CWNA Guide to Wireless LANs, Second Edition

1
CWNA Guide to Wireless LANs, Second Edition

• Chapter Seven thru Ten
• Review

2
Note

• Many of the test questions will come from these
  charts
• I will still be updating the slides through
  Monday night. But only minor changes will be
  made.

3
What is a Site Survey?

• When installing a WLAN for an organization, areas
  of dead space might not be tolerated
• Ensure blanket coverage, meet per-user bandwidth
  requirements, minimize bleeding of signal
• Factors affecting wireless coverage goals
• Devices emitting RF signals
• Building structure (walls, construction
  materials)
• Open or closed office doors
• Stationary versus mobile machinery/equipment
• Movement of mobile walls (e.g., cubicles)

4
What is a Site Survey?

• Factors affecting wireless coverage goals
• Expansion of physical plant or growth of
  organization
• Existing WLANs
• Both inside organization, and within nearby
  organizations
• Site survey Process of planning a WLAN to meet
  design goals
• Effectiveness of a WLAN often linked to
  thoroughness of the site survey

5
What is a Site Survey?

• Design goals for a site survey
• Achieve best possible performance from WLAN
• Certify that installation will operate as
  promised
• Determine best location for APs
• Develop networks optimized for variety of
  applications
• Ensure coverage will fulfill organizations
  requirements
• Locate unauthorized APs

6
What is a Site Survey?

• Design goals for a site survey (continued)
• Map nearby wireless networks to determine
  existing radio interference
• Reduce radio interference as much as possible
• Make wireless network secure
• Survey provides realistic understanding of
  infrastructure required for proposed wireless
  link
• Assists in predicting network capability and
  throughput
• Helps determine exact location of APs and power
  levels required

7
What is a Site Survey?

• When to perform a site survey
• Before installing a new wireless network
• Before changing an existing wireless network
• When there are significant changes in personnel
• When there are changes in network needs
• After making physical changes to a building

8
Site Survey Tools Wireless Tools

• Most basic tool is AP itself
• Position in various locations
• monitor signal as you move
• APs should have ability to adjust output power
• APs should have external antenna connectors
• Notebook computer with wireless NIC also
  essential for testing
• Previously configured and tested

9
Site Survey Tools Measurement Tools

• Site Survey Analyzers Specifically designed for
  conducting WLAN site surveys
• Software often built into AP
• Receive Signal Strength Indicator (RSSI) value
• Full-featured site survey analyzer software
  settings
• Destination MAC Address
• Continuous Link Test
• Number of Packets
• Packet Size
• Data Retries

10
Site Survey Tools Measurement Tools

• Site Survey Analyzers (continued)
• Full-featured site survey analyzer software
  settings (continued)
• Data Rate
• Delay Between Packets
• Packet Tx Type
• Unicast or multicast
• Percent Success Threshold
• Basic survey analyzer software contains far fewer
  features

11
Site Survey Tools Measurement Tools

• Spectrum Analyzers Scan radio frequency spectrum
  and provides graphical display of results
• Typically measure signal-to-noise ratio
• Single-frequency analyzers measure
  signal-to-noise ratio at specified frequency
• Helpful in identifying interference problems
• Thus, helps properly position/orient AP

12
Site Survey Tools Measurement Tools (continued)

• Network Analyzers Can be used to pick up packets
  being transmitted by other WLANs in area
• Provide additional information on transmissions
• Packet sniffers or protocol analyzers
• Not used in placement of AP

13
Site Survey Tools Documentation Tools

• Create a hard copy of site survey results
• Make available for future reference
• No industry-standard form for site survey
  documentation
• Site survey report should include
• Purpose of report
• Survey methods
• RF coverage details (frequency and channel plan)
• Throughput findings
• Sources of interference

14
Site Survey Tools Documentation Tools

• Site survey report should include (continued)
• Problem zones
• Marked-up facility drawings with access point
  placement
• Access point configuration
• Use building layout blueprints as tools
• Advisable to create database to store site survey
  information and generate reports

15
Site Survey Tools Documentation Tools
Figure 7-9 Sample site survey form
16
Performing a Site Survey Gathering Data

• Obtaining Business Requirements Determine
  business reasons why WLAN being proposed or
  extended
• If this step skipped, almost impossible to
  properly design and implement the network
• Primary data gathering method is interviewing
• Must determine type of mobility required within
  organization
• Must determine per-user bandwidth requirements
• May be different types of users with different
  bandwidth requirements

17
Performing a Site Survey Gathering Data

• Defining Security Requirements Consider type of
  data encryption and type of authentication that
  will take place across WLAN
• Consider existing security policies and
  procedures
• Gathering Site-Specific Documentation
• Blueprints, facility drawings, and other
  documents
• Show specific building infrastructure components
• Inspecting the site
• Document changes to blueprints and get visual
  perspective

18
Performing a Site Survey Gathering Data
(continued)

• Gathering Site-Specific Documentation
  (continued)
• Behind-the-scenes site inspection
• Documenting Existing Network Characteristics
• New or expanded WLAN will dovetail into network
  already in place
• Determine degree to which WLAN will interact with
  other wired networks
• Legacy systems may require additional equipment
  to support WLAN

19
Performing a Site Survey Performing the Survey

• Collecting RF Information
• Note objects in and layout of room
• Use digital camera
• Position AP
• Initial location will depend on antenna type
• Document starting position of AP
• Using notebook computer with site survey analyzer
  software running, walk slowly away from AP
• Observe data displayed by analyzer program
• Data rate, signal strength, noise floor, and
  signal-to-noise ratio

20
Performing a Site Survey Performing the Survey

• Collecting RF Information
• Continue moving until data collected for all
  areas
• Data collected used to produce
• Coverage pattern Area where signal can be
  received from the AP
• Data rate boundaries Range of coverage for a
  specific transmission speed
• Throughput Number of packets sent and received
  and data rates for each
• Total transmission range Farthest distance at
  which signal can be received by wireless device

21
Performing a Site Survey Performing the Survey

• Collecting Non-RF Information
• Outdoor Surveys
• Similar to indoor surveys
• Must consider climatic conditions, trees,
  different possibilities for antenna positions,
  Permits and Zoning

22
CWNA Guide to Wireless LANs, Second Edition

• Chapter Eight
• Wireless LAN Security and Vulnerabilities

23
Security Principles What is Information Security?

• Information security Task of guarding digital
  information
• Ensures protective measures properly implemented
• Protects confidentiality, integrity, and
  availability (CIA) on the devices that store,
  manipulate, and transmit the information through
  products, people, and procedures

24
Security Principles Challenges of Securing
Information

• Trends influencing increasing difficultly in
  information security
• Speed of attacks
• Sophistication of attacks
• Faster detection of weaknesses
• Day zero attacks
• Distributed attacks
• The many against one approach
• Impossible to stop attack by trying to identify
  and block source

25
Security Principles Categories of Attackers

• Six categories of attackers
• Hackers
• Not malicious expose security flaws
• Crackers
• Script kiddies
• Spies
• Employees
• Cyberterrorists

26
Security Principles Security Organizations

• Many security organizations exist to provide
  security information, assistance, and training
• Computer Emergency Response Team Coordination
  Center (CERT/CC)
• Forum of Incident Response and Security Teams
  (FIRST)
• InfraGard
• Information Systems Security Association (ISSA)
• National Security Institute (NSI)
• SysAdmin, Audit, Network, Security (SANS)
  Institute

27
Basic IEEE 802.11 Security Protections

• Data transmitted by a WLAN could be intercepted
  and viewed by an attacker
• Important that basic wireless security
  protections be built into WLANs
• Three categories of WLAN protections
• Access control
• Wired equivalent privacy (WEP)
• Authentication
• Some protections specified by IEEE, while others
  left to vendors

28
Access Control

• Intended to guard availability of information
• Wireless access control Limit users admission
  to AP
• Filtering
• Media Access Control (MAC) address filtering
  Based on a nodes unique MAC address

29
Access Control

• MAC address filtering considered to be a basic
  means of controlling access
• Requires pre-approved authentication
• Difficult to provide temporary access for guest
  devices

30
Wired Equivalent Privacy (WEP)

• Guard the confidentiality of information
• Ensure only authorized parties can view it
• Used in IEEE 802.11 to encrypt wireless
  transmissions
• Scrambling

31
WEP Cryptography

• Cryptography Science of transforming information
  so that it is secure while being transmitted or
  stored
• scrambles data
• Encryption Transforming plaintext to ciphertext
• Decryption Transforming ciphertext to plaintext
• Cipher An encryption algorithm
• Given a key that is used to encrypt and decrypt
  messages
• Weak keys Keys that are easily discovered

32
WEP Implementation

• IEEE 802.11 cryptography objectives
• Efficient
• Exportable
• Optional
• Reasonably strong
• Self-synchronizing
• WEP relies on secret key shared between a
  wireless device and the AP
• Same key installed on device and AP
• Private key cryptography or symmetric encryption

33
WEP Implementation

• WEP shared secret keys must be at least 40 bits
• Most vendors use 104 bits
• Options for creating WEP keys
• 40-bit WEP shared secret key (5 ASCII characters
  or 10 hexadecimal characters)
• 104-bit WEP shared secret key (13 ASCII
  characters or 16 hexadecimal characters)
• Passphrase (16 ASCII characters)
• APs and wireless devices can store up to four
  shared secret keys
• Default key used for all encryption

34
WEP Implementation

• When encrypted frame arrives at destination
• Receiving device separates IV from ciphertext
• Combines IV with appropriate secret key
• Create a keystream
• Keystream used to extract text and ICV
• Text run through CRC
• Ensure ICVs match and nothing lost in
  transmission
• Generating keystream using the PRNG is based on
  the RC4 cipher algorithm
• Stream Cipher

35
Vulnerabilities of IEEE 802.11 Security

• IEEE 802.11 standards security mechanisms for
  wireless networks have fallen short of their goal
• Vulnerabilities exist in
• Authentication
• Address filtering
• WEP

36
Open System Authentication Vulnerabilities

• Inherently weak
• Based only on match of SSIDs
• SSID beaconed from AP during passive scanning
• Easy to discover
• Vulnerabilities
• Beaconing SSID is default mode in all APs
• Not all APs allow beaconing to be turned off
• Or manufacturer recommends against it
• SSID initially transmitted in plaintext
  (unencrypted)

37
Other Wireless Attacks Denial of Service (DoS)
Attack

• Standard DoS attack attempts to make a server or
  other network device unavailable by flooding it
  with requests
• Attacking computers programmed to request, but
  not respond
• Wireless DoS attacks are different
• Jamming Prevents wireless devices from
  transmitting
• Forcing a device to continually dissociate and
  re-associate with AP

38
Wireless Security Problems

• Common Techniques to Compromise Wireless Data
  Networks
• Rogue Access Point Insertion
• Traffic Sniffing
• Traffic Data Insertion
• ARP-Snooping (via Dsniff) trick wired network
  to pass data over wireless

39
Security OverviewAuthentication

• Determines
• If you are who you say you are
• If (and What) access rights are granted
• Examples are
• Smart Card - SecureId Server/Cards
• S/Key One time password
• Digital Certificates

40
WEP(Wired Equivalent Privacy)

• RC4 (Rivest Cipher 4 / Rons Code 4) Encryption
  Algorithm lthttp//www.cebrasoft.co.uk/encryption/r
  c4.htmgt
• Shared (but static) secret 64 or 128-bit key to
  encrypt and decrypt the data
• 24-bit initialization vector (semi-random)
  leaving only 40 or 104 bits as the real key
• WEP Key Cracking Software
• WEPCrack / AirSnort / Aircrack (as well as
  others)
• Cracking Time 64-bit key 2 seconds
• 128-bit key 3-10 minutes
• www.netcraftsmen.net/welcher/papers/wlansec01.html
  and www.tomsnetworking.com/Sections-article111-pa
  ge4.php

41
WPA and WPA2(WiFi Protected Access)

• Created by the Wi-Fi Alliance industry group due
  to excessive delays in 802.11i approval
• WPA and WPA2 designed to be backward compatible
  with WEP
• Closely mirrors the official IEEE 802.11i
  standards but with EAP (Extensible Authentication
  Protocol)
• Contains both authentication and encryption
  components
• Designed to address WEP vulnerabilities

42
WPA / WPA2 Encryption

• WPA
• Mandates TKIP (Temporal Key Integrity Protocol)
• Scheduled Shared Key Change (i.e. every 10,000
  data packets)
• Optionally specifies AES (Advanced Encryption
  Standard) capability
• WPA will essentially fall back to WEP-level
  security if even a single device on a network
  cannot use WPA
• WPA2
• Mandates both TKIP and AES capability
• WPA / WPA2 networks will drop any altered packet
  or shut down for 30 seconds whenever a message
  alteration attack is detected.

43
WPA / WPA2 (Contd)

• Personal Pre-shared Key
• Userentered 8 63 ASCII Character Passphrass
  Produces a 256-bit Pre-Shared Key
• To minimize/prevent key cracking, use a minimum
  of 21 characters for the passphase
• Key Generation
• passphrase, SSID, and the SSIDlength is hashed
  4096 times to generate a value of 256 bits
• WPA Key Cracking Software
• coWPAtty / WPA Cracker (as well as others)

44
WPA / WPA2 Authentication (Since Extended
EAP-May 2005)

• Now Five WPA / WPA2 Enterprise Standards
• EAP-TLS
• Original EAP Protocol
• Among most secure but seldom implemented as it
  needs a Client-side certificate ie smartcard
  (SecurId Key Fob http//www.securid.com/)

45
CWNA Guide to Wireless LANs, Second Edition

• Chapter Nine
• Implementing Wireless LAN Security

46
Objectives

• List wireless security solutions
• Tell the components of the transitional security
  model
• Describe the personal security model
• List the components that make up the enterprise
  security model

47
Wireless Security Solutions

• IEEE 802.11a and 802.11b standards included WEP
  specification
• Vulnerabilities quickly realized
• Organizations implemented quick fixes
• Did not adequately address encryption and
  authentication
• IEEE and Wi-Fi Alliance started working on
  comprehensive solutions
• IEEE 802.11i and Wi-Fi Protected Access (WPA)
• Foundations of todays wireless security

48
WEP2

• Attempted to overcome WEP limitations
• adding two new security enhancements
• WEP key increased to 128 bits
• Kerberos authentication
• User issued ticket by Kerberos server
• Presents ticket to network for a service
• Used to authenticate user
• No more secure than WEP
• Collisions still occur
• Dictionary-based attacks available

49
Dynamic WEP

• Solves weak IV problem by rotating keys
  frequently
• More difficult to crack encrypted packet
• Different keys for unicast and broadcast traffic
• Unicast WEP key unique to each users session
• Dynamically generated and changed frequently
• For example - When roaming to a new AP
• Broadcast WEP key must be same for all users on a
  particular subnet and AP

50
Dynamic WEP (continued)

• Can be implemented without upgrading device
  drivers or AP firmware
• No-cost and minimal effort to deploy
• Does not protect against man-in-the-middle
  attacks
• Susceptible to DoS attacks

51
IEEE 802.11i

• Provides good wireless security model
• Robust security network (RSN)
• Addresses both encryption and authentication
• Encryption accomplished by replacing RC4 with a
  block cipher
• Manipulates entire block of plaintext at one time
• Block cipher used is Advanced Encryption Standard
  (AES)
• Three step process
• Second step consists of multiple rounds of
  encryption

52
IEEE 802.11i (continued)
Table 9-1 Time needed to break AES
53
IEEE 802.11i (continued)

• IEEE 802.11i authentication and key management is
  accomplished by IEEE 802.1x standard
• Implements port security
• Blocks all traffic on port-by-port basis until
  client authenticated using credentials stored on
  authentication server
• Key-caching Stores information from a device on
  the network, for faster re-authentication
• Pre-authentication Allows a device to become
  authenticated to an AP before moving to it

54
IEEE 802.11i (continued)
Figure 9-2 IEEE 802.1x
55
Wi-Fi Protected Access (WPA)

• Subset of 802.11i that addresses encryption and
  authentication
• Temporal Key Integrity Protocol (TKIP) Replaces
  WEPs encryption key with 128-bit per-packet key
• Dynamically generates new key for each packet
• Prevents collisions
• Authentication server can use 802.1x to produce
  unique master key for user sessions
• Creates automated key hierarchy and management
  system

56
Wi-Fi Protected Access (continued)

• Message Integrity Check (MIC) Designed to
  prevent attackers from capturing, altering, and
  resending data packets
• Replaces CRC from WEP
• CRC does not adequately protect data integrity
• Authentication accomplished via IEEE 802.1x or
  pre-shared key (PSK) technology
• PSK passphase serves as seed for generating keys

57
Wi-Fi Protected Access 2 (WPA2)

• Second generation of WPA security
• Based on final IEEE 802.11i standard
• Uses AES for data encryption
• Supports IEEE 802.1x authentication or PSK
  technology
• Allows both AES and TKIP clients to operate in
  same WLAN

58
Summary of Wireless Security Solutions (continued)
Table 9-2 Wi-Fi modes
Table 9-3 Wireless security solutions
59
Transitional Security Model

• Transitional wireless implementation
• Should be temporary
• Until migration to stronger wireless security
  possible
• Should implement basic level of security for a
  WLAN
• Including authentication and encryption

60
Authentication Shared Key Authentication

• First and perhaps most important step
• Uses WEP keys
• Networks that support multiple devices should use
  all four keys
• Same key should not be designated as default on
  each device

61
Authentication SSID Beaconing

• Turn off SSID beaconing by configuring APs to not
  include it
• Beaconing the SSID is default mode for all APs
• Good practice to use cryptic SSID
• Should not provide any information to attackers

62
WEP Encryption

• Although vulnerabilities exist, should be turned
  on if no other options for encryption are
  available
• Use longest WEP key available
• May prevent script kiddies or casual
  eavesdroppers from attacking

Table 9-4 Transitional security model
63
Personal Security Model

• Designed for single users or small office home
  office (SOHO) settings
• Generally 10 or fewer wireless devices
• Two sections
• WPA Older equipment
• WPA2 Newer equipment

64
WPA Personal Security PSK Authentication

• Uses passphrase (PSK) that is manually entered to
  generate the encryption key
• PSK used a seed for creating encryption keys
• Key must be created and entered in AP and also on
  any wireless device (shared) prior to (pre)
  the devices communicating with AP

65
WPA Personal Security TKIP Encryption

• TKIP is a substitute for WEP encryption
• Fits into WEP procedure with minimal change
• Device starts with two keys
• 128-bit temporal key
• 64-bit MIC
• Three major components to address
  vulnerabilities
• MIC
• IV sequence
• TKIP key mixing
• TKIP required in WPA

66
WPA2 Personal Security PSK Authentication

• PSK intended for personal and SOHO users without
  enterprise authentication server
• Provides strong degree of authentication
  protection
• PSK keys automatically changed (rekeyed) and
  authenticated between devices after specified
  period of time or after set number of packets
  transmitted (rekey interval)
• Employs consistent method for creating keys
• Uses shared secret entered at AP and devices
• Random sequence of at least 20 characters or 24
  hexadecimal digits

67
WPA2 Personal Security AES-CCMP Encryption

• WPA2 personal security model encryption
  accomplished via AES
• AES-CCMP Encryption protocol in 802.11i
• CCMP based on Counter Mode with CBC-MAC (CCM) of
  AES encryption algorithm
• CCM provides data privacy
• CBC-MAC provides data integrity and
  authentication
• AES processes blocks of 128 bits
• Cipher key length can be 128, 192 and 256 bits
• Number of rounds can be 10, 12, and 14

68
WPA2 Personal Security AES-CCMP Encryption
(continued)

• AES encryption/decryption computationally
  intensive
• Better to perform in hardware

Table 9-5 Personal security model
69
Enterprise Security Model

• Most secure level of security that can be
  achieved today for wireless LANs
• Designed for medium to large-size organizations
• Intended for setting with authentication server
• Like personal security model, divided into
  sections for WPA and WPA2
• Additional security tools available to increase
  network protection

70
WPA Enterprise Security IEEE 802.1x
Authentication

• Uses port-based authentication mechanisms
• Network supporting 802.1x standard should consist
  of three elements
• Supplicant Wireless device which requires secure
  network access
• Authenticator Intermediary device accepting
  requests from supplicant
• Can be an AP or a switch
• Authentication Server Accepts requests from
  authenticator, grants or denies access

71
WPA Enterprise Security IEEE 802.1x
Authentication (continued)

• Supplicant is software on a client implementing
  802.1x framework
• Authentication server stores list of names and
  credentials of authorized users
• Remote Authentication Dial-In User Service
  (RADIUS) typically used
• Allows user profiles to be maintained in central
  database that all remote servers can share

72
WPA Enterprise Security IEEE 802.1x
Authentication

• 802.1x based on Extensible Authentication
  Protocol (EAP)
• Several variations
• EAP-Transport Layer Security (EAP-TLS)
• Lightweight EAP (LEAP)
• EAP-Tunneled TLS (EAP-TTLS)
• Protected EAP (PEAP)
• Flexible Authentication via Secure Tunneling
  (FAST)
• Each maps to different types of user logons,
  credentials, and databases used in authentication

73
WPA Enterprise Security TKIP Encryption

• TKIP is a wrapper around WEP
• Provides adequate encryption mechanism for WPA
  enterprise security
• Dovetails into existing WEP mechanism
• Vulnerabilities may be exposed in the future

74
WPA2 Enterprise Security IEEE 802.1x
Authentication

• Enterprise security model using WPA2 provides
  most secure level of authentication and
  encryption available on a WLAN
• IEEE 802.1x is strongest type of wireless
  authentication currently available
• Wi-Fi Alliance certifies WPA and WPA2 enterprise
  products using EAP-TLS
• Other EAP types not tested, but should run a WAP
  or WAP2 environment

75
WPA2 Enterprise Security AES-CCMP Encryption

• AES Block cipher that uses same key for
  encryption and decryption
• Bits encrypted in blocks of plaintext
• Calculated independently
• block size of 128 bits
• Three possible key lengths 128, 192, and 256
  bits
• WPA2/802.11i uses128-bit key length
• Includes four stages that make up one round
• Each round is iterated 10 times

76
WPA2 Enterprise Security AES-CCMP Encryption
(continued)
Table 9-6 Enterprise security model
77
Other Enterprise Security Tools Virtual Private
Network (VPN)

• Virtual private network (VPN) Uses a public,
  unsecured network as if it were private, secured
  network
• Two common types
• Remote-access VPN User-to-LAN connection used by
  remote users
• Site-to-site VPN Multiple sites can connect to
  other sites over Internet
• VPN transmissions are achieved through
  communicating with endpoints

78
Other Enterprise Security Tools Virtual Private
Network

• Endpoint End of tunnel between VPN devices
• Can local software, dedicated hardware device, or
  even a firewall
• VPNs can be used in WLAN setting
• Tunnel though WLAN for added security
• Enterprise trusted gateway Extension of VPN
• Pairs of devices create trusted VPN connection
  between themselves
• Can protect unencrypted packets better than a VPN
  endpoint

79
Other Enterprise Security Tools Wireless Gateway

• AP equipped with additional functionality
• Most APs are wireless gateways
• Combine functionality of AP, router, network
  address translator, firewall, and switch
• On enterprise level, wireless gateway may combine
  functionality of a VPN and an authentication
  server
• Can provide increased security for connected APs

80
Other Enterprise Security Tools Wireless
Intrusion Detection System (WIDS)

• Intrusion-detection system (IDS) Monitors
  activity on network and what the packets are
  doing
• May perform specific function when attack
  detected
• May only report information, and not take action
• Wireless IDS (WIDS) Constantly monitors RF
  frequency for attacks
• Based on database of attack signatures or on
  abnormal behavior
• Wireless sensors lie at heart of WIDS
• Hardware-based have limited coverage,
  software-based have extended coverage

81
Other Enterprise Security Tools Captive Portal

• Web page that wireless users are forced to visit
  before they are granted access to Internet
• Used in one of the following ways
• Notify users of wireless policies and rules
• Advertise to users specific services or products
• Authenticate users against a RADIUS server
• Often used in public hotspots

82
CWNA Guide to Wireless LANs, Second Edition

• Chapter Ten
• Managing a Wireless LAN

83
Monitoring the Wireless Network

• Network monitoring provides valuable data
  regarding current state of a network
• Generate network baseline
• Detect emerging problems
• Monitoring a wireless network can be performed
  with two sets of tools
• Utilities designed specifically for WLANs
• Standard networking tools

84
WLAN Monitoring Tools

• Two classifications of tools
• Operate on wireless device itself
• Function on AP
• Device and Operating System Utilities
• Most OSs provide basic utilities for monitoring
  the WLAN
• Some vendors provide more detailed utilities

85
WLAN Monitoring Tools

• Access Point Utilities
• All APs have WLAN reporting utilities
• Status information sometimes just a summary of
  current AP configuration
• No useful monitoring information
• Many enterprise-level APs provide utilities that
  offer three types of information
• Event logs
• Statistics on wireless transmissions
• Information regarding connection to wired
  Ethernet network

86
Standard Network Monitoring Tools

• Drawbacks to relying solely on info from AP and
  wireless devices
• Lack of Retention of data
• Laborious and time-intensive data collection
• Data generally not collected in time manner
• Standard network monitoring tools
• Used on wired networks
• Proven to be reliable
• Simple Network Management Protocol (SNMP)
• Remote Monitoring (RMON)

87
Simple Network Management Protocol (SNMP)

• Protocol allowing computers and network equipment
  to gather data about network performance
• Part of TCP/IP protocol suite
• Software agent loaded onto each network device
  that will be managed using SNMP
• Monitors network traffic and stores info in
  management information base (MIB)
• SNMP management station Computer with the SNMP
  management software

88
Simple Network Management Protocol (continued)

• SNMP management station communicates with
  software agents on network devices
• Collects data stored in MIBs
• Combines and produces statistics about network
• Whenever network exceeds predefined limit,
  triggers an SNMP trap
• Sent to management station
• Implementing SNMP provides means to acquire
  wireless data for establishing baseline and
  generating alerts

89
Remote Monitoring (RMON)

• SNMP-based tool used to monitor LANs connected
  via a wide area network (WAN)
• WANs provide communication over larger
  geographical area than LANs
• Allows remote network node to gather network data
  at almost any point on a LAN or WAN
• Uses SNMP and incorporates special database for
  remote monitoring
• WLAN AP can be monitored using RMON
• Gathers data regarding wireless and wired
  interfaces

90
Maintaining the Wireless Network

• Wireless networks are not static
• Must continually be modified, adjusted, and
  tweaked
• Modifications often made in response to data
  gathered during network monitoring
• Two of most common functions
• Updating AP firmware
• Adjusting antennas to enhance transmissions

91
Upgrading Firmware

• Firmware Software embedded into hardware to
  control the device
• Electronic heart of a hardware device
• Resides on EEPROM
• Nonvolatile storage chip
• Most APs use a browser-based management system
• Keep APs current with latest changes by
  downloading the changes to the APs

92
Upgrading Firmware (continued)

• General steps to update AP firmware
• Download firmware from vendors Web site
• Select Upgrade Firmware or similar option from
  AP
• Enter location of firmware file
• Click Upgrade button
• Enterprise-level APs often have enhanced firmware
  update capabilities
• e.g., may be able to update System firmware, Web
  Page firmware, and Radio firmware separately

93
Upgrading Firmware (continued)

• With many enterprise-level APs, once a single AP
  has been upgraded to the latest firmware, can
  distribute to all other APs on the WLAN
• Receiving AP must be able to hear IP multicast
  issued by Distribution AP
• Receiving AP must be set to allow access through
  a Web browser
• If Receiving AP has specific security
  capabilities enabled, must contain in its
  approved user lists a user with the same user
  name, password, and capabilities as user logged
  into Distribution AP

94
Upgrading Firmware (continued)

• RF site tuning After firmware updates applied,
  adjusting APs setting
• Adjust radio power levels on all access points
• Firmware upgrades may increase RF coverage areas
• Adjust channel settings
• Validate coverage area
• Modify integrity and throughput
• Document changes

95
Adjusting Antennas RF Transmissions

• May need to adjust antennas in response to
  firmware upgrades or changes in environment
• May require reorientation or repositioning
• May require new type of antenna
• Radio frequency link between sender and receiver
  consists of three basic elements
• Effective transmitting power
• Propagation loss
• Effective receiving sensibility

96
Adjusting Antennas RF Transmissions (continued)
Figure 10-14 Radio frequency link
97
Adjusting Antennas RF Transmissions (continued)

• Link budget Calculation to determine if signal
  will have proper strength when it reaches links
  end
• Required information
• Antenna gain
• Free space path loss
• Frequency of the link
• Loss of each connector at the specified frequency
• Number of connectors used
• Path length
• Power of the transmitter

98
Adjusting Antennas RF Transmissions (continued)

• Link budget (continued)
• Required information (continued)
• Total length of transmission cable and loss per
  unit length at specified frequency
• For proper WLAN performance, link budget must be
  greater than zero
• System operating margin (SOM)
• Good WLAN link has link budget over 6 dB
• Fade margin Difference between strongest RF
  signal in an area and weakest signal that a
  receiver can process

99
Adjusting Antennas RF Transmissions (continued)

• Attenuation (loss) Negative difference in
  amplitude between RF signals
• Absorption
• Reflection
• Scattering
• Refraction
• Diffraction
• Voltage Standing Wave Ratio

100
Adjusting Antennas Antenna Types

• Rod antenna Antenna typically used on a WLAN
• Omnidirectional
• 360 degree radiation pattern
• Transmission pattern focused along horizontal
  plane
• Increasing length creates tighter 360-degree
  beam
• Sectorized antenna Cuts standard 360-degree
  pattern into four quarters
• Each quarter has own transmitter and antenna
• Can adjust power to each sector independently

101
Adjusting Antennas Antenna Types (continued)

• Panel antenna Typically used in outdoor areas
• Tight beamwidth
• Phase shifter Allows wireless device to use a
  beam steering antenna to improve receiver
  performance
• Direct transmit antenna pattern to target
• Phased array antenna Incorporates network of
  phase shifters, allowing antenna to be pointed
  electronically in microseconds,
• Without physical realignment or movement

102
Adjusting Antennas Antenna Types (continued)

• Radiation pattern emitting from antennas travels
  in three-dimensional donut form
• Azimuth and elevation planes
• Antenna Accessories
• Transmission problem can be resolved by adding
  accessories to antenna system
• Provide additional power to the antenna, decrease
  power when necessary, or provide additional
  functionality

103
Adjusting Antennas Antenna Types (continued)
Figure 10-17 Azimuth and elevation pattern
104
Adjusting Antennas RF Amplifier

• Increases amplitude of an RF signal
• Signal gain
• Unidirectional amplifier Increases RF signal
  level before injected into transmitting antenna
• Bidirectional amplifier Boosts RF signal before
  injected into device containing the antenna
• Most amplifiers for APs are bidirectional

105
Adjusting Antennas RF Attenuators

• Decrease RF signal
• May be used when gain of an antenna did not match
  power output of an AP
• Fixed-loss attenuators Limit RF power by set
  amount
• Variable-loss attenuators Allow user to set
  amount of loss
• Fixed-loss attenuators are the only type
  permitted by the FCC for WLAN systems

106
Adjusting Antennas Cables and Connectors

• Basic rules for selecting cables and connectors
• Ensure connector matches electrical capacity of
  cable and device, along with type and gender of
  connector
• Use high-quality connectors and cables
• Make cable lengths as short as possible
• Make sure cables match electrical capacity of
  connectors
• Try to purchase pre-manufactured cables
• Use splitters sparingly

107
Adjusting Antennas Lightning Arrestor

• Antennas can inadvertently pick up high
  electrical discharges
• From nearby lightning strike or contact with
  high-voltage electrical source
• Lightning Arrestor Limits amplitude and
  disturbing interference voltages by channeling
  them to ground
• Designed to be installed between antenna cable
  and wireless device
• One end (3) connects to antenna
• Other end (2) connects to wireless device
• Ground lug (1) connects to grounded cable

108
Establishing a Wireless Security Policy

• One of most important acts in managing a WLAN
• Should be backbone of any wireless network
• Without it, no effective wireless security

109
General Security Policy Elements

• Security policy Document or series of documents
  clearly defining the defense mechanisms an
  organization will employ to keep information
  secure
• Outlines how to respond to attacks and
  information security duties/responsibilities of
  employees
• Three key elements
• Risk assessment
• Security auditing
• Impact analysis

110
Risk Assessment

• Determine nature of risks to organizations
  assets
• First step in creating security policy
• Asset Any item with positive economic value
• Physical assets
• Data
• Software
• Hardware
• Personnel
• Assets should be assigned numeric values
  indicating relative value to organization

111
Risk Assessment (continued)

• Factors to consider in determining relative
  value
• How critical is this asset to the goals of the
  organization?
• How much profit does it generate?
• How much revenue does it generate?
• What is the cost to replace it?
• How much does it cost to protect it?
• How difficult would it be to replace it?
• How quickly can it be replaced?
• What is the security impact if this asset is
  unavailable?

112
Risk Assessment (continued)
Table 10-1 Threats to information security
113
Security Auditing

• Determining what current security weaknesses may
  expose assets to threats
• Takes current snapshot of wireless security of
  organization
• Each threat may reveal multiple vulnerabilities
• Vulnerability scanners Tools that can compare an
  asset against database of known vulnerabilities
• Produce discovery report that exposes the
  vulnerability and assesses its severity

114
Impact Analysis

• Involves determining likelihood that
  vulnerability is a risk to organization
• Each vulnerability can be ranked
• No impact
• Small impact
• Significant
• Major
• Catastrophic
• Next, estimate probability that vulnerability
  will actually occur
• Rank on scale of 1 to 10

115
Impact Analysis (continued)

• Final step is to determine what to do about risks
• Accept the risk
• Diminish the risk
• Transfer the risk
• Desirable to diminish all risks to some degree
• If not possible, risks for most important assets
  should be reduced first

116
Functional Security Policy Elements

• Baseline practices Establish benchmark for
  actions using wireless network
• Can be used for creating design and
  implementation practices
• Foundation of what conduct is acceptable on the
  WLAN
• Security policy must specifically identify
  physical security
• Prevent unauthorized users from reaching
  equipment in order to use, steal, or vandalize it