This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Understanding Wireless network entails knowing the different standards there is, to enable an enterprise choose the best solution while considering infrastructures already in place. Other issues that are relevant for effectiveness such as Quality of Service and security on the network should be integrated, as an enterprise network serves a large audience, prone to direct or indirect attacks.
In 1997, the Institute of Electrical and Electronic Engineers (IEEE) came up with the 802.11 wireless standards. This defines how radio frequencies in unlicensed frequency bands are utilized by the MAC and physical layers of a wireless link . Based on its drawbacks, modification to this standard has been made to address resent day issues. The major factors considered are data rate, coverage distance and transmitting frequency.
This is the most widely used standard of the 802.11 and brought about the manufacturing of wireless network interface card (NIC) on devices, enabling end users to connect to the internet. It operates on a frequency band of 2.4 Ghz with data transmission rates of up to 11 Mbps, which is lower when compared to the 802.11a. Despite being developed along with the 802.11a, it gained more popularity because of its properties and advantage over the 802.11a (particularly cost) and uses Direct Sequence Spread Spectrum (DSSS).
The industry wanted compatible standards for wireless communication, which they did not think about while designing the first two standards. The 802.11 a and b, could not be deployed together in an organization because of band differences, so another ratification in 2003 was made which is the 802.11g. It operates in DSSS frequency modulation with data rates up to 11 Mbps and OFDM frequency modulation with 54 Mbps providing capabilities of the first two standards. Although, the presence of an 802.11b participant in a network reduces speed but the issue of compatibility was justified .
This is the newest of the standard and was ratified in 2009, to adapt the performance of other wireless standards. It offers high data transmission rate of up to 300 Mbps, covers wider range and transmits frequency at 5.8 and 2.4 Ghz. The 802.11n uses two new technology, giving it advantage over other wireless standards:
It uses Multiple Input Multiple Output (MIMO) technology for transmission, whereby multiple antennas are used on both the transmitter and receiver, thereby improving network communication performance.
Frame Aggregation technology, whereby more than one data frame is sent in a single transmission, thereby increasing throughput.
Presently, this standard can not perform at its peak, as most wireless network adaptor still uses the 802.11g standard. Also, using an N adaptor in a G network will not bring greater performance. For optimality, it has to operate in the 802.11n mode. The best solution when deploying a WLAN network is to use this standard, as it delivers greater speed, adopts backward compability with the 802.11g and capable to handle heavy traffics .
Up to 23
2.4 / 5.7 Ghz
11 / 54 Mbps
2.4 / 5.7 Ghz
11 / 54 Mbps
3 / 23
Security is a great issue to consider when deploying a wireless network, especially when protecting an organizationâ€™s information. As network standard improves so does the treats imposed on the wireless network. Securing a wired network is much easier, as a wireless is open for connection by anyone within the range of an Access Point. WLAN should be secured from the server side to the end users. Physical locations of network devices should be given access only to those required, in order to prevent physical disruption. Devices in the network offers separate security techniques, which when combined, provides a secure and optimized network.
2.2.1 Wireless Network Threats
Information to business organizations are very valuable both to the organization and those wanting to have this information (attackers), especially for financial institutions maintaining financial records. These threats come in variety of ways and may be brought about by the below classification of groups:
War Drivers: These refer to people driving around neighbourhoods with laptops, looking for unsecured wireless access points to connect to, either trying to exploit information or just wanting to get internet services.
Hackers or Crackers: Understanding deeply about computers, solving difficult problems and exploitation for creative reasons are the initial job of a hacker. Now, it is the reverse, as this has been turned into a means of exploitation for criminal reasons. Hackers exploit network weakness and steal information or deliberately harm computer systems just for selfish reasons.
Employers: For the fact that someone is employed in an organization makes him a threat to network resources, either directly or indirectly.
The Wireless Equivalence Encryption (WEP) was initially used for securing wireless network and actually provided safety when developed, but with the existence of threats, it could not stand the test of time, as software were developed to crack it. Presently, for properly securing a WLAN, the 802.11i standard was created.
The reliance of shared key by a user and a base station made the Wired Equivalence Encryption (WEP) vulnerable to treats. Attackers can send messages quoting MAC addresses belonging to another end device, and software were designed to crack the WEP. For this reason, the 802.1x wireless security standard was created. It is aimed at providing extra security for the Media Access Control (MAC), and also separating the user authentication process in order to protect data packets. 802.1x frames carries EAP authentication protocol along the entire wireless network. The Extensible Authentication Protocol over Local Area Network (EAPoL) offers EAP encryption over Local Area Network. It is tied both to the wired and wireless infrastructure, supporting multiple protocols for authentication within a network. One measure implemented by the 802.1x is dividing the entire network into three portions called the Supplicant, Authenticator and Authentication Server.
Supplicant: Considered to be an end device negotiation connection to the network. The supplicant is either a Network Interface card or software installed on the end users computer.
Authenticator: This is a device that grants access to the supplicant. In this implementation, the authenticator is the Wireless Access Point and the Wireless LAN Controller.
Authentication Server: A host installed with RADIUS and EAP protocols, charged with the task of giving authorization to users according to the parameters configured, authenticating users and accounting activities on the network.
Diagram 2.1 802.1x Secure Wireless Topology
EAP is a robust authentication protocol and offers different mechanism or types defining how and where authentication is placed.
2.3 Extensible Authentication Protocol (EAP)
This is a protocol carried by the transport protocols in a network (UDP, RADIUS) and it is decoupled from the protocol carrying it, without being altered . There are four packet types that makes up the EAP protocol:
EAP Request: Request packet is sent from the Authenticator to the supplicant, which contans an identity (sequence number) to match a response and the EAP type used.
EAP Response: Supplicant replies the authenticator with a packet, generating a sequence number matching the initial request.
EAP Success: Success packet is sent from the authenticator to the supplicant
EAP Failure: Upon an unsuccessful authentication, a failure packet is also sent to the supplicant.
In a large deployment, access points operates in an EAP pass through mode , whereby it only checks details received from the supplicant and forwards it to the AAA server, and also, packets from the AAA server are forwarded through the access point to the supplicant.
2.3.1 EAP Types
EAP types offer different functions and choices of which to use, is dependant on the network. More than one type can be used in a network.
EAP FAST: Offers the most flexible deployment and management. Consist of three protocols that encapsulates Transport Level Security (TLS) messages.
Authenticated Diffie-Hellman Protocol, providing client with shared secret called Protected Access Credential (PAC).
Tunnel establishment with the provided PAC
Authentication server authenticates user.
EAP TLS: Considered one of the most secure, the EAP TLS uses mutual authentication based on digital certificates, from both the server side and client side and protection message protection, it uses public key encryption.
EAP TTLS: EAP Tunnelled Transport Layer Security provides an extended functionality to the initial EAP-TLS with a two phase protocol. Phase one is the EAP TLS, which derives a session key to be used in the second phase. Phase two uses additional mechanisms to secure a tunnel between the client and server. Such mechanisms are Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), Microsoft CHAP, Microsoft CHAPv2, EAP Message Digest 5, EAP MSCHAPv2.
EAP-PEAP: Utilizes the available EAP-TLS on the server side of the network, to support authentication like tokens, logon password and digital certificates. It provides message authentication and encryption, server-client authentication, key exchange and tunnelling.
 LAN Switching and Wireless (Wayne Lewis)
 Cisco Secure Service Client Administrator Guide