640 likes | 871 Vues
Wireless LAN Management. w.lilakiatsakun. Topics. Wireless LAN fundamental Link characteristic Band and spectrum IEEE 802.11 architecture /channel allocation Wireless LAN Solution Adhoc / infrastructure Load balancing /Extended Service Set (Roaming) Wireless repeater /bridge
E N D
Wireless LAN Management w.lilakiatsakun
Topics • Wireless LAN fundamental • Link characteristic • Band and spectrum • IEEE 802.11 architecture /channel allocation • Wireless LAN Solution • Adhoc / infrastructure • Load balancing /Extended Service Set (Roaming) • Wireless repeater /bridge • Wireless LAN Management • Wireless LAN security
Wireless Link Characteristics Differences from wired link …. • decreased signal strength: radio signal attenuates as it propagates through matter (path loss) • interference from other sources: standardized wireless network frequencies (e.g., 2.4 GHz) shared by other devices (e.g., phone); devices (motors) interfere as well • multipath propagation: radio signal reflects off objects ground, arriving ad destination at slightly different times Transmission over wireless link induces loss and error more often
B A C C C’s signal strength A’s signal strength B A space Wireless network characteristics Hidden terminal problem • B, A hear each other • B, C hear each other • A, C can not hear each other means A, C unaware of their interference at B Signal fading: • B, A hear each other • B, C hear each other • A, C can not hear each other interfering at B
Unlicensed Spectrum • ISM stands for Industrial Scientific and Medical • Implementing ISM bands is different for countries
ISM Band • Only ISM-2.4 band is available for every country • Microwave oven • Medical equipment • Communication e.g. wireless LAN, Bluetooth • But, it is too crowded • Communication use “Spread Spectrum” to avoid interference
802.11b 2.4 GHz unlicensed radio spectrum Using CCK (Complementary Code Keying) to improve data rate Backward compatible with DSSS system Not compatible with FHSS system Max. at 11 Mbps - Theoretical max capacity (raw data rate) Max data rate is only 6 Mbps. (only short range and no interference) IEEE 802.11 Wireless LAN
IEEE 802.11 Wireless LAN • 802.11a • 5 GHz range ,OFDM • up to 54 Mbps (31 Mbps – Real throughput) • 802.11g • 2.4 GHz range - CCK-OFDM backward compatible with IEEE 802.11b • up to 54 Mbps (31 Mbps – Real throughput) • All use CSMA/CA for multiple access
AP AP Internet 802.11 LAN architecture • wireless host communicates with base station • base station = access point (AP) • Basic Service Set (BSS) (aka “cell”) in infrastructure mode contains: • wireless hosts • access point (AP): base station • ad hoc mode: hosts only hub, switch or router BSS 1 BSS 2
IEEE 802.11: multiple access • avoid collisions: 2+ nodes transmitting at same time • 802.11: CSMA - sense before transmitting • don’t collide with ongoing transmission by other node • 802.11: no collision detection! • difficult to receive (sense collisions) when transmitting due to weak received signals (fading) • can’t sense all collisions in any case: hidden terminal, fading • goal: avoid collisions: CSMA/C(ollision)A(voidance)
DIFS data SIFS ACK IEEE 802.11 MAC Protocol: CSMA/CA 802.11 sender 1 if sense channel idle for DIFSthen transmit entire frame (no CD) 2 ifsense channel busy then start random backoff time timer counts down while channel idle transmit when timer expires if no ACK, increase random backoff interval, repeat 2 802.11 receiver - if frame received OK return ACK after SIFS sender receiver
Avoiding collisions (more) idea: allow sender to “reserve” channel rather than random access of data frames: avoid collisions of long data frames • sender first transmits small request-to-send (RTS) packets to BS using CSMA • RTSs may still collide with each other (but they’re short) • BS broadcasts clear-to-send CTS in response to RTS • CTS heard by all nodes • sender transmits data frame • other stations defer transmissions Avoid data frame collisions completely using small reservation packets!
RTS(B) RTS(A) reservation collision RTS(A) CTS(A) CTS(A) DATA (A) ACK(A) ACK(A) Collision Avoidance: RTS-CTS exchange B A AP defer time
Channel partitioning in wireless LAN • With DSSS modulation technique, bandwidth used for one channel is 22 Mbps • In 2.4 GHz band , bandwidth is only 83 MHz available • So, we need 5 channel space for non-overlapping channel • Avoiding interference between each other • Consider in frequency reuse and capacity increment
802.11: Channels, association • 802.11b: 2.4GHz-2.485GHz spectrum divided into 11 channels at different frequencies • AP admin chooses frequency for AP • interference possible: channel can be same as that chosen by neighboring AP! • host: must associate with an AP • scans channels, listening for beacon frames containing AP’s name (SSID) and MAC address • selects AP to associate with • may perform authentication
Interferences in wireless LAN • Microwave oven – 2450 MHz (1000 watts) • Around channel 7-10 • Bluetooth device (0.01 W) • Cordless Phone • Toys and etc • Use Network Strumbler to show signal / noise ratio on wireless LAN channels
Wireless Solution • Adhoc • Infrastructure • Load balancing • Connect wireless LAN without access point • Extended Service Set • Extend range with wireless repeater • Wireless bridge
Ad hoc • Configuration – set as Adhoc / Peer to peer • Set BSSID and channel to use
Load balancing • 5 channel space • Maximum 3 access point assigned on overlapped area • Channel 1 /6 /11
Connect wireless LAN without access point • Use a host act as gateway
Extended Service Set Support mobility
Wireless LAN Management • WLAN Management involves three primary functions: • Discovering the WLAN devices • Monitoring the WLAN devices • Configuring the WLAN devices
Monitoring the WLAN devices (1/2) • Trap reception: Receive trap and alert the operator • Alarms: Show severity to every network failure and generates alarms • Email-based notification: Notifies operators through email when a fault occurs
Monitoring the WLAN devices (2/2) • Threshold monitoring: Set threshold values for key parameters and alerts you when the actual values exceed the set threshold levels. • Service monitoring: Monitors the services running in the Access Points such as the web service. • Performance monitoring: Monitors the WLAN devices for various parameters such as Tx/Rx traffic and utilization, datarate, channel usage, errors etc.
Configuring the WLAN devices • It consists of • AP configuration • Firmware upgrade • For management perspective, it can be done as • Group management • Individual
Access Point Configuration • AP basic configuration • AP ACL configuration • AP security configuration • AP services configuration
AP basic configuration (1/2) • SSID – service set identifier for the access point • Allow broadcast SSID – enable/disable AP to broadcast the SSID • Allow auto channel select –enable/disable AP to auto select the channel • Channel – specify the channel at which the AP operates (applicable only if allow autochannel select is NO) • Name – name of the access point
AP basic configuration (2/2) • System Location – sysLocation value of the accesspoint • System Contact – sysContact value of the access point • Use DHCP – enable/disable DHCP mode in AP • LAN IP –IP address of the AP (applicable only if Use DHCP is NO) • Subnet Mask – mask value • Gateway IP – IP address of the gateway • DNS server IP – IP address of the DNS server
AP ACL configuration • WLAN administrators can deny or allow network access to wireless clients by configuring the ACL settings in the access points. • Block – prevents access to specified MAC addresses and allows others • Pass through – allows only the specified MAC addresses and blocks others
AP Security Configuration • WEP – Encrypts data. provide WEP keys • 802.1x – Enables user authentication. • at least one RADIUS server is provided • WPA – 802.1x + TKIP + dynamic key distribution WPA PSK • Uses pre-shared key instead of RADIUS • Mixed mode – Allows both WPA as well as non-WPA clients
AP Service Configuration • Management services such as SNMP, HTTP, Telnet, and NTP running in access points can be configured. • SNMP: Enable/Disable, Read/Read-Write Community, Trap Destination/ Community, Enable Trap Notifications • HTTP: Enable/Disable, HTTP Port • Telnet: Enable/Disable, Telnet Port • NTP: Enable/Disable, NTP Server Address
Wireless LAN securitymanagement(1/2) • Common attack and vulnerability • The weakness in WEP & key management & user behavior • Sniffing, interception and eavesdropping • Spoofing and unauthorized access • Network hijacking and modification • Denial of Service and flooding attacks
Wireless LAN securitymanagement (2/2) • Security countermeasure • Revisiting policy • Analysis threat • Implementing WEP • Filtering MAC • Using closed systems and Networks • Securing user
The weakness in WEP & key management & user behavior • Several papers were published to show vulnerabilities on WEP and tools to recover encryption key • AirSnort (http://airsnort.shmoo.com) • WEPCrack http://sourceforge.net/projects/wepcrack/ • IEEE 802.11 outline that the secret key used by WEP needs to be controlled by external key management • Normally, key management is done by user (define 4 different secret keys) • RADIUS (Remote Dial-In User Service) not use in small business or home users
The weakness in WEP & key management & user behavior • Users often operate the devices on default configuration • SSID broadcast – turn on • Default password as a secret key • 3com product – comcomcom • Lucent product is the last five digit of network ID
Sniffing, interception and eavesdropping • Sniffing is the electronic form of eavesdropping on the communications that computer have across network • Wireless networks is a broadcast (shared) link • Every communication across the wireless network is viewable to anyone who is listening to the network • Not even need to associated with the network
Sniffing tools • All software packages will put network card in promiscuous mode, every packet that pass its interface is captured and displayed • Ethereal • www.ethereal.com/ • OmniPeek • http://www.wildpackets.com/products/omnipeek • Tcpdump • www.tcpdump.org/ • Ngrep • http://ngrep.sourceforge.net/
Spoofing and unauthorized access • Spoofing- An attacker is able to trick your network equipment into thinking that the connection is from one of allowed machines • Several way to accomplish • Redefine MAC address to a valid MAC address • simple Registry edit for windows • On unix with a simple command from root shell • SMAC (software packages on windows)
Network hijacking and modification • Malicious user able to send message to routing devices and APs stating that their MAC address is associated with a known IP address • From then on, all traffic that goes through that router (switch) destined for hijacked IP address will be handoff to the hijacker machine • ARP spoof or ARP poisoning
Network hijacking and modification • If the attacker spoofs as the default gateway • All machines trying to get to the network will connect to the attacker • To get passwords and necessary information • Use of rogue AP • To receive authentication requests and information
Denial of Service and flooding attacks • One of the original DoS attacks is known as a ping flood • A large number of hosts or devices to send and ICMP echo to a specified target • One of possible attack would be through a massive amount of invalid or valid authentication requests. • Users attempting to authenticate themselves would have difficulties in acquiring a valid session • If hacker can spoof as a default gateway, it can prevent any machine from wireless network to access the wired network
Revisiting policy • Adjust corporate security policy to accommodate wireless networks and the users who depend on them , • Because of wireless environment • no visible connection – good authentication required • Ease of capture of RF traffic – good policy should not broadcast SSID and should implement WEP • Not use default name or password in operating AP devices