Chapter 6 Concepts
Wi-Fi network security
1. 802.11 standard security: -- none by default -- SSID: only item required 2. Authentication -- process of comparing and matching a client's credentials with the credentials in a database 3. MAC filtering -- prevents the AP from authenticating any device whose MAC address is not listed 4. Encryption -- use of an algorithm to scramble data
RFID tag types
1. ARPT - active reader passive tag 2. PRAT - passive reader active tag 3. ARAT - active reader active tag
Mesh
Several access points work as peer devices on the same network
Obstacles
When obstacles are in a signal's way, the signal may: 1. pass through them 2. be absorbed into them 3. be subject to any of the phenomena
WLANs
Wireless networks - networks that transmit signals through the air via RF (radio frequency) waves. Wired and wireless signals share many similarities - use of the same Layer 3 and higher protocols. The nature of the atmosphere makes transmission different from wired transmission.
Bluetooth
- Operates in the radio band of 2.4 - 2.4835 GHz - Hops between frequencies within that band to help reduce interference - Requires close proximity to form a connection - Exact distance requirements depend on the class of Bluetooth device - Before Bluetooth devices can connect, they must be paired - Bluetooth interfaces are susceptible to a range of security risks: -- Bluejacking - a connection is used to send unsolicited data -- Bluesnarfing - a connection is used to download data without permission
Frame aggregation
1. Combine multiple frames into one larger frame 2. Two techniques: -- A-MSDU (Aggregated MAC Service Data Unit) -- A-MPDU (Aggregated MAC Protocol Data Unit) 3. Advantage: reduces overhead
802.11 data frame
1. Four address fields: -- Source address, transmitter address, receiver address, and destination address 2. Sequence control field -- how large a packet is fragmented 3. Error checking and fragmentation are handled at the MAC sublayer of the Data Link layer
Wireless controller
A wireless controller can provide: 1. Centralized authentication for wireless clients 2. Load balancing 3. Channel management 4. Detection of rouge access points
Configure Wi-Fi connectivity devices
APs vary in which wireless standards they support, their antenna strength, and other features. Variables set during installation: 1. Administrator password 2. SSID 3. Whether or not the SSID is broadcast 4. Security options 5. Whether or not DHCP is used
BSS
Basic Service Set. 1. Group of stations sharing an access point 2. BSSID (basic service set identifier) -- Group of stations identifier
Troubleshooting Wi-Fi Networks
Cable continuity and performance testers will tell nothing about wireless connections, stations, or APs on a network. To troubleshoot wireless LANs, you need tools that contain wireless NICs and run wireless protocols.
Determine the design
Consider the following when deciding where to install an AP: 1. distance 2. type and number of obstacles 3. coverage 4. interference Larger WLANs warrant a more systematic approach to access point placement.
IR
Infrared. IR is used primarily to collect data through various sensors. - exists just below the spectrum visible to the human eye IR sensors are used to collect info such as: 1. presence or level of liquid 2. variations in reflections from skin caused by variations in blood flow 3. proximity to the device 4. commands from a control device
Channel management
Most wireless devices implement one of two technologies: 1. FHSS (frequency hopping spread spectrum) 2. DSSS (direct sequence spread spectrum) How each wireless standard in the 2.4 GHz range uses its allotted brand: - Wi-Fi uses DSSS - Bluetooth uses FHSS - ZigBee uses DSSS - ANT+ uses a fixed fequency (does not use DSSS or FHSS)
NFC
Near-field communication. A form of RFID that transfers data wirelessly over very short distances. Signal can be transmitted one way by an NFC tag, or smart tag (when employees need access to a secure area). The NFC tag collects power from the smartphone or other device by magnetic induction.
Radiation pattern
Relative strength over three-dimensional area of all electromagnetic energy that antenna sends, receives
WPA2
Replacement for WPA. A stronger encryption protocol. Most secure communication is made possible by combining a RADIUS server with WPA/WPA2 (known as WPA-Enterprise or WPA2-Enterprise). Additional security options: 1. Create a separate guest network through a Wi-Fi router/access point 2. Set up a captive portal -- first page a new client sees in the browser when connecting to a guest network -- requires user to agree to a set of terms and conditions before gaining further access
Ad hoc
Small number of nodes closely positioned transmit directly to each other
Avoid pitfalls
Wireless configuration pitfalls to avoid: 1. Wrong SSID 2. Security type mismatch 3. Wrong passphrase 4. Overlapping channels or mismatched frequencies 5. Mismatched standards 6. Incorrect antenna placement 7. Interference 8. Simultaneous wired and wireless connections 9. Problems with firmware updates 10. Unoptimizwed access point power levels 11. Inappropriate antenna type 12. Client saturation
Antennas
Wireless signals originate from electrical current traveling along a conductor: 1. Travels from the transmitter to an antenna 2. Antenna emits the signal as a series of electromagnetic waves into the atmosphere 3. At the destination, another antenna accepts the signal and a receiver converts it back to current Two antennas must be tuned to the same frequency in order to use the same channel
Propagation
The way in which a wave travels from one point to another
The wireless spectrum
The wireless spectrum is the frequency range of electromagnetic waves used for data/voice communication - spans frequency ranges or bands between 9 kHz and 300 GHz. Some bands have only a single frequency (called a fixed frequency) for that band.
Channel bonding
Two adjacent 20-MHz channels can be bonded to make 40-MHz channel. - More than doubles the bandwidth available in single 20-MHz channel
TRS/CTS
Request to Send/Clear to Send protocol: 1. Ensures packets not inhibited by other transmissions 2. Efficient for large transmission packets 3. Further decreases overall 802.11 efficiency
SSID
Service Set Identifier. 1. Unique character string identifying access point -- in beacon frame information 2. Configured in access point 3. Better security, easier network management
Site surevey:
- Assesses client requirements, facility characteristics, coverage areas - Determines access point arrangement ensuring reliable wireless connectivity (within given area) - A thorough site survey might include: -- studying building blueprints to identify potential obstacles -- consider whether Wi-Fi access points will be used as wireless bridges to create remote wired access to the network -- determine whether certain floors require multiple APs -- measure the signal coverage and strength from other WLANs -- test proposed access point locations -- test wireless access from the farthest corners of your space -- consider the materials used in objects that aren't always present in the environment -- consider how the wireless portions of the LAN will integrate with the wired portions - After site survey has identified and verified the quantity and location of access points, you are ready to install them -- must belong to same ESS and share an ESSID -Enterprise-wide WLAN design considerations -- how wireless LAN portions will integrate with wired portions
ZigBee
- Based on the 802.15.4 standard - A low-powered, battery-conserving wireless technology - Designed to handle small amounts of data - Ideal for use in ISM (industrial, scientific, and medical) sensors - Used in IoT devices for building automation, HVAC control, AMR (automatic meter reading) and fleet management
Bluetooth power classes
- Class 1 - 100mW - up to 100m - used for industrial purposes - Class 2 - 2.5mW - up to 10m - used for mobile devices - Class 3 - 1mW - up to 1m - rarely used
IEEE 802.11 Frames
- Types of overhead required to manage access to an 802.11 network (ACKs, probes, and beacons). - 802.11 specifies MAC sublayer frame type - Multiple frame type groups: --1. Management frams: association and reassociation --2. Control frames: medium access and data delivery (AKS and RTS/CTS frames) --3. Data frames: carry data sent between stations
802.11 WLAN Standards
- WLANs work at OSI layers 1 and 2. -- support TCP/IP higher-layer OSI protocols and operating systems - Most popular standards used by WLANs is Wi-Fi -- developed by IEEE's 802.11 committee
Access Method
1. 802.11 MAC services -- Append 48-bit physical addresses to frame to identify source and destination 2. Same physical addressing scheme as other Ethernet networks -- Allows easy combination with other IEEE networks 3. Wireless devices: -- Not designed to simultaneously transmit and receive -- Cannot prevent collisions -- Use different access method than Ethernet
Notable Wi-Fi standards:
1. 802.11b, 802.11a, 802.11g, 802.11n, and 802.11ac 2. 802.11n and later modify the way frames are used at the MAC sublayer (lower portion of the Data Link layer) 3. LLC sublayer is primarily concerned with multiplaexing, flow and error control, and reliability
Configure Wi-Fi clients
1. Configuration varies from one client type to another 2. As long as an AP is broadcasting its SSID -- clients in its vicinity will detect it and offer the user the option to associate with it 3. On-boarding: -- installing a specific program or app onto a device to give it trusted access to certain portions of the network 4. Off-boarding: -- removing programs that gave devices special permissions on the network -- administrators need a freature that allows them to off-board remotely (in case AP is lost or stolen) - called a remote wipe.
Signal propagation phenomena
1. Fading: -- As signal runs into obstacles, its energy will gradually fade -- Excessive fading can cause dropped connections or slow data transmission 2. Attenuation: -- Signal weakens moving away from tranmission antenna -- Correctional signal attenuation increase the power of the transmission and repeat the signal from a closer broadcast point called a wireless range extender 3. Interference: -- Wireless signals are more vulnerable to noise (no wireless conduit, shielding) -- Signal-to-noise ratio (SNR) = proportion of noise to the strength of the signal 4. Refraction: -- As a wave travels through objects the wave's direction, speed, and wavelength are altered (or refracted) 5. Reflection: -- Signal bounces back toward its source 6. Scattering: -- Diffusion in multiple different directions 7. Diffraction -- signal splits into secondary waves 8. Multipath signals: -- wireless signals follow different paths to destination -- advantage - better chance of reaching destination -- disadvantage - signal delay result in data errors
List of capabilities common to wireless testing tools:
1. Identify transmitting access points, stations, and channels over which they are communicating 2. Measure signal strength from an AP 3. Indicate the effects of attenuation, signal loss, and noise 4. Interpret signal strength information 5. Ensure proper association and reassociation between APs 6. Capture and interpret traffic 7. Measure throughput and assess data transmission errors 8. Analyze characteristics of each channel
Association
1. Packet exchanged between computer and access point in order to gain Internet access. -- Another function of the MAC sublayer 2. Scanning: -- Surveys surroundings for access point -- Active scanning transmits special frame (known as a probe) -- Passive scanning listens for special signal (known as a beacon frame)
Security threats to Wi-Fi Networks:
1. War driving -- a hacker searches for unprotected wireless networks by driving around with a laptop configured to receive and capture wireless data transmissions 2. War chalking -- hackers draw symbols with chalk on the sidewalk or wall near a vulnerable AP -- To make it known to other hackers 3. Evil twin -- a rogue AP planted in a network's geological area to pose as an authorized AP 4. WPA attack: -- incvolves an interception of the network keys communicated between stations and APs -- also called WPA cracking 5. WPS attack: -- cracking a PIN in order to access an APs settings -- cracked through a brute force attack
Infrastructure
A WAP (wireless access point) or AP (access point) accepts wireless signals from multiple nodes and retransmits them to the rest of the network
Z-Wave
A smart home protocol that provides two basic types of functions: 1. Signaling to manage wireless connections 2. Control to transmit data and commands between devices A Z-Wave network controller (called a hub) -- Receives commands from a smartphone or computer and relays the commands to various smart devices on its network Z-Wave tranmissions have a range of up to 100 m per hop -- Can tolerate up to four hops through repeaters
Wireless USB
Based on UWB (ultra-wideband) radio platform. Certified W-USB products mimic wired USB 2.0 connections - similar speeds, security, ease of use, and compatibility. UWB radios transmit in the range between 3.1 and 10.6 GHz.
CSMA/CA
Carrier Sense Multiple Access/Collision Avoidance. 1. Minimizes collision potential 2. Uses ACK packet to verify every transmission -- Requires more overhead than 802.3 -- Real throughput less than theoretical maximum
Centralized wireless management
Centralized wireless management is made possible by a lightweight wireless protocol. - such as Cisco's LWAPP (Lightweight Access Point Protocol) or Cisco's CAPWAP (Control and Provisioning of Wireless Access Points)
ESS
Extended Service Set. 1. Group of access points connected to same LAN -- share ESSID (extended service set identifier) 2. Allows roaming -- station moving from one BSS to another without losing connectivity As devices are moved between BSSs within a single ESS: - Connecting to a different AP requires reassociation - Occurs by simply moving; high error rate
Home/small office
Home or small office network might call for only one access point: 1. Often combined with switching, routing functions 2. Connects wireless clients to LAN 3. Acts as Internet gateway
IoT
Internet of things. Made up of any device that can be connected to the internet. - Personal monitoring devices - one of the fastest growing areas of IoT - Smart home devices - interlink devices such as locks and lights, security cameras, etc. - HAN (home area network) - connected devices within a home create a type of LAN - WPAN (wireless personal area network) - include short-range wireless technologies such as Bluetooth and ZigBee - PANs rarely exceed about 10 meters in any direction - Most common wireless technologies used to connect WPAN and HAN devices are discussed next
Unidirectional (directional antenna)
Issues wireless signals along single direction
Omnidirectional antenna
Issues, receives wireless signals with equal strength, clarity in all directions
LOS
Line of Sight. Signal travels in straight line directly from transmitter to receiver
MIMO
Multiple Input-Multiple Output. 1. multiple access point and client device antennas may issue to one or more receivers 2. Increases range and network's throughput
MU-MIMO
Multiuser MIMO. 1. Newer technology that allows multiple antennas to service multiple clients simultaneously 2. Reduces congestion and contributes to faster data transmission 3. Available with WAVE 2 802.11ac products
RFID
Radio frequency identification. RFID uses electromagnetic fields to store data on a small chip (RFID tag). - includes an antenna that can transmit and receive, and possibly a battery Commonly used for inventory management. An RFID tag might also be embedded in a credit card - allowing for so-called "contactless" payment.
Range
Reachable geographical area
Wi-Fi network tools
Two types of software tools you should have: 1. Spectrum analyzer -- Can assess the quality of the wireless signal 2. Wireless analyzer (Wi-Fi analyzer) -- Can evaluate Wi-Fi network availability, optimize Wi-Fi signal settings, and help identify Wi-Fi security threats
WPA
Wi-Fi Protected Access. Dynamically assigns every transmission its own key
Wireless topologies
Wireless networks are not laid out using the same topologies as wired networks. Wireless topologies: 1. Ad hoc 2. Infrastructure 3. Mesh Wireless technology can be used to connect two different parts of a LAN or two separate LANs