tcil 10 wifi technology_2
TRANSCRIPT
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 1/42
WiWi--Fi TechnologyFi Technology
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 2/42
AgendaAgenda
�� IntroductionIntroduction
�� WiWi--FiFi TechnologiesTechnologies
�� WiWi--FiFi ArchitectureArchitecture
�� WiWi--FiFi NetworkNetwork ElementsElements
�� HowHow aa WiWi--FiFi NetworkNetwork WorksWorks
�� WiWi--FiFi NetworkNetwork TopologiesTopologies
�� WiWi--FiFi ConfigurationsConfigurations
�� ApplicationsApplications of of WiWi--FiFi
�� WiWi--FiFi SecuritySecurity
�� Advantages/Advantages/ DisadvantagesDisadvantages of of WiWi--FiFi
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 3/42
IntroductionIntroduction
�� WirelessWireless TechnologyTechnology isis anan alternativealternative toto WiredWiredTechnology,Technology, whichwhich isis commonlycommonly used,used, for for connectingconnecting devicesdevices inin wirelesswireless modemode..
�� WiWi--FiFi (Wireless(Wireless Fidelity)Fidelity) isis aa genericgeneric termterm thatthatrefersrefers toto thethe IEEEIEEE 802802..1111 communicationscommunicationsstandardstandard for for WirelessWireless LocalLocal AreaArea NetworksNetworks(WLANs)(WLANs)..
�� WiWi--FiFi NetworkNetwork connectconnect computerscomputers toto eacheach other,other,toto thethe internetinternet andand toto thethe wiredwired networknetwork..
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 4/42
The WiThe Wi--Fi TechnologyFi Technology
WiWi--FiFi NetworksNetworks useuse RadioRadio TechnologiesTechnologies tototransmittransmit && receivereceive datadata atat highhigh speedspeed::
�� IEEE 802.11bIEEE 802.11b
�� IEEE 802.11aIEEE 802.11a
�� IEEE 802.11gIEEE 802.11g
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 5/42
IEEE 802.11bIEEE 802.11b
�� Appear in late 1999Appear in late 1999
�� Operates at 2.4GHz radio spectrumOperates at 2.4GHz radio spectrum
�� 11 Mbps (theoretical speed)11 Mbps (theoretical speed) -- within 30 m Rangewithin 30 m Range
�� 44--6 Mbps (actual speed)6 Mbps (actual speed)
�� 100100 --150 feet range150 feet range
�� Most popular, Least ExpensiveMost popular, Least Expensive
�� Interference from mobile phones and BluetoothInterference from mobile phones and Bluetooth
devices which can reduce the transmissiondevices which can reduce the transmission
speed.speed.
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 6/42
IEEE 802.11aIEEE 802.11a
�� Introduced in 2001Introduced in 2001
�� Operates at 5 GHz (less popular)Operates at 5 GHz (less popular)
�� 54 Mbps (theoretical speed)54 Mbps (theoretical speed)�� 1515--20 Mbps (Actual speed)20 Mbps (Actual speed)
�� 5050--75 feet range75 feet range
�� More expensiveMore expensive�� Not compatible with 802.11bNot compatible with 802.11b
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 7/42
IEEE 802.11gIEEE 802.11g
�� IntroducedIntroduced inin 20032003
�� CombineCombine thethe featurefeature of of bothboth standardsstandards
(a,b)(a,b)�� 100100--150150 feetfeet rangerange
�� 5454 MbpsMbps SpeedSpeed
�� 22..44 GHzGHz radioradio frequenciesfrequencies�� CompatibleCompatible withwith µb¶µb¶
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 8/42
802.11 Physical Layer 802.11 Physical Layer
ThereThere areare threethree sublayerssublayers inin physicalphysical layer layer::
�� DirectDirect SequenceSequence SpreadSpread SpectrumSpectrum (DSSS)(DSSS)�� Frequency Hoping Spread Spectrum (FHSS)Frequency Hoping Spread Spectrum (FHSS)
�� DiffusedDiffused InfraredInfrared (DFIR)(DFIR) -- WideWide angleangle
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 9/42
DSSSDSSS�� DirectDirect sequencesequence signalingsignaling techniquetechnique dividesdivides thethe 22..44 GHzGHz bandband intointo
11 2222--MHzMHz channelschannels.. AdjacentAdjacent channelschannels overlapoverlap oneone another another
partially,partially, withwith threethree of of thethe 1111 beingbeing completelycompletely nonnon--overlappingoverlapping..
DataData isis sentsent acrossacross oneone of of thesethese 2222 MHzMHz channelschannels withoutwithout hoppinghopping
toto other other channelschannels..
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 10/42
IEEE 802.11 Data Link Layer IEEE 802.11 Data Link Layer
TheThe datadata linklink layer layer consistsconsists of of twotwo sublayerssublayers ::
�� LogicalLogical LinkLink ControlControl (LLC)(LLC)
�� MediaMedia AccessAccess ControlControl (MAC)(MAC)..
802802..1111 usesuses thethe samesame 802802..22 LLCLLC andand 4848--bitbit addressingaddressing asas other other
802802 LANs,LANs, allowingallowing for for veryvery simplesimple bridgingbridging fromfrom wirelesswireless toto
IEEEIEEE wiredwired networks,networks, butbut thethe MACMAC isis uniqueunique toto WLANsWLANs..
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 11/42
802.11 Media Access Control802.11 Media Access Control
�� Carrier Carrier SenseSense MediumMedium AccessAccess withwith collisioncollisionavoidanceavoidance protocolprotocol (CSMA/CA)(CSMA/CA)�� ListenListen beforebefore talkingtalking
�� AvoidAvoid collisioncollision byby explicitexplicit AcknowledgementAcknowledgement (ACK)(ACK)�� ProblemProblem:: additionaladditional overheadoverhead of of ACKACK packets,packets, soso
slowslow performanceperformance
�� RequestRequest toto Send/Clear Send/Clear toto SendSend
(RTS/CTS)(RTS/CTS) protocolprotocol�� SolutionSolution for for ³hidden³hidden node´node´ problemproblem
�� ProblemProblem:: AddsAdds additionaladditional overheadoverhead byby temporarilytemporarilyreservingreserving thethe medium,medium, soso usedused for for largelarge sizesize packetspacketsonlyonly retransmissionretransmission wouldwould bebe expensiveexpensive
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 12/42
802.11 Media Access802.11 Media Access
Control(cont.)Control(cont.)�� Power Power ManagementManagement
�� MACMAC supportssupports power power conservationconservation toto extendextend thethe batterybattery lifelife of of
portableportable devicesdevices
�� Power Power utilizationutilization modesmodes
�� ContinuousContinuous AwareAware ModeMode
�� RadioRadio isis alwaysalways onon andand drawingdrawing power power
�� Power Power SaveSave PollingPolling ModeMode
�� RadioRadio isis ³dozing´³dozing´ withwith accessaccess pointpoint queuingqueuing anyany datadata for for itit
�� TheThe clientclient radioradio willwill wakewake upup periodicallyperiodically inin timetime toto receivereceiveregular regular beaconbeacon signalssignals fromfrom thethe accessaccess pointpoint..
�� TheThe beaconbeacon includesincludes informationinformation regardingregarding whichwhich stationsstations havehave
traffictraffic waitingwaiting for for themthem
�� TheThe clientclient awakeawake onon beaconbeacon notificationnotification andand receivereceive itsits datadata
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 13/42
802.11 Media Access802.11 Media Access
Control(cont.)Control(cont.)�� FragmentationFragmentation
�� CRCCRC checksumchecksum
�� EachEach pktpkt hashas aa CRCCRC checksumchecksum calculatedcalculatedandand attachedattached toto ensureensure thatthat thethe datadata waswas notnot
corruptedcorrupted inin transittransit
�� AssociationAssociation && RoamingRoaming
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 14/42
Elements of a WIElements of a WI--FI NetworkFI Network
�� AccessAccess PointPoint (AP)(AP) -- TheThe APAP isis aa wirelesswireless LANLAN
transceiver transceiver or or ³base³base station´station´ thatthat cancan connectconnect oneone or or manymany
wirelesswireless devicesdevices simultaneouslysimultaneously toto thethe InternetInternet..
�� WiWi--FiFi cardscards -- TheyThey acceptaccept thethe wirelesswireless signalsignal andand relayrelay
informationinformation..TheyThey cancan bebe internalinternal andand externalexternal..(e(e..gg PCMCIAPCMCIA
CardCard for for LaptopLaptop andand PCIPCI CardCard for for DesktopDesktop PC)PC)
�� SafeguardsSafeguards -- FirewallsFirewalls andand antianti--virusvirus softwaresoftware protectprotect
networksnetworks fromfrom uninviteduninvited usersusers andand keepkeep informationinformation securesecure..
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 15/42
How a WiHow a Wi--Fi Network WorksFi Network Works
�� BasicBasic conceptconcept isis samesame asas WalkieWalkie talkiestalkies..
�� AA WiWi--FiFi hotspothotspot isis createdcreated byby installinginstalling anan accessaccess pointpoint
toto anan internetinternet connectionconnection..
�� AnAn accessaccess pointpoint actsacts asas aa basebase stationstation..�� WhenWhen WiWi--FiFi enabledenabled devicedevice encountersencounters aa hotspothotspot thethe
devicedevice cancan thenthen connectconnect toto thatthat networknetwork wirelesslywirelessly..
�� AA singlesingle accessaccess pointpoint cancan supportsupport upup toto 3030 usersusers andand
cancan functionfunction withinwithin aa rangerange of of 100100 ±± 150150 feetfeet indoorsindoors andandupup toto 300300 feetfeet outdoorsoutdoors..
�� ManyMany accessaccess pointspoints cancan bebe connectedconnected toto eacheach other other viavia
EthernetEthernet cablescables toto createcreate aa singlesingle largelarge networknetwork..
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 16/42
WiWi--Fi Network TopologiesFi Network Topologies
�� APAP--basedbased topologytopology (Infrastructure(Infrastructure Mode)Mode)
�� Peer Peer--toto--peer peer topologytopology (Ad(Ad--hochoc Mode)Mode)
�� PointPoint--toto--multipointmultipoint bridgebridge topologytopology
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 17/42
APAP--based topologybased topology
�� TheThe clientclient communicatecommunicate throughthrough AccessAccess PointPoint..
�� BSABSA--RFRF coveragecoverage providedprovided byby anan APAP..
�� ESAESA--ItIt consistsconsists of of 22 or or moremore BSABSA..
�� ESAESA cellcell includesincludes 1010--1515%% overlapoverlap toto allowallow
roamingroaming..
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 18/42
Peer Peer--toto--peer topologypeer topology
��A
P is not required.A
P is not required.�� ClientClient devicesdevices withinwithin
aa cellcell cancan
communicatecommunicate directlydirectly
withwith eacheach other other..
�� ItIt isis usefuluseful for for settingsetting
upup of of aa wirelesswireless
networknetwork quicklyquickly andandeasilyeasily..
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 19/42
PointPoint--toto--multipoint bridge topologymultipoint bridge topology
ThisThis isis usedused toto connectconnect aa LANLAN inin oneone buildingbuilding toto aa LANsLANsinin other other buildingsbuildings eveneven if if thethe buildingsbuildings areare milesmiles
apartapart..TheseThese conditionsconditions receivereceive aa clear clear lineline of of sightsight
betweenbetween buildingsbuildings.. TheThe lineline--of of--sightsight rangerange variesvaries basedbased
onon thethe typetype of of wirelesswireless bridgebridge andand antennaantenna usedused asas wellwell
asas thethe environmentalenvironmental conditionsconditions..
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 20/42
WiWi--Fi ConfigurationsFi Configurations
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 21/42
WiWi--Fi ConfigurationsFi Configurations
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 22/42
WiWi--Fi ConfigurationsFi Configurations
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 23/42
WiWi--Fi ApplicationsFi Applications
�� HomeHome
�� Small Businesses or SOHOSmall Businesses or SOHO
�� Large Corporations & CampusesLarge Corporations & Campuses�� Health CareHealth Care
�� Wireless ISP (WISP)Wireless ISP (WISP)
�� TravellersTravellers
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 24/42
WiWi--Fi Security ThreatsFi Security Threats
�� WirelessWireless technologytechnology doesn¶tdoesn¶t removeremove anyany
oldold securitysecurity issues,issues, butbut introducesintroduces newnew
onesones
�� EavesdroppingEavesdropping
�� ManMan--inin--thethe--middle attacksmiddle attacks
�� Denial of ServiceDenial of Service
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 25/42
EavesdroppingEavesdropping
�� Easy to perform, almost impossible to detectEasy to perform, almost impossible to detect
�� By default, everything is transmitted in clear textBy default, everything is transmitted in clear text
�� Usernames, passwords, content ...Usernames, passwords, content ...
�� No security offered by the transmission mediumNo security offered by the transmission medium
�� Different tools available on the internetDifferent tools available on the internet
�� Network sniffers, protocol analysers . . .Network sniffers, protocol analysers . . .
�� Password collectorsPassword collectors�� With the right equipment, it¶s possible toWith the right equipment, it¶s possible to
eavesdrop traffic from few kilometers awayeavesdrop traffic from few kilometers away
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 26/42
MITM AttackMITM Attack
1.1. Attacker spoofes aAttacker spoofes adisassociate messagedisassociate messagefrom the victimfrom the victim
2.2. The victim starts toThe victim starts to
look for a new accesslook for a new accesspoint, and the attacker point, and the attacker advertises his own APadvertises his own APon a different channel,on a different channel,using the real AP¶susing the real AP¶s
MAC addressMAC address3.3. The attacker connectsThe attacker connects
to the real AP usingto the real AP usingvictim¶s MAC addressvictim¶s MAC address
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 27/42
Denial of ServiceDenial of Service
�� Attack on transmission frequecy usedAttack on transmission frequecy used
�� Frequency jammingFrequency jamming
�� Not very technical, but worksNot very technical, but works
��A
ttack on MA
C layer A
ttack on MA
C layer �� Spoofed deauthentication / disassociation messagesSpoofed deauthentication / disassociation messages
�� can target one specific user can target one specific user
�� Attacks on higher layer protocol (TCP/IP protocol)Attacks on higher layer protocol (TCP/IP protocol)
�� SYN FloodingSYN Flooding
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 28/42
WiWi--Fi SecurityFi Security
TheThe requirementsrequirements for for WiWi--FiFi networknetwork
securitysecurity cancan bebe brokenbroken downdown intointo twotwo
primaryprimary componentscomponents::
�� AuthenticationAuthentication
User User AuthenticationAuthentication
Server Server AuthenticationAuthentication
�� PrivacyPrivacy
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 29/42
AuthenticationAuthentication
�� Keeping unauthorized users off the networkKeeping unauthorized users off the network
�� User AuthenticationUser Authentication
�� Authentication Server is usedAuthentication Server is used
�� Username and passwordUsername and password
�� Risk:Risk:
�� Data (username & password) send before secure channelData (username & password) send before secure channel
establishedestablished
�� Prone to passive eavesdropping by attacker Prone to passive eavesdropping by attacker �� SolutionSolution
�� Establishing a encrypted channel before sending usernameEstablishing a encrypted channel before sending username
and passwordand password
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 30/42
Authentication (cont..)Authentication (cont..)
�� Server AuthenticationServer Authentication
�� Digital Certificate is usedDigital Certificate is used
��
Validation of digital certificate occursValidation of digital certificate occursautomatically within client softwareautomatically within client software
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 31/42
WiWi--Fi Security TechniquesFi Security Techniques
�� Service Set Identifier (SSID)Service Set Identifier (SSID)
�� Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)
�� 802.1X Access Control802.1X Access Control
��
Wireless ProtectedA
ccess (WPA
)Wireless ProtectedA
ccess (WPA
)
�� IEEE 802.11iIEEE 802.11i
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 32/42
Service Set Identifier (SSID)Service Set Identifier (SSID)
�� SSID is used to identify an 802.11 networkSSID is used to identify an 802.11 network
�� It can be preIt can be pre--configured or advertised inconfigured or advertised in
beacon broadcastbeacon broadcast�� It is transmitted in clear textIt is transmitted in clear text
�� Provide very little securityProvide very little security
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 33/42
Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)
�� ProvideProvide samesame levellevel of of securitysecurity asas byby wiredwired networknetwork
�� OriginalOriginal securitysecurity solutionsolution offeredoffered byby thethe IEEEIEEE 802802..1111
standardstandard
�� UsesUses RCRC44 encryptionencryption withwith prepre--sharedshared keyskeys andand 2424 bitbitinitializationinitialization vectorsvectors (IV)(IV)
�� keykey scheduleschedule isis generatedgenerated byby concatenatingconcatenating thethe sharedshared
secretsecret keykey withwith aa randomrandom generatedgenerated 2424--bitbit IVIV
�� 3232 bitbit ICVICV (Integrity(Integrity checkcheck value)value)�� NoNo.. of of bitsbits inin keyschedulekeyschedule isis equalequal toto sumsum of of lengthlength of of
thethe plaintextplaintext andand ICVICV
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 34/42
Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)
(cont.)(cont.)�� 6464 bitbit presharedpreshared keykey--WEPWEP
�� 128128 bitbit presharedpreshared keykey--WEPWEP22
�� EncryptEncrypt datadata onlyonly betweenbetween 802802..1111 stationsstations..onceonce itit entersenters
thethe wiredwired sideside of of thethe networknetwork (between(between accessaccess point)point)WEPWEP isis nono longer longer validvalid
�� SecuritySecurity IssueIssue withwith WEPWEP
�� ShortShort IVIV
�� StaticStatic keykey�� OffersOffers veryvery littlelittle securitysecurity atat allall
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 35/42
802.1x Access Control802.1x Access Control
�� DesignedDesigned asas aa generalgeneral purposepurpose networknetwork accessaccess controlcontrol mechanismmechanism
�� NotNot WiWi--FiFi specificspecific
�� AuthenticateAuthenticate eacheach clientclient connectedconnected toto APAP (for (for WLAN)WLAN) or or switchswitch portport(for (for Ethernet)Ethernet)
�� A
uthenticationA
uthentication isis donedone withwith thethe RA
DIUSRA
DIUS server,server, whichwhich ´tells´´tells´ thetheaccessaccess pointpoint whether whether accessaccess toto controlledcontrolled portsports shouldshould bebe allowedallowedor or notnot
�� APAP forcesforces thethe user user intointo anan unauthorizedunauthorized statestate
�� user user sendsend anan EAPEAP startstart messagemessage
�� APAP returnreturn anan EAPEAP messagemessage requestingrequesting thethe user¶suser¶s identityidentity
�� IdentityIdentity sendsend byby user user isis thenthen forwaredforwared toto thethe authenticationauthentication server server byby APAP�� AuthenticationAuthentication server server authenticateauthenticate user user andand returnreturn anan acceptaccept or or rejectreject
messagemessage backback toto thethe APAP
�� If If acceptaccept messagemessage isis return,return, thethe APAP changeschanges thethe client¶sclient¶s statestate totoauthorizedauthorized andand normalnormal traffictraffic flowsflows
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 36/42
802.1x Access Control802.1x Access Control
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 37/42
Wireless Protected Access (WPA)Wireless Protected Access (WPA)
�� WPAWPA isis aa specificationspecification of of standardstandard based,based, interoperableinteroperable securitysecurityenhancementsenhancements thatthat stronglystrongly increaseincrease thethe levellevel of of datadata protectionprotection andandaccessaccess controlcontrol for for existingexisting andand futurefuture wirelesswireless LANLAN systemsystem..
�� User User AuthenticationAuthentication
�� 802802..11xx�� EAPEAP
�� TKIPTKIP (Temporal(Temporal KeyKey IntegrityIntegrity Protocol)Protocol) encryptionencryption�� RCRC44,, dynamicdynamic encryptionencryption keyskeys (session(session based)based)
�� 4848 bitbit IVIV
�� per per packetpacket keykey mixingmixing functionfunction�� FixesFixes allall issuesissues foundfound fromfrom WEPWEP
�� UsesUses MessageMessage IntegrityIntegrity CodeCode (MIC)(MIC) MichaelMichael�� EnsuresEnsures datadata integrityintegrity
�� OldOld hardwarehardware shouldshould bebe upgradeableupgradeable toto WPAWPA
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 38/42
Wireless Protected AccessWireless Protected Access
(WPA)(cont.)(WPA)(cont.)
�� WPA comes in two flavorsWPA comes in two flavors
�� WPAWPA--PSKPSK�� use preuse pre--shared keyshared key
�� For SOHO environmentsFor SOHO environments�� Single master key used for all usersSingle master key used for all users
�� WPA EnterpriseWPA Enterprise�� For large organisationFor large organisation
�� Most secure methodMost secure method�� Unique keys for each user Unique keys for each user
�� Separate username & password for each user Separate username & password for each user
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 39/42
WPA and Security ThreatsWPA and Security Threats
�� DataData isis encryptedencrypted�� ProtectionProtection againstagainst eavesdroppingeavesdropping andand manman--inin--thethe--
middlemiddle attacksattacks
�� DenialDenial of of ServiceService�� AttackAttack basedbased onon fakefake massagesmassages cancan notnot bebe usedused..
�� AsAs aa securitysecurity precaution,precaution, if if WPAWPA equipmentequipment seesseestwotwo packetspackets withwith invalidinvalid MICsMICs withinwithin aa second,second, itit
disassociatesdisassociates allall itsits clients,clients, andand stopsstops allall activityactivity for for aa minuteminute
�� OnlyOnly twotwo packetspackets aa minuteminute enoughenough toto completelycompletelystopstop aa wirelesswireless networknetwork
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 40/42
802.11i802.11i
�� ProvidesProvides standardstandard for for WLANWLAN securitysecurity
�� AuthenticationAuthentication
�� 802802..11xx
�� DataData encryptionencryption
�� AESAES protocolprotocol isis usedused
�� SecureSecure fastfast handoff handoff--ThisThis allowallow roamingroaming
betweenbetween APsAPs withoutwithout requiringrequiring clientclient totofullyfully reauthenticatereauthenticate toto everyevery APAP..
�� WillWill requirerequire newnew hardwarehardware
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 41/42
AdvantagesAdvantages
�� MobilityMobility
�� Ease of InstallationEase of Installation
�� FlexibilityFlexibility
�� CostCost�� ReliabilityReliability
�� SecuritySecurity
�� Use unlicensed part of the radio spectrumUse unlicensed part of the radio spectrum
�� RoamingRoaming
�� SpeedSpeed
8/7/2019 TCIL 10 WiFi Technology_2
http://slidepdf.com/reader/full/tcil-10-wifi-technology2 42/42
LimitationsLimitations
�� InterferenceInterference
�� Degradation in performanceDegradation in performance
�� High power consumptionHigh power consumption�� Limited rangeLimited range