Bitmindframes Cisco Study Guides
Why go wireless?
Networks evolve to support the people in motion
Many different Infastructure (wired LAN, enabling service mobility).
Productivity is no longer limited to a fixed workplace or a defined period.
Wi reduce costs.
COMPARING WLAN to a LAN
The dominant IEEE 802 groups are 802.3 and 802.11
However, there are important differences between the two
Radio frequency has noBoundaries such as a wire, the data frame for anyone traveling to receive radio frequency signals. Is un-protected radio frequency signals from the outside.
Radio frequency has some unique challenges, the farther from the source of the weaker the transmission.
Radio Frequency bands are regulated differently in different countries. In a wireless topology, a wireless AP can instead of a switch.
WLANs hosts fight for access to radio frequency media.
802.11Collision Avoidance is used instead of collision detection.
WLANs use a different frame format as Ethernet LANs.
WLANS additional information in the L2.
Increase WLANs on privacy issues, since RF can reach outside the facility.
INTRO for wireless LANs
802.11 prolong 802.3 LANS infrastructure to provide additional connectivity options
Requires additional components and protocols
802.3 When the switch is the AP for the customers
In 802.11 wireless clientsAdapter to access a wireless router or AP
Once the connection to access wireless clients can access resources as if they wired
WLAN Standards
802.11 uses the unlicensed industrial, scientific and medical (ISM) frequencies for the physical and mac sub-layer.
Early 802.11 was 2 GHz MBs@2.4
Improve standards 11a, 11b, 11g, 11n
802.11a & g = 54MBs
802.11b = 11MBs
802.11n appear to have a larger than 100 MB
OFDM is faster & moremore expensive than DSSS implementation
802.11a
OFDM 5GHz, less prone to interference, smaller antennas
Product range & Poor Performance vulnerable to disabilities
802.11b and g both use 2.4 GHz
802.11b uses DSSS
802.11g uses OFDM and DSSS
2.4 GHz has impeded a longer range and not so easy, but still vulnerable to disruptions
802.11n
Improves data & coverage without new HF band
Uses multiple input multi-output (IMMO) technology
Theoretical 248Mbs
Be expected thatratified by the 08th September
HF bands allocated by the ITU-R
Bands managed by the FCC, CRTC
Wi-Fi Certification
WiFi certification is provided by the WiFi
Standards to ensure interoperability
Three major organizations influence on Wi-Fi standards are
ITU-R: High-frequency bands allocated
IEEE: indicates how is modulated RF
Wi-Fi Alliance: interportability on suppliers
The Wi-Fi Alliance certified every 3 IEEE 802.11 standards and IEEE Draft WPA & WPA2 standards based on802.11i.
Wireless NICs
Uses the config-Tech-coded modulation of a data stream to an RF signal
Early wireless NICs were PCMCIA cards but they are now built into laptops
PCI and USB Nic's are also available
Wireless Access Points
Customers typically do not communicate directly with each other
An AP client to connect to wired LAN and converts TCP / IP packets from 802.11 to 802.3 frames.
Clients must connect to an AP in order to obtain net services. An AP is aL2 device that works like an Ethernet hub. Radio frequency is a shared medium like Ethernet early buses. Devices that want to use the media must fight for it. Wireless NIC's can not detect collisions, they have to avoid them instead.
CSMA / CA
AP monitor called a Distributed Coordination Function (DCF) CSMA / CA
Devices on a WLAN must wait for the medium for energy and meaning, to the media before you free.
When an AP receives data from a client sends anACK. This keeps the ACK client on the assumption that a collision occurred and to prevent any spread. Damping lead to problems when fighting in a wireless stations for the media. RTS / CTS allows negotiation between a client and an AP.
RTS: Request to send
CTS: Clear to send
If this function is activated AP allocation of resources to a requesting station. When the transfer is complete, other stations may request the channel.
Wireless Configuration
To create a connection, have parametersbe configured on both AP and client.
Since 11g is backward-compatible with 11b AP support both standards.
The SSID is a unique identifier that client devices use to distinguish between WiFi networks.
SSID is alphanumeric characters, uppercase and lowercase letters and can exist between 2-32 characters.
Several AP can share an SSID. The 2.4 GHz band has 11 channels in North America and 13 in Europe
These channels actually overlap, so best practices for multiple AP's are non-overlappingChannels.
Planning of Wireless LAN
The implementation of a good WLAN requires careful planning
The number of wireless users is not a simple calculation
It depends on the design, the required data rates, the use of non-overlapping channels and transmit power
With sufficient planning the location of the AP, drawing circles of coverage may not work.
If AP's have the existing lines, or there are places where AP's can not be placed, note these locations on the map
AP position over obstacles
AP Vertical Position
AP position, where users are expected,
If these issues are addresses, an estimate of the expected coverage
Place APs so that the coverage circles overlap
Coverage area is square, as a rule, but BSA has its radius angle from the center of the square
Threats to wireless security
Unauthorized access
A company uses to protect their information. Security problems are with an increased> Wireless network. A WLAN is open to all in range associated with the credentials to it.
There are 3 main categories of threats:
Wardriver
Hacker / Cracker
Employees
Was the trip used to take advantage of cell phone numbers, but now drive around exploiting unsecured networks.
Hackers were originally discovered benign, but now hackers / crackers often means malicious intruders.
Unfortunately, employees are often unwittingly the main source of security issues, which oftenInstallation of rogue AP's.
Most wireless devices are defaults and can, with little or no config used, but this is not recommended. These settings can be easily compromised with wire sniffers, administrators can capture these data packets for debugging purposes, and can be used. A rogue AP, each AP is installed without permission, which can be used to collect data.
MAN IN THE middle attacks
In a wired network to the attacker must have physical access but signalsAccess from the outside.
Since AP act as hubs, all traffic stops each nic.
Attackers can modify their nic so that it accepts all traffic. Hackers can observe clients connect to an AP and record user / server name and IP. If all legitimate users are known, you can monitor for rogue users.
Denial of Service
The 2.4 GHz ISM band is used by most consumer goods. Attackers can actually create noise with these commonly available devices. The attacker can use aPC as an AP and flow of the BSS with CTS messages, the CSMA / CA defeats. The AP's BSS then the flood caused a stream of collisions. Another attack sends commands to distance separating lead at all stations.
Wireless Security
2 types of authentication originally: OPEN & Shared WEP
Open auth is really nothing, and WEP key turned out to be corrupted. Company is trying to counteract WEP SSID Cloaking and MAC address filtering. The WEP algorithm is key since crackable &entered manually, they are vulnerable to entry errors. It was a period of provisional security measures developed by vendors, such as 802.11i. TKIP encryption is connected to the WiFi Alliance WPA.
Today, the 802.11i security standard (like WPA2)
WPA2 includes a connection to a RADIUS database.
AUTHENTCATING to WLAN
In Enterprise networks, associations alone is not enough, additional authentication is usually required.
This is managed by the Extensible AuthenticationProtocol.
EAP is a framework that uses 802.1x authentication, which is a port-based authentication protocol.
Configures AP's block all data except for 802.1x traffic. 802.1x frames carry EAP packets to a server, the credentials for authentication makes.
This is a AAA server a RADIUS protocol.
If successful, the AAA server consults the AP, when it passed from client to traffic through the virtual interface. Established prior to the opening of the port L2 encryption between client and AP toEnsure integrity.
MAC address filtering is easily fooled by spoofing, but it should still be used in tandem with WPA2
Even without SSID broadcasts the SSID is still uncovered.
The best security involves port-based access control, such as WPA2
ENCRYPTION
2 above mechanisms of 802.11i WPA & WPA2
Temperal Key Integrity Protocol
Advanced Encryption Standard
Certified as TKIP WPA & WEP support legacy equipment
TKIP encrypted L2 payload and adds messagingTo consider integrity to the encrypted packet
TKIP is good, but AES is perferred for 802.11i
When configuring a wireless router instead of a reference to WPA/WPA2, you can provide for shared-key
PSK = WPA with TKIP or PSK2
PSK2 PSK or WPA2 with AES =
PSK2 no details = WPA2 encryption
Access Control for WLANs
WPA2 is like a security system. You can list depth to your security.
SSID cloaking.
MAC ADDRESS filtering.
Configuring AP in the vicinityTo provide exterior with less power.
Security Mode Selection from 7-mode
Mode parameters - PSK, RADIUS PSK2 & ONLY
Troubleshooting
Processing of the TC / IP stack from L1 to L7
Step 1 Remove the PC as the source of the problem.
Try to determine the severity of the problem.
Confirm that you connect the device to the wired network.
Check the security and encryption MATCH ....?
Check), interference (other equipment.
Site Survey
Guide to Pollsinclude an assessment on the spot by following a thorough assessment
A site evaluation involves) the control area for potential problems: multi-wireless networking, building construction and use (day / night.
Utility-based surveys to use tools such as AirMagnet.
AP's mount on tripods and placed them in locations, then walk of the installation using a survey meter in the client program from your PC.
Thanks To : NIKON D90 INDIA ACER NOTEBOOK The Smartphone Source for Smart Phones Software
No comments:
Post a Comment