northeastern illinois university (wlan) wireless local area
DESCRIPTION
TRANSCRIPT
Northeastern Illinois University
Authors
Salwa AbdelrahimSamia Nur Eldayim
Supervisor Prof. Cafatori
Introduction
Who are we ? What is the project about? Presentation highlights.
Wireless Networking
What is Wireless Local Area Network (WLAN)?
Differences between WLANs and LANs
Privacy issues. Connectivity issues. Mobility. National regulatory requirements.
Similarities between LAN and WLAN
Same Ethernet standard. Share common network Protocols.
Why Wireless?
Mobility Flexibility Ease and Speed of Deployment Cost Saving Scalability
Wireless Local Area Network (WLAN) Standards
IEEE 802.11 Standard. What Exactly Does 802.11 Define? IEEE WLAN Standards. Decision on Which WLAN Hardware is
Best. Update on New Standards.
802.11b 802.11a 802.11g
Frequency 2.4 GHz 5 GHz 2.4 GHz
Maximum link speed 11 Mbps 54 Mbps 54 Mbps
Typical link speed 4-5 Mbps 20 Mbps 20 Mbps
Optimal throughput 6 Mbps 32 Mbps 32 Mbps
Coverage (inside) 300-500 ft 100-164 ft 300-500 ft
Strengths Less expensive, most widely installed base
Faster than 802.11b, less interference
Faster than and compatible with 802.11b, price going down
Weaknesses Limited bandwidth, interference
Expensive, not compatible with 802.11b and 802.11 g, shorter range
Less devices to choose from, more expensive, interference
802.11 a/b/g
Security options
MAC filtering Disabled clients Local authentication Radius authentication Access control list
Security strategy open Authentication pre- shared key authentication (WEP) web authentication public key infrastructure (PKI) 802.1X WI-FI protected access authentication:
WPA WPA2 (802.11i)
WEP vs WPA
WEP WPA
Encryption Flawed, cracked by scientist and hackers
Fixes all WEP flaws
40-bit keys 128-bit keys
Static- same key used by every one on the network.
Dynamic session keys. Per user, per session, per packet keys.
Manual distribution of keys- hand typed into each device.
Automatic distribution of keys
Authentication Flawed, used WEP key itself for authentication
Strong user authentication, utilizing 802.1x and EAP.
WPA WPA2
Enterprise mode (Business and Government)
Authentication: IEEE 802.1x /EAPEncryption: TKIP /MIC
Authentication: IEEE 802.1x /EAPEncryption: AES-CCMP
Personal Mode (SOHO/personal)
Authentication: PSKEncryption: TKIP /MIC
Authentication: PSKEncryption: AES-CCMP
WPA vs WPA2
Open Area Vs Closed area.
802.11 signal range in a free space incur minimum or no loss e.g. a warehouse.
Caution is needed when there are some obstructions in the area e.g. campus buildings.
Loss of 3 db means half of the transmission has been lost.
Obstruction loss of 3.0 DB or more
Partition Loss (DB)
Fixed walls 3.00
Metal partitions 5.00
Exterior walls 10.00
Basement walls 20.00
WLAN Setup steps
Define Requirements. Design. Perform site survey. Deployment. Improve the network based site
survey results. Periodic site survey.
Deployment
Site Survey Preliminary plan. System requirements. Analysis features: - Access point location. - Signal strength. - Strongest Access point. - SNR. - Interference. - Transmission Speed. - Signals at channels. - Access point placement tips. - Access point count.
Received signal strength intensity
Campus Project Available Technologies in the market e.g.
Cisco, Alcatel, Aruba, etc. Why did we choose Alcatel Technologies. Components Required: -Existing network infrastructure. DHCP, AAA,DNS,VPN. -Clients (PC, PDA, Handset, etc). -Access points. - WLAN switches.
Access points (AP) mountingconsiderations
Mount AP standing or hanging either straight up or down and above obstructions.
Consider the antenna gain when mounting for proper radio orientation.
Mount AP in the same location as clients.
Continue AP mounting
Position AP in the center of covered area.
Do not position the AP more than 140 feet apart or higher than 16 feet.
Do not mount the AP within 3 feet of any metal obstruction e.g. metal ducts, electric conduit, water pipes, elevator shafts and metal walls.
AP Approach to contain Vulnerability and unauthorized access
Avoid placing AP against exterior walls or windows to avoid leak.
Reduce the broadcast strength of AP to keep within the area of coverage and avoid parking lot coverage.
Change the default SSID and allow AP’s to broadcast their SSID.
Change default management password on AP’s.
Steps and tools for WPA and WPA2 Deployment
1. Security mechanism and credentials.2. User authentication database.3. Client operating system.4. Supplicants.5. EAP types.6. Authentication server.7. Access points and clients NIC card.
Switch administration
Switch features. Switch configuration management.
Using CLI. Using switch web interface.
Monitor Menu
Wlan Menu
New SSID being created
Conclusion
Designing a wireless network is not an easy task. Many wireless attributes should be considered throughout the design process:
Following the steps needed to setup a wireless local area network.
Making the right decision in choosing the appropriate hardware and software which are suitable to the coverage area.
Cont,
As wireless regulations continually change it is important to reference the activities of the regularity committees before designing WLAN, nationally this include the Federal Communications Commission (FCC) and National Telecommunications and Information Administration (NTIA).
Cont,
WPA enhances data protection and access control on existing and future WI-FI wlan.
WPA2 provides improved encryption with AES and a high level of assurance.
WPA2 able to meet government and enterprise security requirements.
Recommendations
Alcatel with POE. Deploy Wlan in NEIU using WPA and
WPA2. Periodic site survey. Documentations for deployment and
trouble shouting. Implement the complete site survey
recommendations for AP count.
References
Alcatel internetworking,Inc. Omni Access 4000/4100 introduction, installation, administration and maintenance Student guide 2.0.2
Arunesh Mishra, William A.Arbaugh, An initial security Analysis of the IEEE802.1x standard, 6 Feb 2002
Jeffrey Wheat, Designing a wireless network Mattbews.Gast,802.11 wireless network
www.cisco.com, wi fi protected access,WPA2 and IEEE 802.11i www.wi-fi.org, Deploying wi fi protected access (WPA) and (WPA2) IN THE
Enterprise, March 2005 www.wi-fi.org, Enterprise solutions for wireless LAN security , wi-fi Alliance Feb 6
2003 www.wi-fi.org , wi-fi protected access, strong standards-based, interoperable
security for today wi-fi networks , wi-fi Alliance April 29,2003 15 www.wi-fi.org/open section/secure.asp TID = 2 wi-fi security
Questions?