Wireless LAN

Wireless technologies (area coverage)
PAN (personal area network)
Standards : bluetooth, 802.15.3
Speed : <>range : short
applications: peer-to-peer, device-to-device

Standards : 802.11
Speed : 11 to 54 mbps
range : medium
applications: enterprise networks

Standards : 802.11, 802.16 (WiMax), 802.20
Speed : 10-100+ mbps
range : medium-long
applications: last mile access

Standards : GSM, CDMA, satellite
Speed : 10 kbps - 2 mbps
range : long
applications: mobile data devices

WLAN 802.11 adopts the 802.3 ethernet technology instead of using ethernet switches to connect hosts, WLAN uses Access Points (APs) to connect hosts. and WLAN uses the Collision Avoidance technology rather than the Collision Detection technology. becaues WLAN uses Radio Frequency (RF), it can interfere with other radio frequencies.

WLAN standards
data rates : up to 54 mbps
band : 5 Ghz
area : 35 meters
channels : up to 23
modulation : OFDM

data rates : up to 11 mbps
band : 2.4 Ghz (ISM band)
area : 35 meters
channels : 3
modulation : DSSS

data rates : up to 54 mbps
band : 2.4 Ghz (ISM band)
area : 35 meters
channels : 3
modulation : DSSS | OFDM

802.11n (still in draft, might be available on september 2008)
data rates : up to 248+ mbps
band : unconfirmed
area : 70 meters
channels :
modulation : MIMO-OFDM

becaues 802.11g support both DSSS and OFDM modulations, 802.11g provides backward compatibility with 802.11b.

terminology explanations
-DSSS (Direct Sequence Spread Spectrum)
-OFDM (Orthogonal Frequency Division Multiplexing), a technology running OFDM is faster than
-MIMO (multipe input/multiple output), splits a high data-rate streams into multiple lower rate streams and broadcasts them simultaneously over the available radios and antennae, providing theoritically a data rate of 248mbps using two streams.
-ISM (Industry, Scientific, Medical), 900mhz and 2.4 Ghz bands are allocated by the International Telecommunications Union-Radio (ITU-R) as unlicensed for ISM.

Three organizations influencing WLAN Standards:
- ITU-R, regulates the allocation of RF bands
- IEEE, specifies how RF is modulated to carry information
- Wi-Fi Alliance, devices made by vendors are interoperable

Wi-Fi Alliance is a global, non-profit organization that gives the Wi-Fi certifications. wi-fi certification is used to ensure that products made by different vendors have followed the WLAN standards (certification includes all three WLAN technologies 802.11a/b/g, and WPA-WiFi Protected Access), therefore ensures the interoperability between devices of different vendors

Components of WLAN
Wireless NIC - much like ethernet NIC, WNIC encodes data stream onto an RF signal and use the modulation technique it is configured to use.
Access Point - AP is a layer 2 device that works much like the 802.3 ethernet hub. AP connect wireless devices to the wired lan. therefore, AP convert the TCP/IP data packets of 802.11 to TCP/IP data packets of 802.3
Wireless Router - performs the role of AP, ethernet switch and a router.

Carrier Sense - each devices must sense the medium for energy (RF stimulation above a certain threshold) and wait until the medium is free before sending. because RF attenuates, two devices connected to an AP at opposite side, may not sense each other and therefore, collision could occur (this is called 'hidden nodes'). CSMA/CA is a feature to overcome this problem it uses a mechanism called RTC/CTS (request to send / clear to send) a device will request to send to the AP and the AP will allocate the medium to the requesting device for as long as it's required to complete the transmission. if not used, normal collision avoidance is used.

WLAN Operation
WLAN modes : refer to the 802.11a/b/g or n modes. because 802.11g supports backward compatibility with 802.11b. an access point may support both technologies. however, when a 802.11b client connects to the access point, it es other 802.11g point to wait longer to transmit their data. an AP may support a/b/g but with, the 802.11a operating at another radio at different RF band.
SSID : shared service set identifier, is a code attached to all packets on a WLAN to identify each packet as part of the network. the SSID is a case-sensitive alphanumeric ranging from 2 to 32 chars. some WLAN may exist in an area, the SSID is what distinguishes them from each other.
Wireless channel : 2.4 Ghz is divided into 11 channels with each channel is 22-Mhz band. the range between each center channel is only 5Mhz means that there are overlaps channel. if there are three adjacent AP, use channels 1, 6 and 11. if there are just two, choose any channel that are five channels apart.

Beacon - frames used by the WLAN (AP) to advertise its presence. the purpose of beacons are so that wlan clients can sense the presence of the network and allowing them to choose what network to connect to. AP may broadcast beacons periodically.
Probes - frames used by WLAN clients to find their networks.

Association - the join process of a client to the WLAN network, before it can send data over the WLAN. the process goes through three steps.
stage 1, 802.11 probing - although probing may be used to discover WLAN networks. some clients used it to search for a WLAN, the probe request specifies the network name (SSID) and bit rates
stage 2, 802.11 authentication - there are two methods, NULL authentication which the client says "authenticate me" and the AP responds with "yes". this is the most used in almost all 802.11 deployments. the second method is the WEP method which is not recommended. (the shared public keys are flawed).
stage 3, 802.11 association - finalizes the security and bit rates option. establishes data link connecntion between the client and the AP. the client learns about the BSSID (AP's MAC address) and the AP maps a Association Identifier (AID, works equivalently to a port on a switch). the AID keeps track of frames destined to which WLAN client.

IBSS (Independent BSS) - usually called ad hoc WLAN, in this topology, there is no AP. every Wireless NIC is set to the ad hoc mode and they connect to each other without any intermediate AP.
BSS - a WLAN where there's only a single AP presents.
ESS (Exrendes Service Set) - when one AP is not enough to provides insufficient RF areas, other APs may be joined to enlarge the area. each AP is differentiated with BSSID, which is the MAC address of the AP.

the common distribution system is multiple AP in ESS appear to be a single BSS. allowing user to roams accross the area from AP to AP. cells represent the coverage area provided by a single channel.

Topology's Terminology
BSS = Basic Service Set
BSA = Basic Service Area, the coverage area of IBSS and BSS
ESA = Extended Service Area, the coverage area of ESS

Planning WLAN
in planning the coverage area of the WLAN, you must place the APs at the correct places so that users can roam from one AP through another AP. the coverage area may overlapped between APs so that there's no gap between AP's coverage area.
the use of nonoverlapping channel in ESS.

War Driving : originally termed to finding cellular phone numbers to exploit. in WLAN means driving around neighborhood with a laptop an a WIC card to look for an unsecured WLAN system to exploit.
Hackers :
Rouge Access Point : AP that's installed to interfere with the normal WLAN system. if configured correctly, the rouge AP can get clients data and even gain access to the server resources.
MITM : man in the middle, with WLAN a user can get access to the AP without plugging any cable to his device. a user can also use a software AP to act like an AP and intercepts other users data.
DoS : 802.11b/g use the unlicensed 2.4Ghz band. which is used by also many other wlan systems. with the devices of other systems crowding the RF band, attacker can create noise in all of the channels in the band with common available devices. because a user can make his laptop/pc acts as an AP. a user can flood the CTS message so other clients flood the wlan or the attacker can send some disassociate command so a client will try to reassociate which create a burst of traffic.

Securing WLAN
wlan provides two methods of authentication, open and WEP. open means there's no authentication, all users may connect to the AP and gain a connection. while WEP as stated above is a weak authentication method for two reasons. one, the algorithm used to encrypt the data was proved to be crackable. two, scalability was a problem. the 32-bit WEP keys were manually managed, so users entered them by hand, often incorrectly.
to overcome the security issues, a new security standard is created which is 802.11i/WPA2 (WPA2 is the Wi-Fi Alliance implementation of 802.11i). which uses TKIP (Temporal Key Integrity Protocol) to encrypts data. WPA2 also includes a connection to a Remote Authentication Dial in User Service (RADIUS). today 802.11i should be the stadard in enterprise networks.
802.11i uses the 802.1x authentication standards which is EAP (extensible authentication protocol).

TKIP - used in WPA, provides backward compatibility for legacy WLAN equipment (TKIP used the same cipher, RC4, as WEP).
AES - Advanced Encruption Standard is the encryption of WPA2 has the same function as TKIP but is the recommended one.

you can do SSID cloaking (disable SSID broadcasting), MAC address filtering and WPA/WPA2 to secure your WLAN.

NOTE:securing you WLAN just through filtering MAC address and not broadcasting the SSID is not a good idea. MAC address can be changed through software use, and SSID can be sniffed because it's sent on clear text.