Vous êtes sur la page 1sur 51

Raj the king

BZUpages.com

Technology
ON

BZUpages.com

Group Members

Taha Khan Danish Hussain Saleem Qadeer Farrukh Ali Imran Khan Shah Mehmood
BZUpages.com

Contents

Introduction Wi-Fi Technologies Wi-Fi Architecture & Types Wi-Fi Network Elements How a Wi-Fi Network Works Wi-Fi Network Topologies Wi-Fi Configurations Applications of Wi-Fi Wi-Fi Security Advantages/ Disadvantages of Wi-Fi
BZUpages.com

Introduction

Wireless Technology is an alternative to Wired Technology, which is commonly used, for connecting devices in wireless mode. Wi-Fi (Wireless Fidelity) is a generic term that refers to the IEEE 802.11 communications standard for Wireless Local Area Networks (WLANs). Wi-Fi Network connect computers to each other, to the internet and to the wired network.
BZUpages.com

What is Wi-Fi
Wi-Fi or 802.11b/g is the wireless standard used for local area networks operating at 2.4GHz. Virtually every new laptop and mobile being sold today comes already equipped with a compatible wireless WiFi adapter. The WiFi dial-up wireless router is compatible with either 802.11b or 802.11g adapters and allows local network data transfers at speeds of up to 11Mbps (megabits per second). All Intel Centrino laptops as well as adapters marked 802.11a/g are compatible.

BZUpages.com

The Wi-Fi Technology


Wi-Fi Networks use Radio Technologies to transmit & receive data at high speed:

IEEE 802.11b IEEE 802.11a IEEE 802.11g

BZUpages.com

IEEE 802.11b

Appear in late 1999 Operates at 2.4GHz radio spectrum 11 Mbps (theoretical speed) - within 30 m Range 4-6 Mbps (actual speed) 100 -150 feet range Most popular, Least Expensive Interference from mobile phones and Bluetooth devices which can reduce the transmission speed.
BZUpages.com

IEEE 802.11a

Introduced in 2001 Operates at 5 GHz (less popular) 54 Mbps (theoretical speed) 15-20 Mbps (Actual speed) 50-75 feet range More expensive Not compatible with 802.11b
BZUpages.com

IEEE 802.11g

Introduced in 2003 Combine the feature of both standards (a,b) 100-150 feet range 54 Mbps Speed 2.4 GHz radio frequencies Compatible with b
BZUpages.com

Wi-Fi Architecture & Types


BZUpages.com

WLAN Architecture
We can manage the WLAN (wireless local area network) with several types: Ad-Hoc Mode Mesh Mode

Infrastructure Mode

BZUpages.com

Ad-Hoc Mode

Peer-to-peer setup where clients can connect to each other directly. Generally not used for business networks.

BZUpages.com

Ad Hoc Structure

Mobile stations communicate to each other directly. Its set up for a special purpose and for a short period of time. For example, the participants of a meeting in a conference room may create an ad hoc network at the beginning of the meeting and dissolve it when the meeting ends.
BZUpages.com

Mesh Mode

Every client in the network also acts as an access or relay point, creating a self-healing and (in theory) infinitely extensible network.

Not yet in widespread use, unlikely to be in homes.

BZUpages.com

WLAN Architecture-Infrastructure
Mode There is an Access Point (AP),
which becomes the hub of a star topology.

BZUpages.com

Infrastructure network

There is an Access Point (AP), which becomes the hub of a star topology. Any communication has to go through AP. If a Mobile Station (MS), like a computer, a PDA, or a phone, wants to communicate with another MS, it needs to send the information to AP first, then AP sends it to the destination MS Multiple APs can be connected together and handle a large number of clients. Used by the majority of WLANs in homes and businesses.
BZUpages.com

Elements of a WI-FI Network


Access Point (AP) -

The AP is a wireless LAN base station that can connect one or many wireless devices simultaneously to the Internet.

Wi-Fi cards -

They accept the wireless signal and relay information.They can be internal and external.(e.g PCMCIA Card for Laptop and PCI Card for Desktop PC)

Safeguards -

Firewalls and anti-virus software protect networks from uninvited users and keep information secure.
BZUpages.com

as,
Antennas come in all shapes and styles:

Omni-directional:

Vertical Whip Ceiling mount

Directional:

Yagi (Pringles can) Wall mounted panel Parabolic dish


BZUpages.com

Types of Hardware

BZUpages.com

Basic concept is same as Walkie talkies. A Wi-Fi network is created by installing an access point to an internet connection. An access point acts as a base station.

How a Wi-Fi Network Works

BZUpages.com

A single access point can support up to 30 users and can function within a range of 100 150 feet indoors and up to 300 feet outdoors.
Many access points can be connected to each other via Ethernet cables to create a single large network.

BZUpages.com

Wi-Fi Network Topologies

BZUpages.com

Wi-Fi Network Topologies

AP-based topology (Infrastructure Mode)


Peer-to-peer topology (Ad-hoc Mode) Point-to-multipoint bridge topology

BZUpages.com

AP-based topology

The client communicate through Access Point. BSA-RF coverage provided by an AP. ESA-It consists of 2 or more BSA. ESA cell includes 10-15% overlap to allow roaming.

BZUpages.com

Peer-to-peer topology

AP is not required. Client devices within a cell can communicate directly with each other. It is useful for setting up of a wireless network quickly and easily.
BZUpages.com

Point-to-multipoint bridge topology


This is used to connect a LAN in one building to a LANs in other buildings even if the buildings are miles apart.These conditions receive a clear line of sight between buildings. The line-of-sight range varies based on the type of wireless bridge and antenna used as well as the environmental conditions.

BZUpages.com

Wi-Fi Configurations

BZUpages.com

Wi-Fi Applications

Home Small Businesses Large Corporations & Campuses Health Care Wireless ISP (WISP) Travellers
BZUpages.com

Wireless Security

BZUpages.com

Wi-Fi Security Threats

Wireless technology doesnt remove any old security issues, but introduces new ones

Eavesdropping Man-in-the-middle attacks Denial of Service

BZUpages.com

Eavesdropping

Easy to perform, almost impossible to detect By default, everything is transmitted in clear text

Usernames, passwords, content ... No security offered by the transmission medium Network sniffers, protocol analysers . . . Password collectors
BZUpages.com

Different tools available on the internet


With the right equipment, its possible to eavesdrop traffic from few kilometers away

Man-in-the-middle attacks
1.

2.

3.

Attacker spoofes a disassociate message from the victim The victim starts to look for a new access point, and the attacker advertises his own AP on a different channel, using the real APs MAC address The attacker

BZUpages.com

Denial of Service

Attack on transmission frequecy used


Frequency jamming Not very technical, but works

Attack on MAC layer

Spoofed deauthentication / disassociation messages can target one specific user


SYN Flooding

Attacks on higher layer protocol (TCP/IP protocol)

BZUpages.com

Wi-Fi Security
The requirements for Wi-Fi network security can be broken down into two primary components: Authentication

User Authentication Server Authentication

Privacy
BZUpages.com

Authentication

Keeping unauthorized users off the network User Authentication


Authentication Server is used Username and password Risk:

Data (username & password) send before secure channel established Prone to passive eavesdropping by attacker Establishing a encrypted channel before sending username and password BZUpages.com

Solution

Server Authentication

Digital Certificate is used Validation of digital certificate occurs automatically within client software

BZUpages.com

Security Techniques

BZUpages.com

Wi-Fi Security Techniques

Service Set Identifier (SSID)


Wired Equivalent Privacy (WEP) 802.1X Access Control Wireless Protected Access (WPA) IEEE 802.11i
BZUpages.com

Service Set Identifier (SSID)

SSID is used to identify an 802.11 network It can be pre-configured or advertised in beacon broadcast It is transmitted in clear text

Provide very little security

BZUpages.com

Wired Equivalent Privacy (WEP)

Provide same level of security as by wired network Original security solution offered by the IEEE 802.11 standard Uses RC4 encryption with pre-shared keys and 24 bit initialization vectors (IV) key schedule is generated by concatenating the shared secret key with a random generated 24-bit IV 32 bit ICV (Integrity check value) No. of bits in keyschedule is equal to sum of length of the plaintext and ICV BZUpages.com

Wired Equivalent Privacy (WEP)

64 bit preshared key-WEP 128 bit preshared key-WEP2 Encrypt data only between 802.11 stations.once it enters the wired side of the network (between access point) WEP is no longer valid Security Issue with WEP Short IV Static key Offers very little security at all
BZUpages.com

802.1x Access Control

Designed as a general purpose network access control mechanism

Not Wi-Fi specific

Authenticate each client connected to AP (for WLAN) or switch port (for Ethernet) Authentication is done with the RADIUS server, which tells the access point whether access to controlled ports should be allowed or not

AP forces the user into an unauthorized state user send an EAP start message AP return an EAP message requesting the users identity Identity send by user is then forwared to the authentication server by AP Authentication server authenticate user and return an accept or reject message back to the AP BZUpages.com If accept message is return, the AP changes the clients state to

802.1x Access Control

BZUpages.com

Wireless Protected Access (WPA)

WPA is a specification of standard based, interoperable


security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN system.

User Authentication

802.1x EAP
RC4, dynamic encryption keys (session based)

TKIP (Temporal Key Integrity Protocol) encryption

48 bit IV per packet key mixing function

Fixes all issues found from WEP

Uses Message Integrity Code (MIC) Michael

Ensures data integrity

BZUpages.com

Wireless Protected Access (WPA)

WPA comes in two flavors

WPA-PSK

use pre-shared key For SOHO environments Single master key used for all users For large organisation Most secure method Unique keys for each user Separate username & password for each BZUpages.com user

WPA Enterprise

WPA and Security Threats

Data is encrypted

Protection against eavesdropping and manin-the-middle attacks Attack based on fake massages can not be used. As a security precaution, if WPA equipment sees two packets with invalid MICs within a second, it disassociates all its clients, and stops all activity for a minute Only two packets a minute enough to BZUpages.com completely stop a wireless network

Denial of Service

802.11i

Provides standard for WLAN security Authentication

802.1x AES protocol is used

Data encryption

Secure fast handoff-This allow roaming between APs without requiring client to fully reauthenticate to every AP. Will require new hardware
BZUpages.com

Advantages

Mobility Ease of Installation Flexibility Cost Reliability Security Use unlicensed part of the radio spectrum Roaming Speed
BZUpages.com

Disadvantages

Interference Degradation in performance High power consumption Limited range

BZUpages.com

AnY Qu3sTioN??
BZUpages.com