Gary Zavitz

1
Wireless LAN Site Surveys and Security
Considerations

• Gary Zavitz
• gaz_at_interbeach.com

eLearningWired and Wirelessly!
2
Experience

• WBT and ILT training experience
• Producer, Developer of Virtual Webinars
• Wireless Computing Instructor
• Telecom Management Certification
• Chair of Sheridan College Telecom Alumni
  Association

3
A Warehouse Without Wires

• The client has expanded warehouse operations into
  a large area, that lacks existing wiring. The
  ceiling is very high, and the floor is thick
  concrete. It will be quite expensive to install
  traditional data wiring. They have some fork
  lifts whose operators use mobile terminals which
  need LAN connectivity.

Think about what type of area this represents,
and what design considerations might need to be
made.
4
Why a site survey?

• Determine actual coverage area
• Determine number of wireless cells needed
• Determine location of access point and/or
  wireless servers

5
Wireless planning considerations

• Number of total and simultaneous users
• Average and maximum bandwidth needed
• Degree of user roaming
• Site survey input
• Location of APs to maximize connectivity and
  bandwidth (distance/density/overlap)
• Frequency/channel usage (1,6,11 non-overlapping)
• Redundancy

6
Barriers and attenuation of signals

• RF Barrier description RF Barrier
  severity Examples
• Air Minimal
• Wood Low partitions
• Plaster Low inner walls
• Synthetic material Low partitions
• Asbestos Low ceilings
• Glass Low windows
• Water Medium damp wood , aquarium
• Bricks Medium inner and outer walls
• Marble Medium inner walls
• Paper rolls High paper on a roll
• Concrete High floors, outer walls
• Bulletproof glass High security booths
• Metal Very high desks, metal partitions

7
Security Concerns

• We are concerned and need what ever wireless
  solution is deployed to be secure.
• Wed like to have an easy to manage, centralized
  system for updating keys, and validating APs and
  clients.
• Using MAC based filters at each of the APs is
  too much of a hassle.

8
wLAN Security - Wired Equivalency Privacy

• WEP symmetric encryption (shared key), defines
  method but not how to share and distribute/manage
  keys
• RC4 algorithm (4024 bits keys) WIFI compliant
• 104 24 bits proprietary (non IEEE standard/non
  WiFi scope) but interoperable implementations
  (i.e. Lucent/Cisco, others)

9
wLAN Security - WEP issue?

• Goal was to address equivalent physical security
  as with fixed network
• Should be used with other measures above and
  beyond to achieve data privacy
• 40 or 104 bit encryption, length of 24 bit init
  vector, sent as clear text, was concern of
  Berkeley article
• Single Key per Network
• multiple keys for Receive to allow key
  change-over
• Most AP (Cisco, etc.) products support Radius
  based MAC authentication

10
EncryptionWired Equivalent Privacy

• 64 WEP standard available
• 40-bit secret key 24-bits Initialization Vector
  (IV)
• IEEE 802.11 standard
• 128RC4 available
• 104-bit secret key 24-bits Initialization
  Vector (IV)
• Not IEEE 802.11 compliant
• When WEP is enabled, Shared Key Authentication is
  enabled

11
Overview of 802.11b Security Vulnerabilities

• Compromise of encryption key
• Theft of hardware is equivalent to theft of key
• Packet spoofing, disassociation attack
• Rogue AP
• Known plain-text attack
• Brute force attack
• Passive monitoring
• Replay attack

12
Wireless Security Recommendations

• Change default SSID, password, SNMP settings
• Avoid temping SSID names that identify hacker
  targets
• Configure as Closed System to not broadcast
  SSID beacons or answer probes from clients set to
  ANY
• Minimize coverage beyond desired areas
• Use tools for periodic site surveys to spot
  rogue APs
• Consider limiting access based on MAC if
  practical
• Place APs in DMZ based VLAN and have clients VPN
  in
• Consider IPSec
• APs not in public accessible areas
• Address WEP Weaknesses via Key Rotation, 802.1x,
  WEP 2 (802.11i),VPN Overlay

13
802.1x, Security and Encryption

• 802.1x is purely an authentication standard and
  is a Standard for Port Based Network Access
  Control
• 802.1x applies to wired and wireless networks
• 802.1x defines methods for authentication and key
  distribution plus other things
• 802.1x is usable with currently standardized
  authentication/key distribution schemes (i.e. -
  RADIUS/ Kerberos)
• 802.1x is a work in progress
• Usable with currently standardized
  authentication/key distribution schemes (i.e. -
  RADIUS/ Kerberos)
• Does not specify MAC level encryption type (I.e.
  WEP40/104 or other), so independent of it
• However, 802.1x can be used to set WEP keys
• Addresses Key Distribution problem
• Permits rapidly changing, individual WEP keys
• WEP is still required for encryption

14
Access ControlRADIUS Access Control (RAC)

• Extension to existing Access Control system to
  make it more usable for large networks
• Access Control table does not reside in each
  Access Point but in a RADIUS server
• Server device that communicates with APs using
  RFC 2138 defined RADIUS protocol definition.
  (RADIUS Remote Authentication Dial-In User
  Service)
• Network administrator needs to manage one Access
  Control table which rather then one for each AP
• RAC will overcome the limitation of the 497
  entries that an AP-based Access Control Table can
  hold at maximum

15
Secure Wireless LAN Architecture
16
And if you dont believe secure wireless
communications is important
17
(No Transcript)
18
Thank YouGary Zavitzgaz_at_interbeach.com416-347-
9251