CCDA 640-864 Summary Notes – Chapter 5 – Day 9

Posted on Updated on


Cisco Unified Wireless Network (UWN) architecture – combines wireless and wired network.

Exam Topic 1: Wireless LAN Technologies

WLAN Standards

IEEE 802.11 (Legacy) (1997)

  • Speeds of 1 (typical) and 2 (max)  Mbps
  • Used direct sequence spread spectrum (DSSS) and frequency-hopping spread spectrum (FHSS) in L1 
    • DSSS divides data into separate sections; each section travels over different frequencies at the same time
    • FHSS sends data in bursts and uses a frequency-hopping sequence  – first frequency 1 then 2 , eventually back to 1.
  • Wireless Fidelity (WiFi) is the interoperability certification for 802.11 and is governed by Wireless Ethernet Compatibility Alliance (WECA)
  • Uses ISM Frequency

802.11b (1999)

  • Maximum Data rate of 11Mbps
  • Speeds of 11 (max), 5.5, 2, 1
  • Uses 11 channels of the Industrial, Scientific, and Medical (ISM) frequencies
  • Uses DSSS
  • Backward compartible with 802.11 DSSS  systems
  • Uses 2.4 GHz bands
  • Typical data rate = 6.5 Mbps
  • Most commonly deployed

802.11a (1999) aka WiFi5

  • Maximum Data rate of  54 Mbps
  • Incompatible with 802.11b and 802.11g
  • Speeds of 54 (max), 48,36,24,18,12,9,6 Mbps
  • Uses 13 Channels of Unlicensed National Information Infrastructure (UNII) frequencies
  • Uses the 5 GHz band
  • Typical data rate = 25Mbps

802.11g (2003)

  • Max Data rate of 54 Mbps
  • Uses 2.4 GHz ISM Frequencies
  • Backward compatible with 802.11b
  • Typical data rate 25Mbps

802.11n (2009)

  • Includes Multiple Input Multiple Output antennas
  • Maximum data rate 600Mbps using 4 spatial streams each wik 40 MHz width. The signals are multiplexed by using different spaces within the same spectral channel. These spaces are known as spatial streams.
  • Uses DSSS
  • Uses orthogonal frequency-division multiplexing (OFDM) as a digital carrier modulation method
  • Uses both 2.4GHz and 5GHz bands
  • ISM or UNII
  • Typical data rate 200 Mbps

ISM and UNII Frequencies

ISM Frequencies

  • Set aside by the 5.138 and 5.150 ITU-R radio regulations
  • Specified for unlicenced use
  • Ranges:
    • 900 MHz to 928 MHz
    • 2.4 GHz to 2.5 GHz

ISM-usage

  • 5.75 GHz to 5.875 GHz

Unlicensed National Information Infrastructure UNII Frequencies

  • Specified for use with 802.11a
  • Provides 12 non overlapping channels for 802.11a
  • Ranges:
    • UNII 1: 5.15 GHz to 5.25 GHz and 5.25 GHz to 5.35 GHz
    • UNII 2: 5.47 GHz to 5.725 GHz
    • UNII 3: 5.725 GHz to 5.875 GHz (Overlaps with ISM)

Service Set Identifier (SSID)

  • WLANs network name
  • 2 to 32 Characters long
  • To communicate, all devices must have same SSID
  • Equivalent to VLANs in wired networks

WLAN Layer 2 Access Method

Access method used: carrier sense multiple access collision avoidance (CSMA/CA). Each station listens to see whether a station is transmitting or not. If no activity, the station transmits, If activity, station sets random countdown timer. Transmits when the timer expires

WLAN Security

Wired Equivalent Privacy (WEP) Protocol

  • Used in 802.11b
  • Vulnerable to numerous attacks
  • Works at the Data link layer
  • Shares the same key for all nodes to communicate

IEEE 802.11i – WiFi Protected Access 2 (WPA2) and Robust Security Network (RSN)

  • Supercedes WEP
  • Components:
    • 4-Way Handshake and Group Key Handshake
      • Use 802.1X for authentication
    • Robust Security Network (RSN)
      • Establishes security network associations
      • Tracks security network associations
    • Advanced Encryption Standard (AES)
      • Provides Confidentiality, Integrity and Origin authentication

Unauthorized Access

DSSS enables APs to identify WLAN cards via their MAC addresses and this may be a cause of security breach.

MAC addresses can be spoofed hence static assignments and access is unsecure

APs enhance security by:

  • Implementing MAC address filtering

Not very scalable and can be hacked. Users can gather a list of the MAC addresses by listening then use the MAC to connect to AP

  • Protocol filtering

WLAN Security Design Approach

  • Use of EAP-Flexible Authentication via Secure Tunneling (EAP-FAST) to secure authentication
  • Use VPN with IPSec to secure traffic from wireless to wired network
  • WLANs with IPsec VPN software
  • Use IEEE 802.1X-2001 port-based access control protocol
    • Standard for LAns
    • Authenticates users before allowing access to the network
      • Client requests access to services. Send EAP to switch
      • Switch verifies client with the authentication server
      • Server validates client and authorizes client. No encryption provided
  • Use WPA

Dynamic WEP Keys

  • Per user per session WEP keys for more security

LEAP

  • Developed for centralized user-based authentication
  • Uses mutual athentication between user and server
  • uses IEEE 802.1X for 802.11 authentication
  • Can be used with Temporal Key Integrity Protocol (TKIP)
  • Uses RADIUS server to manage user info
  • combination of 802.1X and EAP
  • More scalable than MAC filtering
  • Does not support one-time passwords (OTP)

Controlling WLAN Access to Servers

  • RADIUS and DHCP servers should be secondary servers and not primary servers
    • Should be in a differentsement (VLAN) from the primary. This way, attacks will be confined to only thisVLAN
      • Access to the VLAn should be filtered
    • Network access to the servers should be controlled.
    • Protect against network attacks
    • Use IDS to detect attacks to these servers
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s