Linux+ Guide to Linux Certification
Download
Report
Transcript Linux+ Guide to Linux Certification
CWNA Guide to Wireless
LANs, Second Edition
Chapter Seven thru Ten
Review
Note:
Many of the test questions will come
from these charts
I will still be updating the slides
through Monday night. But only
minor changes will be made.
2
What is a Site Survey?
When installing a WLAN for an organization,
areas of dead space might not be tolerated
• Ensure blanket coverage, meet per-user
bandwidth requirements, minimize “bleeding” of
signal
Factors affecting wireless coverage goals:
•
•
•
•
•
Devices emitting RF signals
Building structure (walls, construction materials)
Open or closed office doors
Stationary versus mobile machinery/equipment
Movement of mobile walls (e.g., cubicles)
3
What is a Site Survey?
Factors affecting wireless coverage goals:
• Expansion of physical plant or growth of
organization
• Existing WLANs
Both inside organization, and within nearby
organizations
Site survey: Process of planning a WLAN
to meet design goals
• Effectiveness of a WLAN often linked to
thoroughness of the site survey
4
What is a Site Survey?
Design goals for a site survey:
•
•
•
•
Achieve best possible performance from WLAN
Certify that installation will operate as promised
Determine best location for APs
Develop networks optimized for variety of
applications
• Ensure coverage will fulfill organization’s
requirements
• Locate unauthorized APs
5
What is a Site Survey?
Design goals for a site survey (continued):
• Map nearby wireless networks to determine
existing radio interference
• Reduce radio interference as much as possible
• Make wireless network secure
Survey provides realistic understanding of
infrastructure required for proposed wireless
link
• Assists in predicting network capability and
throughput
• Helps determine exact location of APs and power
levels required
6
What is a Site Survey?
When to perform a site survey:
• Before installing a new wireless network
• Before changing an existing wireless
network
• When there are significant changes in
personnel
• When there are changes in network
needs
• After making physical changes to a
building
7
Site Survey Tools: Wireless Tools
Most basic tool is AP itself:
•
•
•
•
Position in various locations
monitor signal as you move
APs should have ability to adjust output power
APs should have external antenna connectors
Notebook computer with wireless NIC also
essential for testing
• Previously configured and tested
8
Site Survey Tools: Measurement
Tools
Site Survey Analyzers: Specifically
designed for conducting WLAN site surveys
• Software often built into AP
• Receive Signal Strength Indicator (RSSI)
value
• Full-featured site survey analyzer software
settings:
Destination MAC Address
Continuous Link Test
Number of Packets
Packet Size
Data Retries
9
Site Survey Tools: Measurement
Tools
Site Survey Analyzers (continued):
• Full-featured site survey analyzer software
settings (continued):
Data Rate
Delay Between Packets
Packet Tx Type
• Unicast or multicast
Percent Success Threshold
• Basic survey analyzer software contains
far fewer features
10
Site Survey Tools: Measurement
Tools
Spectrum Analyzers: Scan radio
frequency spectrum and provides
graphical display of results
• Typically measure signal-to-noise ratio
• Single-frequency analyzers measure
signal-to-noise ratio at specified
frequency
• Helpful in identifying interference
problems
Thus, helps properly position/orient AP
11
Site Survey Tools: Measurement
Tools (continued)
Network Analyzers: Can be used
to pick up packets being transmitted
by other WLANs in area
• Provide additional information on
transmissions
• Packet sniffers or protocol analyzers
• Not used in placement of AP
12
Site Survey Tools:
Documentation Tools
Create a “hard copy” of site survey results
• Make available for future reference
• No industry-standard form for site survey
documentation
Site survey report should include:
• Purpose of report
• Survey methods
• RF coverage details (frequency and channel
plan)
• Throughput findings
• Sources of interference
13
Site Survey Tools:
Documentation Tools
Site survey report should include
(continued):
• Problem zones
• Marked-up facility drawings with access point
placement
• Access point configuration
Use building layout blueprints as tools
Advisable to create database to store site
survey information and generate reports
14
Site Survey Tools:
Documentation Tools
Figure 7-9: Sample site survey form
15
Performing a Site Survey:
Gathering Data
Obtaining Business Requirements:
Determine business reasons why WLAN
being proposed or extended
• If this step skipped, almost impossible to
properly design and implement the network
• Primary data gathering method is interviewing
• Must determine type of mobility required
within organization
• Must determine per-user bandwidth
requirements
May be different “types” of users with different
bandwidth requirements
16
Performing a Site Survey:
Gathering Data
Defining Security Requirements: Consider
type of data encryption and type of
authentication that will take place across
WLAN
• Consider existing security policies and procedures
Gathering Site-Specific Documentation:
• Blueprints, facility drawings, and other documents
Show specific building infrastructure components
• Inspecting the site
Document changes to blueprints and get visual
perspective
17
Performing a Site Survey:
Gathering Data (continued)
Gathering Site-Specific Documentation
(continued):
• Behind-the-scenes site inspection
Documenting Existing Network
Characteristics:
• New or expanded WLAN will “dovetail” into
network already in place
• Determine degree to which WLAN will interact
with other wired networks
• Legacy systems may require additional
equipment to support WLAN
18
Performing a Site Survey:
Performing the Survey
Collecting RF Information:
• Note objects in and layout of room
Use digital camera
• Position AP
Initial location will depend on antenna type
Document starting position of AP
• Using notebook computer with site survey
analyzer software running, walk slowly away
from AP
Observe data displayed by analyzer program
• Data rate, signal strength, noise floor, and signal-tonoise ratio
19
Performing a Site Survey:
Performing the Survey
Collecting RF Information :
• Continue moving until data collected for all
areas
• Data collected used to produce:
Coverage pattern: Area where signal can be received
from the AP
Data rate boundaries: Range of coverage for a
specific transmission speed
Throughput: Number of packets sent and received
and data rates for each
Total transmission range: Farthest distance at
which signal can be received by wireless device
20
Performing a Site Survey:
Performing the Survey
Collecting Non-RF Information:
Outdoor Surveys:
• Similar to indoor surveys
• Must consider: climatic conditions,
trees, different possibilities for antenna
positions, Permits and Zoning
21
CWNA Guide to Wireless LANs,
Second Edition
Chapter Eight
Wireless LAN Security and
Vulnerabilities
Security Principles: What is
Information Security?
Information security: Task of
guarding digital information
• Ensures protective measures properly
implemented
• Protects confidentiality, integrity, and
availability (CIA) on the devices that
store, manipulate, and transmit the
information through products, people,
and procedures
23
Security Principles: Challenges
of Securing Information
Trends influencing increasing difficultly in
information security:
• Speed of attacks
• Sophistication of attacks
• Faster detection of weaknesses
Day zero attacks
• Distributed attacks
The “many against one” approach
Impossible to stop attack by trying to identify and
block source
24
Security Principles: Categories
of Attackers
Six categories of attackers:
• Hackers
Not malicious; expose security flaws
• Crackers
• Script kiddies
• Spies
• Employees
• Cyberterrorists
25
Security Principles: Security
Organizations
Many security organizations exist to
provide security information, assistance,
and training
• Computer Emergency Response Team
Coordination Center (CERT/CC)
• Forum of Incident Response and Security
Teams (FIRST)
• InfraGard
• Information Systems Security Association
(ISSA)
• National Security Institute (NSI)
• SysAdmin, Audit, Network, Security (SANS)
Institute
26
Basic IEEE 802.11 Security
Protections
Data transmitted by a WLAN could be
intercepted and viewed by an attacker
• Important that basic wireless security
protections be built into WLANs
Three categories of WLAN protections:
• Access control
• Wired equivalent privacy (WEP)
• Authentication
Some protections specified by IEEE, while
others left to vendors
27
Access Control
Intended to guard availability of information
Wireless access control: Limit user’s admission to
AP
• Filtering
Media Access Control (MAC) address filtering:
Based on a node’s unique MAC address
28
Access Control
MAC address filtering considered to
be a basic means of controlling
access
• Requires pre-approved authentication
• Difficult to provide temporary access for
“guest” devices
29
Wired Equivalent Privacy (WEP)
Guard the confidentiality of
information
• Ensure only authorized parties can view it
Used in IEEE 802.11 to encrypt
wireless transmissions
• “Scrambling”
30
WEP: Cryptography
Cryptography: Science of transforming
information so that it is secure while being
transmitted or stored
• scrambles” data
Encryption: Transforming plaintext to
ciphertext
Decryption: Transforming ciphertext to
plaintext
Cipher: An encryption algorithm
• Given a key that is used to encrypt and
decrypt messages
• Weak keys: Keys that are easily discovered
31
WEP: Implementation
IEEE 802.11 cryptography objectives:
•
•
•
•
•
Efficient
Exportable
Optional
Reasonably strong
Self-synchronizing
WEP relies on secret key “shared”
between a wireless device and the AP
• Same key installed on device and AP
• Private key cryptography or symmetric
encryption
32
WEP: Implementation
WEP shared secret keys must be at least
40 bits
• Most vendors use 104 bits
Options for creating WEP keys:
• 40-bit WEP shared secret key (5 ASCII
characters or 10 hexadecimal characters)
• 104-bit WEP shared secret key (13 ASCII
characters or 16 hexadecimal characters)
• Passphrase (16 ASCII characters)
APs and wireless devices can store up to
four shared secret keys
• Default key used for all encryption
33
WEP: Implementation
When encrypted frame arrives at
destination:
• Receiving device separates IV from ciphertext
• Combines IV with appropriate secret key
Create a keystream
• Keystream used to extract text and ICV
• Text run through CRC
Ensure ICVs match and nothing lost in transmission
Generating keystream using the PRNG is
based on the RC4 cipher algorithm
• Stream Cipher
34
Vulnerabilities of IEEE 802.11
Security
IEEE 802.11 standard’s security
mechanisms for wireless networks
have fallen short of their goal
Vulnerabilities exist in:
• Authentication
• Address filtering
• WEP
35
Open System Authentication
Vulnerabilities
Inherently weak
• Based only on match of SSIDs
• SSID beaconed from AP during passive
scanning
Easy to discover
Vulnerabilities:
• Beaconing SSID is default mode in all APs
• Not all APs allow beaconing to be turned off
Or manufacturer recommends against it
• SSID initially transmitted in plaintext
(unencrypted)
36
Other Wireless Attacks: Denial
of Service (DoS) Attack
Standard DoS attack attempts to make a
server or other network device unavailable
by flooding it with requests
• Attacking computers programmed to request,
but not respond
Wireless DoS attacks are different:
• Jamming: Prevents wireless devices from
transmitting
• Forcing a device to continually dissociate and
re-associate with AP
37
Wireless Security Problems
Common Techniques to Compromise
Wireless Data Networks:
• Rogue Access Point Insertion
• Traffic Sniffing
• Traffic Data Insertion
• ARP-Snooping (via “Dsniff”) – trick
wired network to pass data over
wireless
38
Security Overview
Authentication
Determines:
• If you are who you say you are
• If (and What) access rights are granted
Examples are:
• “Smart Card” - SecureId® Server/Cards
• S/Key – One time password
• Digital Certificates
39
WEP
(Wired Equivalent Privacy)
RC4 (Rivest Cipher 4 / Ron’s Code 4) Encryption
Algorithm <http://www.cebrasoft.co.uk/encryption/rc4.htm>
Shared (but static) secret 64 or 128-bit key to
encrypt and decrypt the data
• 24-bit ‘initialization vector’ (semi-random) leaving only
40 or 104 bits as the ‘real key’
WEP Key Cracking Software
• WEPCrack / AirSnort / Aircrack (as well as others)
• Cracking Time: 64-bit key = 2 seconds
128-bit key = ~ 3-10 minutes
www.netcraftsmen.net/welcher/papers/wlansec01.html and
www.tomsnetworking.com/Sections-article111-page4.php
40
WPA and WPA2
(WiFi Protected Access)
Created by the Wi-Fi Alliance industry group
due to excessive delays in 802.11i approval
WPA and WPA2 designed to be backward
compatible with WEP
Closely mirrors the official IEEE 802.11i
standards but with EAP (Extensible
Authentication Protocol)
Contains both authentication and encryption
components
Designed to address WEP vulnerabilities
41
WPA / WPA2 Encryption
WPA
• Mandates TKIP (Temporal Key Integrity Protocol)
Scheduled Shared Key Change
(i.e.; every 10,000 data packets)
• Optionally specifies AES (Advanced Encryption
Standard) capability
WPA will essentially fall back to WEP-level
security if even a single device on a network
cannot use WPA
WPA2
Mandates both TKIP and AES capability
WPA / WPA2 networks will drop any altered packet
or shut down for 30 seconds whenever a message
alteration attack is detected.
42
WPA / WPA2 (Cont’d)
Personal Pre-shared Key
• User–entered 8 – 63 ASCII Character
Passphrass Produces a 256-bit Pre-Shared Key
• To minimize/prevent key cracking, use a
minimum of 21 characters for the passphase
• Key Generation
passphrase, SSID, and the SSIDlength is hashed
4096 times to generate a value of 256 bits
WPA Key Cracking Software
• coWPAtty / WPA Cracker (as well as others)
43
WPA / WPA2 Authentication
(Since Extended EAP-May 2005)
Now Five WPA / WPA2 Enterprise
Standards
1. EAP-TLS
a. Original EAP Protocol
b. Among most secure but seldom
implemented as it needs a Clientside certificate ie; smartcard
(SecurId Key Fob
http://www.securid.com/)
44
CWNA Guide to Wireless LANs,
Second Edition
Chapter Nine
Implementing Wireless LAN Security
Objectives
List wireless security solutions
Tell the components of the
transitional security model
Describe the personal security model
List the components that make up
the enterprise security model
46
Wireless Security Solutions
IEEE 802.11a and 802.11b standards
included WEP specification
• Vulnerabilities quickly realized
• Organizations implemented “quick fixes”
Did not adequately address encryption and
authentication
IEEE and Wi-Fi Alliance started working on
comprehensive solutions
• IEEE 802.11i and Wi-Fi Protected Access
(WPA)
Foundations of today’s wireless security
47
WEP2
Attempted to overcome WEP limitations
• adding two new security enhancements
WEP key increased to 128 bits
Kerberos authentication
User issued “ticket” by Kerberos server
Presents ticket to network for a service
• Used to authenticate user
No more secure than WEP
• Collisions still occur
• Dictionary-based attacks available
48
Dynamic WEP
Solves weak IV problem by rotating keys
frequently
• More difficult to crack encrypted packet
Different keys for unicast and broadcast traffic
• Unicast WEP key unique to each user’s session
Dynamically generated and changed frequently
• For example - When roaming to a new AP
• Broadcast WEP key must be same for all users on a
particular subnet and AP
49
Dynamic WEP (continued)
Can be implemented without
upgrading device drivers or AP
firmware
• No-cost and minimal effort to deploy
Does not protect against man-in-themiddle attacks
Susceptible to DoS attacks
50
IEEE 802.11i
Provides good wireless security model
• Robust security network (RSN)
• Addresses both encryption and authentication
Encryption accomplished by replacing RC4
with a block cipher
• Manipulates entire block of plaintext at one
time
Block cipher used is Advanced Encryption
Standard (AES)
• Three step process
• Second step consists of multiple rounds of
encryption
51
IEEE 802.11i (continued)
Table 9-1: Time needed to break AES
52
IEEE 802.11i (continued)
IEEE 802.11i authentication and key
management is accomplished by IEEE
802.1x standard
• Implements port security
Blocks all traffic on port-by-port basis until client
authenticated using credentials stored on
authentication server
Key-caching: Stores information from a
device on the network, for faster reauthentication
Pre-authentication: Allows a device to
become authenticated to an AP before
moving to it
53
IEEE 802.11i (continued)
Figure 9-2: IEEE 802.1x
54
Wi-Fi Protected Access (WPA)
Subset of 802.11i that addresses
encryption and authentication
Temporal Key Integrity Protocol (TKIP):
Replaces WEP’s encryption key with 128bit per-packet key
• Dynamically generates new key for each
packet
Prevents collisions
• Authentication server can use 802.1x to
produce unique master key for user sessions
• Creates automated key hierarchy and
management system
55
Wi-Fi Protected Access
(continued)
Message Integrity Check (MIC):
Designed to prevent attackers from
capturing, altering, and resending data
packets
• Replaces CRC from WEP
• CRC does not adequately protect data integrity
Authentication accomplished via IEEE
802.1x or pre-shared key (PSK)
technology
• PSK passphase serves as seed for generating
keys
56
Wi-Fi Protected Access 2
(WPA2)
Second generation of WPA security
• Based on final IEEE 802.11i standard
• Uses AES for data encryption
• Supports IEEE 802.1x authentication or
PSK technology
• Allows both AES and TKIP clients to
operate in same WLAN
57
Summary of Wireless Security
Solutions (continued)
Table 9-2: Wi-Fi modes
Table 9-3: Wireless security solutions
58
Transitional Security Model
Transitional wireless implementation
• Should be temporary
Until migration to stronger wireless security
possible
• Should implement basic level of security
for a WLAN
Including authentication and encryption
59
Authentication: Shared Key
Authentication
First and perhaps most important
step
• Uses WEP keys
Networks that support multiple
devices should use all four keys
• Same key should not be designated as
default on each device
60
Authentication: SSID Beaconing
Turn off SSID beaconing by
configuring APs to not include it
• Beaconing the SSID is default mode for
all APs
Good practice to use cryptic SSID
• Should not provide any information to
attackers
61
WEP Encryption
Although vulnerabilities exist, should be turned
on if no other options for encryption are available
• Use longest WEP key available
• May prevent script kiddies or “casual” eavesdroppers
from attacking
Table 9-4: Transitional security model
62
Personal Security Model
Designed for single users or small
office home office (SOHO) settings
• Generally 10 or fewer wireless devices
Two sections:
• WPA: Older equipment
• WPA2: Newer equipment
63
WPA Personal Security: PSK
Authentication
Uses passphrase (PSK) that is
manually entered to generate the
encryption key
• PSK used a seed for creating encryption
keys
Key must be created and entered in
AP and also on any wireless device
(“shared”) prior to (“pre”) the
devices communicating with AP
64
WPA Personal Security: TKIP
Encryption
TKIP is a substitute for WEP encryption
• Fits into WEP procedure with minimal change
Device starts with two keys:
• 128-bit temporal key
• 64-bit MIC
Three major components to address
vulnerabilities:
• MIC
• IV sequence
• TKIP key mixing
TKIP required in WPA
65
WPA2 Personal Security: PSK
Authentication
PSK intended for personal and SOHO users
without enterprise authentication server
• Provides strong degree of authentication protection
PSK keys automatically changed (rekeyed) and
authenticated between devices after specified
period of time or after set number of packets
transmitted (rekey interval)
Employs consistent method for creating keys
• Uses shared secret entered at AP and devices
Random sequence of at least 20 characters or 24
hexadecimal digits
66
WPA2 Personal Security: AESCCMP Encryption
WPA2 personal security model encryption
accomplished via AES
AES-CCMP: Encryption protocol in 802.11i
• CCMP based on Counter Mode with CBC-MAC (CCM) of
AES encryption algorithm
• CCM provides data privacy
• CBC-MAC provides data integrity and authentication
AES processes blocks of 128 bits
• Cipher key length can be 128, 192 and 256 bits
• Number of rounds can be 10, 12, and 14
67
WPA2 Personal Security: AESCCMP Encryption (continued)
AES encryption/decryption
computationally intensive
• Better to perform in hardware
Table 9-5: Personal security model
68
Enterprise Security Model
Most secure level of security that can be
achieved today for wireless LANs
• Designed for medium to large-size
organizations
• Intended for setting with authentication server
Like personal security model, divided into
sections for WPA and WPA2
Additional security tools available to
increase network protection
69
WPA Enterprise Security: IEEE
802.1x Authentication
Uses port-based authentication
mechanisms
Network supporting 802.1x standard
should consist of three elements:
• Supplicant: Wireless device which requires
secure network access
• Authenticator: Intermediary device accepting
requests from supplicant
Can be an AP or a switch
• Authentication Server: Accepts requests
from authenticator, grants or denies access
70
WPA Enterprise Security: IEEE
802.1x Authentication
(continued)
Supplicant is software on a client
implementing 802.1x framework
Authentication server stores list of
names and credentials of authorized
users
• Remote Authentication Dial-In User
Service (RADIUS) typically used
Allows user profiles to be maintained in
central database that all remote servers can
share
71
WPA Enterprise Security: IEEE
802.1x Authentication
802.1x based on Extensible
Authentication Protocol (EAP)
• Several variations:
EAP-Transport Layer Security (EAP-TLS)
Lightweight EAP (LEAP)
EAP-Tunneled TLS (EAP-TTLS)
Protected EAP (PEAP)
Flexible Authentication via Secure Tunneling (FAST)
• Each maps to different types of user logons,
credentials, and databases used in
authentication
72
WPA Enterprise Security: TKIP
Encryption
TKIP is a “wrapper” around WEP
• Provides adequate encryption
mechanism for WPA enterprise security
• Dovetails into existing WEP mechanism
Vulnerabilities may be exposed in the
future
73
WPA2 Enterprise Security: IEEE
802.1x Authentication
Enterprise security model using WPA2
provides most secure level of
authentication and encryption available on
a WLAN
IEEE 802.1x is strongest type of wireless
authentication currently available
Wi-Fi Alliance certifies WPA and WPA2
enterprise products using EAP-TLS
• Other EAP types not tested, but should run a
WAP or WAP2 environment
74
WPA2 Enterprise Security: AESCCMP Encryption
AES: Block cipher that uses same key for
encryption and decryption
• Bits encrypted in blocks of plaintext
Calculated independently
• block size of 128 bits
• Three possible key lengths: 128, 192, and 256
bits
• WPA2/802.11i uses128-bit key length
• Includes four stages that make up one round
Each round is iterated 10 times
75
WPA2 Enterprise Security: AESCCMP Encryption (continued)
Table 9-6: Enterprise security model
76
Other Enterprise Security Tools:
Virtual Private Network (VPN)
Virtual private network (VPN): Uses a
public, unsecured network as if it were
private, secured network
Two common types:
• Remote-access VPN: User-to-LAN connection
used by remote users
• Site-to-site VPN: Multiple sites can connect
to other sites over Internet
VPN transmissions are achieved through
communicating with endpoints
77
Other Enterprise Security Tools:
Virtual Private Network
Endpoint: End of tunnel between VPN
devices
• Can local software, dedicated hardware device,
or even a firewall
VPNs can be used in WLAN setting
• Tunnel though WLAN for added security
Enterprise trusted gateway: Extension
of VPN
• Pairs of devices create “trusted” VPN
connection between themselves
• Can protect unencrypted packets better than a
VPN endpoint
78
Other Enterprise Security Tools:
Wireless Gateway
AP equipped with additional
functionality
• Most APs are wireless gateways
Combine functionality of AP, router, network
address translator, firewall, and switch
On enterprise level, wireless gateway
may combine functionality of a VPN
and an authentication server
• Can provide increased security for
connected APs
79
Other Enterprise Security Tools:
Wireless Intrusion Detection
System (WIDS)
Intrusion-detection system (IDS): Monitors
activity on network and what the packets are
doing
• May perform specific function when attack detected
• May only report information, and not take action
Wireless IDS (WIDS): Constantly monitors RF
frequency for attacks
• Based on database of attack signatures or on abnormal
behavior
• Wireless sensors lie at heart of WIDS
• Hardware-based have limited coverage, software-based
have extended coverage
80
Other Enterprise Security Tools:
Captive Portal
Web page that wireless users are forced to
visit before they are granted access to
Internet
Used in one of the following ways:
• Notify users of wireless policies and rules
• Advertise to users specific services or products
• Authenticate users against a RADIUS server
Often used in public hotspots
81
CWNA Guide to Wireless
LANs, Second Edition
Chapter Ten
Managing a Wireless LAN
Monitoring the Wireless Network
Network monitoring provides
valuable data regarding current state
of a network
• Generate network baseline
• Detect emerging problems
Monitoring a wireless network can be
performed with two sets of tools:
• Utilities designed specifically for WLANs
• Standard networking tools
83
WLAN Monitoring Tools
Two classifications of tools:
• Operate on wireless device itself
• Function on AP
Device and Operating System
Utilities:
• Most OSs provide basic utilities for
monitoring the WLAN
• Some vendors provide more detailed
utilities
84
WLAN Monitoring Tools
Access Point Utilities
• All APs have WLAN reporting utilities
• “Status” information sometimes just a
summary of current AP configuration
No useful monitoring information
• Many enterprise-level APs provide utilities that
offer three types of information:
Event logs
Statistics on wireless transmissions
Information regarding connection to wired Ethernet
network
85
Standard Network Monitoring
Tools
Drawbacks to relying solely on info from AP
and wireless devices:
• Lack of Retention of data
• Laborious and time-intensive data collection
• Data generally not collected in time manner
“Standard” network monitoring tools:
•
•
•
•
Used on wired networks
Proven to be reliable
Simple Network Management Protocol (SNMP)
Remote Monitoring (RMON)
86
Simple Network Management
Protocol (SNMP)
Protocol allowing computers and network
equipment to gather data about network
performance
• Part of TCP/IP protocol suite
Software agent loaded onto each network
device that will be managed using SNMP
• Monitors network traffic and stores info in
management information base (MIB)
• SNMP management station: Computer with
the SNMP management software
87
Simple Network Management
Protocol (continued)
SNMP management station communicates
with software agents on network devices
• Collects data stored in MIBs
• Combines and produces statistics about
network
Whenever network exceeds predefined
limit, triggers an SNMP trap
• Sent to management station
Implementing SNMP provides means to
acquire wireless data for establishing
baseline and generating alerts
88
Remote Monitoring (RMON)
SNMP-based tool used to monitor LANs connected
via a wide area network (WAN)
• WANs provide communication over larger geographical
area than LANs
Allows remote network node to gather network
data at almost any point on a LAN or WAN
• Uses SNMP and incorporates special database for remote
monitoring
WLAN AP can be monitored using RMON
• Gathers data regarding wireless and wired interfaces
89
Maintaining the Wireless
Network
Wireless networks are not static
• Must continually be modified, adjusted, and
tweaked
Modifications often made in response to
data gathered during network monitoring
Two of most common functions:
• Updating AP firmware
• Adjusting antennas to enhance transmissions
90
Upgrading Firmware
Firmware: Software embedded into
hardware to control the device
• Electronic “heart” of a hardware device
• Resides on EEPROM
Nonvolatile storage chip
Most APs use a browser-based
management system
Keep APs current with latest changes by
downloading the changes to the APs
91
Upgrading Firmware (continued)
General steps to update AP firmware:
• Download firmware from vendor’s Web site
• Select “Upgrade Firmware” or similar option
from AP
• Enter location of firmware file
• Click Upgrade button
Enterprise-level APs often have enhanced
firmware update capabilities
• e.g., may be able to update System firmware,
Web Page firmware, and Radio firmware
separately
92
Upgrading Firmware (continued)
With many enterprise-level APs, once a
single AP has been upgraded to the latest
firmware, can distribute to all other APs on
the WLAN
• Receiving AP must be able to hear IP multicast
issued by Distribution AP
• Receiving AP must be set to allow access
through a Web browser
• If Receiving AP has specific security
capabilities enabled, must contain in its
approved user lists a user with the same user
name, password, and capabilities as user
logged into Distribution AP
93
Upgrading Firmware (continued)
RF site tuning: After firmware updates
applied, adjusting APs’ setting
• Adjust radio power levels on all access points
•
•
•
•
Firmware upgrades may increase RF coverage areas
Adjust channel settings
Validate coverage area
Modify integrity and throughput
Document changes
94
Adjusting Antennas: RF
Transmissions
May need to adjust antennas in response
to firmware upgrades or changes in
environment
• May require reorientation or repositioning
• May require new type of antenna
Radio frequency link between sender and
receiver consists of three basic elements:
• Effective transmitting power
• Propagation loss
• Effective receiving sensibility
95
Adjusting Antennas: RF
Transmissions (continued)
Figure 10-14: Radio frequency link
96
Adjusting Antennas: RF
Transmissions (continued)
Link budget: Calculation to determine if
signal will have proper strength when it
reaches link’s end
• Required information:
Antenna gain
Free space path loss
Frequency of the link
Loss of each connector at the specified frequency
Number of connectors used
Path length
Power of the transmitter
97
Adjusting Antennas: RF
Transmissions (continued)
Link budget (continued):
• Required information (continued):
Total length of transmission cable and loss per unit
length at specified frequency
For proper WLAN performance, link budget
must be greater than zero
• System operating margin (SOM)
• Good WLAN link has link budget over 6 dB
• Fade margin: Difference between strongest
RF signal in an area and weakest signal that a
receiver can process
98
Adjusting Antennas: RF
Transmissions (continued)
Attenuation (loss): Negative
difference in amplitude between RF
signals
• Absorption
• Reflection
• Scattering
• Refraction
• Diffraction
• Voltage Standing Wave Ratio
99
Adjusting Antennas: Antenna
Types
Rod antenna: Antenna typically used on
a WLAN
• Omnidirectional
• 360 degree radiation pattern
• Transmission pattern focused along horizontal
plane
• Increasing length creates “tighter” 360-degree
beam
Sectorized antenna: “Cuts” standard
360-degree pattern into four quarters
• Each quarter has own transmitter and antenna
• Can adjust power to each sector independently
100
Adjusting Antennas: Antenna
Types (continued)
Panel antenna: Typically used in outdoor areas
• “Tight” beamwidth
Phase shifter: Allows wireless device to use a
beam steering antenna to improve receiver
performance
• Direct transmit antenna pattern to target
Phased array antenna: Incorporates network of
phase shifters, allowing antenna to be pointed
electronically in microseconds,
• Without physical realignment or movement
101
Adjusting Antennas: Antenna
Types (continued)
Radiation pattern emitting from antennas
travels in three-dimensional “donut” form
• Azimuth and elevation planes
Antenna Accessories:
• Transmission problem can be resolved by
adding “accessories” to antenna system
• Provide additional power to the antenna,
decrease power when necessary, or provide
additional functionality
102
Adjusting Antennas: Antenna
Types (continued)
Figure 10-17: Azimuth and elevation pattern
103
Adjusting Antennas: RF
Amplifier
Increases amplitude of an RF signal
• Signal gain
Unidirectional amplifier: Increases
RF signal level before injected into
transmitting antenna
Bidirectional amplifier: Boosts RF
signal before injected into device
containing the antenna
• Most amplifiers for APs are bidirectional
104
Adjusting Antennas: RF
Attenuators
Decrease RF signal
• May be used when gain of an antenna did not
match power output of an AP
Fixed-loss attenuators: Limit RF power
by set amount
Variable-loss attenuators: Allow user to
set amount of loss
Fixed-loss attenuators are the only type
permitted by the FCC for WLAN systems
105
Adjusting Antennas: Cables and
Connectors
Basic rules for selecting cables and
connectors:
• Ensure connector matches electrical capacity
of cable and device, along with type and
gender of connector
• Use high-quality connectors and cables
• Make cable lengths as short as possible
• Make sure cables match electrical capacity of
connectors
• Try to purchase pre-manufactured cables
• Use splitters sparingly
106
Adjusting Antennas: Lightning
Arrestor
Antennas can inadvertently pick up high
electrical discharges
• From nearby lightning strike or contact with
high-voltage electrical source
Lightning Arrestor: Limits amplitude and
disturbing interference voltages by
channeling them to ground
• Designed to be installed between antenna
cable and wireless device
One end (3) connects to antenna
Other end (2) connects to wireless device
Ground lug (1) connects to grounded cable
107
Establishing a Wireless Security
Policy
One of most important acts in
managing a WLAN
• Should be backbone of any wireless
network
• Without it, no effective wireless security
108
General Security Policy
Elements
Security policy: Document or series of
documents clearly defining the defense
mechanisms an organization will employ
to keep information secure
• Outlines how to respond to attacks and
information security duties/responsibilities of
employees
Three key elements:
• Risk assessment
• Security auditing
• Impact analysis
109
Risk Assessment
Determine nature of risks to organization’s
assets
• First step in creating security policy
Asset: Any item with positive economic
value
•
•
•
•
•
Physical assets
Data
Software
Hardware
Personnel
Assets should be assigned numeric values
indicating relative value to organization
110
Risk Assessment (continued)
Factors to consider in determining relative
value:
• How critical is this asset to the goals of the
organization?
• How much profit does it generate?
• How much revenue does it generate?
• What is the cost to replace it?
• How much does it cost to protect it?
• How difficult would it be to replace it?
• How quickly can it be replaced?
• What is the security impact if this asset is
unavailable?
111
Risk Assessment (continued)
Table 10-1: Threats to information security
112
Security Auditing
Determining what current security
weaknesses may expose assets to threats
• Takes current snapshot of wireless security of
organization
Each threat may reveal multiple
vulnerabilities
Vulnerability scanners: Tools that can
compare an asset against database of
known vulnerabilities
• Produce discovery report that exposes the
vulnerability and assesses its severity
113
Impact Analysis
Involves determining likelihood that
vulnerability is a risk to organization
Each vulnerability can be ranked:
•
•
•
•
•
No impact
Small impact
Significant
Major
Catastrophic
Next, estimate probability that
vulnerability will actually occur
• Rank on scale of 1 to 10
114
Impact Analysis (continued)
Final step is to determine what to do
about risks
• Accept the risk
• Diminish the risk
• Transfer the risk
Desirable to diminish all risks to
some degree
• If not possible, risks for most important
assets should be reduced first
115
Functional Security Policy
Elements
Baseline practices: Establish benchmark
for actions using wireless network
• Can be used for creating design and
implementation practices
Foundation of what conduct is acceptable on the
WLAN
Security policy must specifically identify
physical security
• Prevent unauthorized users from reaching
equipment in order to use, steal, or vandalize
it
116