Wireless Networks (2.1, 2.4, 4.2, 4.3 & 5.4) Flashcards
Wireless Local Area Network (WLAN)
▪ Allows users to roam within a coverage area
▪ Popularity has increased exponentially
▪ Convenient to use and expand network access throughout a room, floor, or building
▪ IEEE 802.11 is the most common type
▪ Other wireless options exist (used for PAN)
● Bluetooth
● Infrared (IR)
● Near-Field Communications (NFC)
● Ant+
● Z-Wave
Ad Hoc
▪ Wireless devices communicate directly with each other without the need for a centralized access point
▪ Peer-to-Peer connections
Infrastructure
▪ Wireless devices communicate with other wireless or wired devices through a wireless router or access point
▪ Traditional WiFi in Home and Office networks
Wireless Access Point (AP or WAP)
▪ Expands wired LAN into the wireless domain
● Does not interconnect two networks
(not a router)
● Functions as a hub
▪ Connects wired LAN and wireless devices into the same subnet
▪ All clients on an access point are on a single collision domain
Wireless Router
▪ Gateway device and base station for wireless devices to communicate with each other and connect to the Internet
▪ Often combines many features into one device:
● Wireless Access Point (WAP or AP)
● Router
● Switch
● Firewall
● Fiber, Cable, or DSL modem
Independent Basic Service Set (IBSS)
What is independent basic service set?
A Independent Basic Service Set (IBSS) forms an ad hoc, independent, self-contained network with station-to-station traffic flowing directly, receiving data transmitted by another station, and only filtering traffic based on the MAC address of the receiver
Basic Service Set (BSS)
The Basic Service Set is a term used to describe the collection of Stations which may communicate together within an 802.11 network. The BSS may or may not include AP (Access Point) which provide a connection onto a fixed distribution system such as an Ethernet network.
Extended Service Set (ESS)
An extended service set (ESS) is a wireless network, created by multiple access points, which appears to users as a single, seamless network, such as a network covering a home or office that is too large for reliable coverage by a single access point.
Mesh Topology
▪ May not use a centralized control
▪ Range of combined wireless defines network
▪ Uses WiFi, Microwave, Cellular, and more
AP Placement
▪ Careful planning is required to prevent the APs from interfering with one another and still maintaining the desired coverage area in ESS
▪ Coverage should overlap between APs to allow uninterrupted roaming from one cell to another but can’t use overlapping frequencies
AP Placement (2.4 Ghz)
▪ Non-overlapping coverage cells for 2.4 GHz band should have 10% to 15% coverage overlap in coverage area
AP Placement (5 Ghz)
▪ Identical channels should be separated by at least two cells instead of one
Site Surveys
▪ Wireless survey to determine coverage areas
▪ Produces a heat map with coverage
Wireless Range Extenders
▪ Specialized device that overcomes distance limitations of wireless networks
▪ Amplifies the signal and extends reachability or a wireless cell
▪ Wireless repeater receives signal on one antenna and repeats it on other
Antennas
▪ Coverage areas vary based on the type used
▪ Most SOHO wireless APs have fixed antennas
▪ Enterprise-class APs support different types
▪ Factors in antenna effectiveness
● Distance
● Pattern of Wireless Coverage
● Environment (indoor/outdoor)
● Avoiding Interference with other APs
Omnidirectional Antenna
Radiates power equally in all directions.
Unidirectional Antenna
Focuses power in one direction for covering greater distances.
Spread Spectrum Wireless Transmissions
▪ Direct-Sequence Spread Spectrum (DSSS)
▪ Frequency-Hopping Spread Spectrum (FHSS)
▪ Orthogonal Frequency-Division Multiplexing (OFDM)
▪ Only DSS and OFDM are commonly utilized in today’s WLANs
Direct-Sequence Spread Spectrum (DSSS)
▪ Modulates data over an entire range of frequencies using a series of signals known as chips
▪ More susceptible to environmental interference
▪ Uses entire frequency spectrum to transmit
Frequency-Hopping Spread Spectrum (FHSS)
▪ Devices hop between predetermined frequencies
▪ Increases security as hops occur based on a common timer
Orthogonal Frequency Division Multiplexing (OFDM)
▪ Uses slow modulation rate with simultaneous transmission of data over 52 data streams
▪ Allows for higher data rates while resisting interference between data streams
Frequencies and Channels
▪ IEEE 802.11 standards are differentiated by their characteristics, such as frequency range used:
● 2.4 GHz band
o 2.4 GHz to 2.5 GHz range
● 5 GHz band
o 5.75 GHz to 5.875 GHz range
▪ Each band has specific frequencies (or channels) to avoid overlapping other signals
▪ Channels 1, 6, and 11 will avoid overlapping frequencies in 2.4 GHz band
Channel Bonding
▪ Allows you to create a wider channel by merging neighboring channels into one
802.11 Wireless Standards
▪ 802.11 ax
● 6 Ghz spectrum
● Can reach speeds of up to 9.6 Gbps using MU-MIMO technology
● Fully backward compatible with Wireless A, B, G, N, and AC devices
Radio Frequency Interference (RFI)
▪ Caused by using similar frequencies to WLAN
▪ Common sources of interference:
● Other wifi devices (overlapping channels)
● Cordless phones and baby monitors (2.4 GHz)
● Microwave ovens (2.4 Ghz)
● Wireless security systems (2.4 GHz)
● Physical obstacles (Walls, appliances, cabinets)
● Signal strength (Configurable on some devices)
Carrier Sense Multiple Access/Collision (Avoidance/ Detection)
▪ WLAN uses CSMA/CA to control access to medium, where wires Ethernet uses CSMA/CD
▪ Listens for transmission to determine if safe to transmit
● If channel is clear, transmits Request to Send (RTS)
● Device waits for acknowledgment
● If received an RTS, responds with Clear to Send (CTS)
● If not received, device starts random back off timer
Wireless Security
o Wireless networks offer convenience, but also many security risks
▪ Encryption of data transferred is paramount to increasing security
Pre-Shared Key
▪ Both AP and client uses same encryption key
▪ Problems:
● Scalability is difficult if key is compromised
● All clients must know the same password
Wired Equivalent Privacy
▪ Original 802.11 wireless security standard
● Claimed to be as secure as wired networks
▪ Static 40-bit pre-shared encryption key
● Upgraded to 64-bit and 128-bit key over time
▪ Uses 24-bit Initialization Vector (IV)
● Sent in clear text
▪ Brute Force Attack within minutes using AirCrack-ng and other tools
Wi-Fi Protected Access (WPA)
▪ Replaced WEP and its weaknesses
▪ Temporal Key Integrity Protocol (TKIP)
● 48-bit Initialization Vector (IV) instead of 24-bit IV
● Rivest Cipher 4 (RC4) used for encryption
▪ Uses Message Integrity Check (MIC)
● Confirms data was not modified in transit
▪ Enterprise Mode WPA
● Users can be required to authenticate before exchanging keys
● Keys between client and AP are temporary
Wi-Fi Protected Access 2 (WPA2)
▪ Created as part of IEEE 802.11i standard
● Requires stronger encryption and integrity checks
● Integrity checking through CCMP
o Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
▪ Uses Advanced Encryption Standard (AES)
● 128-bit key or above
▪ Supports two modes
● Personal mode with pre-shared keys
● Enterprise mode with centralized authentication
WiFi Exam Tips
If you are asked about / Look for the answer with: Open = No security or protection WEP = IV WPA = TKIP and RC4 WPA2 = CCMP and AES
WiFi Exam Tips
If you are asked about / Look for the answer with: Open = No security or protection WEP = IV WPA = TKIP and RC4 WPA2 = CCMP and AES
WEP and WPA/WPA2 Security Cracking
▪ Utilities can capture wireless packets and run mathematical algorithms to determine the pre-shared key
Network Authentication 802.1x
▪ Each wireless user authenticates with their own credentials
▪ Used also in wired networks
Extensible Authentication Protocol (EAP)
▪ Authentication performed using 802.1x ▪ EAP-FAST ● Flexible Authentication via Secure Tunneling ▪ EAP-MD5 ▪ EAP-TLS
MAC Address Filtering
▪ Configures an AP with a listing of permitted MAC addresses (like an ACL)
▪ Problems:
● Knowledgeable users can falsify their MAC easily using freely available tools
● Examples:
o MAC Address Changer (Windows)
o MacDaddyX (OSX)
o Macchanger (Linux)
Network Admission Control (NAC)
▪ Permits or denies access to the network based on characteristics of the device instead of checking user credentials
▪ Conducts a posture assessment of client
● Checks the OS and antivirus version of client
Captive Portals
▪ Web page that appears before the user is able to access the network resources
▪ Webpage accepts the credentials of the user and presents them to the authentication server
Geofencing
▪ GPS or RFID defines real-world boundaries
▪ Barriers can be active or passive
▪ Device can send alerts if it leaves area
▪ Network authentication can use it to determine access
Disable SSID Broadcast
▪ Configures an AP to not broadcast the name of the wireless LAN
▪ Problem:
● Knowledgeable users can still easily find the SSID using wireless sniffing tools
Rogue Access Point
▪ Malicious users set up an AP to lure legitimate users to connect to the AP
▪ Malicious users can then capture all the packets (data) going through the rogue access point
Unsecured Wireless Networks
▪ War Driving
● Occurs when users perform reconnaissance looking for unsecured wireless networks
▪ War Chalking
● Occurs when users write symbols on a wall to notify others of AP characteristics
