Chapter 15: Wireless Networking
802.11n specs
Frequency = 2.4 GHz (and 5.0 GHz if available) Spectrum = OFDM (QAM) Speed = 100+ Mbps Range = ~300 ft. Compatibility = 802.11b/g/n (also 802.11a if it has 5.0 GHz)
802.11g specs
Frequency = 2.4GHz Spectrum = OFDM Speed = 54 Mbps Range = 300 ft. Compatibility = 802.11b/g
802.11a specs
Frequency = 5.0 GHz Spectrum = DSSS Speed = 54 Mbps Range = ~150 ft. Compatibility = 802.11a
802.11ac specs
Frequency = 5.0 GHz Spectrum = OFDM (QAM) Speed = Up to 1 Gbps Range = ~ 300 ft. Compatibility = 802.11a
FHSS
Frequency-hopping spread-spectrum. Sends data out on one frequency at a time, constantly shifting/hopping frequencies. Less bandwidth than DSSS, but less prone to interference.
WIFI 5.0 GHz channels
Has around 40 channels, as well as countries limiting which may be used. The versions of 802.11 that use the 5.0 GHz band use automatic channel switching, so with 5.0 GHz you don't need to worry about channels.
Wireless survey tools
Help you discover any other wireless networks in the area and will integrate a drawing of your floor plan with interference sources clearly marked.
Troubleshooting WIFI: Signal/Power
If the WAP doesn't have enough power, you'll have signal loss and you won't be able to access the wireless network. Solutions: get closer to the WAP, avoid dead spots, turn up the power, use a better antenna, upgrade to a newer 802.11 version such as 802.11n or 802.11ac that have MIMO/MU-MIMO.
Troubleshooting WIFI: Wrong SSID
Make sure you selected the right one, or if entering it manually, you typed it in correctly.
Troubleshooting WIFI: no connection
Might get errors such as repeated prompts for passwords, APIPA addresses, and such.
WIFI 2.4 GHz channels
1 to 14, of 20 MHz each; countries limit exactly which channels can be used however. In the US, you can use channels 1-11. These channels overlap, so two nearby WAPs should not use close channels like 6 and 7. Most WAPs use channels 1, 6, or 11 by default because these are the only non-overlapping channels.
WAP 'thin client'
A WAP that can only be configured by a wireless controller.
2 pieces of software needed for a wireless network adapter to work:
A device driver to talk to the wireless NIC and a configuration utility.
On-boarding and off-boarding mobile devices
A feature that allows network admins to allow or deny mobile devices access to network features.
Parabolic antenna
A form of unidirectional antenna. Looks like a satellite dish.
Yagi antenna
A form of unidirectional antenna. Often called a beam antenna and can enable a focused radio wave to travel a long way.
Heat map
A graphical representation of the RF sources on your site, using different colors to represent the intensity of the signal.
MAC address filtering
A method that enables you to limit access to your network based on the physical addresses of wireless NICs. Creates a type of 'accepted users' list to limit access to your network = whitelist. Can also create a list of 'denied users' that blocks them from accessing your system = blacklist. Any network frames that don't contain the MAC address of a node listed in the MAC addresses table are rejected.
VLAN pooling
A method used to reduce the number of broadcasts on a network of a larger enterprise that are on the same SSID. You create a pool of VLANs for a single SSID and randomly assign wireless clients to one of the VLANs.
'Evil twin' Rogue AP
A rogue AP that intentionally mimics an existing SSID in order to get people to connect to it instead of the proper WAP. They work best in unsecured networks like in airports and hotels.
Wireless controllers
A switch that's designed to handle a number of WAPs simultaneously. The job of configuration gets offloaded to wireless controllers that can manage all of them (such as changing their ESSIDs).
WAP 'ACL'
Access Control List. Used by a WAP to enable or deny specific MAC addresses.
The 2 Wireless Network modes
Ad hoc and Infrastructure.
Step 6 (optional) in Implementing WIFI: Extending the Network
Add one or more WAPs to create an Extended Service Set. -all WAPs require the same ESSID -if the WAPs are near each other, use separate channels Wireless bridges -You can also install a wireless bridge to connect two or more wired networks. -Two different types --point-to-point bridges: can only communicate with a single other bridge and are used to connect two wireless network segments --point-to-multipoint bridges: can talk to more than one other bridge at a time and can connect multiple network segments.
Troubleshooting WIFI: Channel problems
All 2.4 GHz channels overlap with their nearest channel neighbors. E.g. Channel 3 overlaps with channels 1, 2, 4, and 5. Always try to stick to channels 1, 6, or 11. Could also have a problem with mismatched channels, e.g. the SSID is set correctly but a device is using a different channel than the WAP. However, automatic channel selection is the norm and mismatched channels are extremely rare.
MAC address 'spoofing'
An outside user can make their NIC report a legitimate address rather than its own so it can access your network.
Network hardening
Another term for wireless security. Can be achieved through authentication (secures access to the network), encryption (secure the data), and MAC address filtering (secures access to the network).
WAP 'thick client'
Any WAP that you can access directly and configure singularly via its own interface.
Wireless analyzer/WIFI analyzer
Any device that looks for and documents all existing wireless networks in your area.
802.11ac info
Avoids device density issues in the 2.4 GHz band by using only the 5.0 GHz band. Has a newer version of MIMO called Multiuser MIMO (MU-MIMO). MU-MIMO gives a WAP the ability to broadcast to multiple users simultaneously.
BES
BlackBerry Enterprise Service software enabled corporations to issue BlackBerrys to users and retain control over how those users could use their mobile devices on their network. This enabled users to get and synchronize company email, calendars, and more with mobile devices and workstations. Because of central control, network admins could allow or deny mobile devices access to network features, what's called on-boarding and off-boarding mobile devices.
Bluetooth security
Bluetooth does have good security, in that you have to manually set a device in 'discovery mode' to be visible for a limited amount of time. It also requires you to use a PIN during pairing.
Step 4 in Implementing WIFI: Configuring the Access Point
Configure the SSID/ESSID. -name the network Configure the beacon -a timing frame sent from the WAP at regular intervals -the beacon enables WIFI networks to function -you can switch the rate at which the beacon will go off -if you make it at a higher interval, it will improve network traffic speeds, but you lower the speed at which devices can negotiate to get on the network. Configure MAC address filtering -use it to build a list of wireless network clients that are permitted or denied access to your wireless network based on their unique MAC address Configure encryption -ensures data frames are secured against unauthorized access Configure channel & frequency -if using the WAP in an area with overlapping WIFI signals, change these settings. -use a wireless analyzer first to determine which channel and frequency to use.
802.11 standards for collision avoidance:
DCF (distributed coordination function) PCF (point coordination function) Currently, only DCF is implemented.
802.11 broadcasting methods
DSSS (direct-sequence spread-spectrum) FHSS (frequency-hopping spread-spectrum) OFDM (orthogonal frequency-division multiplexing) Spread-spectrum broadcasts data in small, discrete chunks over the different frequencies available within a certain frequency range.
DSSS
Direct-sequence spread-spectrum. Sends data out on difference frequencies at the same time. Uses more bandwidth than FHSS, around 22 MHz vs. 1 MHz. Capable of more data output than FHSS but more prone to interference than FHSS.
DCF
Distributed Coordination Function. An 802.11 standard for collision avoidance that specifies rules for sending data onto the network media. If a wireless network node detects that the network is busy, DCF defines a backoff period on top of the normal IFG wait period before a node can try to access the network again. Also requires that receiving nodes send an ACK for every frame they process. The ACK also includes a value that tells other wireless nodes to wait a certain duration before trying to access the network media. If the sending node doesn't receive an ACK, it retransmits the same data frame until it gets a confirmation that the packet reached its destination.
Troubleshooting WIFI: Slow connection
Either you have too many devices overworking your WAPs or there is too much RFI on the network. Overworked WAPs -attaching too many devices to a single SSID over time = device saturation -place more WAPs in high-demand areas. -can also upgrade WAPs to newer standards such as 802.11ac -bandwidth saturation = a frequency that is filled to capacity, such as 2.4 GHz. --can be solved by switching to the 5.0 GHz band. -Bounce = occurs when a signal sent by one device takes many different paths to get to the receiving systems. --minimize bounce by reducing anything that might reflect a signal, also use WAPs with multiple antennas in a process called 'multipath.' Radio frequency interference (RFI) -can be from WIFI networks and from non-WIFI sources. --Non-WIFI sources include: bluetooth, wireless phones, microwaves. Solved by shutting down or moving the devices. -can scan for RFI sources using some form of RF scanner/analyzer. --RFI is measured in the signal-to-noise ratio (SNR).
Troubleshooting WIFI: Wrong encryption
Either you've connected manually to a wireless network and have set up the incorrect encryption type, or you've entered the wrong encryption key. Symptoms: not on network, continual prompting for password, APIPA address Solutions: enter the correct password
WIFI channels
Every WIFI network communicates on a channel, a portion of the spectrum available.
ESSID
Extended Service Set Identifier. Every WAP connects to a central switch or switches to become part of a single broadcast domain. Clients will connect to whichever WAP has the strongest signal. As clients move through the space covered by the broadcast area, they will change WAP connections seamlessly, a process called roaming.
IBSS
Independent Basic Service Set. Two or more wireless nodes communicating in ad hoc mode. A basic unit of organization in wireless networks.
Step 5 in Implementing WIFI: Configuring the Client
Infrastructure networks require that the same SSID be configured on all nodes and access points. If the SSID is broadcast, the client would pick up the SSID and you enter the security passphrase or encryption key. If the SSID is not broadcast, you manually enter the SSID. ***Remember that the client will store all of the configuration information about the network in a profile and will use it to reconnect. If something would change (such as 2.4 GHz to 5.0 GHz) you would need to delete the profile and reconnect.
Step 2 in Implementing WIFI: Installing the Client
Install WIFI client hardware and software.
IFG
Interframe Gap. The short, pre-defined silence period after the length of the current frame is transmitted.
802.11g device shows a connection type of 802.11g-ht?
It is connected to an 802.11n WAP running in mixed mode.
Step 1 in Implementing WIFI: Perform a site survey
It will reveal any obstacles to creating the wireless network, and will help determine the best possible location for your access points. The main components for creating a site survey are a floor plan of the area you wish to provide with WIFI and a site survey tool such as Fluke Network's Air-Magnet Survey Pro. Site survey includes: -utilizing wireless survey tools -wifi analysis -heat map -interference sources
802.11n transmit modes
Legacy -the 802.11n WAP sends out separate packets just for legacy devices -a stopgap mode that was added if the other modes don't work Mixed, (high-throughput or 802.11a-ht/802.11g-ht) -the WAP sends special packets that support he older standards yet also can improve the speed of those standards via 802.11n's higher bandwidth Greenfield -exclusively for 802.11n-only networks. The WAP will only process 802.11n frames. -increased throughput by dropping support for older devices, makes the best goodput.
War driving/war chalking
Looking for wireless networks by using omnidirectional antennas connected to laptops using wireless sniffing programs. When a network was found, the war driver would place a special chalk mark on a nearby curb or sidewalk to tell other war drivers the location of the SSID. Contained info such as SSID, open node, band, and speed.
MDM solutions
Mobile device management solutions. Can be installed on personal devices so a user could have access to company network features. However, once the device connects to the company network, network admins have control over a lot of personal information. The most recent MDM solutions rely on tried-and-true protocols such as 802.1x to provide robust security and not restrict connectivity.
Troubleshooting WIFI: Open networks
Open (unencrypted) networks can have common SSID names and also all data is transferred in the clear. Can use a VPN or a Web browser add-on like HTTPS Everywhere.
OFDM
Orthogonal frequency-division multiplexing. The latest of the 3 method and is used on all but the earliest 802.11 networks.
PAN
Personal Area Network. A single point-to-point connection in very short ranges. PANs include Bluetooth, NFC (near field communication), and IR (infrared).
WPA-PSK or WPA2-PSK
Personal Shared Key. Also called WPA-Personal or WPA2-Personal. With these personal versions, you create a secret key that must be added to any device that is going to be on that SSID. There is no authentication with WPA-PSK or WPA2-PSK.
Step 3b in Implementing WIFI: Setting Up an Infrastructure Network
Place the access points/antennas. Omnidirectional antennas radiate outward from the WAP in all directions. You would place a WAP with an omnidirectional antenna in the center of the area. The standard straight-wire antennas that provide the most omnidirectional function are called dipole antennas.
QAM
Quadruple-amplitude modulated. A special version of OFDM that 802.11n and 802.11ac devices use.
RADIUS
Remote Authentication Dial In User Service.
In order to increase gain in RF output of a WAP
Replace the factory antenna with one or more bigger device antennas.
Troubleshooting WIFI: Untested updates/incompatibilities
Run untested updates on a test network first. To avoid incompatibilities, plan for things such as backwards compatibility, like with 802.11 versions.
SSID
Service Set Identifier. A standard name applied to the BSS or IBSS to help the connection happen. A 32-bit identification string that's inserted into the header of each frame processed by a WAP. Every WIFI device must share the same SSID to communicate in a single network. A WAP advertises its existence be sending out a continuous SSID broadcast. It's the SSID broadcast that lets you see the wireless networks that are available on your wireless devices.
Rogue Access Point/rogue AP
Simply an unauthorized access point.
***Bluetooth attacks
Since early versions of Bluetooth didn't use discovery mode and/or PINs, it resulted in two different types of Bluetooth attacks. However, it is no longer relevant (EXCEPT ON THE TEST) since devices now use discovery and PINs. Bluejacking -process of sending unsolicited messages to another BT device, basically just annoying Bluesnarfing -used weaknesses in the BT standard to steal information from other BT devices.
'Goodput' of a wireless network
The ACTUAL number of useful bits per second, since WIFI has a tremendous amount of overhead and latency and it won't achieve its advertised speed.
How RADIUS works:
The client wireless computer, called a 'supplicant', contacts the WAP, called a Network Access Server (NAS), and requests permission to access the network. The NAS collects the supplicant's username and password and then contacts the RADIUS server to see if the supplicant appears in the RADIUS server's security database. If the supplicant appears and the username and password are correct, the RADIUS server sends a packet back to the supplicant, through the WAP, with an Access-Accept code and an Authenticator section that proves the packet actually came from the RADIUS server. Then the remote user gets access to the network resources.
Ad hoc mode
Two or more devices communicate directly without any other intermediary hardware. Sometimes called peer-to-peer mode, with each wireless node in direct contact with each other node in a decentralized free-for-all. Uses a mesh topology.
WIFI signal transmission?
Use radio waves to transmit data, as opposed to Ethernet which uses charges on a copper cable.
802.11a info
Used the 5.0 GHz range which has much less interference, reducing latency. Came out after 802.11b.
Infrastructure mode
Uses a WAP that, in essence, acts as a hub for all wireless clients. Also bridges wireless network segments to wired network segments. Similar to a physical star topology of a wired network, with all nodes connecting to the central WAP.
Data Encryption using WEP
WEP = Wired Equivalent Privacy. Uses a 64 or 128-bit encryption algorithm to scramble data frames. WEP uses stream cipher RC4 (Rivest Cipher 4).
Data Encryption using WPA
WIFI Protected Access. Adopted most of the 802.11i standard that fixed some of the weaknesses of WEP. Offers security enhancements such as dynamic encryption key generation (keys are issued on a per-user and per-session basis) and an encryption key integrity-checking feature. WPA works by using an extra layer of security called the Temporal Key Integrity Protocol (TKIP), around the WEP encryption scheme. TKIP added a 128-bit encryption key that seemed unbreakable when first introduced. Ultimately became as vulnerable as WEP.
WAP
Wireless Access Point. Device designed to interconnect wireless network nodes with wired networks. A basic WAP operates like a hub and works at OSI Layer 1, although many manufacturers combine multiple devices into a single box, to create a WAP with a built-in switch and/or router, thus working at several OSI layers.
WLAN
Wireless LAN. Basically a network at your local coffee shop. It is a LAN, but there's nowhere for ordinary customers to plug in. WLANs are always going to be an 802.11-based network and will be able to serve a number of clients.
802.11-1997 specs
Frequency = 2.4 GHz Spectrum = DSSS Speed = 2 Mbps Range = ~300 ft. Compatibility = 802.11
BSSID
Basic Service Set Identifier. Defines the most basic infrastructure mode network - a BSS of one WAP and one or more wireless clients. The BSSID is the same as the MAC address for the WAP. For ad hoc networks that don't have a WAP, the nodes randomly generate a 48-bit string of numbers that looks and functions just like a MAC address, and that BSSID goes in every frame.
BSS
Basic Service Set. A single WAP servicing a given area, which can be expanded upon by adding more access points, thus making it an ESS.
Using EAP with RADIUS
Both the WAP and the wireless NICs have to use the same EAP authentication scheme. You set this in the firmware or software.
BYOD
Bring Your Own Device. Using personal devices to access company networks.
802.11n info
Brought faster speeds and new antenna technology implementations with MIMO (multiple in/multiple out) which enables the devices to make multiple simultaneous connections called streams. Can also implement channel bonding to increase throughput even more. Many 802.11n WAPs employ transmit beamforming, which is a multiple antenna technology that helps get rid of dead spots. The antennas adjust the signal once the WAP discovers a client to optimize the radio signal. Can support older 802.11b/g devices, however the 802.11n WAPs need to encapsulate 802.11n frames into 802.11b or 802.11g frames. This adds some overhead to the process. If older 802.11b devices join the network, traffic drops to 802.11b speeds (802.11g devices don't cause this on 802.11n networks).
WPS attacks
By design, the WPS PINs are short, and therefore susceptible to attacks by hacking the PIN.
CSMA/CA
Carrier sense multiple access with collision avoidance. Used by WIFI, as opposed to wired Ethernet networks using CSMA/CD - collision detection.
Enterprise Wireless
Enterprise wireless differs from SOHO in five areas: 1. Robust device construction 2. Centralized management 3. VLAN pooling 4. Power over Ethernet 5. Bringing personal wireless devices into the enterprise environment
ESS
Extended Service Set. A wireless network in Infrastructure mode that has multiple WAPs.
Patch antenna
Flat, plate-shaped antennas that generate a half-sphere beam. Useful to place on the wall in an office, where you don't want to broadcast the signal behind the wall where the patch is placed.
Unidirectional antennas
Focuses a radio wave into a 'beam.' Come in a variety of designs, such as parabolic, dish, Yagi, etc.
802.11b specs
Frequency = 2.4 GHz Spectrum = DSSS Speed = 11 Mbps Range = ~300 ft. Compatibility = 802.11b The first widely adopted 802.11 standard.
LWAPP
Lightweight Access Point Protocol. A protocol used by manufacturers of WAPs to ensure it can accept commands from any wireless controller.
Enterprise Wireless: Robust device construction
Made with better materials (metal vs. plastic), and can have interchangeable parts like antennas and radios so you can keep upgrading to the newest technologies.
Enterprise Wireless: Wireless Administration
Most WAPs will accept commands from any wireless controller for interoperability by using the LWAPP (Lightweight Access Point Protocol) to ensure interoperability.
Step 7 in Implementing WIFI: Verify the installation
Move some traffic from one computer to another using the wireless connection.
Step 3a in Implementing WIFI: Setting Up an Ad Hoc Network
Need to address 4 things: 1. SSID -each wireless node must be configured to use the same SSID -it's common for one system to set up an ad hoc node and then have other nodes attach to that node. 2. IP addresses -no two nodes can have the same IP address, although it will be unlikely since all OSs use APIPA 3. Channel 4. Sharing -ensure that the File and Printer Sharing service is running on all nodes. Plus you need to set the NICs to function in ad hoc mode.
802.11g info
Offers data speeds equivalent to 802.11a (54 Mbps) and the range of 802.11b (300 feet). It is backwards compatible with 802.11b. If an 802.11g network only has 802.11g devices connected, it runs in native mode (up to 54 Mbps), but when 802.11b devices connect, it is slowed down to 11 Mbps in 'mixed mode'. Later 802.11g manufacturers incorporated 'channel bonding' into their devices, enabling devices to use two channels for transmission. Channel bonding is not a part of the 802.11g standard. Both the NIC and WAP had to be from the same company for channel bonding to work.
Power over Ethernet
Since WAPs can be placed in strange locations where providing electrical power is not convenient, some WAPs now support an IEEE standard (802.3af) called Power over Ethernet (PoE), which enables them to receive their power from the same Ethernet cables that transfer their data. The switch that connects these WAPs must support PoE, but as long as both the WAP and switches to which they connect support PoE, you don't have to do anything other than just plug in Ethernet cables. PoE works automatically.
WEP vulnerabilities
Since WEP uses RC4, it needs a little code to start the encryption process, this extra code is stored in the key in the form of what's called an initialization vector (IV). The IV with WEP is 24 bits, which means the encryption part of a WEP key is only 40 or 104 bit (instead of 64 or 128 bit). The encryption key is both static (never changes session to session) and shared (the same key used by all network nodes). This means it is not hard to crack. WEP also fails to provide a mechanism for performing user authentication. That is, network nodes that use WEP encryption are identified by their MAC address, and no other credentials are offered or required.
Collisions on WIFI
Since WIFI is a radio transmission and is half-duplex, they cannot listen and send at the same time. Also, if two wireless clients were to collide, there is no simple-to-detect electrical peak like there is with wired networks. Therefore, WIFI takes proactive steps to avoid collisions.
Wireless Authentication with 802.11i
The first real 802.11 security standard that addressed both authentication and encryption. Uses the IEEE 802.1X standard to enable you to setup secure authentication using a RADIUS server and passwords encrypted with EAP (Extensible Authentication Protocol).
IEEE 802.11-1997
The original 802.11 standard, is no longer used but established the baseline features common to all subsequent WIFI standards, such as: wireless network cards, special configuration software, the capability to run in multiple styles of networks, and how transmissions work.
Broadcasting frequencies
The original 802.11 standards use either 2.4 GHz or 5.0 GHz radio frequencies.
PoE versions
The original 802.3af standard in 2003 only supported a max 15.4 watts of DC power, and many devices needed more. In 2009, 802.3af was revised to output as much as 25.5 watts, now called 802.3at, PoE Plus, or PoE+.
Dipole antennas
The standard straight-wire antennas that provide the most omnidirectional function. Is great for outdoors or a single floor, but it doesn't send much signal above or below the WAP.
IEEE 802.11
The wireless Ethernet standard, Wi-Fi.
Data Encryption using WPA2
WIFI Protected Access 2. Currently the top security standard used on 802.11 networks. Utilized the full 802.11i standard. Replaced the aging RC4 encryption with the Advanced Encryption Standard (AES), a 128-bit block cipher that's much tougher to crack than the TKIP used with WPA.
WPS
WIFI Protected Setup. A special standard that worked in two modes, push button method or PIN method. Push button method -press a button on one device (either a physical button or virtual one) -then press the WPS button on the other device -then the two devices automatically configure themselves on an encrypted connection. PIN method -press the button on the WAP -located the SSID on your device -enter an eight-digit PIN as the WPA personal shared key -all WPS WAPs have the PIN printed on the device
Wireless channel utilization
You can use wireless scanning tools to check to wireless channel utilization. These are software tools that give you metrics and reports about nearby devices and which one is connected to which WAP. Enable you to discover overworked WAPs, saturated areas, and so on.