wireless lan presented by: damian borth, florian seidel, thomas winterscheid
TRANSCRIPT
Wireless LAN
presented by:
Damian Borth, Florian Seidel,
Thomas Winterscheid
Contents
Definition The IEEE 802.11 standards Infrastructure and Impairments Hardware System Providers Advantages and Disadvantages Security Alternatives
Table of content
IEEE Standard 802.11 Basics
FrequencyOSI / ISO LayerModulationNet topology
Properties
Standard
There is the IEEE 802.11 Standard for WLAN`s
Sub specifications802.11a802.11b802.11g802.11e
Basics
OSI / ISO overviewPhysical Layer
• Wireless LAN is almost exclusively Spread Spectrum Radio
• direct sequence spread spectrum (DSSS)• frequency-hopping spread spectrum (FHSS) • infrared pulse position modulation (IrDA)
Data Link Layer• Carrier Sense Multiple Access with
Collision Avoidance (CSMA/CA) protocol
Basics
Frequence ISM band 2.4 GHz and 5 GHz 2.4 - 2.4835 GHz frequency band 5.725 - 5.850 GHz frequency band
Modus Ad hoc mode
• Peer to peer
Infrastructure mode• Using an access point network
Properties
Range: 100m – 400m (outdoors) 802.11b- DSSS @11Mbps 2.4GHz 802.11a- DSSS @54Mbps 5GHz 802.11g- DSSS @22Mbps 2.4GHz 802.11e- DSSS @22Mbps w/QoS
Contents (Part 2)
Definition The IEEE 802.11 standards Infrastructure and Impairments Hardware System Providers Advantages and Disadvantages Security Alternatives
How to install?
Two different use modes:AdHoc (P2P)Infrastructured (LAN) ?
?
?
?
Adhoc
Standard P2P connection Only for two PC`s Same way of configuration (IP range
etc...) Transferrate 11 Mbit/s Range ca. 30m-50m (outdoor 400m) WEP against eavesdropping
Infrastructured
Access points are needed Range 30m - 50m Access points act like bridges/gateways Installation of access points enables
„Roaming“ functionality Configuration of IP and administration like in
wired network Transferrate 11 Mbit/s
Impairments
Weakened by solid walls and concrete No influence through glass Range impairment can be increased
with additional antenna up to 2 km Bluetooth / IrDA
Which hardware you need?
WirelessLan-Card
Adapter USB
Access Point
e.g. Fujitsu-Siemense.g. Fujitsu-Siemens I-Gate WLANI-Gate WLAN
Pre-installed
Wired?
Connectivity to wired LAN Access points must be installed
(bridge functionality) Connectable to each kind of LAN
Roaming
Extended connectivity possibility Allows free mobility Access points transfers given IP within the network Roaming between different networks is also
possible (bridge/gateway)
Access to WAN?
...is possible by using access points connected to ISDN / DSL
Access points can act like a gateway No impairment to the transferrates
System provider
Producer Fujitsu-Siemens Aironet NDC Proxim Bay Networks Lucent RDC
Productname I-Gate Telxon Serie 3500 Instantwave Rangelan Airsurfer Wavelan Portlan
Contents (Part 3)
Definition The IEEE 802.11 standards Infrastructure and Impairments Hardware System Providers Advantages and Disadvantages Security Alternatives
Advantages
mobility / flexibility inexpensiveness ease of installation / usage extends LAN and doesn’t need to
replace it
Disadvantages
lack of security lower transmission rates than in wired
networks
Security
basic problem: broadcast of radio data transmission
piracy tools: AirSnort WEPcrack Network Stumbler, etc.
real problem: default settings of WLAN are insecure, e.g. „Accept ANY SSID“
Security - WEP
Wireless Equivalent Privacy based on RC4 encryption algorithm most important, but optional 128 bit encryption algorithm for data
encryption and authentification
Security - WEP
WEP does stream-encryption + generates key for each data package
to set up the stream, WEP uses the shared key and an initialization vector
the plain text information is parsed bit-by-bit and combined with pseudo random numbers (ensures that packages with same content are not equally encrypted)
Security - WEP
a carrier frequency is determined by the constallation of the data stream and broadcasted throughout the WLAN
the recipient deletes the pseudo random numbers and restores the plain text information
Weak Point
Initialization Vector (IV)24 biteasily predictable (usually increment
by1)Same IV + (constant) Shared Key
IV-Collision (same WEP-Key)many IV-Collisions allow extraction
Security check
change default settings (e.g. password)
use WEP encryption change WEP key regularly filter MAC addresses position APs before firewall
Security check
check log files for intrusion attempts use “intrusion detection system” turn off DHCP use authentification
for extra high security use a VPN.
References & Bibliography
http://www.ieee.org http://www.tecchannel.de http://www.fujitsu-siemens.de “Data and Computer
Communications”,Sixth Edition, William Stallings, Prentice Hall
Any Questions?
Thank you.