300 likes | 497 Views
Enterprise Wireless LAN CIS 585 Stephen Choi | Kevin Todd | Stanley Yen. Presentation Overview. WLAN Intro, Site Survey, Hardware – Stephen Choi WLAN Bridging, Antennas – Kevin Todd WLAN Security Features – Stanley Yen. Presentation References:.
E N D
Enterprise Wireless LANCIS 585Stephen Choi | Kevin Todd | Stanley Yen
Presentation Overview • WLAN Intro, Site Survey, Hardware – Stephen Choi • WLAN Bridging, Antennas – Kevin Todd • WLAN Security Features – Stanley Yen Presentation References: Permission granted for reproduction and modification to Dr. Ganesan for educational purposes.
Wireless in a Wired World • Wireless LAN growth and trends • Mobility, Costs Savings • Disaster Recovery Solution • Embedded Devices • Wireless Standards – WECA 802.11b, 802.11a, 802.11g • Wireless more common in public spaces – Airports, Universities, Hotels, Cafes, etc.
Cisco 2600 Catalyst 3500 XL Catalyst 2924 LRE Catalyst LRE 3524 PWR XL POTS Splitter LRE 48 Catalyst 2924 XL PSTN Network CPE CPE LRE LRE LRE LRE VPN Room 1 Room 2 Example Project : Hilton Hotel / SG External Network BBSM Other Services Internet and VPN Internal Network Credit Card Server RADIUS Server CAT5 Cable • Video Servers • Local Content UBR7xxx Coax Cable CAT5 Cable PBX Aironet 350 Conference Room / Lounge / Pool 10/100 Ethernet Existing Telephone Pairs Cable Wireless Connections
Hilton Hotel – Wireless WAN The Hilton/SG utilizes wireless LAN technology inside and outside the building. Hilton/SG will connect to corporate intranet and Internet resources via wireless bridges from Hilton/PAS, which is approximately 4 miles apart.
Cisco Packet Magazine • Current Issue / 2nd Quarter 2002 • Also online: http://www.cisco.com/go/packet • Welcome to the Wireless Enterprise • WLAN How-to series • Part 1: Preparing for wireless LANs • Part 2: How to Build a Secure WLAN • The Once and Future WLAN
Access Points What are Access Points? • Acts as a wireless hub for wireless devices • Extends the range of coverage for a wireless LAN • Access points can accommodate a maximum number of wireless users • Access points can get expensive so a site survey is always recommended
Wireless Site Survey What is a site survey? • Ensure Coverage and VPN Connectivity/Subnets • Interference, absorption, noise • SNR and Packet retry count (<10%) • “Outside In” approach for Access Points • Reduce Cost • Understand the application • A good site survey can cost thousands! Packet Magazine, 2nd Quarter, 2002 http://www.cisco.com/go/packet
Roaming / Port Hopping Port Hopping • Allows a WLAN user to seamlessly move from one access point to another without having to reauthenticate or experience interrupted service. • Deployed in a typical Cisco BBSM (Building Broadband Service Manager) application – Hotel, Apartment users can roam throughout network and stay connected.
In-Line Power In-Line Power: • Makes installation easier • Reduces the number of power outlets • Works for most wireless devices – including access points, bridges, IP phones, etc.
Bridges / Workgroup Bridges • Wireless Bridge- connects a LAN to another LAN that uses the same protocol over a high-speed wireless connection at a range from 1 to 25 miles. • Workgroup Bridge- A bridge that is used in a WLAN to provide a link between remote workgroups, satellite offices, and mobile users to an Access Point or Wireless Bridge. Wireless Bridge Access Points Workgroup Bridge
Wireless Bridge Features • Enables outdoor links between buildings up to 25 miles. • Ideal for harsh environments and installations subject to plenum rating. Temperature ranges from -20° to 55°C with a NEMA enclosure. • Supports Point to Point (PTP) and Point to Multipoint (PTMP) configurations. • Broad ranges of supported antennas. • Connect hard to wire sites, noncontiguous floors, satellites offices, temporary networks, and warehouses with Inline power.
Point to Point (PTP) / Point to Multi-Point (PTMP) Bridges • PTP bridges Connect a LAN in one building to a LAN in another building. • Composed of a pair of bridges and directional antennae. • Antennae must have a line of sight with each other. • Cable is run from the antenna to its bridge which is connected to the network. • Comply with IEEE 802.11b wireless standard (allows for interoperability) or proprietary (faster speeds up to 100Mbps). • PTMP bridges can bring networks of multiple buildings together and require omni-directional antennae.
Point to Point / Point to Multi-Point • Point-to-Point Wireless Bridge Solution • Point-to-Multipoint Wireless Bridge Solution
Antennas • Most antennas are Omni-directional or Directional. • Each bridge has a radio built in or modular. • Each radio is composed of the transmitter and the receiver. • The transmitter encodes data from the LAN into the specified frequency spectrum and then transmits in through the antenna. • The receiver does the opposite, by decoding the frequencies from the antenna into data to be placed on the LAN. • Most wireless network products operate in the Industrial, Scientific, and Medical (ISM) bands (2.4- 2.4835 GHz – IEEE 802.11a)
Antennas • Omni-directional Antenna • Directional Antenna (Yagi)
Omni-directional Antennas Ceiling Mounted Antenna Mast Mounted Antenna
Directional Antennas Dish Antenna Yagi Antenna
Antennas • Fresnel Zone- the elliptical area immediately surrounding the visual path. It varies depending on the length of the signal path and the frequency of the signal. • As the distance between buildings grow, the curve of the earth (earth bulge) affects installation and requires antennas to be placed at higher elevations.
Wireless LAN Security Wireless LAN Security • Components of Wireless LAN Security • SSID and WEP • Encryption, Decryption, and Ciphers • Authentication • Mutual Authentication via RADIUS • Controversy Over Strong Encryption
Components of Wireless LAN Security What is wireless LAN security? • Access control ensures that sensitive data can be accessed only by authorized users. • Access to wired LAN’s is physical access to LAN ports while wireless LAN’s place “ports” everywhere within a certain radius of the access point. • Privacy ensures that transmitted data can be received and understood only by the intended audience. • Data transmitted on a wired LAN is directed to a particular destination while data on a wireless LAN is broadcasted over radio waves within a certain radius of the access point. • Security breach on a wired LAN is possible only if the LAN is physically compromised while a security breach on a wireless LAN can be performed from anywhere within the operating distance of the wireless LAN.
SSID and WEP IEEE 802.11b standard defines two mechanisms for providing access control and privacy. • SSID (Service Set Identifiers) • Rudimentary level of access control. • Common network name for the devices in a wireless LAN. • WEP (Wired Equivalent Privacy) • Prevent unauthorized users, who lack a correct WEP key, from gaining access to the network. • Protects wireless LAN data streams by encryption and allowing decryption only by users with the correct WEP keys. • Static WEP Keys vs. Dynamic WEP Keys.
Encryption, Decryption, and Ciphers Encryption • Conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption • Process of converting encrypted data back into its original form, so it can be understood. Ciphers • Sophisticated computer algorithms that rearrange the data bits in digital signals.
Authentication IEEE 802.11b standard defines two types of authentication methods. • Open Authentication • Authentication process is in clear-text and a client can associate with an access point even without supplying the correct WEP key. • Shared Key Authentication • Access point sends the client a challenge text packet that the client must encrypt with the correct WEP key and return to the access point. Authentication by MAC (Media Access Control) address • Access point will allow association by a client only if that client’s MAC address matches an address in an authentication table used by the access point.
Mutual Authentication via RADIUS Why Mutual Authentication? • Shared key authentication is only one-way. • Rogue access points can be placed on a wireless LAN. How Mutual Authentication Works:
Controversy Over Strong Encryption Strong Encryption • Ciphers that are essentially unbreakable without the decryption keys. • Companies and consumers view strong encryption as means to keep secrets, minimize fraud, and protect privacy. • Governments view strong encryption as potential vehicles by which criminals and terrorists might evade authorities. • Key-Escrow concept being debated.
Conclusion • Any Questions and Answers