1 / 24

Wir eless Netw ork

Wir eless Netw ork. Basic Concepts Protocols Standards Speed Security Encryption. Basic Concepts:.

keanu
Download Presentation

Wir eless Netw ork

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. WirelessNetwork

  2. Basic Concepts Protocols Standards Speed Security Encryption

  3. Basic Concepts: Protocols: Anetwork protocol defines rules and conventions for communication between network devices. Protocols for computer networking all generally use packet switching techniques to send and receive messages in the form of packets. Network protocols include mechanisms for devices to identify and make connections with each other, as well as formatting rules that specify how data is packaged into messages sent and received. Some protocols also support message acknowledgement and data compression designed for reliable and/or high-performance network communication. Hundreds of different computer network protocols have been developed each designed for specific purposes and environments.

  4. 802.11 a Standards: IEEE 802.11a-1999 or 802.11a is an amendment to the IEEE 802.11 specification that added a higher data rate of up to 54 Mbit/s using the 5 GHz band. It has seen widespread worldwide implementation, particularly within the corporate workspace. The amendment has been incorporated into the published IEEE 802.11-2007 standard. The 802.11a standard uses the same core protocol as the original standard, operates in 5 GHz band, with a maximum raw data rate of 54 Mbit/s, which yields realistic net achievable throughput in the mid-20 Mbit/s. 802.11a is not interoperable with 802.11b as they operate on separate bands, except if using equipment that has a dual band capability. Most enterprise class Access Points have dual band capability. Using the 5 GHz band gives 802.11a a significant advantage, since the 2.4 GHz band is heavily used to the point of being crowded. Degradation caused by such conflicts can cause frequent dropped connections and degradation of service.

  5. 802.11 b Standards: IEEE 802.11b-1999 or 802.11b, is an amendment to the IEEE 802.11 specification that extended throughput up to 11 Mbit/s using the same 2.4 GHz band. This specification under the marketing name of Wi-Fi has been implemented all over the world. The amendment has been incorporated into the published IEEE 802.11-2007 standard.

  6. 802.11 g Standards: Networks employing 802.11g operate at radio frequencies between 2.400 GHz and 2.4835 GHz, the same band as 802.11b. But the 802.11g specification employs orthogonal frequency division multiplexing (OFDM), the modulation scheme used in 802.11a, to obtain higher data speed. Computers or terminals set up for 802.11g can fall back to speeds of 11 Mbps. This feature makes 802.11b and 802.11g devices compatible within a single network. Modification of an 802.11b access point to 802.11g compliance usually involves only a firmware upgrade..

  7. 2.4 GHz Wi-Fi channels (802.11b,g) 2.4 GHz Wi-Fi channels (802.11b,g)

  8. 2.4 GHz Wi-Fi channels (802.11b,g)

  9. 802.11 n Is an amendment to the IEEE 802.11-2007 wireless networking standard to improve network throughput over the two previous standards—802.11a and 802.11g—with a significant increase in the maximum net data rate from 54 Mbit/s to 300 Mbit/s (slightly higher gross bit rate including for example error-correction codes, and slightly lower maximum throughput) with the use of four spatial streams at a channel width of 40 MHz. and by adding multiple-input multiple-output antennas (MIMO). 802.11n operates on both the 2.4 GHz and the lesser used 5 GHz bands.

  10. Standards / Speeds

  11. Security Authentication: Before being allowed to exchange data traffic with the wireless network, the wireless network node must be identified and (depending on the authentication method) must submit credentials that can be validated. Encryption: Before sending a wireless data packet, the wireless network node must encrypt the data to ensure data confidentiality.

  12. Authentication Does not provide authentication, only identification using the wireless adapter’s mac address. Is the default Open system Authentication OSA request OSA response Verifies that an authentication-initiation station has knowledge of a shared secret. The shared secret is delivered to the participating wireless clients bye means of a secure channel that is independent of IEEE 802.11 Shared Key Authentication SKA request SKA response w/challenge text SKA w/encrypted challenge SKA response

  13. Authentication Does not provide authentication, only identification using the wireless adapter’s mac address. Is the default IEEE 802.1X standard Verifies that an authentication-initiation station has knowledge of a shared secret. The shared secret is delivered to the participating wireless clients bye means of a secure channel that is independent of IEEE 802.11 Shared Key Authentication

  14. Encryption Encryption is the process of changing data into a form that can be read only by the intended receiver. To decipher the message, the receiver of the encrypted data must have the proper decryption key (password). In traditional encryption schemes, the sender and the receiver use the same key to encrypt and decrypt data. Example: In this case the key is the password you supply when adding files to your ZIP-file - to unzip the file the same password must be supplied.

  15. Encryption WEP: is a weak security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network. WEP, recognizable by the key of 10 or 26 hexadecimal digits, is widely in use and is often the first security choice presented to users by router configuration tools. WAP: WPA replaces WEP with a strong new encryption technology called Temporal Key Integrity Protocol (TKIP) with Message Integrity Check (MIC). It also provides a scheme of mutual authentication using either IEEE 802.1X/Extensible Authentication Protocol (EAP) authentication or pre-shared key (PSK) technology. WAP 2:WPA2 supports IEEE 802.1X/EAP authentication or PSK technology. It also includes a new advanced encryption mechanism using the Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption Standard (AES).

  16. Encryption WPA and WPA2 Mode Types

  17. Equipment • Cisco 5500 Series Wireless Controllers • Supports a higher client density than other wireless LAN controllers • Delivers more efficient roaming, with at least nine times the throughput of existing 802.11a/g networks • Optimizes and protects network performance by mitigating interference • Offers software license flexibility to add additional access points as business requirements change • Supports advanced services, including OfficeExtend for secure mobile teleworking and Enterprise Wireless Mesh solutions which allows access points to dynamically establish wireless connections in hard-to-connect locations

  18. Equipment Cisco 4400 Series Wireless LAN Controllers :The Cisco 4400 Series Wireless LAN Controller is available in two models. The Cisco 4402 Wireless LAN Controller with two 1 GB Ethernet ports comes in configurations that support 12, 25, and 50 access points. The Cisco 4404 Wireless LAN Controller with four 1 GB Ethernet ports supports 100 access points. The Cisco 4402 controller provides one expansion slot. The Cisco 4404 controller provides two expansion slots that can be used to add VPN termination today, as well as enhanced functionality in the future. In addition, each Cisco 4400 WLAN Controller supports an optional redundant power supply to ensure maximum availability.

  19. Equipment Cisco Aironet 1240AG Series IEEE 802.11a/b/g access points deliver the versatility, high capacity, security. Designed specifically for challenging RF environments such as factories, warehouses, and large retail establishments, they have the versatility associated with connected antennas, rugged metal enclosure, and broad operating temperature range. The Cisco Aironet 1240AG Series may also be configured to support Enterprise Wireless Mesh, providing wireless connectivity for indoor areas that are difficult or impossible to wire. Mesh access points do not require wired connections; they use the 2.4-GHz frequency to deliver network access to users in hard-to-reach areas and the 5-GHz band to backhaul traffic to traditional access points connected to Ethernet ports. The Aironet 1240AG Series is available in: A lightweight version. An autonomous version that can be field-upgraded to lightweight operation A single-band 802.11g version for use in regulatory domains that do not allow 802.11a/5 GHz operation.

  20. Equipment • The Cisco Aironet 3500p Access Point is: • Ideal for high-density stadium and arena deployments • Delivers greater wireless capacity to deliver a better fan experience and facilitate 3G/4G cellular offload • Built with directional, narrow beamwidth external antennas for targeted coverage and minimal interference • Designed with a rugged metal housing that provides extended operating temperature • CleanAir technology for a self-healing, self-optimizing network that avoids RF interference • ClientLink to improve reliability and coverage for legacy clients • BandSelect to boost 5 GHz client connections in mixed client environments • VideoStream which uses multicast to improve multimedia applications.

  21. Monitoring

  22. Monitoring Tools Wi-spy –Chanalizer 4 Wireshark Wireshark Insider Solarwinds PRTG: Paessler

  23. Best Practices • Monitor the Network Periodically • Check WLC Log • Create a log server if Possible • Check the Switches performance (cpu, memory, bandwitdth, etc.) • Analyze the protocols (sniff the nt) • Analyze the signal spectrum • Manage Traffic • Create Vlans to Segment the network traffic • Implement QoS • Security • Apply acls, encryption, authentication, etc. • Avoid to use generic users to authenticate for services • Plan for access-point coverage to radiate out toward windows, but not beyond

  24. Useful Links http://www.computerworld.com/s/article/86951/Best_Practices_for_Wireless_Network_Security?taxonomyId=15&pageNumber=1 http://www.cisco.com/en/US/products/ps10981/index.html http://www.cisco.com/en/US/products/ps10315/index.html http://standards.ieee.org/about/get/802/802.11.html

More Related