Incorrect configuration

Make sure each individual access point (AP) in a standalone (thick configuration) is properly configured. Make sure each AP in a controller-based (thin) configuration can communicate with the wireless controller. Verify that the wireless network and the AP are using the same wireless standard or that they are compatible.

Signaling Methods - Direct Sequence Spread Spectrum (DSSS)

Makes the transmitted bandwidth signal wider than the data stream needs. DSSS does this by dividing the data into smaller data chips and then encoding them with extra binary bits. This causes the bandwidth to be larger. Each chip is transmitted on different predetermined frequencies from the sender. The receiver must know the sequence in order to reassemble the data correctly.

Wireless Controller

Manages all the APs that are connected to it. Configuration changes are made once on the controller and are pushed to all connected APs. Usually provides DHCP services to dynamically assign IP addressing information to wireless clients. Uses automated VLAN pooling that separates VLANs, ensuring that the total number of stations per VLAN is kept within specific limits. This reduces excessive broadcast traffic. Connects the wireless network to the internal wired network. Can supply power to access points which it is connected.

AP Configuration Consideration

Most APs have at least one wired port that you can use to connect to the AP and perform configuration tasks. Many come with a simple web interface that you can use to perform initial configuration tasks. Determine if you will require a bridge to connect different segments of your network. If your wireless network is not reaching where you need it to, then you may need a wireless range extender to increase the range of your network. Depending on the operating system, wireless NICs might be configured automatically, or you might need to install special software before (or after) installing the hardware in the computer.

Wireless Troubleshooting - Vocab

Omnidirectional antenna: - Disperses the radio frequency wave in an equal 360-degree pattern. Absorption: - A signal passes through objects and the signal loses power. Refraction: - Radio waves pass through objects of different densities, causing the signal to bend or change speeds.

Extended Service Set (ESS)

One or more basic service sets connected by a WDS medium. - Multiple APs under a single WDS. - Each ESS overlaps the other to allow for free roaming.

Types of Authentication and Implementation - Shared Key Wireless Equivalent Privacy (WEP)

Only devices with the correct shared key can connect to the wireless network. WEP uses 64- or 128-bit encryption with the shared key. All APs and clients use the same authentication key. WEP should be used only on small, private networks.

Wireless Security - Vocab

Open Authentication: - An authentication method that requires clients to provide a MAC address to connect to the wireless network. Shared Key Authentication: - An authentication method that configures clients and access points with a shared key (called a secret or a passphrase). - Only devices with the correct shared key can connect to the wireless network. 802.1x authentication: - An authentication method that uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. Data Emanation: - The electromagnetic field generated by a network cable or network device (such as a wireless router) that can be manipulated in order to eavesdrop on conversations or steal data. Deauthentication attack: - An attack that spoofs the MAC address and then disconnects the device from the wireless network. - Attackers can use a deauthentication attack to stage evil twin or on-path attacks.

Random noise jamming

Produces radio signals using random amplitudes and frequencies. This type of attack is not as effective as a spark attack, but it is harder to identify due to the intermittent jamming it produces and the random nature of the interference. This type of signal is frequently mistaken for naturally occuring background radio noise.

When you perform a spectrum analysis.

Record the number of other APs in the area. Test the channel utilization in the 2.4 and 5.x GHz bands to aid in channel planning. Check channel utilization at different times of day. Gather data at the heights: the AP will be installed and user devices will be located.

Geofencing

Requires users to be in a physical location.

Wireless Network Implementation - Vocab

Roaming: - Moving a wireless device between access points. LWAPP: - Used by Cisco wireless equipment to route frames back and forth between the wireless network and the wired LAN. Device Density: - Specifies the number of clients that can utilize the wireless network. VLAN pooling: - Automatically partitions a single broadcast domain into multiple VLANs. Wireless Bridge: - Connects two wired networks over a Wi-Fi network. Goodput: - The number of useful bits delivered from sender to receiver within a specified amount of time.

Wireless Survey Considerations - Site survey test equipment

Should include: Two access points (APs). Bring access points to each location to test the signal quality and identify the node density required in each area. Two laptops with a network performance measurement utility, such as Iperf, installed. This will allow you to evaluate the network throughput available at each location. A tall ladder so you can test each AP at height or close to height. - In outdoor deployments, you may need to use a bucket truck instead of a ladder to complete this task.

Wireless Connection and Windows

Some devices include a physical switch that turns the integrated wireless network adapter on or off. To connect to a wireless network that is not broadcasting the SSID, you must create the wireless profile manually. - Use the Manually Create A Network Profile option to set up each client individually with network information. - Use the Copy this network profile to a USB flash drive option to save wireless network setting to a USB flash drive. - On each additional client, run the utility to copy the profile settings to the client.

Roaming

The ability to broadcast the same SSID across multiple APs. Allows a wireless device to stay on the same network without interruption while moving from one AP to another. This is known as extending the SSID. It allows multiple APs to be part of the same network. Extended SSIDs allow connectivity to remain the same in an area without the user ever noticing.

Steps to Designing a Wireless Network - Perform Bandwidth Planning

The amount of bandwidth required in various locations. The number of clinets that will utilize the network. This is the device density. - An overcapacity of clients will use up bandwidth and slow performance of the wireless network. - It is better to overestimate the number of devices on the network to ensure that you have the capacity to support them. - The frequency that will be used. You can measure the strength of the signal at a given distance from the access point by using the received signal strength indicator (RSSI). RSSI is measured as a negative number; a smaller value indicates a strong signal.

Basic Service Set Identifier (BSSID)

The basic service set identifier describes each device under the same SSID. It uses the MAC address of each device to communicate in the same network.

Warchalking

The drawing (using chalk) of symbols or icons in public places to advertise an open Wi-Fi network. - This was first done by individuals who had found an open Wi-Fi location and wanted to let others know as well. - An attacker can use these marks to try to locate information about the networks. - Some businesses have adopted these icons to let customers know of open Wi-Fi spots.

Wi-Fi Protected Access (WPA)

The implementation name for wireless security based on initial 802.11i drafts that was deployed in 2003. - Uses Temporal Key Integrity Protocol (TKIP) for encryption. - Supports both pre-shared key (WPA-PSK or WPA Personal) and 802.1x (WPA Enterprise) authentication. - Can use dynamic keys or pre-shared keys. - Can typically be implemented in WEP-capable devices through a software/firmware update. WPA keys can be predicated by reconstructing the message integrity check (MIC) of an intercepted packet, sending the packet to an AP, and observing whether the packet is accepted by the AP.

Wi-Fi Protected Access 2 (WPA2) or 802.11i

The implementation name for wireless security that adheres to the 802.11i specifications. - Uses Advance Encryption Standard (AES) as the encryption method. It is similar to (yet more secure than) TKIP but requires special hardware for performing encryption. - Uses Counter Mode with CBC-MAC Protocol (CCMP), also known as AES-CCMP. - Supports both pre-shared key (WPA2-PSK or WPA2 Personal) and 802.1x (WPA2 Enterprise) authentication. - Can use dynamic or or pre-shared keys. Main disadvantage is that it requires new hardware for implementation.

Packet Sniffing

The interception and decoding of wireless transmissions. Packet sniffing is also known as eavesdropping. Wireless transmission are easily intercepted. Encrypt all data transmitted through APs to mitigate threats from packet sniffing.

Spark Jamming

The most effective type of Wi-Fi interference attack. Repeatedly blasts receiving equipment with high-intensity, short-duration RF bursts at a rapid pace. Experience RF signal technicians can usually identify this type of attack quickly because of the regular nature of the signal.

Wardriving

The practice of driving around an area in a car to detect open Wi-Fi nodes to attack. - Some detection tools can locate wireless APs within an area even if the SSID broadcast has been disabled. - Once a wireless network is detected, it is often easy for an attacker to gain access to it, even if the attacker is not physically present in the building or even on the property.

Configuring Wireless Devices - Configure the region (AP only)

The region identifies the physical area where the AP operates.

Station (STA)

The wireless NIC in an end device such as a laptop, or cell phone. STA can refer to the device itself, not just the NIC.

Distributed Wireless Mesh Infrastructure

These networks still use a controller, but some of the network intelligence is moved from the controller to the individual APs. The controller is no longer a bottleneck. The APs are smart enough to communicate directly with each other to create more efficient data paths for network traffic. The controller still manages, directs, and scales the network, but the individual APs efficiently move data through the wireless LAN. Because the links are wireless not wired, the APs can quickly re-associate themsleves with a different wireless controller if its primary controller because unavailable for some reason. On Cisco wireless equipment, the lightweight access point protocol (LWAPP) is used to route frames back and forth between the wireless network and the wired LAN.

Data Emanation

To mitigate damage from and protect networks against data emanation threats: Do not place APs near outside walls. Conduct a site survey to identify the coverage area of and optimal placements for wireless APs Implement a Faraday cage or Faraday shield: - A Faraday cage is an enclosure that prevents radio frequency signals from emanating out of a controlled environment. - It is made of conducting material or a mesh of conducting material that blocks external static electrical fields. - Can also prevent cell phone usage. Encrypt all data transmitted through APs. Use firewalls on each network AP.

Signaling Methods - Frequency Hopping Spread Spectrum (FHSS)

Transfers data over a radio signal by switching channels at random within a larger frequency band: - This allows the data stream to be more unpredictable from outside the network, making it harder to intercept and eavesdrop on. - Since it uses multiple channels, it can avoid interference if certain channels are blocked within that frequency.

Wireless Implementation Facts

Transmission speeds are affected by distance, obstructions (such as walls), and interference. Communications in a typical environment (with one or two walls) have a distance of roughly half of the maximum. Transmission speeds decrease with distance. A dual band access point can use one radio to transmit at one frequency and a different radio to transmit at a different frequency. When you configure an access point, some configuration utilities use the term mixed mode to designate a network with both 802.11n and non-802.11n clients. In this configuration, one radio transmitter is used for legacy clients, and the remaining radio transmitters are used for 802.11n clients. Some newer 802.11a and 802.11g devices provide up to 108 Mbps using 802.11n pre-draft technologies (MIMO and channel bonding).

Wireless Survey Considerations - Spectrum analysis and channel plan

Use a spectrum analyzer to identify sources of RF interference at each location where you plan to deploy an access point. You can use freeware tools such as NetStumbler or Kismet to create a snapshot of wireless spectrum usage by nearby home and business networks, along with their proximity to your network. A spectrum analyzer can determine the noise floor in the desired frequency range. This will allow you to select the best available wireless channel.

Four commonly used techniques for detecting rogue hosts

Use site survey tools to identify hosts and APs. Check connected MAC addresses to identify unauthorized hosts. Conduct an RF noise analysis to detect a malicious rogue AP that's using jamming. Analyze wireless traffic to identify rogue hosts.

Random pulse jamming

Uses radio signal pulses of random amplitude and frequency to interfere with a Wi-Fi network.

802.11ac

Uses the 5 GHz range exclusively to increase speed and overall bandwidth. Multi-user MIMO (MU-MIMO): - An enhancement to MIMO that allows multiple users to use the same radio channel simultaneously. - In addition to adding MU-MIMO, 802.11ac doubled the number of MIMO radio streams from four to eight. - Four streams can send and four streams can receive. Frame Composition: - 802.11 added four fields to the wireless frame. - The fields identify the frame as a very high throughput. Channel Bonding: Used to combine more channels in the 5 GHz band, allowing for up to 160 MHz wide channels. Every time the bandwidth doubles in size, the wireless device combines the channels. The 5 GHz range has a total of 24 non-overlapping channels: - Bonding at 40 MHz reduces 24 channels to 12. - Increasing to 80 MHz decreases the channel size to 6 channels. - Increasing to 160 MHz, the wireless device will have only 2 channels to use for transmission.

Steps to Designing a Wireless Network - Conduct a site survey

Visit each location where an access point will be installed, evaluate the RF environment. Set up a temporary wireless network in the location to see how the radio signal behaves. - Inspect each mounting location identified in the initial design and ensure it is a viable location for an access point. - Document structural or environmental concerns that affect the RF signal from each AP. - Verify that the access point can reach the wireless controller from the location - Running a cable to each AP point including the controller is called a backhaul. - All APs do not need to be wired. A relay station must be able to reach the controller. - Assess the availability of power to, and grounding for, the access point. - Log the location's GPS coordinates. Use digital photos to document the location and its surrounding environment.

Bluesnarfing

When an attacker gains unauthorized access to an existing Bluetooth connection between phones, desktops, laptops, or PDAs. - Allows acces to the calendar, emails, text messages, and contact lists.

Latency

Wireless communication operates in half-duplex.

Configuring Wireless Devices - Configure the channel

Wireless networks can be configured to use one of serveral RF channels. - Choose a channel on the AP that is not used by other wireless devices (such as phones or other APs). - On the NIC, the channel is detected automatically and configured to match the channel used by the AP. Many AP's detect channels used in the area and automatically configure themselves to use a channel that does not overlap with other channels used in the area.

Common Wireless Topologies - Ad hoc / Independent Basic Service Set (IBSS)

Work in peer-to-peer mode. The network card in wireless devices communicate directly to other network cards. - Uses physical mesh topology with a logical bus topology. - Requires devices be in range of each other. - Is cheap and easy to set up. - Is suitable to small workgroup of devices. It can connect to a single device such as a printer. - Is not scalable to large network implementations. - Requires special modifications to reach wired networks.

Steps to Designing a Wireless Network - Include the Internet of Things (IoT)

Z-Wave: Broadly used in home security and home automation. - Z-Wave uses a mesh topology so that each device acts as a repeater. - As the number of devices on the network increases, the power of the signal increases. - Z-Wave uses low-energy radio waves that are capable of little bandwidth. - Z-Wave are designed to need very little bandwidth to interact with each other. Ant+: Protocol used to monitor sensor data. It uses a 2.4 GHz ISM band and has fast transmission rates. - Like the Z-Wave protocol, it's compatible with the mesh topology. - Ant+ can also be used with the point-to-point, star, and tree topologies. - Ant+ has been used for applications such as geocaching and health monitors. Near-field communication (NFC) allows devices to communicate and share data with each other. - Requires devices to be about four inches apart to communicate with each other. - Is commonly used with cell phones and mobile pay applications. - Is also used to pair devices that will use other technologies to communicate.