Proposed WLAN network design

Author: Iloka Benneth Chiemelie

Published: 22/july/2016

1.0 ANALYSIS OF THE CURRENT NETWORK

Presently, the company is making use of a LAN network for its services. it was also identified that minor segment in the company which comprises of the managers and staffs in the stadium adopt a WLAN to a minimal level. However, this network comes with a number of issues and the case study make known that the firm has growing without much planning of their network design. For instance, the LAN cabling in both offices is still based on the old version of CAT5e Ethernet. The office complex is the medium through which Ethernet is linked between the two buildings. As a result of the recent acquisition of AnyCompany, the naming and addressing has also been inconsistent. Even with the combination of network infrastructure, there have been no optimization or redesign in the combined networks. On a very basic level, the flat network design adopted by the company comes with reduced redundancy.

Basically, a number of security and performance issues can be identified from the analyzed network and they come in the form of the network:

1.      Not being able to support fast video sharing and transfer from the stadium

2.      Exposing the system to everybody because of the constant change of password

3.      Slow airing and download of transferred movie

4.      Lack of stable password means reduction in the accessibility of the system for all employees and a subsequent reduction in performance as they can’t access the internet to perform their task.

2.0 PROPOSED SYSTEM AND DESIGN: WLAN (WIRELESS LOCAL AREA NETWORK)

2.1 WLAN components

One of the significant advantages of WLAN is the fact that it can easily be installed. Installation of WLAN system is very simple and as such it eliminates the need to pull through numerous cables, calls and ceilings. The physical structure and architectural design of WLAN is quite simple and it is made up of basic components in the form of access points (Aps) and Network Interface Cards (NICs).

2.2 Access points of proposed WLAN

This is basically the wireless equivalent of LAN hub. It is usually connected with the wired backbone through a standard Ethernet cable, and adopts antenna for communicating with wireless devices. An AP functions with specified frequency spectrum and makes use of 802.11 standard modulation specified techniques¹. It also passes the information of its availability to the wireless client, and serves as the medium for authenticating and associating wireless clients with the wireless network.

2.3 Network Interface Card / Client Adapter

The wireless network interface cards are used to connect computers or the workstations to the wireless network through either the basic peer-to-peer method or infrastructure method with the APs. They are available in the form of PCMCIA (Personal Computer Memory Card International Association) Card and PCI (Peripheral Component Interconnect)¹. It is used for the connection of desktop and mobile computers to all network resources wirelessly. The NIC scans for available frequency spectrum for connection purposes and uses it to associate access point or other wireless client. When coupled with the computer or workstation’s operating system with a software driver, it will enable new employees to be connected instantly to the network and be able to access the internet in conference room.

2.4 WLAN Architecture for proposed design: Infrastructure or Microcell / Roaming

The WLAN components discuss above are usually connected by adopting certain configuration. There are basically three types of WLAN architecture in the form of: independent, infrastructure, and microcells and roaning⁴.

2.4.1 Independent WLAN architecture

This is the simplest WLAN configuration and it is also known as peer-to-peer. It is a configuration in which a group of computers, each equipped with one WLAN client adapted are connected together. There is no need for access point and each of the computer in the LAN is configured with the same radio channel in order to enable peer-to-peer networking. This form of WLAN network can be set up whenever two or more wireless adapters are within each other’s range. The architecture is as illustrated in the figure 1 below.

Figure 1: architecture of independent WLAN 

2.4.2 Infrastructure WLAN

This form of WLAN is made up of wireless stations and access points. The Access Points are combined with the distribution system (for instance, the Ethernet) in order to provide the right support for creating multiple radio cells that are capable of enabling roaming through the facility. The access point provides information with the wired networks and also mediates wireless network traffic in the present neighbourhood. This form of network configuration meets the nee of large-scale networks complexities and coverage size. It is as illustrated in the figure 2 below.

Figure 2: Infrastructure WLAN architecture

2.4.3 Microcells and roaming

A microcell is the area of coverage for an access point. The installation of numerous access points is demanded in order to extend the range of WLAN beyond the coverage provided by one access. The major benefit of WLAN is the fact that it is mobile. Thus, it is significant to ensure that can easily move between access points without need to be logged in again and restart their application. Such a seamless roaming is made possible with only the access point having a way of exchanging information as the user connection is being handed off from one point ot access to another. In settings that contain microcells in overlapping states wireless nodes and access point are used to conduct frequent checks of the strength and quality of transmission. The WLAN system transfers the roaming users to the access point with the strongest level of quality signal, while also allowing roaming from one microcell to another. This form of infrastructure can be seen in the figure 3 below.

Figure 3: microcell and roaming infrastructure

3.0 SECURITY ISSUES IN WLAN

Irrespective of the convenience, cost advantage and productivity offered by WLAN, it is important to note that the radio frequently which is used in wireless networks have some issues where the network can be hacked³. Some of these security issues are as discussed below.

3.1 Denial of service

This is a form of attack in which the hacker (intruder) floods the network with either high volume of messages and as such influence the availability of the network resources. Because of the nature of the radio transmission, WLAN are made quite vulnerable to attacks initiated to inflict denial of service. This is because the relatively low bit rate of the WLAN can so easily be overwhelmed and as such leaves the network open to such attacks⁹. Radio interference can easily be generated through the use of powerful transceiver and such frequency will make WLAN communication unable to use the radio path.

3.2 Spoofing and sessions hijacking

This is a form of attack in which the hacker gains access to secure data and resources in the network through identity theft. This is possible because 802.11 are not capable of authenticating the source address, which is the medium access control (MAC) address of the frame⁶. As such, attackers can spoof MAC address and take control of sessions. Additionally, 802.11 doesn’t need access points as proves that it is actually an AP. This increases the chances of attacker pretending to be AP⁷. There is a need for proper authentication and access control mechanism to be places in the WLAN in order to eliminate the chances of spoofing.

3.3 Eavesdropping

This includes attacks that are made against confidential data that is being transmitted through the connected networks. Naturally, WLAN radiates network traffics into the space intentionally. This makes it impossible to control the receiving signals in any form of WLAN installation. As such, eavesdropping is the most significant threat in WLAN as the hacker can intercept the information over the air from a distance away from the company, making it impossible to spot such hacker.

3.4 SOLUTIONS FOR THESE SECURITY ISSUES

Notwithstanding the risk and vulnerabilities that have been associated with WLAN, there are practical solutions that can be used to reduce such level of vulnerabilities. Some of these solutions are as discussed below.

3.4.1 Change the default SSID

Service Set Identifier (SSID) are very unique identifiers that are attached to the header of every packet sent through a WLAN, and they serve as password when mobile devices attempt to access such WLAN. SSID differentiates one WLAN from another and this makes it a must for all devices attempting to connect to any given WLAN to make used of the same SSID. Basically, this is the only security mechanism required by access point in order to enable association in the absence of activating optional security features. Not changing the default SSID is one of the basic mistakes made by system admins and it is like leaving the network password free, while changing it will provide more security for the system.

3.4.2 Make use of VPN

A VPN is a more detailed solution for authenticating users that come from untrusted space and encrypting the communication between users connected to a specific network in order that people listening cannot intercept such network. Access point is placed by the side of the corporate firewall with a basic wireless implementation. This form of implementation opens up a big hole in the trusted network space. VPN is used to secure wireless implementation by placing the access point behind it. This form of implementation offers high security for the wireless network implementation without adding any significant overhead to the users. It is recommended that if there is more than one wireless access point in any organization, they should be run into a common switch, the connected with the VPN server in the same switch. This will mean that there is no need for the network users to have multiple VPN dialup for their system¹⁰. The secure method for such implementation is as shown in the figure 4 below.

Figure 4: secure method for implementing a wireless AP

3.4.3 Static IP

Normally, most of the WLAN make use of DHCP (Dynamic Host Configuration Protocol) to more efficiently assign IP addresses automatically to user devices. However, there is a problem with such system because it doesn’t differentiate between a legit user and hacker. With a proper SSID, anyone that is implementing this form of IP can easily obtain the IP address automatically and become a genuine node on the network. As such, disabling the DHCP and assigning static IP reduces the potential of hacker to access the IP and gain access to the network.

3.4.4 Access point placement

The wireless access point should be placed outside the firewall in order to offer protection against intruders that try to access the corporate network resources. Firewall can also be configured in order to enable access for only legit users through the adoption of MAC and static IP address. 

REFERENCES

[1] AirDefense™, Inc. “Wireless LAN Security: Intrusion Detection and Monitoring for the Enterprise.” 4 Dec. 2002. URL: http://www.airdefense.net/products/index.shtm (30 Oct. 2002).

[2] Borisov, Nikita, Goldberg, Ian and Wagner, David. “Security of the WEP Algorithm.” 13 Dec. 2002. URL: http://www.isaac.cs.berkeley.edu/isaac/wepfaq.html (3 Dec. 2002).

[3] Computer Security Research Centre, National Institute of Standards and Technology. “Announcing the Advanced Encryption Standard (AES).”Federal Information Processing Standards Publications 197. 13 Dec. 2002. URL: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf (3 Dec. 2002).

[4] Eaton, Dennis.” Diving into the 802.11i Spec: A Tutorial.” 3 Jan. 2003. URL: http://www.commsdesign.com/design_corner/OEG20021126S0003 (18 Dec. 2002).

[5] Geier, Jim. “Guarding Against WLAN Security Threats.” 2 Dec. 2002. URL: http://www.80211-planet.com/tutorials/article.php/1462031 (28 Oct. 2002).

[6] Geier, Jim. “802.11 Security Beyond WEP”. 2 Dec. 2002. URL: http://www.80211-planet.com/tutorials/article.php/1377171 (28 Oct. 2002).

[7] IBM Corporation. “Wireless Security Auditor (WSA).” 4 Dec. 2002. URL: http://researchweb.watson.ibm.com/gsal/wsa/ (30 Oct. 2002).

[8] Isomair.com. “Isomair Security for Wireless World” 4 Dec. 2002. URL: http://www.isomair.com/products.html (30 Oct. 2002).

[9] Knowledge Systems (UK) Ltd. “Wireless LAN Security Issues.” 2 Dec. 2002. URL: http://www.ksys.info/wlan_security_issues.htm (28 Oct. 2002).

[10] Penton Media, Inc. “Use a VPN for Wireless Security.” 20 Dec. 2002. URL: http://www.mobile-and-wireless.com/Articles/Index.cfm?ArticleID=27095 (18 Dec. 2002).

[11] Pulsewan.com. “What is PPP?” 3 Jan. 2003. URL: http://www.pulsewan.com/data101/ppp_basics.htm (18 Dec. 2002).

[12] Pulsewan.com. “What is WLAN?” The Wireless Networking Industry’s Information Source. 2 Dec. 2002. URL: http://www.pulsewan.com/data101/wireless_lan_basics.htm (7 Oct. 2002).