Northridge Consulting Presents:

WLAN Workshop

Wireless LAN configurations. The advantages & disadvantages of

Basic Service Set, Extended Service Set and Independent

Service Set.

Part 1

Basic Service Set-BSS Extended Service Set-ESS Independent Service Set-ISS

We will discuss the types of WLAN’s pictured below

and briefly describe the advantages and disadvantages

of each. We will also touch on the appropriate uses

and locations suited for each network.

Basic Service Set or Infrastructure Mode

Depicted in the picture below the BSS (Basic Service Set) is clearly

defined as having only one AP (Access Point) in which to cover the

designated home , public or workspace area. This is a very easily

installed wireless network that requires little assistance. It serves a

very functional service supplying the immediate area with a wireless

signal that may reach up to a 150 feet indoors and 300 feet outdoors

from the location of the AP in a 360 degree coverage circumference.

The installation and configuring of a BSS

It is suggest that the AP be connected to the server or internet in order to have

complete access to the network. The AP may be configured to only provide

access to wireless nodes in the immediate area allowing them to share files .

If we wire the router (AP) to the internet it’s necessary to create a SSID

(Service Set Identifier) which provides the network with a unique identifier. .

Below is an example of the SSID settings screen. The network can now be

secured with either WAP 1 & 2 , MAC Addressing or WEP 1 & 2. WEP and

WPA are similar with 128 bit encryption only 2 is slightly stronger. Mac

Addressing filters and only allows designated machines to join the wireless

network. This is a very good and simple security measure.

Advantages & Disadvantages of a BSS

The cost involved with a 802.11a ,b or g is relatively inexpensive. By using the

BSS you have the ability to cover a fairly large office space, open café type

of setting or home. The BSS can accommodate up to about 100 devices but,

it’s recommend not to exceed 50 and there’s heavy transferring traffic

lower still to about 20 users. Overall the BSS is a good WLAN for the

smaller business and home area with an affordable price,

easy set up and low maintenance.

Some of the drawbacks to this type of WLAN are for one the quantity of users

or devices on the network are limited. To comfortably have more nodes

accessing the wireless network there would need to be multiple AP’s set on

different channels to avoid signal hopping and to accommodate the traffic

being generated. Another item of concern is network breakdown. If the AP

goes down then the WLAN is out of commission. Although the wired

nodes will be fine the disruption from one piece of hardware can be

devastating at critical times.

Extended Service SetThis is a very common network. It is very functional and straight forward

in it’s set up & configuration. With the ESS (Extended Service Set) we can

take the abilities of the BSS a step further and supply signal to more users,

cover a larger area and allow for the use of wireless network to be

accessible in different areas of a building. This is composed of 2 or more

BSS networks and as you can see from the diagram below, the services that

may be provided with this type of configuration are far greater then a BSS

however the actual configuration is a bit more complex.

The installation and configuring of a ESSWhen installing the ESS (Extended Service Set) it is essential to

configure and place the routers or Ap’s according to the layout of

the facility. When installing 2 or more AP’s it vital to ensure the

signals overlap and that there is no dead space left in the projected

coverage area. The picture below shows an ESS composed of 2

BSS networks. As you can see the signal overlaps allowing for a

mobile user to enter the field of the other AP without losing a signal.

The process of moving from one signal to another a called a

“handoff” Once a signal is received with a stronger signal then the

current connection the device will switch over. Some devices also

measure the packet error in order to determine when

or if an switch is necessary.

Advantages & Disadvantages of a ESS

One of the big advantages to this type of network is that it allows

for an undetermined amount of users. It is easy to continue to

add SP’s as the need arises at a minimal cost. Once the

security has been decided upon it’s nothing more than aping

the first AP configuration to the rest of the networks AP’s.

A couple of the other disadvantages of the ESS is just like every

other IEEE 802.11 standard, when the handoff takes place

during roaming it is not specified. Roaming between APs of

different vendors may also pose a problem at times.

Independent Basic Service Set

This type of network does not use a AP and is a self contained

network. The IBSS also known as an ad-hoc or peer 2 peer

simple uses the file sharing option located in the network tools

menu. It’s a very simple and secure way to share files among

users at home or in an office setting. Each mapped user can

send or locate and view files on any of the other nodes

included in this network.

Advantages & Disadvantages of a IBSS

One of the more convenient advantages of an IBSS is that the network can be setup very easily and quickly. It’s a matter of entering the computer name of each node to access and share with. Users can communicate and share files with each other without having to run cabling around the room or rooms and without the use of a server or internet connection. Along with the above assets of an IBSS there’s no additional cost aside

from assuring the nodes are wireless.

The disadvantages are that there’s no means of accessing the internet or transferring large amounts of data being this is an

ad-hoc . The BSS has more flexibility then the IBSS being it’s network through AP’s and Ethernet.

Part Two

Authentication, Security Risks and

Options for Wireless Networks

AuthenticationSome of the concerns of the regarding wireless network admins

and users has been its perceived vulnerability to unauthorized access, this is because unlike wired networks where network access can be secured by securing the physical location of the

systems; radio frequency (RF) signals which carry the transmitted network signal cannot be secured physically.

To bring wireless networks under the control and authority of the owner, authentication becomes inevitable in wireless

networking. There are three types of authentication that is widely used and support by IEEE 802.11 standard

Open System authentication

Shared Key authentication

Digital Certificate authentication

Open System Authentication

The default authentication is the open system method and this is the most widely used method. This system uses a straight

forward approach;

1. The wireless device having scanned and discover a network, sends a request frame to the AP requesting for an association.

2. The AP reviews the received request and verifies that the SSID of the device requesting for association matches with the one network has.

3. If it matches, AP sends an association responds frame to the device containing the acceptance notice and the device will be authenticated.

4. If it does not match, the device will be denied access.

Ciampa, M. (2006).

Shared Key Authentication

This is a system where both the AP and the wireless device have the same key value entered in their settings.

1.The wireless device that needs to connect sends an authentication frame to AP

2.The AP generates the authentication frame containing a block of text called the “challenge text”.

3.The wireless device has to encrypt the text and send it back to AP

4.The AP decrypts the returned frame to see if it matches the original challenged text.

5.If it does, AP sends an authentication frame representing the result of the authentication.

6.Only pre-approved users or wireless device are provided with the shared key thus verifying the authenticity of it’s user or node.

Ciampa, M. (2006).

Digital Certificate Authentication

Digital certificate method of authentication uses digital

documents that associate an individual or user with a key

value. This certificate is a data structure that contains

information, and it is digitally signed by a third party,

meaning that it is not possible to change any part of the

certificate by intruders without been detected. On wireless

platform, Digital certificate can be installed on a wireless

device for authentication, making it more reliable than

open system and shared key.

Recommendation to StaffThe combination of standards, protocols, and software that support digital

certificates is called a public key infrastructure, or PKI. The software that

supports this infrastructure generates sets of public-private key pairs.

Public-private key pairs are codes that are related to one another through a

complex mathematical algorithm.

The key pairs can reside on one’s computer or on hardware devices such as

smart cards or floppy disks. Individuals or organizations must ensure the

security of their private keys. However, the public keys that correspond to

their private keys can be posted on Web sites or sent across the network.

Issuers of digital certificates often maintain online repositories

of public keys.

These repositories make it possible to authenticate owners of digital

certificates in real time. For example, publishers, as service providers, will

want to authenticate the digital certificate of a faculty member or student in

real time. This is possible by verifying the digital signature using the public

key in the repository. (DFL. 1999)

References:

Ciampa, M. (2006). CWNA Guide to Wireless LANs. (2nd ed.).

Thompson Course Technology. Retrieved April 9, 2010

from Week 7 Course Material. IT/241 – Intro to W-LAN

Technologies

The Digital Library Federation. (DFL) (1999). Digital Certificate

Infrastructure. PDF. Retrieved April 9, 2010 from

http://www.diglib.org/architectures/cren-dlf.pdf