Network+ Chapter 8 Wireless LANs
*SECTION 8.2*
*Deploying Wireless LANS* - variety of installation options and design considerations - available options and some best practice recommendations
*SECTION 8.1*
*Introducing Wireless LANs* - basic building blocks of WLANs - how WLANs connect into a wired local-area network (LAN) - various design options, including antenna design, frequencies, and communications channels
*Section 8.3*
*Securing Wireless LANs* - improperly installed wireless APs are roughly equivalent to putting an Ethernet port in a building's parking lot - someone can drive up and access your network - features are available to harden the security of your WLAN
802.11ac
- *5-GHz* standard - use more *simultaneous streams* than 802.11n - features multi-user MIMO *(MU-MIMO)* - single 80MHz wide stream can support *433Mbps*
Sources of Interference
- *major issue for WLANs is RFI* caused by other devices using similar frequencies - *physical obstacles* can impede or reflect WLAN transmissions - *common sources* of interference: other WLAN devices, cordless phones, microwave ovens, wireless security system devices, physical obstacles and signal strength
802.11n & Channel Bonding
- *two wireless bands* can be *logically bonded* together -- band with *twice the bandwidth* of an individual band - *channel bonding* referred to as *40-MHz mode* -- the bonding of two *adjacent 20-MHz bands* into a 40-MHz band - *high throughput (HT) standard* defines modes for ensuring that older a/b/g devices and newer 802.11n devices can avoid collisions with each other
WPA2
- IEEE 802.11i implemented Wi-Fi Alliance's WPA Version 2 (2004) - Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for integrity checking - Advanced Encryption Standard (AES) for encryption - Enterprise mode: uses a centralized server for authenticating users - Personal mode: uses a configured password or PSK instead of a centralized server
Frequencies and Channels
- ISM bands: frequency ranges reserved internationally for industrial, scientific and medical purposes - WLANs can use the range of frequencies in the 2.4-GHz to 2.5-GHz range or in the 5.725-GHz to 5.875-GHz range (2.4-GHz band & 5-Ghz band) - some WLANs support a mixed environment
Disabling SSID broadcast
- SSID can be broadcast by an AP to let users know the name - AP might be configured not to broadcast its SSID - users could still determine the SSID of an AP by examining captured packets
Wireless Routers
- router obtains an *IP address via DHCP* from the ISP -- *uses PAT* to provide IP addresses to devices attaching to it wirelessly or through a wired connection --- *association*: process through which a wireless client attaches with a wireless router (or wireless AP) - devices associating with a single AP *share a collision domain* - multiple APs used for scalability and performance reasons
IEEE 802.1X
- scalable configuration approach: require all wireless users to authenticate using their own credentials (username and password) - own set of credentials prevents the compromising of one password - allows wireless clients to authenticate with an authentication server (RADIUS) - Enterprise mode
Coverage Areas
- two broad categories of antennas: -- Omnidirectional -- Unidirectional
RC4
- uses a 24-bit initialization vector - IV: string of characters added to the transmitted data, such that the same plain-text data frame will never appear as the same WEP-encrypted data frame - IV transmitted in clear text - attacker can use a mathematical algorithm to determine the static WEP key
Preshared key
- wireless client and the AP preconfigured with a matching string of characters (PSK) - PSK could be used as part of a mathematical algorithm to encrypt traffic - effective for small networks (lacks scalability) - large corporate environment: compromised PSK would necessitate the reconfiguration of all devices configured with that PSK - Personal Mode
War chalking
- writing symbols on walls (or some other nearby structure) to let others know the characteristics of an open WLAN is found in a public place - or a WLAN whose SSID and authentication credentials are known - variant of the decades-old practice of hobos leaving symbols as messages to fellow hobos
Q: Refer to the exhibit. The three wireless access points (APs) in the diagram all operate in the 2.4 GHz frequency band. Select the three channels that should be used by the APs.
1, 6, 11
Q: You are configuring a wireless LAN (WLAN) with three wireless access points having overlapping coverage areas. The wireless access points are using the 2.4 GHz frequency band, and are located in the United States. What three non-overlapping channels in the 2.4 GHz band should you select?
1, 6, 11
Q: The IEEE 802.11b wireless standard has which of the following frequency band / maximum bandwidth parameters?
2.4 GHz / 11 Mbps
Q: The IEEE 802.11n wireless standard has which of the following frequency band / maximum bandwidth parameters?
2.4 GHz or 5 GHz / > 300 Mbps
Q: What is the maximum range of the IEEE 802.11g wireless standard?
32 m indoors / 140 m outdoors
5.725 GHz to 5.875 GHz
5-GHz band
Q: Orthogonal Frequency Division Multiplexing (OFDM) is a wireless LAN (WLAN) transmission method. Which three of the following WLAN standards support OFDM?
802.11a, 802.11g, 802.11n
carrier sense multiple access collision avoidance
CSMA/CA
2.4-2.5 GHz
Range of frequencies in the 2.4-GHz band
Q: Which of the following approaches to wireless LAN (WLAN) security uses RC4 as its encryption algorithm?
WEP
Q: Which of the following wireless LAN (WLAN) security threats involves mathematical algorithms that can determine a pre-shared key value?
WEP and WPA security cracking
Q: Which of the following approaches to wireless LAN (WLAN) security uses only TKIP for encryption?
WPA
149, 153, 157, 161 and 165
Nonoverlapping Channels in the 5 GHz Band (Higher Range)
36, 40, 44 and 48
Nonoverlapping Channels in the 5 GHz Band (Lower Range, No Prerequiste)
100, 104, 108, 112, 116, 136 and 140
Nonoverlapping Channels in the 5 GHz Band (Must be professionally installed)
52, 56, 60 and 64
Nonoverlapping Channels in the 5 GHz Band (Must support dynamic frequency selection to prevent RADAR interference)
2.4
Nonoverlapping Channels in the _____ GHz Band
Orthogonal frequency-division multiplexing
OFDM
MAC address filtering
- AP can be configured with a listing of MAC addresses permitted to associate with it - malicious user whose MAC address is not on the list of trusted MAC addresses is denied access - drawback: administrative overhead required to keep an approved list of MAC addresses up-to-date - knowledgeable user could falsify the MAC address of his wireless network card
WEP
- AP is configured with a static WEP key - Wireless clients are configured with an identical key (PSK approach) - 802.11 standard specifies a 40-bit WEP key (relatively weak) - could be compromised with a brute-force attack - uses RC4 as its encryption algorithm
WPA
- Wi-Fi Alliance developed its own security standard - enterprise mode: require a user to be authenticated before keys are exchanged (temporary session keys) - uses Temporal Key Integrity Protocol (TKIP) for enhanced encryption - 48-bit IV - broadcast key rotation: causes a key to change quickly - TKIP leverages Message Integrity Check - MIC: confirm that data was not modified in transit
Mesh Topology
- a collection of wireless devices that may not use centralized control (decentralized management) - mesh cloud: combined wireless coverage range defines the range of the network - additional wireless technologies could be used to build a mesh wireless topology - used for hosts to communicate with other devices in the mesh or to provide a gateway to the Internet or other networks
802.11n & MIMO
- achieves *superior throughput* through the use of *MIMO* -- uses *multiple antennas* for transmission and reception -- antennas do not interfere with one another *(spatial multiplexing)* --- *encodes data based on the antenna* from which the data will be transmitted -- reliability and throughput can be increased
WLAN Concepts and Components
- ad hoc LAN: a WLAN in which a device with a built-in wireless card connects to another device with a built-in wireless card - enterprise-class WLANS configured in such a way that a wireless client connects to some sort of a wireless base station, such as a wireless access point (AP) or a wireless router - hotspot: an AP that provides WiFi as a service - done using a variety of antenna types, frequencies, and communication channels
Additional Wireless Options
- bluetooth, infrared (IR), and near-field communications (NFC), which are often integrated into smartphones can provide connectivity for a personal-area network (PAN) or other short-range networking applications
Types of WLANs
- categorized based on their use of wireless APs - three main categories: IBSS, BSS, & ESS - IBSS WLAN operates in an ad hoc fashion - BSS and ESS WLANs operate in infrastructure mode
Multiple AP management
- company will use a Wireless LAN Controller (WLC) for centralized management and control of the APs - Cisco model 5760 WLC (network controller) - protocols used to communicate between an AP and a WLC could be the older Lightweight Access Point Protocol (LWAPP) or the more current Control And Provisioning of Wireless Access Points (CAPWAP) -- VLAN pooling can be used to assign IP addresses to wireless clients from a pool of IP subnets and their associated VLANs
Security Standards
- configuring a wireless client for security - Wired Equivalent Privacy (WEP) - Wi-Fi Protected Access (WPA) - Wi-Fi Protected Access Version 2 (WPA2)
Antennas
- coverage area of a WLAN largely determined by the type of antenna used on a wireless AP or a wireless router - higher-end APs often support various antenna types - design goals: required distance between AP/client, coverage area pattern, indoor/outdoor environment, avoid interference with others
war dialing
- days of dial-up modems - attackers run a program on their computer to call all phone numbers in a certain number range - numbers that answered with modem tone became targets for later attacks
WPS Attacks
- easily secure wireless home network by using WPS (Wi-Fi Protected Setup) security standard - security protection by using a PIN and push-button configuration on the AP and the client device (no typing credentials) - hacker can perform a brute force attack on the password
Unidirectional antenna
- focus their power in a specific direction - avoid potential interference with other wireless devices - reach greater distances than those possible with omnidirectional antennas - interconnect two nearby buildings
Gain (Antenna)
- gain is commonly measured using the dBi unit of measure -- dB stands for decibels and the i stands for isotropic -- decibel: a ratio of radiated power to a reference value -- dBi: the reference value is the signal strength (power) radiated from an isotropic antenna --- represents a theoretical antenna that radiates an equal amount of power in all directions (spherical pattern) - isotropic antenna is considered to have gain of 0 dBi - GdBi = 10 * log10 (G) - one antenna has 3 dB more gain than another antenna, it has approximately twice the effective power
Antenna strength
- gain: strength of the electromagnetic waves being radiated from an antenna -- involves a measurement of both direction and efficiency of a transmission -- transmitting: measurement of how efficiently the power being applied to the antenna is converted into electromagnetic waves being broadcast in a specific direction -- receiving: measurement of how efficiently the received electromagnetic waves arriving from a specific direction are converted back into electricity leaving the antenna
Wireless Access Point
- interconnects a wired LAN with a WLAN - *does not interconnect two networks* - connects to the wired LAN, and the wireless devices that connect to the wired LAN via the AP are on the *same subnet as the AP* (no NAT or PAT) -- acting as a *wireless bridge* between the wireless clients connected to the AP and the wired devices connected to the switch in the *same Layer 2 domain*
WEP and WPA security cracking
- less secure standards: Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) - utilities are available on the Internet for cracking each - by collecting enough packets transmitted by a secure AP, utilities can use mathematical algorithms to determine the PSK configured on a wireless AP
Rogue access point
- malicious user could set up his own AP to which legitimate users would connect - use a packet sniffer to eavesdrop on communications flowing through his AP - evil twin: configure the rogue AP with the same service set identifier (SSID) as used by a legitimate AP
WLAN Standards
- modern standards are variations of the original IEEE 802.11 (1997) - original standard supported a DSSS and an FHSS implementation (operated in the 2.4-GHz band) - speeds of 1 Mbps or 2 Mbps (insufficient bandwidth) - 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac
war driving
- modern-day variant of war dialing - malicious users drive around looking for unsecured WLANs - nefarious purposes or simply looking for free Internet access - cell phones, laptops, tablets, and gaming and media devices used in a wireless attack (WiFi)
Wireless AP Placement
- more than one AP (an ESS WLAN) require careful planning to prevent the APs from interfering with one another - overlap of coverage between APs should exist to allow uninterrupted roaming from one WLAN cell (which is the coverage area provided by an AP) to another - areas should not use overlapping frequencies - recommendation is to have a 10-15 percent overlap of coverage between adjoining cells
Honeycomb fashion
- more than three APs can be deployed in a honeycomb fashion to allow an overlap of AP coverage areas while avoiding an overlap of identical channels - 2.4-GHz band approach: cells using the same nonoverlapping channels (channels 1, 6, and 11) are separated by another cell
Goodput
- most RFI occurs in the 2.4-GHz band - consider using the 5-GHz band, which is an option for 802.11a and 802.11n WLANs - refers to the number of useful information bits that the network can deliver (not including overhead for the protocols being used) - another factor is the density (ratio of users to APs) - classrooms, hotels, and hospitals (high density)
Other WLAN devices
- nonoverlapping channels for both the 2.4-GHz and 5-GHz bands - two or more WLAN devices in *close proximity and using overlapping channels* could interfere with one another
Microwave ovens
- older microwave ovens can emit relatively high-powered signals in the 2.4-GHz band - significant interference with WLAN devices operating in the 2.4-GHz band
Approaches to WLAN Security
- open authentication: WLAN that does not require authentication or provide encryption for wireless devices - variety of security standards and practices to protect WLAN traffic from eavesdroppers - MAC address filtering, Disabling SSID broadcast, Preshared key, IEEE 802.1X
Cordless phones
- operate in the 2.4-GHz band and can interfere with WLAN devices - use of digital enhanced cordless telecommunications (DECT) cordless phones to coexist with WLAN devices - these phones do not use the 2.4-GHz band - at the 1.92 GHz to 1.93 GHz frequency range in US
Wireless security system devices
- operate in the 2.4-GHz frequency range - potential issues with WLAN devices
Omnidirectional antenna
- radiates power at relatively equal power levels in all directions - popular in residential WLANs and SOHO locations
Physical obstacles
- radio waves cannot propagate through a perfect conductor - metal filing cabinets and large appliances sufficient to cause degradation of a WLAN signal - radio waves carrying data might travel over different paths - multipath issue can cause data corruption
Signal strength
- range of a WLAN device is a function of the device's signal strength - enterprise-class APs often allow signal strength to be adjusted to ensure sufficient coverage of a specific area
802.11b
- ratified in 1999 - speeds as high as *11 Mbps* - 5.5 Mbps (supported data rate) - uses the *2.4-GHz* band - *DSSS* transmission method
802.11a
- ratified in 1999 - speeds as high as *54 Mbps* - 6, 9, 12, 18, 24, 36, and 48 Mbps (supported data rates) - uses the *5-GHz band* - *OFDM* transmission method - *not backward compatible* with 802.11b
802.11g
- ratified in 2003 - speeds as high as *54 Mbps* - 6, 9, 12, 18, 24, 36, and 48 Mbps (supported data rates) - operates in the *2.4-GHz* band -> *backward compatibility* to 802.11b devices - either the *OFDM or the DSSS* transmission method
802.11n
- ratified in 2009 - wide variety of speeds depending on its implementation - speeds could *exceed 300 Mbps* through the use of channel bonding - average speed ratings in the 130-150 Mbps range - operate in the *2.4-GHz band, the 5-GHz band, or both* simultaneously - *OFDM* transmission method
Q: If multiple wireless access points exist in a wireless LAN (WLAN), what percentage of coverage overlap should the access points have?
10 to 15 percent
Q: What is the maximum bandwidth of an 802.11b wireless LAN (WLAN)?
11 Mbps
Q: You are configuring a wireless access point (AP). You specify a wireless standard of 802.11n operating in the 2.4 GHz band. You also select an option to make it operate in a "backwards compatible" mode. Therefore, what additional 802.11 standards are supported? (Choose two.)
802.11g & 802.11b 802.11n was ratified in 2009, and it can operate in the 2.4 GHz band, the 5 GHz band, or both. However, in this instance, the question states that the AP is operating in the 2.4 GHz band. 802.11a was ratified in 1999, and it operates in the 5 GHz band. Therefore, even though 802.11a is an earlier standard than 802.11n, it cannot be supported by a 2.4 GHz 802.11n AP operating in backwards compatibility mode, because 802.11a does not operate in the 2.4 GHz band.
Q: Which wireless LAN (WLAN) standards can operate in the 5 GHz frequency band? (Choose two.)
802.11n & 802.11a
Q: Which of the following approaches to wireless LAN (WLAN) security involves the use of an authentication server?
802.1X
22 MHz
A single channel's transmission in the 2.4-GHz band can be spread over a frequency range of
Frequency bands
Another name for frequency ranges
Q: A wireless LAN (WLAN) containing only one access point (AP) is known as what type of WLAN?
BSS
CSMA/CA
Needed for WLAN connections because of their half-duplex operation. WLAN device listens for a transmission on a wireless channel to determine whether it is safe to transmit. Wireless devices wait for a random backoff time before transmitting.
5 MHz
Channel frequencies in the 2.4-GHz band are separated by
5
Channels in the 2.4 GHz band must have __ channels of separation.
Direct-sequence spread spectrum
DSSS
Heat Map
Data which is collected using site survey tools and laid over a floor plan to show the strength of signals in the areas being serviced by APs.
Q: Which of the following approaches to wireless LAN (WLAN) security helps conceal the existence of a WLAN?
Disabling SSID broadcast
Frequency-hopping spread spectrum
FHSS
Q: A wireless LAN (WLAN) configured to work in an ad hoc fashion (that is, without requiring the use of an access point) is known as what type of WLAN?
IBSS
1, 6 and 11
Nonoverlapping Channels in the 2.4 GHz Band
IBSS
Independent Basic Service Set - created *without the use of an AP* - work in an *ad hoc* fashion - useful for *temporary connections* between wireless devices - temporarily interconnect two laptop computers to transfer a few files
Q: What wireless technology allows the IEEE 802.11n standard to achieve higher throughput than other standards (that is, IEEE 802.11 a/b/g) by using multiple antennas for transmission and reception?
MIMO
Q: What type of antenna radiates power at relatively equal power levels in all directions?
Omnidirectional
Q: Which of the following wireless LAN (WLAN) security threats is also known as an "evil twin?"
Rogue access point
chip
Shorter in duration than a bit. Transmitted at a higher rate than the actual data. Encode random data with the data being transmitted.
DSSS
Spread-spectrum technology which *modulates data over an entire range of frequencies* using a series of symbols called *chips*. More subject to environmental factors.
FHSS
Spread-spectrum technology which allows the participants in a communication to *hop between predetermined frequencies*. *Security* is enhanced because the participants can predict the next frequency to be used, but a *third party cannot easily predict the next frequency*. Can also provision *extra bandwidth* by simultaneously using more than one frequency.
OFDM
Spread-spectrum technology which uses a relatively *slow modulation rate* for symbols. This slower modulation rate, combined with the *simultaneous transmission of data over 52 data streams*, helps support *high data rates* while *resisting interference* between the various data streams.
DSSS and OFDM
The two spread-spectrum technologies used in today's WLANs
Spread Spectrum
Transmission method in which a channel uses more than one frequency.
ISM bands
Wireless frequency ranges reserved for industrial, scientific and medical purposes.
BSS
basic service set - WLANs that have just *one AP* - said to run in *infrastructure mode* because wireless clients connect to an AP (connected to a wired network infrastructure) - often used in *residential and SOHO* locations
ESS
extended service set - WLANs containing *more than one AP* - operate in *infrastructure mode* - take care to prevent one AP from interfering with another - channels *1, 6, and 11 for the 2.4-GHz band* should be selected for adjacent wireless coverage areas
