Lesson 15: Deploying and Troubleshooting Wireless Networks Flashcards
What standards are wireless LANs (WLANs) based on?
802.11- subsets a, b, g, WIFI 5 (AC), and WIFI 6 (ax)
Like Ethernet, what does 802.11 for wifi use for collision management?
Carrier sense multiple access with collision avoidance (CSMA/CA)
Define a frequency band
Portion of the radio frequency spectrum in which wireless devices operate such as 2.4 GHz or 5 GHz
What are facts on 2.4 GHz frequency?
- Better at propagating through solid surfaces, making it ideal longer signal range
- Doesn’t support high number of individual channels
- Increased risk of interference
- Decreased bandwidth compared to 5 GHz
What are facts on 5 GHz
- Doesn’t propagate through solid surfaces well, less ideal for long range
- More individual channels and less interferance
- Increased bandwidth
Describe the 5 GHz frequency band
- Subdivided into 24 non-overlapping channels
- Each channel is 20 MHz wide
- Features Dynamic Frequency Selection (DFS)
Describe the 2.4 GHz frequency band
- Subdivided into 14 channels
- Each channel is 5 MHz wide
- In the US, channels 1, 6, and 11 are used to combat overlapping channels
Define Multiple Input Multiple Output (MIMO)
Increases WIFI bandwidth by multiplexing the reception and transmission signals from 2 to 4 separate antennas
What 802.11 standard uses Multiple Input Multiple Output (MIMO)
802.11 or WIFI 4
Define channel bonding
Capability to aggregate one or more adjacent channels to increase bandwidth
What Wi-Fi standard is WI-FI 5 known as?
802.11ac
What are the achievable bandwidths with WIFI 5?
At least 1GB
What Wi-Fi standard is WI-FI 6 known as?
802.11ax
What is beamforming?
A WI-FI 5 and WI-FI 6 capability (aka Multiuser MIMO (MU-MIMO)) that implement spatial multiplexing to allow multiple stations to connect simultaneously
What mechanism does RTS/CTS support?
Carrier sense multiple access with collision avoidance (CSMA/CA)
How does RTS/CTS function?
Rather than try to detect collisions, a wireless station indicates its intent to transmit by broadcasting a Request To Send (RTS) and waits to receive a Clear To Send (CTS) before proceeding.
Define a station in a wireless network
A wireless network device
How do stations connect to the WLAN ?
Connect through a base station or access point (AP), forming a logical star topology
Define an infrastructure Basic Service Set (BSS)
The access point in a WLAN, that mediates communications between client devices and can also provide a bridge to a cabled network segment.
What is the MAC address of an AP referred to as?
Basic Service Set Identifier (BSSID)
What is defined as a wireless network name?
Service Set Identifier (SSID)
Define the function of a Beacon Frame
A management frame broadcasted by an AP to advertise the SSID of the WLAN and other service capabilities
What does a Beacon Frame contain?
SSID, supported data rates, encryption/authentication requirements
What mechanism determines wireless data rate?
Based on the distance between the AP and wireless client, Dynamic Rate Switching/Selection (DRS) determines if the connection between devices is strong, and if so, will select the highest available data rate, and if the connection is will it will reduce the data rate
What is a site survey?
Planning tool to ensure WLAN delivers acceptable data rates to supported devices in all physical locations expected
Define a fat AP
Access point whose firmware contains enough processing logic to be able to function autonomously and handle clients without the use of a wireless controller
Define a thin AP
Access point that requires a wireless controller in order to function
What is the role of speed when assessing wireless performance?
Speed is the data rate established at the physical and data link layers determined by standards support, use of bonded channels, and optimizations, such as MU-MIMO and attenuation.
What is the role of throughput when assessing wireless performance?
Throughput is the amount of data that can be transferred at the network layer
Define the inverse square rule in accordance with radio frequency attenuation
As the distance from the antenna increases, the strength of the signal decreases; doubling the distance decreases the signal strength by a factor of four
Define RSSI (received signal strength indicator)
the strength of the signal from the transmitter at the client end; When measuring RSSI, dBm will be a negative value with values closer to zero representing better performance. A value around - 65 dBm represents a good signal, while anything over -80 dBm is likely to suffer packet loss or be dropped
Define SNR (Signal-to-Noise Ratio)
comparative strength of the data signal to the background noise; measured in dBm, but here values closer to zero are less welcome as they represent higher noise levels
How are RSSI and SNR measured?
RSSI and SNR can be measured by using a Wi-Fi analyzer
What are the two types of channel interference?
co-channel interference (CCI) and adjacent channel inference (ACI)
Define co-channel interference (CCI)
Access points within range of one another are configured to use the same channel, causing reduced opportunities to transmit.
How is co-channel interference (CCI) mesaured?
Measured as a percentage referred to as channel utilization from an AP or WIFI analyzer, a channel shouldn’t be above 50% utilization
When designing a WLAN, how many clients per AP to determine how many APs are needed in the building/area
30 clients per AP; total the number of devices that will connect to wifi by 30
Define reflection/bounce interference
Mirrors or shiny surfaces cause signals to reflect causing packet loss and data rate drop
Define refraction interference
Glass or water causing radio waves to bend and take a different path to the receiver; can also cause the data rate to drop
Define absorption interference
the degree to which walls and windows will reduce signal strength
Define WPA and its use
Wifi protected access (WPA) is a set of standards for authenticating and encrypting access to wifi networks
What mechanisms/controls does WPA2 utilize?
AES (Advanced Encryption Standard) and CCMP (Cipher Block Chaining Message Authentication Code Protocol)
What are the 3 types of wifi autenticaiton?
- Personal
- Open
- enterprise
What are the two methods of personal authentication?
- pre-shared key (PSK)
- simultaneous authentication of equals (SAE)
Define pre-shared key (PSK)
WPA2 control, AKA group authentication because a group of users share the same secret/passphrase to authenticate to a wireless network
How does a device authenticate to a pre-shared key (PSK) access point?
Using a pre determined key between 8-63 characters which is stored and encrypted to a hash value known as the pairwise master key (PMK) which is used to communicate encrypted traffic between a device and AP with the 4 way handshake
What is best practice to mitigate security concerns with WPA2 pre-shared key (PSK)
A minimum passphrase/secret of 14 characters
What are the personal authentication improvements between WPA2 and WPA3?
Password Authenticated Key Exchange (PAKE) replaces pairwise master key (PMK) and Simultaneous Authentication of Equals (SAE) replaces the 4 way handshake
What are the problems with personal authentication?
- Key/passphrase can’t be secured
- Users can choose unsecure passphrase
- No accounting of login as users share the same credential
Define WPA enterprise
Wireless network authentication mode where the access point acts as pass-through for credentials that are verified by an AAA server
How does an AP that authenticates with WPA enterprise authenticate with an AAA server?
802.1x protocol uses Extensible Authentication Protocol over wireless (EAPoW) to authenticate against a network directory without allowing any other type of network access
What versions of WPA use 802.1x Extensible Authentication Protocol over wireless (EAPoW)
WPA2-Enterprise or WPA3-Enterprise
What is likely the issue if a user inputs the correct credentials to a wifi network but still can’t connect?
The users device most likely doesn’t support the encryption and authentication standards configured on the AP
How do clients and APs control connections?
Management frames
Define a disassociation/deauthentication frame
Management frame handling process by which a station is disconnected from an access point
Define a flap
When a client goes back and forth between two access points in a mesh network causing numerous disassociations and reassociations
Define a disassociation attack
Exploits the lack of encryption in management frame traffic to send spoofed frames
What are disassociation attacks used to do?
Denial of service (DoS) attack to prevent network access, but the attacker could also be attempting to use an evil twin/rogue AP to intercept network traffic
When configuring a WLAN extended service area, what has to be configured the same on each AP?
ESSID (extended service set identifier) and security parameters, and same channel
When troubleshooting a dead zone, what should be checked?
- Antenna placement
- Antenna cable attenuation
- EIRP (Effective Isotropic Radiated Power) which is the sum of transmit power, antenna cable/connector loss, and antenna gain
Define HWMP (Hybrid Wireless Mesh Protocol)
Routing protocol that allows mesh stations to perform path discovery and forwarding between peers
What does enabling HWMP (Hybrid Wireless Mesh Protocol) cause?
Nodes, or mesh stations, in a wireless mesh network form a Mesh Basic Service Set (MBSS), when they are capable of discovering one another and peering
Define an IBSS (Independent Basic Service Set)
a type of wireless network where connected devices communicate directly with each other instead of over an established medium such as an access point
Why did Wi-Fi 6 reinstate operation in the 2.4 GHz band?
To support Internet of Things (IoT) device connectivity
What is an Extended Service Area (ESA)
conceptual area in which one or more Basic Service Set(s) is member of an ESS (Extended Service Set) allowing members to communicate
Define a bridged wifi network
In bridge mode, the access points will not support wireless clients; they simply forward traffic between the cabled segments.
What measure should be taken to securely implement WPA2-PSK?
A key/passphrase of at least 14 characters