Northeastern Illinois University

Authors

Salwa AbdelrahimSamia Nur Eldayim

Supervisor Prof. Cafatori

Introduction

Who are we ? What is the project about? Presentation highlights.

Wireless Networking

What is Wireless Local Area Network (WLAN)?

Differences between WLANs and LANs

Privacy issues. Connectivity issues. Mobility. National regulatory requirements.

Similarities between LAN and WLAN

Same Ethernet standard. Share common network Protocols.

Why Wireless?

Mobility Flexibility Ease and Speed of Deployment Cost Saving Scalability

Wireless Local Area Network (WLAN) Standards

IEEE 802.11 Standard. What Exactly Does 802.11 Define? IEEE WLAN Standards. Decision on Which WLAN Hardware is

Best. Update on New Standards.

802.11b 802.11a 802.11g

Frequency 2.4 GHz 5 GHz 2.4 GHz

Maximum link speed 11 Mbps 54 Mbps 54 Mbps

Typical link speed 4-5 Mbps 20 Mbps 20 Mbps

Optimal throughput 6 Mbps 32 Mbps 32 Mbps

Coverage (inside) 300-500 ft 100-164 ft 300-500 ft

Strengths Less expensive, most widely installed base

Faster than 802.11b, less interference

Faster than and compatible with 802.11b, price going down

Weaknesses Limited bandwidth, interference

Expensive, not compatible with 802.11b and 802.11 g, shorter range

Less devices to choose from, more expensive, interference

802.11 a/b/g

Security options

MAC filtering Disabled clients Local authentication Radius authentication Access control list

Security strategy open Authentication pre- shared key authentication (WEP) web authentication public key infrastructure (PKI) 802.1X WI-FI protected access authentication:

WPA WPA2 (802.11i)

WEP vs WPA

WEP WPA

Encryption Flawed, cracked by scientist and hackers

Fixes all WEP flaws

40-bit keys 128-bit keys

Static- same key used by every one on the network.

Dynamic session keys. Per user, per session, per packet keys.

Manual distribution of keys- hand typed into each device.

Automatic distribution of keys

Authentication Flawed, used WEP key itself for authentication

Strong user authentication, utilizing 802.1x and EAP.

WPA WPA2

Enterprise mode (Business and Government)

Authentication: IEEE 802.1x /EAPEncryption: TKIP /MIC

Authentication: IEEE 802.1x /EAPEncryption: AES-CCMP

Personal Mode (SOHO/personal)

Authentication: PSKEncryption: TKIP /MIC

Authentication: PSKEncryption: AES-CCMP

WPA vs WPA2

Open Area Vs Closed area.

802.11 signal range in a free space incur minimum or no loss e.g. a warehouse.

Caution is needed when there are some obstructions in the area e.g. campus buildings.

Loss of 3 db means half of the transmission has been lost.

Obstruction loss of 3.0 DB or more

Partition Loss (DB)

Fixed walls 3.00

Metal partitions 5.00

Exterior walls 10.00

Basement walls 20.00

WLAN Setup steps

Define Requirements. Design. Perform site survey. Deployment. Improve the network based site

survey results. Periodic site survey.

Deployment

Site Survey Preliminary plan. System requirements. Analysis features: - Access point location. - Signal strength. - Strongest Access point. - SNR. - Interference. - Transmission Speed. - Signals at channels. - Access point placement tips. - Access point count.

Received signal strength intensity

Campus Project Available Technologies in the market e.g.

Cisco, Alcatel, Aruba, etc. Why did we choose Alcatel Technologies. Components Required: -Existing network infrastructure. DHCP, AAA,DNS,VPN. -Clients (PC, PDA, Handset, etc). -Access points. - WLAN switches.

Access points (AP) mountingconsiderations

Mount AP standing or hanging either straight up or down and above obstructions.

Consider the antenna gain when mounting for proper radio orientation.

Mount AP in the same location as clients.

Continue AP mounting

Position AP in the center of covered area.

Do not position the AP more than 140 feet apart or higher than 16 feet.

Do not mount the AP within 3 feet of any metal obstruction e.g. metal ducts, electric conduit, water pipes, elevator shafts and metal walls.

AP Approach to contain Vulnerability and unauthorized access

Avoid placing AP against exterior walls or windows to avoid leak.

Reduce the broadcast strength of AP to keep within the area of coverage and avoid parking lot coverage.

Change the default SSID and allow AP’s to broadcast their SSID.

Change default management password on AP’s.

Steps and tools for WPA and WPA2 Deployment

1. Security mechanism and credentials.2. User authentication database.3. Client operating system.4. Supplicants.5. EAP types.6. Authentication server.7. Access points and clients NIC card.

Switch administration

Switch features. Switch configuration management.

Using CLI. Using switch web interface.

Monitor Menu

Wlan Menu

New SSID being created

Conclusion

Designing a wireless network is not an easy task. Many wireless attributes should be considered throughout the design process:

Following the steps needed to setup a wireless local area network.

Making the right decision in choosing the appropriate hardware and software which are suitable to the coverage area.

Cont,

As wireless regulations continually change it is important to reference the activities of the regularity committees before designing WLAN, nationally this include the Federal Communications Commission (FCC) and National Telecommunications and Information Administration (NTIA).

Cont,

WPA enhances data protection and access control on existing and future WI-FI wlan.

WPA2 provides improved encryption with AES and a high level of assurance.

WPA2 able to meet government and enterprise security requirements.

Recommendations

Alcatel with POE. Deploy Wlan in NEIU using WPA and

WPA2. Periodic site survey. Documentations for deployment and

trouble shouting. Implement the complete site survey

recommendations for AP count.

References

Alcatel internetworking,Inc. Omni Access 4000/4100 introduction, installation, administration and maintenance Student guide 2.0.2

Arunesh Mishra, William A.Arbaugh, An initial security Analysis of the IEEE802.1x standard, 6 Feb 2002

Jeffrey Wheat, Designing a wireless network Mattbews.Gast,802.11 wireless network

www.cisco.com, wi fi protected access,WPA2 and IEEE 802.11i www.wi-fi.org, Deploying wi fi protected access (WPA) and (WPA2) IN THE

Enterprise, March 2005 www.wi-fi.org, Enterprise solutions for wireless LAN security , wi-fi Alliance Feb 6

2003 www.wi-fi.org , wi-fi protected access, strong standards-based, interoperable

security for today wi-fi networks , wi-fi Alliance April 29,2003 15 www.wi-fi.org/open section/secure.asp TID = 2 wi-fi security

Questions?