CompTIA Network+ N10-006 Cert Guide (2015)
Chapter 8. Wireless LANs
After completion of this chapter, you will be able to answer the following questions:
How do various wireless LAN technologies function, and what wireless standards are in common use?
What are some of the most important WLAN design considerations?
What WLAN security risks exist, and how can those risks be mitigated?
The popularity of wireless LANs (WLANs) has exploded over the past decade, allowing users to roam within a WLAN coverage area, take their laptops with them, and maintain network connectivity as they move throughout a building or campus environment. Many other devices, however, can take advantage of wireless networks, such as gaming consoles, smartphones, and printers.
This chapter introduces WLAN technology, along with various wireless concepts, components, and standards. WLAN design considerations are then presented, followed by a discussion of WLAN security.
Foundation Topics
Introducing Wireless LANs
This section introduces the basic building blocks of WLANs and discusses how WLANs connect into a wired local-area network (LAN). Various design options, including antenna design, frequencies, and communications channels, are discussed, along with a comparison of today’s major wireless standards, which are all some variant of IEEE 802.11.
WLAN Concepts and Components
Wireless devices, such as laptops and smartphones, often have a built-in wireless card that allows those devices to communicate on a WLAN. But what is the device to which they communicate? It could be another laptop with a wireless card. This would be an example of an ad hoc WLAN. However, enterprise-class WLANs, and even most WLANs in homes, are configured in such a way that a wireless client connects to some sort of a wireless base station, such as a wireless access point (AP) or a wireless router. Many companies offer WiFi as a service, and when in range of an AP, it is also referred to as a hotspot, indicating that WiFi is available through the AP.
This communication might be done using a variety of antenna types, frequencies, and communication channels. The following sections consider some of these elements in more detail.
Wireless Routers
Consider the basic WLAN topology shown in Figure 8-1. Such a WLAN might be found in a residence whose Internet access is provided by digital subscriber line (DSL) modem. In this topology, a wireless router and switch are shown as separate components. However, in many residential networks, a wireless router integrates switch ports and wireless routing functionality into a single device.
Figure 8-1 Basic WLAN Topology with a Wireless Router
In Figure 8-1, the wireless router obtains an IP address via DHCP from the Internet service provider (ISP). Then the router uses Port Address Translation (PAT), as described in Chapter 6, “Routing IP Packets,” to provide IP addresses to devices attaching to it wirelessly or through a wired connection. The process through which a wireless client (for example, a laptop or a smartphone) attaches with a wireless router (or wireless AP) is called association. All wireless devices associating with a single AP share a collision domain. Therefore, for scalability and performance reasons, WLANs might include multiple APs.
Wireless Access Point
Although a wireless access point (AP) interconnects a wired LAN with a WLAN, it does not interconnect two networks (for example, the service provider’s network with an internal network). Figure 8-2 shows a typical deployment of an AP.
Figure 8-2 Basic WLAN Topology with a Wireless AP
The AP connects to the wired LAN, and the wireless devices that connect to the wired LAN via the AP are on the same subnet as the AP. (No Network Address Translation [NAT] or PAT is being performed.) This is acting as a wireless bridge between the wireless clients connected to the AP and the wired devices connected to the switch in the same Layer 2 domain.
To manage multiple APs, a company will use a Wireless LAN Controller (WLC) for centralized management and control of the APs. A Cisco model 5760 WLC would be an example of a network controller for multiple APs. The protocols used to communicate between an AP and a WLC could be the older Lightweight Access Point Protocol (LWAPP) or the more current Control And Provisioning of Wireless Access Points (CAPWAP). Using a WLC, VLAN pooling can be used to assign IP addresses to wireless clients from a pool of IP subnets and their associated VLANs.
Antennas
The coverage area of a WLAN is largely determined by the type of antenna used on a wireless AP or a wireless router. Although some lower-end, consumer-grade wireless APs have fixed antennas, higher-end, enterprise-class wireless APs often support various antenna types.
Design goals to keep in mind when selecting an antenna include the following:
Required distance between an AP and a wireless client.
Pattern of coverage area. (For example, the coverage area might radiate out in all directions, forming a spherical coverage area around an antenna, or an antenna might provide increased coverage in only one or two directions.)
Indoor or outdoor environment.
Avoiding interference with other APs.
The strength of the electromagnetic waves being radiated from an antenna is referred to as gain, which involves a measurement of both direction and efficiency of a transmission. For example, the gain measurement for a wireless AP’s antenna transmitting a signal is a measurement of how efficiently the power being applied to the antenna is converted into electromagnetic waves being broadcast in a specific direction. Conversely, the gain measurement for a wireless AP’s antenna receiving a signal is a measurement of how efficiently the received electromagnetic waves arriving from a specific direction are converted back into electricity leaving the antenna.
Gain is commonly measured using the dBi unit of measure. In this unit of measure, the dB stands for decibels and the i stands for isotropic. A decibel, in this context, is a ratio of radiated power to a reference value. In the case of dBi, the reference value is the signal strength (power) radiated from an isotropic antenna, which represents a theoretical antenna that radiates an equal amount of power in all directions (in a spherical pattern). An isotropic antenna is considered to have gain of 0 dBi.
The most common formula used for antenna gain is the following:
GdBi = 10 * log10 (G)
Based on this formula, an antenna with a peak power gain of 4 (G) would have a gain of 6.02 dBi. Antenna theory can become mathematical (heavily relying on the use of Maxwell’s equations). However, to put this discussion in perspective, generally speaking, if one antenna has 3 dB more gain than another antenna, it has approximately twice the effective power.
Antennas are classified not just by their gain but also by their coverage area. Two broad categories of antennas, which are based on coverage area, are as follows:
Omnidirectional: An omnidirectional antenna radiates power at relatively equal power levels in all directions (somewhat similar to the theoretical isotropic antenna). Omnidirectional antennas, an example of which is depicted in Figure 8-3, are popular in residential WLANs and small office/home office (SOHO) locations.
Figure 8-3 Omnidirectional Antenna Coverage
Unidirectional: Unidirectional antennas can focus their power in a specific direction, thus avoiding potential interference with other wireless devices and perhaps reaching greater distances than those possible with omnidirectional antennas. One application for unidirectional antennas is interconnecting two nearby buildings, as shown in Figure 8-4.
Figure 8-4 Unidirectional Antenna Coverage
Another consideration for antenna installation is the horizontal or vertical orientation of the antenna. For best performance, if two wireless APs communicate with one another, they should have matching antenna orientations, which is referred to as the polarity of the antenna.
Frequencies and Channels
Later in this chapter, you are introduced to a variety of wireless standards, which are all variants of the IEEE 802.11 standard. As you contrast one standard versus another, a characteristic to watch out for is the frequencies at which these standards operate. Although there are some country-specific variations, certain frequency ranges (or frequency bands) have been reserved internationally for industrial, scientific, and medical purposes. These frequency bands are called the ISM bands, where ISM derives from industrial, scientific, and medical.
Two of these bands are commonly used for WLANs. Specifically, WLANs can use the range of frequencies in the 2.4-GHz to 2.5-GHz range (commonly referred to as the 2.4-GHz band) or in the 5.725-GHz to 5.875-GHz range (commonly referred to as the 5-GHz band). In fact, some WLANs support a mixed environment, where 2.4-GHz devices run alongside 5-GHz devices.
Within each band are specific frequencies (or channels) at which wireless devices operate. To avoid interference, nearby wireless APs should use frequencies that do not overlap with one another. Using wireless survey tools such as AirMagnet from Fluke Networks can provide analysis of what is currently in use, allowing you to set up a new wireless system that does not compete for the same frequencies that are already in use. Those same tools can assist in identifying wireless channel utilization as well in existing and new wireless networks. Regarding channel selection, merely selecting different channels is not sufficient, however, because transmissions on one channel spill over into nearby channels. Site survey tools can collect data to show the relative strength of signals in the areas being serviced by the APs. This output can be color-coded and overlaid on top of the floor plan and is often referred to as a heat map of the wireless signals.
Consider, for example, the 2.4-GHz band. Here, channel frequencies are separated by 5 MHz (with the exception of channel 14, which has 12 MHz of separation from channel 13). However, a single channel’s transmission can spread over a frequency range of 22 MHz. As a result, channels must have five channels of separation (5 * 5 MHz = 25 MHz, which is greater than 22 MHz). You can see from Figure 8-5 that, in the United States, you could select nonoverlapping channels of 1, 6, and 11.
Figure 8-5 Nonoverlapping Channels in the 2.4 GHz Band
Note
Even though some countries use channel 14 as a nonoverlapping channel, it is not supported in the United States.
As a reference, Table 8-1 shows the specific frequencies for each of the channels in the 2.4-GHz band.
Table 8-1 Channel Frequencies in the 2.4-GHz Band
The 5-GHz band has a higher number of channels, as compared to the 2.4-GHz band. Table 8-2 lists the recommended nonoverlapping channels for the 5-GHz band in the United States. Note that additional channels are supported in some countries.
Table 8-2 Nonoverlapping Channels in the 5-GHz Band Recommended for Use in the United States
CSMA/CA
In Chapter 4, “Ethernet Technology,” you learned about Ethernet’s carrier sense multiple access collision detection (CSMA/CD) technology. WLANs use a similar technology called carrier sense multiple access collision avoidance (CSMA/CA). Just as CSMA/CD is needed for half-duplex Ethernet connections, CSMA/CA is needed for WLAN connections because of their half-duplex operation. Similar to the way an Ethernet device listens to an Ethernet segment to determine whether a frame exists on the segment, a WLAN device listens for a transmission on a wireless channel to determine whether it is safe to transmit. In addition, the collision-avoidance part of the CSMA/CA algorithm causes wireless devices to wait for a random backoff time before transmitting.
Transmission Methods
In the previous discussion, you saw the frequencies used for various wireless channels. However, be aware that those frequencies are considered to be the center frequencies of a channel. In actual operation, a channel uses more than one frequency, which is a transmission method called spread spectrum. These frequencies are, however, very close to one another, which results in a narrowband transmission.
The three variations of spread-spectrum technology to be aware of for your study of WLANs include the following:
Direct-sequence spread spectrum (DSSS): Modulates data over an entire range of frequencies using a series of symbols called chips. A chip is shorter in duration than a bit, meaning that chips are transmitted at a higher rate than the actual data. These chips encode not only the data to be transmitted, but also what appears to be random data. Although both parties involved in a DSSS communication know which chips represent actual data and which chips do not, if a third party intercepted a DSSS transmission, it would be difficult for him to eavesdrop on the data because he would not easily know which chips represented valid bits. DSSS is more subject to environmental factors, as opposed to FHSS and OFDM, because of its use of an entire frequency spectrum.
Frequency-hopping spread spectrum (FHSS): Allows the participants in a communication to hop between predetermined frequencies. Security is enhanced because the participants can predict the next frequency to be used, but a third party cannot easily predict the next frequency. FHSS can also provision extra bandwidth by simultaneously using more than one frequency.
Orthogonal frequency-division multiplexing (OFDM): Whereas DSSS uses a high modulation rate for the symbols it sends, OFDM uses a relatively slow modulation rate for symbols. This slower modulation rate, combined with the simultaneous transmission of data over 52 data streams, helps OFDM support high data rates while resisting interference between the various data streams.
Of these three wireless modulation techniques, only DSSS and OFDM are commonly used in today’s WLANs.
WLAN Standards
Most modern WLAN standards are variations of the original IEEE 802.11 standard, which was developed in 1997. This original standard supported a DSSS and an FHSS implementation, both of which operated in the 2.4-GHz band. However, with supported speeds of 1 Mbps or 2 Mbps, the original 802.11 standard lacks sufficient bandwidth to meet the needs of today’s WLANs. The most popular variants of the 802.11 standard in use today are 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac, as described in detail in the following sections.
802.11a
The 802.11a WLAN standard, which was ratified in 1999, supports speeds as high as 54 Mbps. Other supported data rates (which can be used if conditions are not suitable for the 54 Mbps rate) include 6, 9, 12, 18, 24, 36, and 48 Mbps. The 802.11a standard uses the 5-GHz band and uses the OFDM transmission method. Interestingly, 802.11a never gained widespread adoption because it was not backward compatible with 802.11b, whereas 802.11g was backward compatible.
802.11b
The 802.11b WLAN standard, which was ratified in 1999, supports speeds as high as 11 Mbps. However, 5.5 Mbps is another supported data rate. The 802.11b standard uses the 2.4-GHz band and uses the DSSS transmission method.
802.11g
The 802.11g WLAN standard, which was ratified in 2003, supports speeds as high as 54 Mbps. Like 802.11a, other supported data rates include 6, 9, 12, 18, 24, 36, and 48 Mbps. However, like 802.11b, 802.11g operates in the 2.4-GHz band, which allows it to offer backward compatibility to 802.11b devices. 802.11g can use either the OFDM or the DSSS transmission method.
802.11n
The 802.11n WLAN standard, which was ratified in 2009, supports a wide variety of speeds, depending on its implementation. Although the speed of an 802.11n network could exceed 300 Mbps (through the use of channel bonding, as discussed later), many 802.11n devices on the market have speed ratings in the 130–150 Mbps range. Interestingly, an 802.11n WLAN could operate in the 2.4-GHz band, the 5-GHz band, or both simultaneously. 802.11n uses the OFDM transmission method.
One way 802.11n achieves superior throughput is through the use of a technology called multiple input, multiple output (MIMO). MIMO uses multiple antennas for transmission and reception. These antennas do not interfere with one another, thanks to MIMO’s use of spatial multiplexing, which encodes data based on the antenna from which the data will be transmitted. Both reliability and throughput can be increased with MIMO’s simultaneous use of multiple antennas.
Yet another technology implemented by 802.11n is channel bonding. With channel bonding, two wireless bands can be logically bonded together, forming a band with twice the bandwidth of an individual band. Some literature refers to channel bonding as 40-MHz mode, which is the bonding of two adjacent 20-MHz bands into a 40-MHz band.
The 802.11n high throughput (HT) standard defines modes for ensuring that older a/b/g devices and newer 802.11n devices can avoid collisions with each other.
802.11ac
The 802.11ac WLAN standard was published in 2013 and builds on (and is faster and more scalable than) 802.11n. 802.11ac is a 5-GHz only technology that can use wider channels in the 5-GHz band, more spatial streams, and multi-user MIMO (MU-MIMO).
802.11x Standard Summary
Table 8-3 acts as a reference to help you contrast the characteristics of the 802.11 standards.
Table 8-3 Characteristics of 802.11 Standards
Deploying Wireless LANs
When designing and deploying WLANs, you have a variety of installation options and design considerations. This section delves into your available options and provides you with some best practice recommendations.
Types of WLANs
WLANs can be categorized based on their use of wireless APs. The three main categories are independent basic service set (IBSS), basic service set (BSS), and extended service set (ESS). An IBSS WLAN operates in an ad hoc fashion, while BSS and ESS WLANs operate in infrastructure mode. The following sections describe the three types of WLANs in detail.
IBSS
As shown in Figure 8-6, a WLAN can be created without the use of an AP. Such a configuration, called an IBSS, is said to work in an ad hoc fashion. An ad hoc WLAN is useful for temporary connections between wireless devices. For example, you might temporarily interconnect two laptop computers to transfer a few files.
Figure 8-6 Independent Basic Service Set (IBSS) WLAN
BSS
Figure 8-7 depicts a WLAN using a single AP. WLANs that have just one AP are called BSS WLANs. BSS WLANs are said to run in infrastructure mode because wireless clients connect to an AP, which is typically connected to a wired network infrastructure. A BSS network is often used in residential and SOHO locations, where the signal strength provided by a single AP is sufficient to service all the WLAN’s wireless clients.
Figure 8-7 Basic Service Set (BSS) WLAN
ESS
Figure 8-8 illustrates a WLAN using two APs. WLANs containing more than one AP are called ESS WLANs. Like BSS WLANs, ESS WLANs operate in infrastructure mode. When you have more than one AP, take care to prevent one AP from interfering with another. Specifically, the previously discussed nonoverlapping channels (channels 1, 6, and 11 for the 2.4-GHz band) should be selected for adjacent wireless coverage areas.
Figure 8-8 Extended Service Set (ESS) WLAN
Mesh Topology
A mesh wireless network is a collection of wireless devices that may not use centralized control (decentralized management). The combined wireless coverage range defines the range of the network. This could also be referred to as a mesh cloud. Additional wireless technologies (besides WiFi) could be used to build a mesh wireless topology. This type of network could be used for hosts to communicate with other devices in the mesh, or the network could provide a gateway to the Internet or other networks.
Sources of Interference
A major issue for WLANs is radio frequency interference (RFI) caused by other devices using similar frequencies to the WLAN devices. Also, physical obstacles can impede or reflect WLAN transmissions. The following are some of the most common sources of interference:
Other WLAN devices: Earlier in this chapter, you read about nonoverlapping channels for both the 2.4-GHz and 5-GHz bands. However, if two or more WLAN devices are in close proximity and use overlapping channels, those devices could interfere with one another.
Cordless phones: Several models of cordless phones operate in the 2.4-GHz band and can interfere with WLAN devices. However, if you need cordless phones to coexist in an environment with WLAN devices using the 2.4-GHz band, consider the use of digital enhanced cordless telecommunications (DECT) cordless phones. Although the exact frequencies used by DECT cordless phones vary based on country, DECT cordless phones do not use the 2.4-GHz band. For example, in the United States, DECT cordless phones use frequencies in the range 1.92 GHz to 1.93 GHz.
Microwave ovens: Older microwave ovens, which might not have sufficient shielding, can emit relatively high-powered signals in the 2.4-GHz band, resulting in significant interference with WLAN devices operating in the 2.4-GHz band.
Wireless security system devices: Most wireless security cameras operate in the 2.4-GHz frequency range, which can cause potential issues with WLAN devices.
Physical obstacles: In electromagnetic theory, radio waves cannot propagate through a perfect conductor. So, although metal filing cabinets and large appliances are not perfect conductors, they are sufficient to cause degradation of a WLAN signal. For example, a WLAN signal might hit a large air conditioning unit, causing the radio waves to be reflected and scattered in multiple directions. Not only does this limit the range of the WLAN signal, but radio waves carrying data might travel over different paths. This multipath issue can cause data corruption. Concrete walls, metal studs, or even window film could reduce the quality of the wireless network signals.
Signal strength: The range of a WLAN device is a function of the device’s signal strength. Lower-cost consumer-grade APs do not typically allow an administrative adjustment of signal strength. However, enterprise-class APs often allow signal strength to be adjusted to ensure sufficient coverage of a specific area, while avoiding interference with other APs using the same channel.
As you can see from this list, most RFI occurs in the 2.4-GHz band as opposed to the 5-GHz band. Therefore, depending on the wireless clients you need to support, you might consider using the 5-GHz band, which is an option for 802.11a and 802.11n WLANs. With the increased use of wireless, both coverage and capacity-based planning should be done to provide acceptable goodput. Goodput refers to the number of useful information bits that the network can deliver (not including overhead for the protocols being used). Another factor is the density (ratio of users to APs), which if too high could harm performance of the network. Areas expecting high density would include classrooms, hotels, and hospitals. Device or bandwidth saturation could impact performance.
Wireless AP Placement
WLANs using more than one AP (an ESS WLAN) require careful planning to prevent the APs from interfering with one another, while still servicing a desired coverage area. Specifically, an overlap of coverage between APs should exist to allow uninterrupted roaming from one WLAN cell (which is the coverage area provided by an AP) to another. However, those overlapping coverage areas should not use overlapping frequencies.
Figure 8-9 shows how nonoverlapping channels in the 2.4-GHz band can overlap their coverage areas to provide seamless roaming between AP coverage areas. A common WLAN design recommendation is to have a 10–15 percent overlap of coverage between adjoining cells.
Figure 8-9 10 Percent to 15 Percent Coverage Overlap in Coverage Areas for Nonoverlapping Channels
If a WLAN has more than three APs, the APs can be deployed in a honeycomb fashion to allow an overlap of AP coverage areas while avoiding an overlap of identical channels. The example shown in Figure 8-10 shows an approach to channel selection for adjoining cells in the 2.4-GHz band. Notice that cells using the same nonoverlapping channels (channels 1, 6, and 11) are separated by another cell. For example, notice that none of the cells using channel 11 overlap another cell using channel 11.
Figure 8-10 Nonoverlapping Coverage Cells for the 2.4-GHz Band
Note
Although a honeycomb channel assignment scheme can be used for the 5-GHz band, identical channels should be separated by at least two cells, rather than the single cell shown for the 2.4-GHz band.
Securing Wireless LANs
WLANs introduce some unique concerns to your network. For example, improperly installed wireless APs are roughly equivalent to putting an Ethernet port in a building’s parking lot, where someone can drive up and access your network. Fortunately, various features are available to harden the security of your WLAN, as discussed in this section.
Security Issues
In the days when dial-up modems were popular, malicious users could run a program on their computer to call all phone numbers in a certain number range. Phone numbers that answered with modem tone became targets for later attacks. This type of reconnaissance was known as war dialing. A modern-day variant of war dialing is war driving, where potentially malicious users drive around looking for unsecured WLANs. These users might be identifying unsecured WLANs for nefarious purposes or simply looking for free Internet access. Devices like cell phones, laptops, tablets, and gaming and media devices could act as wireless clients as well as be used in a wireless attack as they have potential WiFi access to the network.
Other WLAN security threats include the following:
War chalking: Once an open WLAN (or a WLAN whose SSID and authentication credentials are known) is found in a public place, a user might write a symbol on a wall (or some other nearby structure) to let others know the characteristics of the discovered network. This practice, which is a variant of the decades-old practice of hobos leaving symbols as messages to fellow hobos, is called war chalking. Figure 8-11 shows common war-chalking symbols.
Figure 8-11 War-Chalking Symbols
WEP and WPA security cracking: As discussed later in this chapter, various security standards are available for encrypting and authenticating a WLAN client with an AP. Two of the less secure standards include Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). Although WPA is considered more secure than WEP, utilities are available on the Internet for cracking each of these approaches to wireless security. By collecting enough packets transmitted by a secure AP, these cracking utilities can use mathematical algorithms to determine the preshared key (PSK) configured on a wireless AP, with which an associating wireless client must also be configured.
Rogue access point: A malicious user could set up his own AP to which legitimate users would connect. Such an AP is called a rogue access point. That malicious user could then use a packet sniffer (which displays information about unencrypted traffic, including the traffic’s data and header information) to eavesdrop on communications flowing through his AP. To cause unsuspecting users to connect to the rogue AP, the malicious user could configure the rogue AP with the same service set identifier (SSID) as used by a legitimate AP. When a rogue AP is configured with the SSID of a legitimate AP, the rogue AP is commonly referred to as an evil twin.
Note
An SSID is a string of characters identifying a WLAN. APs participating in the same WLAN (in an ESS) can be configured with identical SSIDs. An SSID shared among multiple APs is called an extended service set identifier (ESSID).
Approaches to WLAN Security
A WLAN that does not require authentication or provide encryption for wireless devices (for example, a publicly available WLAN found in many airports) is said to be using open authentication. To protect WLAN traffic from eavesdroppers, a variety of security standards and practices have been developed, including the following:
MAC address filtering: An AP can be configured with a listing of MAC addresses that are permitted to associate with the AP. If a malicious user attempts to connect via his laptop (whose MAC address is not on the list of trusted MAC addresses), that user is denied access. One drawback to MAC address filtering is the administrative overhead required to keep an approved list of MAC addresses up-to-date. Another issue with MAC address filtering is that a knowledgeable user could falsify the MAC address of his wireless network card, making his device appear to be approved.
Disabling SSID broadcast: An SSID can be broadcast by an AP to let users know the name of the WLAN. For security purposes, an AP might be configured not to broadcast its SSID. However, knowledgeable users could still determine the SSID of an AP by examining captured packets.
Preshared key: To encrypt transmission between a wireless client and an AP (in addition to authenticating a wireless client with an AP), both the wireless client and the AP could be preconfigured with a matching string of characters (a PSK, as previously described). The PSK could be used as part of a mathematical algorithm to encrypt traffic, such that if an eavesdropper intercepted the encrypted traffic, he would not be able to decrypt the traffic without knowing the PSK. Although using a PSK can be effective in providing security for a small network (for example, a SOHO network), it lacks scalability. For example, in a large corporate environment, a PSK being compromised would necessitate the reconfiguration of all devices configured with that PSK.
Note
WLAN security based on a PSK technology is called personal mode.
IEEE 802.1X: Rather than having all devices in a WLAN be configured with the same PSK, a more scalable approach is to require all wireless users to authenticate using their own credentials (for example, a username and password). Allowing each user to have his own set of credentials prevents the compromising of one password from impacting the configuration of all wireless devices. IEEE 802.1x is a technology that allows wireless clients to authenticate with an authentication server (typically, a Remote Authentication Dial-In User Service [RADIUS] server).
Note
WLAN security based on IEEE 802.1x and a centralized authentication server such as RADIUS is called enterprise mode.
Chapter 4 discussed IEEE 802.1X in detail and described the role of a supplicant, an authenticator, and an authentication server, but Chapter 4 showed how IEEE 802.1X was used in a wired network. Figure 8-12 shows a wireless implementation of IEEE 8021X.
Figure 8-12 IEEE 802.1X Security for a WLAN
Note
IEEE 802.1S works in conjunction with an Extensible Authentication Protocol (EAP) to perform its job of authentication. A variety of EAP types exist, including Lightweight Extensible Authentication Protocol (LEAP), EAP-Flexible Authentication via Secure Tunneling (EAP-FAST), EAP-Transport Layer Security (EAP-TLS), EAP-Tunneled Transport Layer Security (EAP-TTLS), Protected EAP–Generic Token Card (PEAP-GTC), and Protected EAP–Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAPv2). Although these EAP types differ in their procedures, the overriding goal for each EAP type is to securely authenticate a supplicant and provide the supplicant and the authenticator a session key that can be used during a single session in the calculation of security algorithms (for example, encryption algorithms).
Security Standards
When configuring a wireless client for security, the most common security standards from which you can select are as follows:
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access Version 2 (WPA2)
The following sections describe these standards in detail.
WEP
The original 802.11 standard did address security; however, the security was a WEP key. With WEP, an AP is configured with a static WEP key. Wireless clients needing to associate with an AP are configured with an identical key (making this a PSK approach to security). The 802.11 standard specifies a 40-bit WEP key, which is considered to be a relatively weak security measure.
Because a WEP key is a static string of characters, it could be compromised with a brute-force attack, where an attacker attempts all possible character combinations until a match for the WEP key is found. Another concern, however, is that WEP uses RC4 as its encryption algorithm.
Note
RC4 (which stands for Ron’s Code or Rivest Cipher because it was developed by Ron Rivest of RSA Security) is sometimes pronounced arc 4.
RC4 uses a 24-bit initialization vector (IV), which is a string of characters added to the transmitted data, such that the same plain-text data frame will never appear as the same WEP-encrypted data frame. However, the IV is transmitted in clear text. So, if a malicious user, using packet-capture software, captures enough packets having the same WEP key, and because the malicious user can see the IV in clear text, he can use a mathematical algorithm (which can be performed with WEP-cracking software found on the Internet) to determine the static WEP key.
Some WEP implementations support the use of a longer WEP key (for example, 128 bits instead of 40 bits), making a WEP key more difficult to crack; however, both the wireless clients and their AP must support the longer WEP key.
WPA
The Wi-Fi Alliance (a nonprofit organization formed to certify interoperability of wireless devices) developed its own security standard, WPA, to address the weaknesses of WEP. Some of the security enhancements offered by WPA include the following:
WPA operating in enterprise mode can require a user to be authenticated before keys are exchanged.
In enterprise mode, the keys used between a wireless client and an access point are temporary session keys.
WPA uses Temporal Key Integrity Protocol (TKIP) for enhanced encryption. Although TKIP does rely on an initialization vector, the IV is expanded from WEP’s 24-bit IV to a 48-bit IV. Also, broadcast key rotation can be used, which causes a key to change so quickly that an eavesdropper would not have time to exploit a derived key.
TKIP leverages Message Integrity Check (MIC), which is sometimes referred to as Message Integrity Code (MIC). MIC can confirm that data was not modified in transit.
Although not typically written as WPA1, when you see the term WPA, consider it to be WPA Version 1 (WPA1). WPA Version 2, however, is written as WPA2.
WPA2
In 2004, the IEEE 802.11i standard was approved and required stronger algorithms for encryption and integrity checking than those seen in previous WLAN security protocols such as WEP and WPA. The requirements set forth in the IEEE 802.11i standard are implemented in the Wi-Fi Alliance’s WPA Version 2 (WPA2) security standard. WPA2 uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for integrity checking and Advanced Encryption Standard (AES) for encryption. WPA2 that uses a centralized server for authenticating users is referred to as Enterprise mode. An implementation of WPA2 that uses a configured password or PSK instead of a centralized server is referred to as Personal mode.
Additional Wireless Options
Other wireless technologies, such as Bluetooth, infrared (IR), and near-field communications (NFC), which are often integrated into smartphones, can also provide connectivity for a personal-area network (PAN) or other short-range networking applications.
Real-World Case Study
Acme Inc. hired an outside contractor who specializes in WiFi. The consultants came in and did a needs assessment and performed a wireless site survey. Recommendations were then made about the need for 15 access points in the headquarters office spaces and three access points at each of the remote branch offices. Three wireless LAN controllers, one for each office, will be used to manage the respective access points. The management of the access points through the wireless LAN controllers will be done primarily through the headquarters office using the WAN that is connecting the branch offices to the headquarters office.
Because of the high number of other WiFi access points being used in the same building as the headquarters office, Acme Inc. decided to use the 5-GHz range (due to less competition in that space) and to use 802.11n.
For security, Acme will use WPA2 in conjunction with a RADIUS server. ACME will use Enterprise mode for authentication of each user before allowing them access on the wireless network(s). The RADIUS server is integrated with Microsoft Active Directory so that Acme will not have to re-create every user account; the RADIUS server can check with the Active Directory server to verify user credentials and passwords.
There are separate SSIDs set up that map to the various VLANs and departments that are currently on the wired network. There is also a separate SSID set up as a wireless guest network that has limited access but does provide Internet access for guest users.
Once in place, a site survey was done again to verify the signal strengths and to identify any interference related to the wireless implementation. A heat map was provided to visually represent the signal strengths in the coverage areas in the respective office space.
Summary
The main topics covered in this chapter are the following:
Various components, technologies, and terms used in WLANs were identified.
WLAN design considerations were presented, such as the selection of WLAN standards, bands, and nonoverlapping channels. Potential sources of interference were also identified.
Some of the security risks posed by a WLAN were described and the technologies available for mitigating those risks were presented.
Exam Preparation Tasks
Review All the Key Topics
Review the most important topics from inside the chapter, noted with the Key Topic icon in the outer margin of the page. Table 8-4 lists these key topics and the page numbers where each is found.
Table 8-4 Key Topics for Chapter 8
Complete Tables and Lists from Memory
Print a copy of Appendix D, “Memory Tables” (found on the DVD), or at least the section for this chapter, and complete the tables and lists from memory. Appendix E, “Memory Table Answer Key,” also on the DVD, includes the completed tables and lists so you can check your work.
Define Key Terms
Define the following key terms from this chapter, and check your answers in the Glossary:
wireless access point (AP)
wireless router
decibel (dB)
omnidirectional antenna
unidirectional antenna
carrier sense multiple access collision avoidance (CSMA/CA)
direct-sequence spread spectrum (DSSS)
frequency-hopping spread spectrum (FHSS)
orthogonal frequency-division multiplexing (OFDM)
802.11a
802.11b
802.11g
802.11n
802.11ac multiple input
multiple output (MIMO)
channel bonding
independent basic service set (IBSS)
basic service set (BSS)
extended service set (ESS)
war chalking
service set identifier (SSID)
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access Version 2 (WPA2)
Enterprise mode
Personal mode
Complete Chapter 8 Hands-On Lab in Network+ Simulator Lite
Matching Wireless Standards and Terminology
Review Questions
The answers to these review questions are in Appendix A, “Answers to Review Questions.”
1. What type of antenna, commonly used in wireless APs and wireless routers in SOHO locations, radiates relatively equal power in all directions?
a. Unidirectional
b. Yagi
c. Parabolic
d. Omnidirectional
2. When using the 2.4-GHz band for multiple access points in a WLAN located in the United States, which nonoverlapping channels should you select? (Choose three.)
a. 0
b. 1
c. 5
d. 6
e. 10
f. 11
g. 14
3. What technology do WLANs use to determine when they gain access to the wireless media?
a. SPF
b. CSMA/CA
c. RSTP
d. DUAL
4. What IEEE 802.11 variant supports a maximum speed of 54 Mbps and uses the 2.4-GHz band?
a. 802.11a
b. 802.11b
c. 802.11g
d. 802.11n
5. Which of the following is used by IEEE 802.11n to achieve high throughput through the use of multiple antennas for transmission and reception?
a. MIMO
b. DSSS
c. FHSS
d. LACP
6. A WLAN formed directly between wireless clients (without the use of a wireless AP) is referred to as what type of WLAN?
a. Enterprise mode
b. IBSS
c. Personal mode
d. BSS
7. When extending the range for a 2.4-GHz WLAN, you can use nonoverlapping channels for adjacent coverage cells. However, there should be some overlap in coverage between those cells (using nonoverlapping channels) to prevent a connection from dropping as a user roams from one coverage cell to another. What percentage of coverage overlap is recommended for these adjacent cells?
a. 5 percent to 10 percent
b. 10 percent to 15 percent
c. 15 percent to 20 percent
d. 20 percent to 25 percent
8. If a WLAN does not require a user to provide credentials to associate with a wireless AP and access the WLAN, what type of authentication is said to be in use?
a. WEP
b. SSID
c. Open
d. IV
9. WEP’s RC4 approach to encryption uses a 24-bit string of characters added to transmitted data, such that the same plain-text data frame will never appear as the same WEP-encrypted data frame. What is this string of characters called?
a. Initialization vector
b. Chips
c. Orthogonal descriptor
d. Session key
10. What standard developed by the Wi-Fi Alliance implements the requirements of IEEE 802.11i?
a. TKIP
b. MIC
c. WEP
d. WPA2