Northridge Consulting Group Case Project
-
Upload
edwardlong -
Category
Documents
-
view
3.537 -
download
2
description
Transcript of Northridge Consulting Group Case Project
Northridge Consulting Presents:
WLAN Workshop
Wireless LAN configurations. The advantages & disadvantages of
Basic Service Set, Extended Service Set and Independent
Service Set.
Part 1
Basic Service Set-BSS Extended Service Set-ESS Independent Service Set-ISS
We will discuss the types of WLAN’s pictured below
and briefly describe the advantages and disadvantages
of each. We will also touch on the appropriate uses
and locations suited for each network.
Basic Service Set or Infrastructure Mode
Depicted in the picture below the BSS (Basic Service Set) is clearly
defined as having only one AP (Access Point) in which to cover the
designated home , public or workspace area. This is a very easily
installed wireless network that requires little assistance. It serves a
very functional service supplying the immediate area with a wireless
signal that may reach up to a 150 feet indoors and 300 feet outdoors
from the location of the AP in a 360 degree coverage circumference.
The installation and configuring of a BSS
It is suggest that the AP be connected to the server or internet in order to have
complete access to the network. The AP may be configured to only provide
access to wireless nodes in the immediate area allowing them to share files .
If we wire the router (AP) to the internet it’s necessary to create a SSID
(Service Set Identifier) which provides the network with a unique identifier. .
Below is an example of the SSID settings screen. The network can now be
secured with either WAP 1 & 2 , MAC Addressing or WEP 1 & 2. WEP and
WPA are similar with 128 bit encryption only 2 is slightly stronger. Mac
Addressing filters and only allows designated machines to join the wireless
network. This is a very good and simple security measure.
Advantages & Disadvantages of a BSS
The cost involved with a 802.11a ,b or g is relatively inexpensive. By using the
BSS you have the ability to cover a fairly large office space, open café type
of setting or home. The BSS can accommodate up to about 100 devices but,
it’s recommend not to exceed 50 and there’s heavy transferring traffic
lower still to about 20 users. Overall the BSS is a good WLAN for the
smaller business and home area with an affordable price,
easy set up and low maintenance.
Some of the drawbacks to this type of WLAN are for one the quantity of users
or devices on the network are limited. To comfortably have more nodes
accessing the wireless network there would need to be multiple AP’s set on
different channels to avoid signal hopping and to accommodate the traffic
being generated. Another item of concern is network breakdown. If the AP
goes down then the WLAN is out of commission. Although the wired
nodes will be fine the disruption from one piece of hardware can be
devastating at critical times.
Extended Service SetThis is a very common network. It is very functional and straight forward
in it’s set up & configuration. With the ESS (Extended Service Set) we can
take the abilities of the BSS a step further and supply signal to more users,
cover a larger area and allow for the use of wireless network to be
accessible in different areas of a building. This is composed of 2 or more
BSS networks and as you can see from the diagram below, the services that
may be provided with this type of configuration are far greater then a BSS
however the actual configuration is a bit more complex.
The installation and configuring of a ESSWhen installing the ESS (Extended Service Set) it is essential to
configure and place the routers or Ap’s according to the layout of
the facility. When installing 2 or more AP’s it vital to ensure the
signals overlap and that there is no dead space left in the projected
coverage area. The picture below shows an ESS composed of 2
BSS networks. As you can see the signal overlaps allowing for a
mobile user to enter the field of the other AP without losing a signal.
The process of moving from one signal to another a called a
“handoff” Once a signal is received with a stronger signal then the
current connection the device will switch over. Some devices also
measure the packet error in order to determine when
or if an switch is necessary.
Advantages & Disadvantages of a ESS
One of the big advantages to this type of network is that it allows
for an undetermined amount of users. It is easy to continue to
add SP’s as the need arises at a minimal cost. Once the
security has been decided upon it’s nothing more than aping
the first AP configuration to the rest of the networks AP’s.
A couple of the other disadvantages of the ESS is just like every
other IEEE 802.11 standard, when the handoff takes place
during roaming it is not specified. Roaming between APs of
different vendors may also pose a problem at times.
Independent Basic Service Set
This type of network does not use a AP and is a self contained
network. The IBSS also known as an ad-hoc or peer 2 peer
simple uses the file sharing option located in the network tools
menu. It’s a very simple and secure way to share files among
users at home or in an office setting. Each mapped user can
send or locate and view files on any of the other nodes
included in this network.
Advantages & Disadvantages of a IBSS
One of the more convenient advantages of an IBSS is that the network can be setup very easily and quickly. It’s a matter of entering the computer name of each node to access and share with. Users can communicate and share files with each other without having to run cabling around the room or rooms and without the use of a server or internet connection. Along with the above assets of an IBSS there’s no additional cost aside
from assuring the nodes are wireless.
The disadvantages are that there’s no means of accessing the internet or transferring large amounts of data being this is an
ad-hoc . The BSS has more flexibility then the IBSS being it’s network through AP’s and Ethernet.
Part Two
Authentication, Security Risks and
Options for Wireless Networks
AuthenticationSome of the concerns of the regarding wireless network admins
and users has been its perceived vulnerability to unauthorized access, this is because unlike wired networks where network access can be secured by securing the physical location of the
systems; radio frequency (RF) signals which carry the transmitted network signal cannot be secured physically.
To bring wireless networks under the control and authority of the owner, authentication becomes inevitable in wireless
networking. There are three types of authentication that is widely used and support by IEEE 802.11 standard
Open System authentication
Shared Key authentication
Digital Certificate authentication
Open System Authentication
The default authentication is the open system method and this is the most widely used method. This system uses a straight
forward approach;
1. The wireless device having scanned and discover a network, sends a request frame to the AP requesting for an association.
2. The AP reviews the received request and verifies that the SSID of the device requesting for association matches with the one network has.
3. If it matches, AP sends an association responds frame to the device containing the acceptance notice and the device will be authenticated.
4. If it does not match, the device will be denied access.
Ciampa, M. (2006).
Shared Key Authentication
This is a system where both the AP and the wireless device have the same key value entered in their settings.
1.The wireless device that needs to connect sends an authentication frame to AP
2.The AP generates the authentication frame containing a block of text called the “challenge text”.
3.The wireless device has to encrypt the text and send it back to AP
4.The AP decrypts the returned frame to see if it matches the original challenged text.
5.If it does, AP sends an authentication frame representing the result of the authentication.
6.Only pre-approved users or wireless device are provided with the shared key thus verifying the authenticity of it’s user or node.
Ciampa, M. (2006).
Digital Certificate Authentication
Digital certificate method of authentication uses digital
documents that associate an individual or user with a key
value. This certificate is a data structure that contains
information, and it is digitally signed by a third party,
meaning that it is not possible to change any part of the
certificate by intruders without been detected. On wireless
platform, Digital certificate can be installed on a wireless
device for authentication, making it more reliable than
open system and shared key.
Recommendation to StaffThe combination of standards, protocols, and software that support digital
certificates is called a public key infrastructure, or PKI. The software that
supports this infrastructure generates sets of public-private key pairs.
Public-private key pairs are codes that are related to one another through a
complex mathematical algorithm.
The key pairs can reside on one’s computer or on hardware devices such as
smart cards or floppy disks. Individuals or organizations must ensure the
security of their private keys. However, the public keys that correspond to
their private keys can be posted on Web sites or sent across the network.
Issuers of digital certificates often maintain online repositories
of public keys.
These repositories make it possible to authenticate owners of digital
certificates in real time. For example, publishers, as service providers, will
want to authenticate the digital certificate of a faculty member or student in
real time. This is possible by verifying the digital signature using the public
key in the repository. (DFL. 1999)
References:
Ciampa, M. (2006). CWNA Guide to Wireless LANs. (2nd ed.).
Thompson Course Technology. Retrieved April 9, 2010
from Week 7 Course Material. IT/241 – Intro to W-LAN
Technologies
The Digital Library Federation. (DFL) (1999). Digital Certificate
Infrastructure. PDF. Retrieved April 9, 2010 from
http://www.diglib.org/architectures/cren-dlf.pdf