gary zavitz [email protected] wireless lan site surveys and security considerations site surveys...

Gary ZavitzGary Zavitz

[email protected]@interbeach.com

Wireless LANWireless LAN Site Surveys and Security Site Surveys and Security

ConsiderationsConsiderations

eLearning…Wired and Wirelessly!eLearning…Wired and Wirelessly!

eLearning…Wired and Wirelessly!

Experience

WBT and ILT training experience

Producer, Developer of Virtual Webinars

Wireless Computing Instructor

Telecom Management Certification

Chair of Sheridan College Telecom Alumni Association


A Warehouse Without Wires

The client has expanded warehouse operations into a large area, that lacks existing wiring. The ceiling is very high, and the floor is thick concrete. It will be quite expensive to install traditional data wiring. They have some fork lifts whose operators use mobile terminals which need LAN connectivity.

Think about what type of area this represents, and what design considerationsmight need to be made.


Why a site survey?

Determine actual coverage area

Determine number of wireless cells needed

Determine location of access point and/or wireless servers


Wireless – planning considerations

Number of total and simultaneous users Average and maximum bandwidth needed Degree of user roaming Site survey input Location of AP’s to maximize connectivity and

bandwidth (distance/density/overlap) Frequency/channel usage (1,6,11 non-

overlapping) Redundancy


RF Barrier description RF Barrier severity ExamplesAir MinimalWood Low partitionsPlaster Low inner wallsSynthetic material Low partitionsAsbestos Low ceilingsGlass Low windowsWater Medium damp wood , aquariumBricks Medium inner and outer wallsMarble Medium inner wallsPaper rolls High paper on a rollConcrete High floors, outer wallsBulletproof glass High security boothsMetal Very high desks, metal partitions

Barriers and attenuation of signals


Security Concerns

We are concerned and need what ever wireless solution is deployed to be secure.

We’d like to have an easy to manage, centralized system for updating keys, and validating AP’s and clients.

Using MAC based filters at each of the AP’s is too much of a hassle.


wLAN Security - Wired Equivalency Privacy

WEP : symmetric encryption (shared key), defines method but not how to share and distribute/manage keys

RC4 algorithm (40+24 bits keys) WIFI compliant

104 + 24 bits proprietary (non IEEE standard/non WiFi scope) but interoperable implementations (i.e. Lucent/Cisco, others)

Phy - Header MAC Header and Payload

Preamble PLCP Header MAC Header CRC Payload

Encrypted

Init Vector 24 bits ICV 32 bits Cyphertext


wLAN Security - WEP issue?

Goal was to address equivalent physical security as with fixed network

Should be used with other measures above and beyond to achieve data privacy

40 or 104 bit encryption, length of 24 bit init vector, sent as clear text, was concern of Berkeley article

Single Key per Network– multiple keys for Receive to allow key change-over

Most AP (Cisco, etc.) products support Radius based MAC authentication


EncryptionWired Equivalent Privacy

“64 WEP” standard available– 40-bit secret key + 24-bits Initialization Vector (IV)– IEEE 802.11 standard

“128RC4” available– 104-bit secret key + 24-bits Initialization Vector (IV)– Not IEEE 802.11 compliant

When WEP is enabled, Shared Key Authentication is enabled


Overview of 802.11b Security Vulnerabilities

Compromise of encryption key Theft of hardware is equivalent to theft of key Packet spoofing, disassociation attack Rogue AP Known plain-text attack Brute force attack Passive monitoring Replay attack


Wireless – Security Recommendations

Change default SSID, password, SNMP settings Avoid temping SSID names that identify hacker targets Configure as “Closed System” to not broadcast SSID

beacons or answer probes from clients set to “ANY” Minimize coverage beyond desired areas Use tools for periodic site surveys to spot “rogue” AP’s Consider limiting access based on MAC if practical Place APs in DMZ based VLAN and have clients VPN in Consider IPSec AP’s not in public accessible areas Address WEP Weaknesses via Key Rotation, 802.1x, WEP 2

(802.11i),VPN Overlay


802.1x, Security and Encryption 802.1x is purely an authentication standard and is a “Standard for Port

Based Network Access Control” 802.1x applies to wired and wireless networks 802.1x defines methods for authentication and key distribution plus other

things 802.1x is usable with currently standardized authentication/key distribution

schemes (i.e. - RADIUS/ Kerberos)

802.1x is a work in progress Usable with currently standardized authentication/key distribution schemes

(i.e. - RADIUS/ Kerberos) Does not specify MAC level encryption type (I.e. WEP40/104 or other), so

independent of it However, 802.1x can be used to set WEP keys

– Addresses Key Distribution problem– Permits rapidly changing, individual WEP keys– WEP is still required for encryption


Access ControlRADIUS Access Control (RAC)

Extension to existing Access Control system to make it more usable for large networks

Access Control table does not reside in each Access Point but in a RADIUS server:– Server device that communicates with APs using RFC

2138 defined RADIUS protocol definition. (RADIUS = Remote Authentication Dial-In User Service)

Network administrator needs to manage one Access Control table which rather then one for each AP

RAC will overcome the limitation of the 497 entries that an AP-based Access Control Table can hold at maximum


Secure Wireless LAN Architecture


And if you don’t believe secure wireless communications is

important…


Thank You

Gary ZavitzGary [email protected]

416-347-9251416-347-9251

gary zavitz [email protected] wireless lan site surveys and security considerations site surveys...

Documents