Lesson #9: Exploring Wireless LANs
Wireless LANs / Wi-Fi
The popularity of WLANs is undeniable. The following three main
driving forces play in favor of WLANs:
- Increased productivity
- Cost savings compared to wired deployment
WLANs let users access servers, printers, and other
network resources regardless of their location, within the wireless
reach. This flexibility means that, for example, a user's laptop stays connected
working from a colleague's cubicle, from a small meeting room, or from the cafeteria.
Recognizing the benefits brought about by WLAN flexibility, businesses
are now deploying WLANs in record numbers.
According to a 2003 NOP World research study, WLAN users stayed connected to
their corporate network 3.64 hours per day longer than their wired peers, thus
increasing their productivity by 27 percent. Through the flexibility of
WLANs, not only does the productivity go up, but the response times are also
The benefits of wireless mobility donít stop at laptops
and personal digital assistants (PDAs). IP telephony
and videoconferencing are also supported over WLANs, integrating quality
of service (QoS) to ensure that the interactive traffic
has priority over the less-time-sensitive data transfers.
Another significant benefit of WLANs is their low-cost deployment in locations
where the costs of running LAN wire would be prohibitive. The total cost
of ownership (TCO) of a WLAN is very low compared to
the benefits they bring to an organization, providing that a WLAN is secured and
Companies that are not deploying WLANs quickly enough find that employees take
the matter in their own hands and install their own WLANs, potentially creating
significant breaches in the corporate network security infrastructure.
Therefore, wireless security is an important topic to discuss in
conjunction with wireless design.
WLANs, seen just a few years ago as a novelty, are now seen as critical to
Wireless Technology Overview
In its most simplistic form, a WLAN is an LAN that uses radio frequency
(RF) to communicate instead of using copper wire cabling.
As shown below, wireless clients connect to wireless access points
(WAPs) also refered to as just access points
Wired and Wireless Networks
Because WLANs use RF (Radio Frequency), the
throughput (speed) is inversely proportional to the
distance between the transmitter and the
receiver. Therefore, everything being equal (notwithstanding interferences),
the closer a wireless client is to a transmitter, the greater is the throughput;
Throughput (Coverage) Is Related to the Distance
from the RF Transmitter
However, wireless communication brings a trade-off between flexibility and
mobility versus battery life and usable bandwidth.
WLAN standards that are currently supported by major vendors were developed by
the Working Group 11 of the Institute of Electrical and Electronics Engineers
(IEEE) 802 committee. The most common standards are shown here:
The 802.11a standard operates in the unlicensed
5 GHz band, which makes the transmission vulnerable to interference from
microwave ovens and cordless phones. The strength of
802.11b and 802.11g
signals, which operate in the 2.4 GHz band, is affected negatively by
water, metal, and thick walls.
The 802.11b and 802.11g standards divide the 2.4 GHz
band into 14 overlapping individual channels. The overlap
spans a width of 5 adjacent channels, therefore channels 1, 6, and 11 do not
overlap and therefore can be used to set up multiple networks. The
802.11a standard is an amendment to the original standard. The
advantage of using 802.11a is that it suffers less from interference, but its
use is restricted to almost line of sight, thus requiring the installation of
more access points than 802.11b to cover the same area.
The medium access method of the IEEE 802.11
standards, called the Distribution Coordination Function
(DCF), is similar to the Carrier Sense Multiple
Access with Collision Detect (CSMA/CD) access method
used by Ethernet.
The following types of frames are transferred over
- Data frame— Network traffic.
- Control frame— Frame controlling access to the medium,
similar to a modemís analog connection control mechanism, with its
Request To Send (RTS), Clear To Send (CTS), and acknowledgment (ACK)
- Manager frame— Frames similar to data frames, pertaining
to the control of the current wireless transmission.
Other Wireless Standards
Other wireless standards include the following:
- Bluetooth— This is a specification for short-range radio
links between mobile computers, mobile phones, digital cameras, and
other portable devices, such as headsets. Bluetooth could be considered
a standard for a personal area network
- HomeRF— In 1998, a consortium was formed to promote the
idea of HomeRF to be used with products in the home market. The
participants were, among others, Siemens, Motorola, and Compaq.
The main components of wireless networks are as follows:
- Wireless access points (WAP or AP)
- Wireless client devices (hosts)
Wireless Access Points
WAPs provide connectivity between wireless client devices and the wired
network, as shown in the image above.
Integrated Access Point
Integrating Routing and Wireless Functionality
The WAP does not need to be a stand-alone device. Many vendors offer
integrated access point functionality for some small—
to medium— business (SMB) and small office— home
office (SOHO) routers, as shown below.
By installing a wireless interface card
(WIC) in Cisco, Linksys, Netgear, and other routers.
You can run concurrent routing, switching, and security services and
include IEEE 802.11 wireless LAN functionality in
a single device.
Wireless Client Devices
A wireless client device is equipped with a wireless
interface card (WIC), which the device
uses to communicate over RF with WAPs. Wireless clients can be the following
items, among other things:
- User workstations and laptops
- Wireless print servers
- Wireless web cams & secirity cameras
- Smart Phones & PDAs
- Wireless IP phones
User Workstations and Laptops: Ad-Hoc
In addition to connecting to a WLAN access point,
two wireless clients can form an exclusive, point-to-point, wireless
network directly without the need for an access point (e.g. a wireless version
of an Ethernet cross-over cable). This type of point-to-point
network is known as an ad-hoc network, whereas a traditional
one-to-many (access point -to- wireless clients) WLAN is called an
Smart Phone & PDA Wi-Fi
Wireless Smart Phones and PDAs—
devices that connect directly to the wireless network— play a significant
role in an organization where time is extremely sensitive. An example of
where 802.11g-compatible devices (wireless PDAs) are put to benefit is triage
nurses who are faster at inputting their assessment and sharing their findings
on the spot rather than walking back to the nursesí station to do so.
Wireless IP Phones
Deploying Wireless IP Phones
Absolute campus mobility is probably best demonstrated by wireless IP phones.
These 802.11b/g phones have built-in security, QoS, and management features.
Wireless IP phones leverage existing IP telephony deployments, as shown below.
Wireless Security: 802.11i & 802.1x
Although security was originally included with 802.11 standards, it soon
became obvious that it wasnít enough. Wireless security— or the lack
of it— has been a major contributor to IT managersí reluctance to adapt
Recently, wireless security has improved dramatically, providing IT managers
with an acceptable level of comfort to proceed with the installation of WLANs.
IEEE 802.11i, released in June 2004, addresses current security
In addition to the 802.11 suite of standards, the 802.1x
standard can be used for wireless security. More precisely, 802.1x
addresses port-based access control.
Wireless Security Issues
A main issue with wireless communication is unauthorized access to network
traffic or, more precisely, the watching, displaying, and logging of network
traffic, also known as sniffing. Contrary
to a wired network, where a hacker would need to be physically located at the
corporate premises to gain access through a network drop, —with
a wireless network, the intruder can access the network from a location outside
the corporate building. WLANs use radio frequencies, and their signals
propagate through ceilings and walls. Therefore, wireless eavesdropping,
also known as war driving or walk-by hacking,
—and rogue Access Points, unauthorized WAPs
that allow a hacker access to a network, —are two significant security
issues with wireless networks.
In addition, wireless equipment tends to ship with open
access. Not only is traffic propagated in clear
text, but WAPs also voluntarily broadcast their identity, known as the
Service Set Identifier (SSID).
Wireless Threat Mitigation
Thanks to the wireless open-access default mode, we can join a
Wi-Fi network from our favorite coffee shop or hotel room; however,
this unrestricted access is not advisable for corporate or SOHO networks.
Wireless network security can be classified into the following
- Basic wireless security
- Enhanced wireless security
- Wireless intrusion detection
Basic Wireless Security
Basic wireless security is provided by the following built-in functions:
- Wired Equivalent Privacy (WEP)
- Media Access Control (MAC) address verification
An SSID is a code that identifies membership with a WAP.
All wireless devices that want to communicate on a Wi-Fi network must
have their SSID set to the same value as the WAPs SSID to establish connectivity
with the WAP, —very much like a NetBIOS workgroup
By default, a WAP broadcasts its SSID every few seconds. This broadcast
can be stopped so that a drive-by hacker canít automatically discover the SSID
and hence the WAP. However, because the SSID is included in the
beacon of every wireless frame, it is
easy for a hacker equipped with sniffing equipment to discover the
SSID and fraudulently join the network.
The WAP periodically advertises SSID and other network information using a
special 802.11 management frame known as a beacon.
Being able to join a wireless network by the mere fact of knowing
the SSID is referred to as open
WEP -Wired Equivalent Privacy
WEP can be used to alleviate the problem of SSID broadcasts by
encrypting the traffic between the wireless clients and WAPs.
Joining a wireless network using WEP is referred to as
shared-key authentication, where the
AP sends a challenge to the wireless client who must return it encrypted.
If the AP can decipher the clientís response, the WAP has the proof that
the client possesses valid keys and therefore has the right to
join the wireless network. WEP security comes in two encryption strengths:
64-bit and 128-bit.
Even if a user manages to proceed with open authentication —for
example, he guesses the SSID, if WEP is activated, he could
not communicate with the AP until he obtains the authentication keys.
However, WEP is not considered secure: A hacker sniffing first the
challenge and then the encrypted response could reverse-engineer
the process and deduce the keys used by the client and WAP.
MAC Address Verification
To increase wireless security, a network administrator could use MAC address
filtering, in which the WAP is configured with the MAC addresses
of the wireless clients that are to be permitted access.
Unfortunately, this method is also not secure because frames could be
sniffed to discover a valid MAC address, which the hacker could then spoof.
Enhanced Wireless Security
The stronger security standards, shown below, were created to replace the
weaknesses in WEP.
||802.11 Original Standards
||Open authentication or
||Wi-Fi Protected Access (WPA),|
IEEE 802.1x is a port-based network access control
standard. It provides per-user, per-session, mutual strong authentication,
not only for wireless networks but also for wired networks, if need be.
Depending on the authentication method used, 802.1x can also provide
encryption. Based on the IEEE Extensible Authorization Protocol
(EAP), 802.1x allows WAPs and clients to share and
exchange WEP encryption keys automatically. The access point
acts as a proxy, doing the heavier computational load
of encryption. The 802.1x standard also supports a centralized key
management for WLANs.
WPA -Wi-Fi Protected Access
WPA was introduced as an intermediate solution to
WEP encryption and data integrity insecurities while the IEEE 802.11i
standard was being ratified.
When WPA is implemented, access to the WAP is provided only to
clients that have the right passphrase.
Although WPA is more secure than WEP, if the
preshared key is stored on the
wireless client and the client is stolen, a hacker could get access
to the wireless network.
WPA supports both authentication and encryption.
Authentication done through preshared keys is known as
WPA Personal; when done through 802.1x,
it is known as WPA Enterprise.
WPA offers Temporal Key Integrity Protocol
(TKIP) as an encryption algorithm and a new
integrity algorithm known as
Michael. WPA is a subset of the
In June 2004, the IEEE ratified the draft for the 802.11i standard,
also known as WPA2. The WPA2 /
802.11i standard formally replaces WEP and other security
features of the original IEEE 802.11 standard.
WPA2 is the product certification given to
wireless equipment that is compatible with the 802.11i standard.
WPA2 certification provides support for the additional mandatory
802.11i security features that are not included in WPA.
WPA2, like WPA, supports both Enterprise
and Personal modes for authentication.
In addition to stricter encryption requirements, WPA2
also adds enhancements to support fast roaming
of wireless clients by allowing a client to preauthenticate with
the access point toward which it is moving, while maintaining a connection to
the access point that it is moving away from.
Wireless Intrusion Detection
Many products provide rogue access point detection.
However, some third-party products integrate better than others with
specific WAPs. One such third-party product is from AirDefense. This
product provides wireless intrusion detection that uses the
access points to scan the airwaves and report wireless activity.
WLANs are relatively inexpensive to deploy compared to wired networks, and
because, as shown above, throughput is directly related to the
proximity of WAPs. Network managers often install WAPs to
provide overlapping signals, as shown below. Using
this overlapping design, coverage (radius) area is traded for
Overlapping Signals Eliminate Dead Spots
Note: these overlapping signals must be in nonoverlapping
channels. This scenario, however, requires WLAN roaming.
WLAN roaming plans consider that as a user moves away from a WAP
and is therefore losing signal strength, his connection should seamlessly jump to
a WAP that provides a stronger signal.
It is not always feasible to run a network cable between two buildings to join
their respective LANs into a single broadcast domain. If
the two buildings are a reasonable distance apart and preferably in direct
line of sight with each other, wireless bridges
can be configured, as shown below. It takes two WAPs to create one
logical two-port bridge. In this mode, WAPs are
operating in a dedicated point-to-point bridge mode and therefore
are no longer operating as wireless access points for clients.