{Hi guyz after a long time i m post an info article .this was demanded by our one regular visitor!!! }
In the last few years a new type of local area network has appeared. This new type of LAN, which is the wireless LAN, provides an alternative to the traditional LANs based on twisted pair, coaxial cable, and optical fiber. Why would anyone want a wireless LAN? There are many reasons. An increasing number of LAN users are becoming mobile. These mobile users require that they are connected to the network regardless of where they are because they want simultaneous access to the network. This makes the use of cables, or wired LANs, impractical if not impossible. Wireless LANs are very easy to install. There is no requirement for wiring every workstation and every room. This ease of installation makes wireless LANs inherently flexible. If a workstation must be moved, it can be done easily and without additional wiring, cable drops or reconfiguration of the network. Another advantage is its portability. If a company moves to a new location, the wireless system is much easier to move than ripping up all of the cables that a wired system would have snaked throughout the building.
The widespread reliance on networking in business and the meteoric growth of the Internet and online services are strong testimonies to the benefits of shared data and shared resources. With wireless LANs, users can access shared information without looking for a place to plug in, and network managers can set up or augment networks without installing or moving wires. Wireless LANs offer the following productivity, convenience, and cost advantages over traditional wired networks:
Mobility:
Wireless LAN systems can provide LAN users with access to real-time information anywhere in their organization. This mobility supports productivity and service opportunities not possible with wired networks.
Installation Speed and Simplicity:
Installing a wireless LAN system can be fast and easy and can eliminate the need to pull cable through walls and ceilings.
Installation Flexibility:
Wireless technology allows the network to go where wire cannot go.
Reduced Cost-of-Ownership:
While the initial investment required for wireless LAN hardware can be higher than the cost of wired LAN hardware, overall installation expenses and life-cycle costs can be significantly lower. Long-term cost benefits are greatest in dynamic environments requiring frequent moves and changes.
Scalability:
Wireless LAN systems can be configured in a variety of topologies to meet the needs of specific applications and installations. Configurations are easily changed and range from peer-to-peer networks suitable for a small number of users to full infrastructure networks of thousands of users that enable roaming over a broad area.
There are three main technologies that are used for wireless communications today, Radio Frequency (RF), Narrow Band and Infrared (IR). In general they are good for different applications and have been designed into products that optimize the particular features of advantage.
4.1 Narrowband Technology
A narrowband radio system transmits and receives user information on a specific radio frequency. Narrowband radio keeps the radio signal frequency as narrow as possible just to pass the information. Undesirable crosstalk between communications channels is avoided by carefully coordinating different users on different channel frequencies.
A private telephone line is much like a radio frequency. When each home in a neighborhood has its own private telephone line, people in one home cannot listen to calls made to other homes. In a radio system, privacy and noninterference are accomplished by the use of separate radio frequencies. The radio receiver filters out all radio signals except the ones on its designated frequency.
4.2 Infra Red Technology
The second technology that is used for Wireless LAN systems is Infra Red, where the communication is carried by light in the invisible part of the spectrum. This system has much to recommend it in some circumstances. It is primarily of use for very short distance communications, less than 3 feet where there is a line of sight connection. It is not possible for the Infra Red light to penetrate any solid material; it is even attenuated greatly by window glass, so it is really not a useful technology in comparison to Radio Frequency for use in a Wireless LAN system.
4.3 Radio Frequency Technology
RF is very capable of being used for applications where communications are not "line of sight" and over longer distances. The RF signals will travel through walls and communicate where there is no direct path between the terminals. In order to operate in the license free portion of the spectrum called the ISM band (industrial, Scientific and Medical), the radio system must use a modulation technique called Spread Spectrum (SS). In this mode a radio is required to distribute the signal across the entire spectrum and cannot remain stable on a single frequency. This is done so that no single user can dominate the band and collectively that all users look like noise. Spread Spectrum communications were developed during World War II by the military for secure communications links. The fact that such signals appear to be noise in the band means that they are difficult to find and to jam. This technique lends itself well to the expected conditions of operation of a real Wireless LAN application in this band and is by its very nature difficult to intercept, thus increasing security against unauthorized listeners. The use of Spread Spectrum is especially important as it allows many more users to occupy the band at any given time and place than if they were all static on separate frequencies. There are several bands available for use by license free transmitters; the most commonly used are at 902-928 MHz, 2.4-2.5 GHz and 5.7 to 5.8 GHz. Of these the most useful is probably the 2.4 GHz band as it is available for use throughout most of the world. In recent years nearly all of the commercial development and the basis for the new IEEE standard has been in the 2.4 GHz band.
The main security issue with wireless networks, especially radio networks, is that wireless networks intentionally radiate data over an area that may exceed the limits of the area the organization physically controls. For instance, 802.11b radio waves at 2.4 GHz easily penetrate building walls and are receivable from the facility’s parking lot and possibly a few blocks away. Someone can passively retrieve all of a company’s sensitive information by using the same wireless Network Interface Card (NIC) from a distance without being noticed by network security personnel.
5.1 IEEE 802.11 b
The wireless LAN standard IEEE 802.11b provides a mechanism for authentication and encryption. The IEEE 802.11 standard defines the physical layers and the MAC sub layers for the wireless LANs. There are three different physical layers: Frequency Hopping Spread Spectrum Radio, Direct Sequence Spread Spectrum Radio and Infrared. All physical layers can offer 2 Mbps data rate, the radio PHYs uses 2 400 - 2 483.5 MHz frequency band. The MAC layer is common for all three PHY and is responsible for the security feature for wireless LAN.
The IEEE 802.11 defines two authentication schemes:
Open System Authentication
The former is actually a null authentication all mobiles requesting the access are accepted to the network. The station can associate with any access point and listen to all data that are sent plaintext. This is usually implemented where ease-of-use is the main issue, and the network administrator does not want to deal with security at all.
Shared Key Authentication
The later one uses shared key cryptography to authenticate the mobile. When a mobile request authentication, the base sends 128 octet (1024 bits) long random numbers to the mobile encrypted using shared key. The mobile decrypts the random number using the same shared key that the base and sends that back to the base. If the number that the base receives is correct, the mobile is accepted to the network. All mobiles allowed to connect to the network uses the same shared key, so this authentication method is only able to verify if the particular mobile belongs to the group of the mobiles allowed to connect to the network, but there is no way to distinct the mobiles from each other. For a station to utilize shared-key authentication, it must implement WEP.
The IEEE 802.11b defines an optional Wired Equivalent Privacy (WEP) mechanism to implement the confidentiality and integrity of the traffic in the network. WEP is used at the station-to-station level and does not offer any end-to-end security. WEP uses the RC4 PRNG algorithm based on a 40 bit secret key and a 24-bit initialization vector (IV) send with the data. WEP includes an integrity check vector (ICV) to allow integrity check. One MPDU frame contains the clear text IV and ICV and the cipher text data block, so receiver is always able to decrypt the cipher text block and to check the integrity. The IV can always be new or reused for a limited time. The scheme is illustrated in figure on next page. The PRNG algorithm used in IEEE 802.11 is from RSA inc. The actual algorithm is not public, but has been studied in independent research laboratories under nondisclosure agreements and no weaknesses has not yet been reported, which does not guarantee that these does not exist. Anyway the secret key used is only 40 bits long, which can be solved by brute-force attack. . So an additional authentication mechanism is needed.
Eavesdropping on network transmissions can result in disclosure of confidential data, disclosure of unprotected user credentials, and the potential for identity theft. It also allows sophisticated intruders to collect information about your IT environment, which can be used to mount an attack on other systems or data that might not otherwise be vulnerable.
6.2 Interception and modification of transmitted data
If an attacker can gain access to the network, he or she can insert a rogue computer to intercept and modify network data communicated between two legitimate parties.
6.3 Spoofing
Ready access to an internal network allows an intruder to forge apparently legitimate data in ways that would not be possible from outside the network, for example, a spoofed e–mail message. People, including system administrators, tend to trust items that originate internally far more than something that originates outside the corporate network.
6.4 Denial of service (DoS)
A determined assailant may trigger a DoS attack in a variety of ways. For example, radio–level signal disruption can be triggered using something as low–tech as a microwave oven. There are more sophisticated attacks that target the low–level wireless protocols themselves, and less sophisticated attacks that target networks by simply flooding the WLAN with random traffic.
6.5 Free–loading (or resource theft)
An intruder may want nothing more sinister than to use your network as free point of access to the Internet. Though not as damaging as some of the other threats, this will, at the very least, not only lower the available level of service for your legitimate users but may also introduce viruses and other threats.
6.6 Accidental threats
Some features of WLANs make unintentional threats more real. For example, a legitimate visitor may start up a portable computer with no intention of connecting to your network but then is automatically connected to your WLAN. The visitor's portable computer is now a potential entry point for viruses onto your network. This kind of threat is only a problem in unsecured WLANs.
6.7 Rogue WLANs
If your company officially has no WLAN you may still be at threat from unmanaged WLANs springing up on your network. Low priced WLAN hardware bought by enthusiastic employees can open unintended vulnerabilities in your network.
Not to deploy WLAN technology.
Stick with 802.11 static WEP securities.
Use VPN to protect data on the WLAN.
Use IPsec to protect WLAN traffic.
Use 802.1X authentication and data encryption to protect the WLAN.
Global operation
WLAN products should sell in all countries so, national & international frequency regulations have to be considered. In contrast to the infrastructure of wireless WANs, LAN equipment may be carried from one country into another-the operation should be still legal in this case.
Range and Coverage
The distance over which RF and IR waves can communicate is a function of product design (including transmitted power and receiver design) and the propagation path, especially in indoor environments. Interactions with typical building objects, including walls, metal, and even people, can affect how energy propagates, and thus what range and coverage a particular system achieves. Solid objects block infrared signals, which impose additional limitations. Most wireless LAN systems use RF because radio waves can penetrate most indoor walls and obstacles. The range (or radius of coverage) for typical wireless LAN systems varies from under 100 feet to more than 300 feet. Coverage can be extended and true freedom of mobility via roaming, provided through micro cells.
Interference and Coexistence
The unlicensed nature of radio-based wireless LANs means that other products that transmit energy in the same frequency spectrum can potentially provide some measure of interference to a wireless LAN system. Microwave ovens are a potential concern, but most wireless LAN manufacturers design their products to account for microwave interference. Another concern is the co-location of multiple wireless LANs. While wireless LANs from some manufacturers interfere with wireless LANs, others coexist without interference.
Cost
A wireless LAN implementation includes both infrastructure costs, for the wireless access points, and user costs, for the wireless LAN adapters. Infrastructure costs depend primarily on the number of access points deployed. The number of access points typically depends on the required coverage region and/or the number and type of users to be serviced. The coverage area is proportional to the square of the product range.
The cost of installing and maintaining a wireless LAN generally is lower than the cost of installing and maintaining a traditional wired LAN, for two reasons. First, a wireless LAN eliminates the direct costs of cabling and the labor associated with installing and repairing it.
Compatibility with the Existing Network
Most wireless LANs provide for industry-standard interconnection with wired networks such as Ethernet or Token Ring. Wireless LAN nodes are supported by network operating systems in the same fashion as any other LAN node: thought the use of the appropriate drivers. Once installed, the network treats wireless nodes like any other network component.
Interoperability of Wireless Devices
Customers should be aware that wireless LAN systems from different vendors might not be interoperable. For three reasons: - First, different technologies will not interoperate. A system based on spread spectrum frequency hopping (FHSS) technology will not communicate with another based on spread spectrum direct sequence (DSSS) technology. Second, systems using different frequency bands will not interoperate even if they both employ the same technology. Third, systems from different vendors may not interoperate even if they both employ the same technology and the same frequency band, due to differences in implementation by each vendor
Security
Because wireless technology has roots in military applications, security has long been a design criterion for wireless devices. Security provisions are typically built into wireless LANs, making them more secure than most wired LANs. It is extremely difficult for unintended receivers (eavesdroppers) to listen in on wireless LAN traffic. Complex encryption techniques make it impossible for all but the most sophisticated to gain unauthorized access to network traffic. In general, individual nodes must be security-enabled before they are allowed to participate in network traffic.
Within radio coverage, nodes can communicate without further restriction. Radio waves can penetrate walls, senders & receivers can be placed any- where.
Planning
Only wireless ad-hoc networks allow for communications without previous planning, any wired network needs wiring plans. For wired networks, additional cabling with the right plugs & probably inter-working units (such as Switches) have to be provided.
Robustness
Wireless networks can survive disasters e.g. earthquake or users pulling a plug. If the wireless device survived, people still can communicate. Networks requiring a wired infrastructure will usually break down completely.
Cost
After providing wireless access to the infrastructure via an access point for the first user, adding additional users to the wireless network will not increase the cost.
WLANs typically offer lower quality than the wired counter parts. The main reason for this are the lower bandwidth due to limitations in radio transmissions, higher error rates due to interference & higher delay/delay variation due to extensive errors correction & detection mechanism.
Proprietary solutions
Due to slow standardization procedures, many companies have come up with offering standardized functionality plus many enhanced feature. However this additional features work only in homogeneous environment.
Restrictions
All wireless products have to comply with national regulations. Several government & non-government institutions world wide regulator operation & restrict frequencies to minimize interference.
Safety & Security
Using radio waves for data transmission might interfere with other high-tech equipments in, e.g. Hospitals. Senders & receivers are operated by laymen &, radiation has to be slow. Special precautions have to be taken to prevent safety hazards.
11. Conclusion
Flexibility and mobility make wireless LANs both effective extensions and attractive alternatives to wired networks. Wireless LANs provide all the functionality of wired LANs, without the physical constraints of the wire itself. Wireless LAN configurations range from simple peer-to-peer topologies to complex networks offering distributed data connectivity and roaming. Besides offering end-user mobility within a networked environment, wireless LANs enable portable networks, allowing LANs to move with the knowledge workers that use them.
References
Mobile Communication by Jochen Schiller (2nd edition)
Abstract
Consider a Network Setup where there is NO STRINGS ATTACHED!!! Wireless LAN is one in which a mobile user can connect to a local area network (LAN) through a wireless (radio) connection. Wireless LANS (WLANs) are taking off. With wired LAN-like speed of 11 Mbps, WLANs deliver the performance and reliability that enterprises need to foster truly mobile computing at the workplace. One advantage of WLANs over wired LANs is mobility. Users are embracing the notion of having access to the network wherever they are, whenever they want it. The paradigm shift from wired networking to wireless networking is the same as what we’ve seen happening in the cellular marketplace. The lure of being free to surf the Net, chat, e-mail, and access any resource on a wired backbone network without being tethered to that network will drive demand for wireless LAN products. Flexibility and mobility make wireless LANs both effective extensions and attractive alternatives to wired networks. Wireless LANs provide all the functionality of wired LANs, without the physical constraints of the wire itself. Wireless LAN configurations range from simple peer-to-peer topologies to complex networks offering distributed data connectivity and roaming. Besides offering end-user mobility within a networked environment, wireless LANs enable portable networks, allowing LANs to move with the knowledge workers that use them.1. Introduction
For some time now, companies and individuals have interconnected computers with local area networks (LANs). This allowed the ability to access and share data, applications and other services not resident on any one computer. The LAN user has at their disposal much more Information, data and applications than they could otherwise store by themselves. In the past all local area networks were wired together and in a fixed location as shown in figure 1.
In the last few years a new type of local area network has appeared. This new type of LAN, which is the wireless LAN, provides an alternative to the traditional LANs based on twisted pair, coaxial cable, and optical fiber. Why would anyone want a wireless LAN? There are many reasons. An increasing number of LAN users are becoming mobile. These mobile users require that they are connected to the network regardless of where they are because they want simultaneous access to the network. This makes the use of cables, or wired LANs, impractical if not impossible. Wireless LANs are very easy to install. There is no requirement for wiring every workstation and every room. This ease of installation makes wireless LANs inherently flexible. If a workstation must be moved, it can be done easily and without additional wiring, cable drops or reconfiguration of the network. Another advantage is its portability. If a company moves to a new location, the wireless system is much easier to move than ripping up all of the cables that a wired system would have snaked throughout the building.
2. Why Wireless?
Mobility:
Wireless LAN systems can provide LAN users with access to real-time information anywhere in their organization. This mobility supports productivity and service opportunities not possible with wired networks.
Installation Speed and Simplicity:
Installing a wireless LAN system can be fast and easy and can eliminate the need to pull cable through walls and ceilings.
Installation Flexibility:
Wireless technology allows the network to go where wire cannot go.
Reduced Cost-of-Ownership:
While the initial investment required for wireless LAN hardware can be higher than the cost of wired LAN hardware, overall installation expenses and life-cycle costs can be significantly lower. Long-term cost benefits are greatest in dynamic environments requiring frequent moves and changes.
Scalability:
Wireless LAN systems can be configured in a variety of topologies to meet the needs of specific applications and installations. Configurations are easily changed and range from peer-to-peer networks suitable for a small number of users to full infrastructure networks of thousands of users that enable roaming over a broad area.
3. How Wireless LAN Works?
Wireless LANs use electromagnetic airwaves (radio or infrared) to communicate information from one point to another without relying on any physical connection. Radio waves are often referred to as radio carriers because they simply perform the function of delivering energy to a remote receiver. The data being transmitted is superimposed on the radio carrier so that it can be accurately extracted at the receiving end. This is generally referred to as modulation of the carrier by the information being transmitted. Once data is superimposed (modulated) onto the radio carrier, the radio signal occupies more than a single frequency, since the frequency or bit rate of the modulating information adds to the carrier. Multiple radio carriers can exist in the same space at the same time without interfering with each other if the radio waves are transmitted on different radio frequencies. To extract data, a radio receiver tunes in one radio frequency while rejecting all other frequencies. In a typical wireless LAN configuration, a transmitter/receiver (transceiver) device, called an access point, connects to the wired network from a fixed location using standard cabling. At a minimum, the access point receives, buffers, and transmits data between the wireless LAN and the wired network infrastructure. A single access point can support a small group of users and can function within a range of less than one hundred to several hundred feet. The access point (or the antenna attached to the access point) is usually mounted high but may be mounted essentially anywhere that is practical as long as the desired radio coverage is obtained. End users access the wireless LAN through wireless-LAN adapters, which are implemented as PC cards in notebook or palmtop computers, as cards in desktop computers, or integrated within hand-held computers. Wireless LAN adapters provide an interface between the client network operating system (NOS) and the airwaves via an antenna. The nature of the wireless connection is transparent to the NOS.4. Wireless LAN Technology
Manufacturers of wireless LANs have a range of technologies to choose from when designing a wireless LAN solution. Each technology comes with its own set of advantages and limitations.There are three main technologies that are used for wireless communications today, Radio Frequency (RF), Narrow Band and Infrared (IR). In general they are good for different applications and have been designed into products that optimize the particular features of advantage.
4.1 Narrowband Technology
A narrowband radio system transmits and receives user information on a specific radio frequency. Narrowband radio keeps the radio signal frequency as narrow as possible just to pass the information. Undesirable crosstalk between communications channels is avoided by carefully coordinating different users on different channel frequencies.
A private telephone line is much like a radio frequency. When each home in a neighborhood has its own private telephone line, people in one home cannot listen to calls made to other homes. In a radio system, privacy and noninterference are accomplished by the use of separate radio frequencies. The radio receiver filters out all radio signals except the ones on its designated frequency.
4.2 Infra Red Technology
The second technology that is used for Wireless LAN systems is Infra Red, where the communication is carried by light in the invisible part of the spectrum. This system has much to recommend it in some circumstances. It is primarily of use for very short distance communications, less than 3 feet where there is a line of sight connection. It is not possible for the Infra Red light to penetrate any solid material; it is even attenuated greatly by window glass, so it is really not a useful technology in comparison to Radio Frequency for use in a Wireless LAN system.
4.3 Radio Frequency Technology
RF is very capable of being used for applications where communications are not "line of sight" and over longer distances. The RF signals will travel through walls and communicate where there is no direct path between the terminals. In order to operate in the license free portion of the spectrum called the ISM band (industrial, Scientific and Medical), the radio system must use a modulation technique called Spread Spectrum (SS). In this mode a radio is required to distribute the signal across the entire spectrum and cannot remain stable on a single frequency. This is done so that no single user can dominate the band and collectively that all users look like noise. Spread Spectrum communications were developed during World War II by the military for secure communications links. The fact that such signals appear to be noise in the band means that they are difficult to find and to jam. This technique lends itself well to the expected conditions of operation of a real Wireless LAN application in this band and is by its very nature difficult to intercept, thus increasing security against unauthorized listeners. The use of Spread Spectrum is especially important as it allows many more users to occupy the band at any given time and place than if they were all static on separate frequencies. There are several bands available for use by license free transmitters; the most commonly used are at 902-928 MHz, 2.4-2.5 GHz and 5.7 to 5.8 GHz. Of these the most useful is probably the 2.4 GHz band as it is available for use throughout most of the world. In recent years nearly all of the commercial development and the basis for the new IEEE standard has been in the 2.4 GHz band.
5. Security in Wireless LAN
Because wireless is a shared medium, everything that is transmitted or received over a wireless network can be intercepted. Encryption and authentication are always considered when developing a wireless networking system. The goal of adding these security features is to make wireless traffic as secure as wired traffic. The main security issue with wireless networks, especially radio networks, is that wireless networks intentionally radiate data over an area that may exceed the limits of the area the organization physically controls. For instance, 802.11b radio waves at 2.4 GHz easily penetrate building walls and are receivable from the facility’s parking lot and possibly a few blocks away. Someone can passively retrieve all of a company’s sensitive information by using the same wireless Network Interface Card (NIC) from a distance without being noticed by network security personnel.
5.1 IEEE 802.11 b
The wireless LAN standard IEEE 802.11b provides a mechanism for authentication and encryption. The IEEE 802.11 standard defines the physical layers and the MAC sub layers for the wireless LANs. There are three different physical layers: Frequency Hopping Spread Spectrum Radio, Direct Sequence Spread Spectrum Radio and Infrared. All physical layers can offer 2 Mbps data rate, the radio PHYs uses 2 400 - 2 483.5 MHz frequency band. The MAC layer is common for all three PHY and is responsible for the security feature for wireless LAN.
The IEEE 802.11 defines two authentication schemes:
Open System Authentication
The former is actually a null authentication all mobiles requesting the access are accepted to the network. The station can associate with any access point and listen to all data that are sent plaintext. This is usually implemented where ease-of-use is the main issue, and the network administrator does not want to deal with security at all.
Shared Key Authentication
The later one uses shared key cryptography to authenticate the mobile. When a mobile request authentication, the base sends 128 octet (1024 bits) long random numbers to the mobile encrypted using shared key. The mobile decrypts the random number using the same shared key that the base and sends that back to the base. If the number that the base receives is correct, the mobile is accepted to the network. All mobiles allowed to connect to the network uses the same shared key, so this authentication method is only able to verify if the particular mobile belongs to the group of the mobiles allowed to connect to the network, but there is no way to distinct the mobiles from each other. For a station to utilize shared-key authentication, it must implement WEP.
The IEEE 802.11b defines an optional Wired Equivalent Privacy (WEP) mechanism to implement the confidentiality and integrity of the traffic in the network. WEP is used at the station-to-station level and does not offer any end-to-end security. WEP uses the RC4 PRNG algorithm based on a 40 bit secret key and a 24-bit initialization vector (IV) send with the data. WEP includes an integrity check vector (ICV) to allow integrity check. One MPDU frame contains the clear text IV and ICV and the cipher text data block, so receiver is always able to decrypt the cipher text block and to check the integrity. The IV can always be new or reused for a limited time. The scheme is illustrated in figure on next page. The PRNG algorithm used in IEEE 802.11 is from RSA inc. The actual algorithm is not public, but has been studied in independent research laboratories under nondisclosure agreements and no weaknesses has not yet been reported, which does not guarantee that these does not exist. Anyway the secret key used is only 40 bits long, which can be solved by brute-force attack. . So an additional authentication mechanism is needed.
6. Security Threats for WLAN
6.1 Eavesdropping (disclosure of data)Eavesdropping on network transmissions can result in disclosure of confidential data, disclosure of unprotected user credentials, and the potential for identity theft. It also allows sophisticated intruders to collect information about your IT environment, which can be used to mount an attack on other systems or data that might not otherwise be vulnerable.
6.2 Interception and modification of transmitted data
If an attacker can gain access to the network, he or she can insert a rogue computer to intercept and modify network data communicated between two legitimate parties.
6.3 Spoofing
Ready access to an internal network allows an intruder to forge apparently legitimate data in ways that would not be possible from outside the network, for example, a spoofed e–mail message. People, including system administrators, tend to trust items that originate internally far more than something that originates outside the corporate network.
6.4 Denial of service (DoS)
A determined assailant may trigger a DoS attack in a variety of ways. For example, radio–level signal disruption can be triggered using something as low–tech as a microwave oven. There are more sophisticated attacks that target the low–level wireless protocols themselves, and less sophisticated attacks that target networks by simply flooding the WLAN with random traffic.
6.5 Free–loading (or resource theft)
An intruder may want nothing more sinister than to use your network as free point of access to the Internet. Though not as damaging as some of the other threats, this will, at the very least, not only lower the available level of service for your legitimate users but may also introduce viruses and other threats.
6.6 Accidental threats
Some features of WLANs make unintentional threats more real. For example, a legitimate visitor may start up a portable computer with no intention of connecting to your network but then is automatically connected to your WLAN. The visitor's portable computer is now a potential entry point for viruses onto your network. This kind of threat is only a problem in unsecured WLANs.
6.7 Rogue WLANs
If your company officially has no WLAN you may still be at threat from unmanaged WLANs springing up on your network. Low priced WLAN hardware bought by enthusiastic employees can open unintended vulnerabilities in your network.
7. How to (Really) Secure Your WLAN
Since the discovery of the security weaknesses of WLANs, described earlier, leading network vendors, standards bodies, and analysts have focused a great deal of effort on finding remedies for these vulnerabilities. This has yielded a number of responses to the concerns over WLAN security. The principal alternatives are:Not to deploy WLAN technology.
Stick with 802.11 static WEP securities.
Use VPN to protect data on the WLAN.
Use IPsec to protect WLAN traffic.
Use 802.1X authentication and data encryption to protect the WLAN.
8. Factors for Setting up a Wireless LAN
Many different, and sometimes competing, design goals has to be taken into account for WLANs to ensure their commercial success:Global operation
WLAN products should sell in all countries so, national & international frequency regulations have to be considered. In contrast to the infrastructure of wireless WANs, LAN equipment may be carried from one country into another-the operation should be still legal in this case.
Range and Coverage
The distance over which RF and IR waves can communicate is a function of product design (including transmitted power and receiver design) and the propagation path, especially in indoor environments. Interactions with typical building objects, including walls, metal, and even people, can affect how energy propagates, and thus what range and coverage a particular system achieves. Solid objects block infrared signals, which impose additional limitations. Most wireless LAN systems use RF because radio waves can penetrate most indoor walls and obstacles. The range (or radius of coverage) for typical wireless LAN systems varies from under 100 feet to more than 300 feet. Coverage can be extended and true freedom of mobility via roaming, provided through micro cells.
Interference and Coexistence
The unlicensed nature of radio-based wireless LANs means that other products that transmit energy in the same frequency spectrum can potentially provide some measure of interference to a wireless LAN system. Microwave ovens are a potential concern, but most wireless LAN manufacturers design their products to account for microwave interference. Another concern is the co-location of multiple wireless LANs. While wireless LANs from some manufacturers interfere with wireless LANs, others coexist without interference.
Cost
A wireless LAN implementation includes both infrastructure costs, for the wireless access points, and user costs, for the wireless LAN adapters. Infrastructure costs depend primarily on the number of access points deployed. The number of access points typically depends on the required coverage region and/or the number and type of users to be serviced. The coverage area is proportional to the square of the product range.
The cost of installing and maintaining a wireless LAN generally is lower than the cost of installing and maintaining a traditional wired LAN, for two reasons. First, a wireless LAN eliminates the direct costs of cabling and the labor associated with installing and repairing it.
Compatibility with the Existing Network
Most wireless LANs provide for industry-standard interconnection with wired networks such as Ethernet or Token Ring. Wireless LAN nodes are supported by network operating systems in the same fashion as any other LAN node: thought the use of the appropriate drivers. Once installed, the network treats wireless nodes like any other network component.
Interoperability of Wireless Devices
Customers should be aware that wireless LAN systems from different vendors might not be interoperable. For three reasons: - First, different technologies will not interoperate. A system based on spread spectrum frequency hopping (FHSS) technology will not communicate with another based on spread spectrum direct sequence (DSSS) technology. Second, systems using different frequency bands will not interoperate even if they both employ the same technology. Third, systems from different vendors may not interoperate even if they both employ the same technology and the same frequency band, due to differences in implementation by each vendor
Security
Because wireless technology has roots in military applications, security has long been a design criterion for wireless devices. Security provisions are typically built into wireless LANs, making them more secure than most wired LANs. It is extremely difficult for unintended receivers (eavesdroppers) to listen in on wireless LAN traffic. Complex encryption techniques make it impossible for all but the most sophisticated to gain unauthorized access to network traffic. In general, individual nodes must be security-enabled before they are allowed to participate in network traffic.
9. Advantages of WLAN
FlexibilityWithin radio coverage, nodes can communicate without further restriction. Radio waves can penetrate walls, senders & receivers can be placed any- where.
Planning
Only wireless ad-hoc networks allow for communications without previous planning, any wired network needs wiring plans. For wired networks, additional cabling with the right plugs & probably inter-working units (such as Switches) have to be provided.
Robustness
Wireless networks can survive disasters e.g. earthquake or users pulling a plug. If the wireless device survived, people still can communicate. Networks requiring a wired infrastructure will usually break down completely.
Cost
After providing wireless access to the infrastructure via an access point for the first user, adding additional users to the wireless network will not increase the cost.
10. Disadvantages of WLAN
Quality of serviceWLANs typically offer lower quality than the wired counter parts. The main reason for this are the lower bandwidth due to limitations in radio transmissions, higher error rates due to interference & higher delay/delay variation due to extensive errors correction & detection mechanism.
Proprietary solutions
Due to slow standardization procedures, many companies have come up with offering standardized functionality plus many enhanced feature. However this additional features work only in homogeneous environment.
Restrictions
All wireless products have to comply with national regulations. Several government & non-government institutions world wide regulator operation & restrict frequencies to minimize interference.
Safety & Security
Using radio waves for data transmission might interfere with other high-tech equipments in, e.g. Hospitals. Senders & receivers are operated by laymen &, radiation has to be slow. Special precautions have to be taken to prevent safety hazards.
11. Conclusion
Flexibility and mobility make wireless LANs both effective extensions and attractive alternatives to wired networks. Wireless LANs provide all the functionality of wired LANs, without the physical constraints of the wire itself. Wireless LAN configurations range from simple peer-to-peer topologies to complex networks offering distributed data connectivity and roaming. Besides offering end-user mobility within a networked environment, wireless LANs enable portable networks, allowing LANs to move with the knowledge workers that use them.
References
Mobile Communication by Jochen Schiller (2nd edition)
0 comments:
Post a Comment
Thanks for your Valuable comment