Chapter 12 wlan
802.11
2.4 GH speeds up to 2mbps
802.11B
2.4gh speeds of up to 11 Mbps longer range than 802.11a better able to penetrate building structures
802.11ax
2.4gh 5 ghz atest standard released in 2019 also known as Wi-Fi 6 or High-Efficiency Wireless (HEW) provides improved power efficiency, higher data rates, increased capacity, and handles many connected devices currently operates using 2.4 GHz and 5 GHz but will use 1 GHz and 7 GHz when those frequencies become available Search the internet for Wi-Fi Generation 6 for more information
802.11g
2.4ghz speeds of up to 54 Mbps backward compatible with 802.11b with reduced bandwidth capacity
802.11n
2.4ghz 5ghz data rates range from 150 Mbps to 600 Mbps with a distance range of up to 70 m (230 feet) APs and wireless clients require multiple antennas using MIMO technology backward compatible with 802.11a/b/g devices with limiting data rates
802.11a
5 ghz speeds of up to 54 Mbps small coverage area less effective at penetrating building structures not interoperable with the 802.11b and 802.11g
802.11ac
5ghz provides data rates ranging from 450 Mbps to 1.3 Gbps (1300 Mbps) using MIMO technology Up to eight antennas can be supported backwards compatible with 802.11a/n devices with limiting data rates
Channel Selection
A best practice for WLANs requiring multiple APs is to use non-overlapping channels. For example, the 802.11b/g/n standards operate in the 2.4 GHz to 2.5 GHz spectrum. The 2.4 GHz band is subdivided into multiple channels. Each channel is allotted 22 MHz bandwidth and is separated from the next channel by 5 MHz. The 802.11b standard identifies 11 channels for North America
Split MAC Architecture
A key component of CAPWAP is the concept of a split media access control (MAC). The CAPWAP split MAC concept does all of the functions normally performed by individual APs and distributes them between two functional components:
Man-in-the-middle wireless attack
A popular wireless MITM attack is called the "evil twin AP" attack, where an attacker introduces a rogue AP and configures it with the same SSID as a legitimate AP, as shown in the figure. Locations offering free Wi-Fi, such as airports, cafes, and restaurants, are particularly popular spots for this type of attack due to the open authentication.Wireless clients attempting to connect to a WLAN would see two APs with the same SSID offering wireless access. Those near the rogue AP find the stronger signal and most likely associate with it. User traffic is now sent to the rogue AP, which in turn captures the data and forwards it to the legitimate AP, as shown in the figure. Return traffic from the legitimate AP is sent to the rogue AP, captured, and then forwarded to the unsuspecting user. The attacker can steal the user's passwords, personal information, gain access to their device, and compromise the system. a user at Bobs Latte is sending wireless traffic to a laptop set up by a threat actor as an evil twin which forwards the traffic to a router within the Internet cloud
Extended Service Set (ESS)
A single wireless access point servicing a given area that has been extended by adding more access points.
Orthogonal Frequency Division Multiplexing (OFDM)
A spread-spectrum broadcasting method that combines the multiple frequencies of DSSS with FHSS's hopping capability. OFDM is used by a number of communication systems including 802.11a/g/n/ac. The new 802.11ax uses a variation of OFDM called Orthogonal frequency-division multiaccess (OFDMA).
Autonomous AP
A wireless AP operating in a standalone mode, such that it can provide a fully functional BSS and connect to the DS.
Direct Sequence Spread Spectrum (DSSS)
A wireless technology that spreads a transmission over a much larger frequency band, and with corresponding smaller amplitude, A properly configured receiver can reverse the DSSS modulation and re-construct the original signal. DSSS is used by 802.11b devices to avoid interference from other devices using the same 2.4 GHz frequency.
Advanced Encryption Standard (AES)
AES is the encryption method used by WPA2. It is the preferred method because it is a far stronger method of encryption. It uses the Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCMP) that allows destination hosts to recognize if the encrypted and non-encrypted bits have been altered.
SSID cloaking
APs and some wireless routers allow the SSID beacon frame to be disabled, as shown in the figure. Wireless clients must manually configure the SSID to connect to the network.
radio frequency
All wireless devices operate in the radio waves range of the electromagnetic spectrum. WLAN networks operate in the 2.4 GHz frequency band and the 5 GHz band. Wireless LAN devices have transmitters and receivers tuned to specific frequencies of the radio waves range, as shown in the figure. Specifically, the following frequency bands are allocated to 802.11 wireless LANs: 2.4 GHz (UHF) - 802.11b/g/n/ax 5 GHz (SHF) - 802.11a/n/ac/ax
Bluetooth
An IEEE 802.15 WPAN standard that uses a device-pairing process to communicate over distances up to 300 ft. (100m). It can be found in smart home devices, audio connections, automobiles, and other devices that require a short distance connection. There are two types of Bluetooth radios: Bluetooth Low Energy (BLE) - This supports multiple network technologies including mesh topology to large scale network devices. Bluetooth Basic Rate/Enhanced Rate (BR/EDR) - This supports point to point topologies and is optimized for audio streaming.
Mac Address Filtering
An administrator can manually permit or deny clients wireless access based on their physical MAC hardware address. In the figure, the router is configured to permit two MAC addresses. Devices with different MAC addresses will not be able to join the 2.4GHz WLAN.
rogue access point
An unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks.
Cellular broadband
Cellular 4G/5G are wireless mobile networks primarily used by cellular phones but can be used in automobiles, tablets, and laptops. Cellular networks are multi-access networks carrying both data and voice communications. A cell site is created by a cellular tower transmitting signals in a given area. Interconnecting cell sites form the cellular network. The two types of cellular networks are Global System for Mobile (GSM) and Code Division Multiple Access (CDMA). GSM is internationally recognized, while CDMA is primarily used in the US. The 4th Generation mobile network (4G) is the current mobile network. 4G delivers speeds that are 10 times the previous 3G networks. The new 5G holds the promise of delivering 100 times faster speeds than 4G and connecting more devices to the network than ever before.
Wireless client and AP association
Discover a wireless AP Authenticate with AP Associate with AP The figure shows the three-stage process used by a wireless client to associate with an AP. A laptop represents a wireless client that is communicating wirelessly with an AP. An arrow flowing from the client to the AP represents stage one in which the client discovers the AP. Below that, a double arrow between the devices represents the authentication stage. Below that, another double arrow between the devices represents the association stage.
nonoverlapping Channels
For the 5 GHz standards 802.11a/n/ac, there are 24 channels. The 5 GHz band is divided into three sections. Each channel is separated from the next channel by 20 MHz. The figure shows all 24 Unlicensed National Information Infrastructure (U-NNI) 24 channels for the 5 GHz band. Although there is a slight overlap at the tails of each channel's frequency, the channels do not interfere with one another. 5 GHz wireless can provide faster data transmission for wireless clients in heavily populated wireless networks because of the large amount of non-overlapping wireless channels.
CAPWAP
IEEE standard protocol that enables a WLC to manage multiple APs and WLANs. CAPWAP is also responsible for the encapsulation and forwarding of WLAN client traffic between an AP and a WLC. add security - establishes tunnels on UDP ports. IPv4 and IPv6 both use UDP ports 5246 and 5247. Port 5246 is for CAPWAP control messages used by the WLC to manage the AP. Port 5247 is used by CAPWAP to encapsulate data packets traveling to and from wireless clients. However, CAPWAP tunnels use different IP protocols in the packet header. IPv4 uses IP protocol 17 and IPv6 uses IP protocol 136.
Active Mode
In active mode, wireless clients must know the name of the SSID. The wireless client initiates the process by broadcasting a probe request frame on multiple channels. The probe request includes the SSID name and standards supported. APs configured with the SSID will send a probe response that includes the SSID, supported standards, and security settings. Active mode may be required if an AP or wireless router is configured to not broadcast beacon frames.
Basic Service Set (BSS)
In wireless networking, a single access point servicing a given area.
Wireless security overview
Interception of data - Wireless data should be encrypted to prevent it from being read by eavesdroppers. Wireless intruders - Unauthorized users attempting to access network resources can be deterred through effective authentication techniques. Denial of Service (DoS) Attacks - Access to WLAN services can be compromised either accidentally or maliciously. Various solutions exist depending on the source of the DoS attack. Rogue APs - Unauthorized APs installed by a well-intentioned user or for malicious purposes can be detected using management software.
Channel interference
Interference occurs when one signal overlaps a channel reserved for another signal, causing possible distortion. The best practice for 2.4 GHz WLANs that require multiple APs is to use non-overlapping channels, although most modern APs will do this automatically. If there are three adjacent APs, use channels 1, 6, and 11, as shown in the figure.
omnidirectional antenna
Omnidirectional antennas such as the one shown in the figure provide 360-degree coverage and are ideal in houses, open office areas, conference rooms, and outside areas.
shared key authentication
Provides mechanisms, such as WEP, WPA, WPA2, and WPA3 to authenticate and encrypt data between a wireless client and AP. However, the password must be pre-shared between both parties to connect.
Satellite Broadband
Provides network access to remote sites through the use of a directional satellite dish that is aligned with a specific geostationary Earth orbit satellite. It is usually more expensive and requires a clear line of sight. Typically, it is used by rural homeowners and businesses where cable and DSL are not available.
Authentication in enterprise
RADIUS Server IP address - This is the reachable address of the RADIUS server. UDP port numbers - Officially assigned UDP ports 1812 for RADIUS Authentication, and 1813 for RADIUS Accounting, but can also operate using UDP ports 1645 and 1646, as shown in the figure. Shared key - Used to authenticate the AP with the RADIUS server.
WPA3
Shared Key authentication method The next generation of Wi-Fi security. All WPA3-enabled devices use the latest security methods, disallow outdated legacy protocols, and require the use of Protected Management Frames (PMF). However, devices with WPA3 are not yet readily available.
Wi-Fi Protected Access (WPA)
Shared key authentication method A Wi-Fi Alliance standard that uses WEP, but secures the data with the much stronger Temporal Key Integrity Protocol (TKIP) encryption algorithm. TKIP changes the key for each packet, making it much more difficult to hack.
WPA2
Shared key authentication method is the current industry standard for securing wireless networks. It uses the Advanced Encryption Standard (AES) for encryption. AES is currently considered the strongest encryption protocol.
Controller-based APs
These devices require no initial configuration and are often called lightweight APs (LAPs). LAPs use the Lightweight Access Point Protocol (LWAPP) to communicate with a WLAN controller (WLC), as shown in the next figure. Controller-based APs are useful in situations where many APs are required in the network. As more APs are added, each AP is automatically configured and managed by the WLC.
Infrastructure Mode
This is when wireless clients interconnect via a wireless router or AP, such as in WLANs. APs connect to the network infrastructure using the wired distribution system, such as Ethernet.
Frequency Hopping Spread Spectrum (FHSS)
This wireless technology spreads its signal over rapidly changing frequencies, sender and receiver must be synchronized to "know" which channel to jump to. - more efficient usage of channels fhss used 802.11
WPAN (Wireless Personal Area Network)
Uses low powered transmitters for a short-range network, usually 20 to 30 ft. (6 to 9 meters). Bluetooth and ZigBee based devices are commonly used in WPANs. WPANs are based on the 802.15 standard and a 2.4-GHz radio frequency.
WLAN (Wireless Local Area Network)
Uses transmitters to cover a medium-sized network, usually up to 300 feet. WLANs are suitable for use in a home, office, and even a campus environment. WLANs are based on the 802.11 standard and a 2.4-GHz or 5-GHz radio frequency.
WWAN (Wireless Wide Area Network)
Uses transmitters to provide coverage over an extensive geographic area. WWANs are suitable for national and global communications. WWANs also use specific licensed frequencies.
WMAN (Wireless Metropolitan Area Network)
Uses transmitters to provide wireless service over a larger geographic area. WMANs are suitable for providing wireless access to a metropolitan city or specific district. WMANs use specific licensed frequencies.
CSMA/CA
WLANs are half-duplex, shared media configurations. Half-duplex means that only one client can transmit or receive at any given moment. Shared media means that wireless clients can all transmit and receive on the same radio channel. This creates a problem because a wireless client cannot hear while it is sending, which makes it impossible to detect a collision.
Temporal Key Integrity Protocol (TKIP)
WPA and WPA2 standards use the following encryption protocols: TKIP is the encryption method used by WPA. It provides support for legacy WLAN equipment by addressing the original flaws associated with the 802.11 WEP encryption method. It makes use of WEP, but encrypts the Layer 2 payload using TKIP, and carries out a Message Integrity Check (MIC) in the encrypted packet to ensure the message has not been altered.
WPA (Wi-Fi Protected Access)
WPA3-Personal In WPA2-Personal, threat actors can listen in on the "handshake" between a wireless client and the AP and use a brute force attack to try and guess the PSK. WPA3-Personal thwarts this attack by using Simultaneous Authentication of Equals (SAE), a feature specified in the IEEE 802.11-2016. The PSK is never exposed, making it impossible for the threat actor to guess. WPA3-Enterprise WPA3-Enterprise still uses 802.1X/EAP authentication. However, it requires the use of a 192-bit cryptographic suite and eliminates the mixing of security protocols for previous 802.11 standards. WPA3-Enterprise adheres to the Commercial National Security Algorithm (CNSA) Suite which is commonly used in high security Wi-Fi networks. Open Networks Open networks in WPA2 send user traffic in unauthenticated, clear text. In WPA3, open or public Wi-Fi networks still do not use any authentication. However, they do use Opportunistic Wireless Encryption (OWE) to encrypt all wireless traffic. IoT Onboarding Although WPA2 included Wi-Fi Protected Setup (WPS) to quickly onboard devices without configuring them first, WPS is vulnerable to a variety of attacks and is not recommended. Furthermore, IoT devices are typically headless, meaning they have no built-in GUI for configuration, and needed any easy way to get connected to the wireless network. The Device Provisioning Protocol (DPP) was designed to address this need. Each headless device has a hardcoded public key. The key is typically stamped on the outside of the device or its packaging as a Quick Response (QR) code. The network administrator can scan the QR code and quickly onboard the device. Although not strictly part of the WPA3 standard, DPP will replace WPS over time.
WiMAX
WiMAX is an alternative to broadband wired internet connections, competing with DSL and cable. However, it is typically used in areas that are not yet connected to a DSL or cable provider. It is an IEEE 802.16 WWAN standard that provides high-speed wireless broadband access of up to 30 miles (50 km). WiMAX operates in a similar way to Wi-Fi, but at higher speeds, over greater distances, and for a greater number of users. It uses a network of WiMAX towers that are similar to cell phone towers. WiMAX transmitters and cellular transmitters may share space on the same tower,
Open System Authentication
an 802.11 original authentication method Any wireless client should easily be able to connect and should only be used in situations where security is of no concern, such as those providing free internet access like cafes, hotels, and in remote areas. The wireless client is responsible for providing security such as using a virtual private network (VPN) to connect securely. VPNs provide authentication and encryption services. VPNs are beyond the scope of this topic.
Personal
authenticating home user Intended for home or small office networks, users authenticate using a pre-shared key (PSK). Wireless clients authenticate with the wireless router using a pre-shared password. No special authentication server is required.
Enterprise
authenticating home user Intended for enterprise networks but requires a Remote Authentication Dial-In User Service (RADIUS) authentication server. Although more complicated to set up, it provides additional security. The device must be authenticated by the RADIUS server and then users must authenticate using 802.1X standard, which uses the Extensible Authentication Protocol (EAP) for authentication.
Wireless Access Points
better then range extenders, they are used to provide dedicated wireless access to the users devices.
directional antenna
focus the radio signal in a given direction. This enhances the signal to and from the AP in the direction the antenna is pointing This provides a stronger signal strength in one direction and reduced signal strength in all other directions. Examples of directional Wi-Fi antennas include Yagi and parabolic dish antennas.
Passive Mode
he AP openly advertises its service by periodically sending broadcast beacon frames containing the SSID, supported standards, and security settings. The primary purpose of the beacon is to allow wireless clients to learn which networks and APs are available in a given area. This allows the wireless clients to choose which network and AP to use.
Ad hoc mode
his is when two devices connect wirelessly in a peer-to-peer (P2P) manner without using APs or wireless routers. Examples include wireless clients connecting directly to each other using Bluetooth or Wi-Fi Direct. The IEEE 802.11 standard refers to an ad hoc network as an independent basic service set (IBSS).
Wireless DoS Attacks
imporoperly configured devices malicous user intentionally interfering with wireless comms accdental interference
flexConnect AP
mode on remote site LAP, when it can reach AP it operates in connected mode, when it can't it operates standalone mode
WEP (Wired Equivalent Privacy)
shared key authentication method The original 802.11 specification designed to secure the data using the Rivest Cipher 4 (RC4) encryption method with a static key. However, the key never changes when exchanging packets. This makes it easy to hack. WEP is no longer recommended and should never be used.
MIMO antennas
uses multiple antennas to increase available bandwidth for IEEE 802.11n/ac/ax wireless networks. Up to eight transmit and receive antennas can be used to increase throughput