This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Wireless Local Area Networks (WLAN) provide multiple advantages to the world of networking, this include cost effectiveness, ease of integration with an existing 802.3 network, mobility of clients in the sense that clients can be mobile while data is stored centrally and no geographical limitations are experienced. However no system is perfect therefore the art of deploying, managing and understanding the ups and downs of a WLAN needs to be critically analysed. This technical report gives an overview of the IEEE 802.11 standards while keeping in view the key wireless technologies in a WLAN and their functions, on these foundation potential methods of integrating a WLAN and a wired LAN are analysed. The report goes on further to highlight the possible security threats to a WLAN and methods of securing the network from potential threats. The paper also discusses methods that can provide scalability in a network, methods of tracking network devices and also issues that large scale WLANs need manage. The paper goes further to highlight causes of interference in WLANs and how interference can be minimised in a WLAN. Finally, recommendations are made based on the on all the analysis and requirements highlighted in the report.
A wireless network can be analysed as a network which gives users the freedom of mobility and is also scalable and flexible in the sense that expansion can easily be carried out because the network medium is everywhere thereby enhancing productivity as compared to a wired network which network entities have to be fixed.
Daifhast hospital operates a wired network therefore the benefits offered by a wireless network cannot be utilised. Ghast (2002) stated that cabling can be expensive and time consuming therefore using a wireless networks eliminates cable therefore no recabling needs to be done when carrying out network expansion. Considering all this advantages justifies the need to implement a wireless network as a solution to the Daifhast hospital case scenario.
The aim of this technical report is to integrate a wireless network into the already existing network architecture of Daifhast hospital and maintaining security, preventing and managing interference, enhancing reliability and maintaining good quality of service (QOS).
2 CURRENT WIRELESS LOCAL AREA NETWORK (WLAN) TECHNOLOGIES
2.1 An Overview of 802.11 standards
Khalifa et al. (2006) explained a Wireless LAN or 802.11 as a set of specifications that allow communication and interoperability among wireless devices. These set of standards allow for vendor to vendor interoperability and sets out an open standard for wireless devices and applications. In a summary, the 802.11 can be viewed as the wireless version of the 802.3 which is the standard for wired Ethernet.
According to Hiertz et al. (2010) the first 802.11 which was implemented in 1997 uses Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). it doesnâ€™t use collision detection in the media access control layer(MAC) like the 802.3 standard because collision cannot be detected in a radio environment therefore it uses a kind of back off interval before transmitting frames rather than waiting for a collision to occur before transmitting. The 802.11 standard provides FHSS which is frequency hopping spread spectrum and DSSS which is direct sequence spread spectrum at the physical layer, this enables it to provide a data speed rate of 1Mbps and 2Mbps and operates at a frequency spectrum of 2.4GHz.The 802.11a and 802.11g uses the OFDM (orthogonal frequency division multiplexing) modulation technique at the physical layer and provide a maximum data speed of 54Mbps, although the 802.11g implements DSSS as the method of signalling and frequency transmission. The 802.11a and the 802.11g standard have the ability to adjust to slower rates (54, 48, 36, 24, 12, 9, 6 Mbps) in order to maintain a connection when they is reduction in the power of signal strength due to attenuation, noise and increased distance. Although 802.11a offers a high data speed rate, the down sides of this standard is that due to its high frequency and small wavelength, it suffers from attenuation and therefore can be easily absorbed by solid obstacles secondly according to Hiertz et al. (2010), the 802.11a is not compatible with plain old 80.11 devices because it operates on the 5GHz spectrum and plain old 802.11 devices operate on the 2.4GHz spectrum, while 802.11g operates on the 2.4GHz band but suffers from interference by other 2.4GHz frequency based devices.
The 802.11b standard has a maximum data speed rate of 11Mbps and is a direct extension of the original 802.11 standard therefore it uses the DSSS technique and it operates on the 2.4GHz frequency band. It actually enhances intolerability but suffers from interference because most devices operate on the same 2.4GHz frequency band e.g. Bluetooth devices, microwaves, some cordless phones etc. The 802.11n standard is actually an enhancement for higher throughput operates on the 2.4GHz (802.11b/g) and 5GHz (802.11a) frequency band. 802.11n also offers a maximum data speed rate from 54Mbps to 600Mbps. It uses multiple input and multiple output (MIMO) antennas to send and receive data therefore increasing capacity, signal range and strength which require more electrical power and it also uses OFDM modulation technique.
The IEEE is responsible for carrying out amendments of the 802.11 standards on the MAC layer and physical and the results of these amendments are drafted out as alphabets. Table 1 and shows the 802.11 standards and the improvements and amendments that are carried to produce these standards.
Table 1: IEEE 802.11 standards showing amendments and improvements (Hiertz, 2010, p.63)
Table 1: IEEE 802.11 standards showing amendments and improvements (Hiertz ,2010, p.64)
2.2 Key Wireless Networking Devices
Based on the WLAN standards mentioned above, it is important to carry out an analysis of wireless devices that can be implemented using the standards above and also keeping the implementation of the solution on the hospital in view.
2.2.1 Access Point (AP)
Ghast (2002) described an access point (AP) as a bridge that connects the wireless world to the wired world; therefore an access point will enable the already existing wired LAN to be integrated with the proposed wireless network. An AP normally comes with at least two network cards whereby one is used to connect to the wired network through a fast Ethernet or gigabit Ethernet port and the other is used to understand or implement the 802.11 standards discussed above. Most APs also have a WAN port e.g. the Motorola AP6521 wireless access point which in some cases comes as a serial port and can be connected to a modem for dialup purposes using an internet service provider (ISP) account. Access points can be configured using a command line interface or a graphical user interface although this feature is vendor specific, furthermore the access points run an operating system which is usually lightweight in order to save power and hardware cost. The antennas in a wireless access point can either be internal or external or both, most APs use the external antennas to boost and control signal strength and direction.
2.2.2 Wireless LAN Controller
A wireless LAN controller (WLC) is actually a device that can be used to manage multiple APs at the same time, in this mode the access points are termed as light weight access points (LWAP) because the complex functionality is handled by the WLC while the access points handle mainly the connection to the wireless client unlike in the autonomous mode where the access points handle both the complex functionality management and wireless client connection management. A WLC can manage from 6 to 500 APs e.g. the juniper WLC2800 WLC can support up to 512 802.11n access points. The lightweight access point protocol (LWAPP) is actually the protocol that gives the WLC the ability to centrally manage access points. A WLC implements security policies, RF management, intrusion prevention and quality of service policies on the LWAPs.
2.2.3 Wireless Bridges and Repeaters
APs can be configured as Wireless Bridges other to connect LANS in distinct physical locations and also as repeaters in other to extend coverage
2.3 Possible wireless LAN architectures and methods for integration with the wired network
Based on the hospital scenario a suitable architecture needs to be implemented in other to integrate with the existing infrastructure.
2.3.1 WLAN Architectures
Autonomous Access Point Architecture
In autonomous access point (AP) architecture, the APs in a network are not centrally controlled or managed. The access points handle control, management, access and transport of frames with the clients. Configuration of the access points have to be done manually on each access point by a network designer and the access points need to have a high range of features to handle security, authentication, RF management etc.
Wireless LAN Controller (WLC) Architecture or Cisco Unified Wireless Network Architecture
This type of architecture involves using a WLC to handle the administration, control, and management of the APs. The APs in this scenario are called light weight access points (LWAP), because they handle only the access of the clients through the wireless medium. The Control and Provisioning of Wireless Access Points (CAPWAP) protocol and the Light Weight Access Point Protocol (LWAPP) are the protocols that enable the WLC to manage the APs although the CAPWAP protocol fully supports Datagram Transport Layer Security. This architecture is better than the autonomous AP architecture due to the fact that it makes they is centralised management.
2.3.2 Methods of integrating a WLAN into a wired network
Oullet et al. (2002) pointed out that an 802.11 topology consists of sets which Ghast (2002) described as a group of stations communicating with each other. A set can be configured as a Basic Service Set (BSS) whereby an AP handles client association, authentication and disassociation while providing coverage to a particular area called a cell. Multiple BSSs can be linked together by a common distribution system to form an Extended Service Set (ESS) this is done by overlapping the cells to provide seamless coverage to clients. Oullet et al. (2002) suggested that although any kind of network can be used as the distribution medium, therefore by using an Ethernet LAN as the distribution medium justifies the method of integrating a wireless network and an existing wired network, furthermore, an AP can act as a bridge for the connection of two or more LAN thereby acting as the bridge between a Wired and a Wireless LAN (Ghast, 2002).
Fig 1: Integration with a wired network using ESS (Oullet et al., 2002, p.69)
3 WIRELESS NETWORK SECURITY
3.1 Common security issues surrounding wireless LAN deployments
Mohammed and Isaac (2007) suggested that APs and WLCs usually come with default configuration parameters like, Service Set Identifier, default administrator passwords, channels, encryption and authentication settings. Most of these parameters are usually available on the vendorâ€™s website so it can be used by wireless hackers. Mohammed and Isaac (2007) also pointed out that APs usually grant systems with known MAC addresses access and by using third party tools like MAC Makeup Software, a potential hacker can change the MAC address or Ethernet address of his network card to that of the one he intends to spoof.
Due to the way in which the MAC of the 802.11 is designed, multiple networks can share the same radio channel and space, Therefore hackers can launch Denial of Service (DOS) attacks by either requesting for authentication at fast rates thereby flooding the APs with requests and preventing legitimate traffic from reaching clients, or the attacker can imitate an access point causing the clients to connect to it. An attacker can install an access point to mimic the gateway access point therefore urging clients to connect after which the credentials of the clients are stolen. The client can also be redirected to the hackers own website which might look like the original website and then demand for login credentials thereby stealing the login credentials of the client.
3.2 Protocols and deployment strategies that can be used to secure a wireless LAN.
A WLAN can be deployed behind a firewall so that the firewall can form a line of defence.
Extensible Authentication Protocol (EAP) can be implemented for handling authentication while using a certificate or authentication server for client authentication, furthermore the Transport layer security (TLS) can be used for encryption during the communication between the client and authentication server. This method involves the client and the authentication server having a digitally signed certificate and increases security.
An 802.1x port based authentication has to be implemented using a RADIUS server in other to enable mutual authentication between clients and access points
Default parameters on the network components like SSID, IP addresses and login passwords should be changed in other to prevent an attacker from looking up these parameters on open information sources and using it to attack the network
Weak encryption standards like Wireless Equivalent Privacy (WEP) should not be used on the network because WEP uses static keys and a single key is usually shared among multiple users or devices thereby leading to complications if a device a stolen. Muogilim et al. (2011) suggested that Wi-Fi Protected Access shouldnâ€™t be used because it is actually developed as an interim solution to WEP and it is based on the TKIP (Temporal Key Integrity Protocol) which is open to Distributed Denial of service attacks (DDoS).
Strong encryption standards like the Wi-Fi Protected Access 2 (WPA 2) can be used on the network with options like Advanced Encryption Standard (AES) which has the ability to go through 14 repetition cycles of 256 keys in order to convert a plaintext or an input into the ciphertext which is the output. Furthermore Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) which is an advanced form of AES can be used because this provides data privacy, integrity and authentication.
Accounting and logging is a very important aspect of a security scenario because it can be used to analyse different type of mischief that has been happening in the network. Some of the preventive measures can be developed after an analysis is carried out on the log files, therefore an accounting, authorisation and authentication server can be used for this e.g. a RADIUS server
Fake APs or honey pots can be implemented on the network in other to confuse potential attackers.
4 SCALABILITY AND TRACKING
4.1 Issues that large wireless networks need to manage
When deploying large WLANs it is important that international regulations are considered
. Hiertz (2010) suggested that in the United States of America the Federal Communications Commission (FCC) describes absolute power limits while in Europe the use of antenna gain for transmission is limited.
The main aim of deploying a wireless network is to provide connectivity between users in other words coverage, therefore in a large wireless network an analysis on extended coverage is to be considered based on the geographical location or cell to be covered. Mobility and roaming of clients among cell distributions without signal loss is an important issue in a large network, furthermore, management of links and network capacity of the clients is necessary in other to handle the bandwidth requirements of clients and client applications because locations with a higher client density require more capacity than other locations.
Power management of APs on a wireless network is also an issue wireless networks need to consider. According to Broustis et al. (2007) an increase on the power supplied on a link increases gain, throughput and also interference with other links, while a reduction in power triggers the opposite. Channel assignment is also essential on a wireless network, due to the limitation of channels available in the 802.11 WLAN technologies, improper channel assignment and power calibrations can trigger co-channel interference among cells and therefore degrade performance.
Security management also has to be applied to the network, in other to enhance integrity, authenticity, and confidentiality of network resources. Zdarsky et al.(2011) pointed out that users of a network who are given some level of authorization can abuse the privileges and turn out to be inside network attackers while outside attackers can be passive in nature by eavesdropping on communication or active in nature by impersonating network entities. Therefore security has to be implemented on guest users to prevent them from becoming inside attackers.
4.2 Protocols and strategies that may be used to resolve scalability issues
A wireless network must be designed to be able to maximise throughput and overall performance due to the implementation of additional network resources like clients, and expansion of coverage while keeping in view integration with new networks. Clients should be able to move from cell to cell under proper handoff by APs in other to enhance mobility by overlapping of cells (Ouellet et al. 2002), therefore the inter access point protocol (IAPP) needs to implemented on the APs although this is now a common standard in APs (Ghast, 2002). APs in an ESS can also be configured to handoff clients to their neighbouring APs when the maximum threshold of an AP is attained (Raniwala and Chiueh), this strategy which is a selective handover process can enhance performance and scalability in a wireless network. Furthermore, by the use of a central management system like a WLC, the threshold settings of the APs can be increased and multiple channels can be used in the handling of high density areas like city centres therefore using multiple APs to provide coverage in the same physical space (Hills, 2001), this method can also be used to provide coverage in case of an AP failure. A virtual private network (VPN) should be implemented over the WLAN for tunnelling traffic to the internet for guest users and the Internet Protocol Security should be used for authentication and encryption, this is justified by Muogilim et al. (2011) who used a traffic engineering approach to secure a wireless mesh network by using a VPN and IPsec.
4.3 Technology and methods used for tracking staff and equipment using the wireless LAN
Network planning, management and administration are essential to the performance of a network. The Cisco Wireless Control System (WCS) which is a management tool provided by Cisco Systems provides much of the functionality in network administration and management. Smith et al. (2011) pointed out that WCS can be used to generate building plans and geographical maps of network management areas and all the devices in the particular area can be monitored real time. The WCS can be used to monitor the APs in the network, the client count in other to know if an AP is overloaded and also the WLCs in the network, furthermore the WCS can identify RF interference, rogue APs, attacks on a network and also inside attackers who can be the staffs of an organisation can be tracked therefore the WCS does not only offer monitoring and tracking services but also intrusion detection and intrusion prevention. The Simple Network Management Protocol (SNMP) is a standard that can be used to manage an IP based network. Lammle (2007) explained that the SNMP sits on a management station and gathers data by polling devices and receives a baseline which indicates that the network is healthy; furthermore SNMP acts like a watchdog on managed devices which are agents and when an aberration occur on the network an alert or trap is triggered and the management station is notified.
5 WIRELESS INTEFERENCE
5.1 Causes of Interference
Most WLANs make use of APs that operate on the 2.4GHz licence free spectrum of the industrial, scientific and medical (ISM) radio bands. The 2.4GHz channel is also used by microwave ovens, cordless handsets and Bluetooth devices, therefore this can lead to interference with the current wireless network although the spread spectrum modulation schemes offers resistance against devices like the microwave oven, depending on the location and power level of the microwave frequency, the interference resistance offered by the spread spectrum can be may be overcome
Wu and Hsieh (2007) pointed out that if two wireless networks are deployed independently but overlap even partially, interference might occur and this cannot be easily addressed by assigning more orthogonal channels. When a WLAN Is deployed it might be evident from previous survey that no other wireless network exist in close proximity, but in the future multiple wireless network may be deployed by neighbours. The devices on the neighbouring Wireless networks may also be using the same channel and frequency as the WLAN which might result to overlapping of channels and also interference
Interference can also be caused by climatic factors such as heavy rainfall which can attenuate the frequency between the APs and clients thereby resulting to the scattering of radio frequency. Buildings, walls or any other form of obstruction can cause multiple paths between a transmitter or AP and a receiver or client thereby leading to signal cancellations and random fades are generated in signal strength leading to fading. Concrete walls and metal walls also have a high level of interference because they can easily absorb the radio frequency propagated by access points.
5.2 Recommendations to reduce risk/impact of interference
The 2.4GHz spectrum of the ISM band is divided into 11 channels which contain 3 non-overlapping channels. A wireless device can be allocated to any of the available channels, therefore by using a spectrum analyser tool like Cisco WCS, an analysis can be carried out to determine the channel assignment of the neighbouring wireless networks that are causing interference, this is analysis is necessary because It wonâ€™t be a good idea to just switch the channel assignment of the APs in the network without knowing which channels are less busy or congested. Based on the analysis, a different channel which is free can be assigned to the APs or the wireless network keeping in mind that the channel that the wireless network is assigned is actually the centred frequency, while the actual frequencies being used extend in both directions and overlap 2 channels on each side e.g. if an AP is centred on channel 9 it uses frequencies from channel 7 up to 11. Furthermore by the reducing the power of APs in areas of high client density interference can be reduce while increasing performance (Wu and Hsieh, 2007).
The 802.11n standard has the ability to operate on the 2.4GHz and the 5GHz channel, and it is also backward compatible with other previous standards, therefore implementing 802.11n APs can actually reduce the interference issues faced on the 2.4GHz channel by using the 5GHz channel, furthermore most 802.11n routers are intelligent enough to handle automatic channel selection and dynamic frequency selection (DFS) when a particular channel used is causing interference.
AP location and antenna orientation are also essential methods of handling interference due to multipath fading and path loss. If the APs and the antennas are located too high the signals might be above the clients and if it is installed too low, obstacles and objects might reflect, absorb the signals. Therefore it will be better to use Omni directional antennas to provide coverage for large circular areas and directional antennas for areas that are conical or triangular in nature.
For the purpose of the solution on the hospital, it will be a good idea to use an AP that is 802.11n compliant because this will enable the AP to operate both on the 2.4GHz and 5GHz frequency bands. The MIMO ability of the 802.11n will enhance throughput, furthermore the 802.11 standards used by the mobile devices of the staffs of the hospital are unknown therefore in other to enhance compatibility and accommodation of other standards, an 802.11n compliant device e.g. a Cisco 1260 access point would be a better option
The Wired network already existing in the building can be integrated with a proposed WLAN using the methods of integration analysed above while implementing a WLC for centralized management of the APs. Monitoring of devices and staffs on the network can be done by implementing the Cisco WCS which will also serve as the Intrusion Detection System furthermore the security methods listed above will provide confidentiality, integrity and availability. The interference solution techniques should be implemented above to reduce interference and noise in the network and also to maintain good quality of service.