Professor: Students: Gregory Chondrokoukis Adrian Iordache Catu Marilena Stan

bugqueenNetworking and Communications

Oct 26, 2013 (4 years and 8 months ago)




Gregory Chondrokoukis Adrian Io
dache Catu

Marilena Stan



1. Introduction

Introduction to wireless local area networks (LANs)

1.2 What are Wireless LANs? …………………………………………………..3

The need for standardization

Future trends

2. Wireless LAN Technology

2.1 Technologies used in Wireless Networks

2.1.1. Narrowband Technology

2.1.2 Spread Spectrum Technology
…………………………………………...7 Frequency
Hopping Spread Spect
rum Technology
…………………8 Direct
Sequence Spread Spectrum Technology

2.1.3 Infrared Technology

2.2 How wireless LANs Work

2.3 Wireless LAN configurations

Wireless LAN standards



The Network Layers……..



The IEEE 802.11 Standard


802.11 HR and 802.11 at

5 GHz


The HIPERLAN Standard










4. Managing
ecure Wireless LANs

4.1 The inextricable link between Wireless

Network Security and

4.2 Wi
Fi Security: The Basic Requirements

4.3 Wireless data encryption

4.4 Authentication and access control

4.5 Intrusion

4.5.1 Wired Network Scans

4.5.2 Wireless Network Scans

4.6 Wireless Network Management

4.6.1 Network Discovery

4.6.2 Automated Conf

4.6.3 Audit Management

4.6.4 Firmware Management

4.6.5 Network Monitoring & Alerting

4.7 Conclusion

5. How wireless LANs are used in

the real world

5.1 Introduction

5.2 The application scenarios

5.2.1 Public buildings

5.2.2 Business environment

5.2.3 Domestic buildings (th
e home)

5.2.4 Industrial sector

6. Bibliografy




Introduction to wireless local area networks (LANs)

As we enter the 21

century, IT and communications are leadi
ng a revolution in
the way we live. The number of cellular telephone subscribers and people

the Internet, the growth of electronic business, and the abundance of companies on the
Web are leading the evolution of information technologies.

Access t
o information has become a necessity. The information available on the
Internet and the easy access to this information allows professionals to use tools that
would have been unavailable without this communication facility. Competitive, up
date companie
s are offering their services and products on the web. Members of the
research community are presenting their ideas and results via the web. The Internet
has become an indispensable consultation tool as well as an open window in which
people can showcase t
heir information to the world.

Taking a look at the job opportunities that now appear in newspapers, journals,
and Internet job forums, we find that the demand for IT professionals is enormous.
There is fierce competition among companies for these professi
onals. In fact, the
development of systems and applications is being held back because of a lack of
suitably trained professionals.

In the IT field, there are two types of companies: the long
established, well
known firms and the young start
ups. Those in

the first category, such as Cisco
Systems, Hewlett
Packard, and Lucent, are devoted to the development and
commercialization of existing products. On the other hand, the start
ups provide
innovative ideas, some of which succeed and some that fail.

It is i
nteresting to note that the research effort in wireless LAN systems that
started some 30 years ago has allowed for the development of new ideas that have
yielded applications and systems. Moreover, the established companies are actively
involved in this bo
oming market.

1.2 What are Wireless LANs?

Wireless LANs provide high
speed, cable
free access primarily for in
communications. Just as connecting phone lines to the subscriber’s home via the local
telephone loop is expensive, many networking exp
erts acknowledge that a substantial
portion of the cost of LAN deployment is in interconnecting end
user devices, which
can sometimes exceed the cost of computer hardware and software. A wireless LAN
removes the labor and material costs inherent in wiring.

It also offers the flexibility to
reconfigure or to add more nodes to the network without much planning effort and
cost of re
cabling, thereby making future upgrades inexpensive and easy. The ability
to add new mobile computing devices quickly is another
main consideration for
choosing a wireless LAN. Thus, the proliferation of cheaper, smaller and more
powerful portable notebook computers has fueled tremendous growth in the wireless
LAN industry in recent years. This is especially evident in the past year

established companies such as Cisco Systems and 3Com with strengths in traditional
based network systems have acquired wireless LAN companies in multi
dollar deals.



The need for standardization

With so many new wireless systems and

applications from so many suppliers in
so many countries, the need for standardization is essential. As a result, cooperation
between wireless manufacturers as user interest groups has given rise to the creation
of open associations to develop standards.

One of the main standardization groups, the Infrared Data Association (IrDA),
focuses on the development of infrared (IR) wireless systems, IEEE 802.11, high
performance radio LAN (HIPERLAN), Blue
tooth, and home radio frequency (RF)
for the evolution of d
ifferent applications of RF wireless systems.


Future trends

Wireless systems are evolving toward the development of broadband
applications, including multimedia services. The aim of today’s research is to achieve
bandwidth wireless systems with perf
ormance comparable to that of high
bandwidth fixed networks.

Focusing on fixed systems, the bandwidth available for the traditional public
switched telephone network (PSTN) can be noticeably increased by using new
technologies such as asynchronous transfer

mode (ATM), the integrated services
digital network (ISDN), broadband ISDN (B
ISDN), and the different digital
subscriber loop (DSL) possibilities
asymmetric DSL (ADSL), high
speed DSL
(HDSL), symmetric DSL (SDSL), and very high
speed DSL (VDSL).

The deve
lopment of wireless systems is subject to several technical limitations,
such as transfer capacity, quality, and range. The environment in

wireless and
mobile systems can be used are classified into five categories, depending on the range

cell environments for in
house applications

Picocell environments for in
building systems and applications

Microcell environments for applications covering urban areas

Macrocell environments for applications covering suburban areas

The global environme
nt for applications using satellite
based systems

Systems and applications for the home
cell an picocell environments have
evolved over the last decade, and today there are standards and commercial
equipment that allow for the installation of wireless syst
ems using RF and IR
technologies. There are three main standards that assure the compatibility of wireless
communication systems for indoor applications. They are IEEE 802.11, HIPERLAN,
and IrDA.

IEEE 802.11 is a standard that covers RF and IR technologies

for WLAN
applications. Meanwhile, HIPERLAN deals with RF systems, and IrDA concentrates
on IR systems. However, all these standards share a common application
environment. They are all used for local applications

either for the expansion of
existing wir
ed networks, the installation of new wireless networks, or special
applications different from the standard LAN (voice transmission in Multilanguage
rooms for example). Wireless indoor systems are the ideal complement to buildings
that have been designed w
ith a structured cabled infrastructure, because they allow
users to expand the cabled network, reallocate terminal equipment, add new segments,
and install temporary working groups in an easy, cheap, and fast way.


Special attention must be paid to the deve
lopment of the new emerging
standards, such as Bluetooth, wireless ATM (WATM), and home RF. It is expected
that they will undergo a great deal of development during the next few years.

The wireless systems for microcell and macrocell environments are now
njoying an enormous boom. Thanks to these systems, today’s connections are
person instead of traditional point
point connections. The spectacular
growth in cellular telephony and the development of new services for mobile phones
related to the

Internet have created the need for a new generation of mobile systems.
In examining the evolution of cellular telephone networks, it is possible to see
tremendous change since the introduction of the analog based first generation in the
mid 1980s. The sec
generation (2G) wireless networks, which use digital
modulation, have afforded the implementation of integrated speech and data services.
Some examples of 2G wireless networks are the global system for mobile
communications (GSM), digital enhanced cord
less telecommunications (DECT) in
Europe, time division multiple access (TDMA) IS
136 and code division
multiple access (CDMA) is
95 in the United States, and personal digital
cellular(PDC) in Japan.

The third generation (3G) is now a reality. It is
known as the universal mobile
telecommunication system (UMTS)/international mobile telecommunication
2000) (UMTS/IMT
2000). The UMTS is an initiative from the European
Telecommunication Standards Institute (ETSI), and the IMT
2000 belongs to the

future public land mobile telecommunication system (FPLMTS) of the International
Telecommunication Union (ITU).

2000 aims to offer universal services of up to 2 Mbps in a global
environment with a single subscriber number independent of service p
2000 will include multimedia devices and must be accessible to the mass

These objectives imply an integration between the terrestrial UMTS (T
and the satellite UMTS (S
UMTS) components. S
UMTS will allow global coverage,
bling UMTS users to roam globally with a quality of service (QoS) comparable to
that of the T
UMTS an boosting telecommunications services in developing countries.
Right now the challenge is to achieve a standard S
UMTS air interface and to develop
a globa
l S
UMTS access network.

WATM is a technology that has been developing in cooperative work between
the ATM Forum and the ETSI broadband radio access network (BRANs). The aim of
this work is to develop three
sub network



type 2,

that will be able to support ATM and most of the needs of
broadband mobile systems.

Meanwhile, the Information Society Technologies Research Program of the European
Union is developing the mobile broadband system (MBS). The MBS would provide
the user
s of wireless systems access to broadband services currently only available to
users of the fixed integrated broadband communications network (IBCN)

but with all
of its mobility facilities.

Nevertheless, it is expected that users will eventually demand th
e development
of new applications with broadband WLANs, multimedia, and interactive broadcasts
in a global environment based on terrestrial and satellite systems. This necessity will
give rise to a fourth generation. However, the scarcity of available spec
trum will pose
serious obstacles to the development of the fourth generation.

Another important aspect of the development of wireless communications
systems is fixed wireless services, or wireless local loop (WLL) services, which are


used to provide local
telephone services using a wireless link instead of the traditional
copper wires. The main advantage of WLL is savings in installation costs, because it
is not necessary to lay cables underground. This allows an east and fast way to add
new subscribers to
the telephone network infrastructure at a low installation and
maintenance cost. WLL is also used to replace old network segments.

As far as wireless terminal performance is concerned,
a change in functionality
is expected. Bearing in mind the applications

and services that new wireless networks
will offer, wireless terminals will have to evolve from their traditional formats toward
new integrated solutions able to manage all the possible services available to the user.

There is currently a wide variety of
terminals that can be used depending of the
application, including cellular phones, personal digital assistants (PDAs), and
handheld personal computers (HPCs). The most popular terminals are cellular phones.
Cellular phones are used primarily for voice com
munications, but they also
incorporate basic tools for number storage.

PDAs are used as electronic diaries. PDAs allow users to maintain records of
appointments, personal notes, lists of contacts, and other such information. These
devices do not have a key
board for data input. Instead, they use a pen input or
handwriting recognition. They have communication facilities via a serial port for data
interchange with desktop computers, and some of them allow users to incorporate a

HPCs, which are used as p
ortable personal computer, are also very popular
devices. They include applications for word
processing presentations and facilities for
communications via serial and parallel ports, modems, LAN cards, or IR ports.

It can thus be
concluded that there are t
wo kinds of wireless terminals: terminals
for communication, such as cellular telephones, and terminals for data processing,
such as PDAs or laptop computers. The wireless communication services that are
emerging today, however, are leading the way for a n
ew generation
of terminals that
include both functions: communications and data processing. These new terminals
will offer data processing capabilities with a cellular phone and wireless modem in a
single unit. It will be crucial to consider several factor
s in the design and development
of these terminals, including power consumption, adaptability and reconfigurability to
the different possible applications supported by the terminal, security, and


There are two tendencies in the design

f terminals of the new generation:

A classical configuration based on a central processing unit (CPU),which
will manage the data
processing and communication functions but which
will be the subject to a bottleneck problem in the CPU;

Configurations such as

the wireless adaptive network device (WAND).In
this type of architecture, the CPU is shut down most of the time, and the
peer data transfers are done directly without involving the CPU.
Similarly, the tasks related to the data processing of audio
and video
streams are not done at the time
shared, general
purpose CPU.


Wireless LAN Technology

Manufacturers of wireless LANs have a range of technologies to choose from
when designing a wireless LAN solution. Each technology comes with its own se
t of

advantages and limitations.

2.1 Technologies used in Wireless Networks


Narrowband Technology

A narrowband radio system transmits and receives user information on a
specific radio frequency. Narrowband radio keeps the radio signal frequency a
narrow as possible just to pass the information. Undesirable crosstalk between
communications channels is avoided by carefully coordinating different users on
different channel


A private telephone line is much like a radio frequency. When ea
ch home in a

has its own private telephone line, people in one home cannot listen to
calls made to other homes. In a radio system, privacy and

accomplished by the use of separate radio frequencies. The radio receiver filt
ers out
all radio signals except the ones on its designated frequency. From a customer
standpoint, one drawback of narrowband technology is that the end
user must obtain
an FCC license for each site where it is employed.

Spread Spectrum Technology

Most wireless LAN systems use spread
spectrum technology, a wideband radio
frequency technique developed by the military for use in reliable, secure, mission
critical communications systems. Spread
spectrum is designed to trade off bandwidth
efficiency for

reliability, integrity, and security. In other words, more bandwidth is
consumed than in the case of narrowband transmission, but the trade off produces a
signal that is, in effect, louder and thus easier to detect, provided that the receiver
knows the pa
rameters of the spread
spectrum signal being broadcast. If a receiver is


not tuned to the right frequency, a spread
spectrum signal looks like background
noise. There are two types of spread spectrum radio: frequency hopping and direct


Hopping Spread Spectrum Technology

hopping spread
spectrum (FHSS) uses a narrowband carrier that
changes frequency in a pattern known to both transmitter and receiver. Properly
synchronized, the net effect is to maintain a single logic
al channel. To an unintended
receiver, FHSS appears to be short
duration impulse noise.
Sequence Spread Spectrum Technology

sequence spread
spectrum (DSSS) generates a redundant bit pattern for
each bit to be transmitted. This bit p
attern is called a chip (or chipping code).The
longer the chip, the greater the probability that the original data can be recovered
(and, of course, the more bandwidth required).

Even if one or more bits in the chip are damaged during transmission, statis
techniques embedded in the radio can recover the original data without the need for

retransmission. To an unintended receiver, DSSS appears as low
power wideband
noise and is rejected (ignored) by most narrowband receivers.

Infrared Technology

A third technology, little used in commercial wireless LANs, is infrared.
Infrared (IR) systems use very high frequencies, just below visible light in the
electromagnetic spectrum, to carry data. Like light, IR cannot penetrate opaque
objects; it is eith
er directed (line
sight) or diffuse technology.

Inexpensive directed systems provide very limited range (3 ft) and typically are
used for personal area networks but occasionally are used in specific wireless LAN

High performance directed
IR is impractical for mobile users and is therefore
used only to implement fixed
sub networks
. Diffuse (or reflective) IR wireless LAN
systems do not require line
sight, but cells are limited to individual rooms.


How wireless LANs Work

ss LANs use electromagnetic airwaves (radio or infrared) to communicate
information from one point to another without relying on any physical connection.
Radio waves are often referred to as radio carriers because they simply perform the
function of delive
ring energy to a remote receiver. The data being transmitted is
superimposed on the radio carrier so that it can be accurately extracted at the

receiving end. This is generally referred to as modulation of the carrier by the
information being transmitted.
Once data is superimposed (modulated) onto the radio
carrier, the radio signal occupies more than a single frequency, since the frequency or
bit rate of the modulating information adds to the carrier.

Multiple radio carriers can exist in the same space at
the same time without
interfering with each other if the radio waves are transmitted on different radio
frequencies. To

extract data, a radio receiver tunes in one radio frequency while
rejecting all other frequencies.

In a typical wireless LAN configurati
on, a transmitter/receiver (transceiver)
device, called an access

point, connects to the wired network from a fixed location

using standard cabling. At a minimum, the access point

receives, buffers, and
transmits data between the wireless

LAN and the wire
d network infrastructure. A
single access

point can support a small group of users and can function within a range
of less than one hundred to several hundred feet. The access point (or the antenna
attached to the access point) is usually mounted high but
may be mounted essentially
anywhere that is practical as long as the desired radio coverage is obtained.

End users access the wireless LAN through wireless
LAN adapters, which are
implemented as PC cards in notebook or palmtop computers, as cards in deskto
computers, or integrated within hand
held computers. wireless LAN adapters provide
an interface between the client network operating system (NOS) and the airwaves via
an antenna. The nature of the wireless connection is transparent to the NOS.

ess LAN configurations

Wireless LANs can be simple or complex. At its most basic, two PCs equipped
with wireless adapter cards can set up an independent network whenever they are
within range of one another. This is called a peer
peer network. On
networks such as in this example require no administration or preconfiguration. In this
case each client would only have access to the resources of the other client and not to
a central server.


Installing an access point can extend the range of an ad h
oc network, effectively
doubling the range at which the devices can communicate. Since the access point is
connected to the wired network each client would have access to server resources as
well as to other clients. Each access point can accommodate many
clients; the specific
number depends on the number and nature of the transmissions involved. Many real
world applications exist where a single access point services from 15
50 client

Access points have a finite range, on the order of 500 feet in
door and 1000 feet
outdoors. In a very large facility such as a warehouse, or on a college campus it will
probably be necessary to install more than one access point. Access point positioning
is accomplished by means of a site survey. The goal is to blanke
t the coverage area
with overlapping coverage cells so that clients might range throughout the area
without ever losing network contact. The ability of clients to move seamlessly among
a cluster of access points is called roaming. Access points hand the cl
ient off from one
to another in a way that is invisible to the client, ensuring unbroken connectivity.

To solve particular problems of topology, the network designer might choose to
use Extension Points to augment the network of access points. Extension
Points look
and function like access points, but they are not tethered to the wired network as are
APs. EPs function just as their name implies: they extend the range of the network by
relaying signals from a client to an AP or another EP. EPs may be strun
g together in


order to pass along messaging from an AP to far
flung clients, just as humans in a
bucket brigade pass pails of water hand
hand from a water source to a fire.

One last item of wireless LAN equipment to consider is the directional antenna
Let's suppose you had a wireless LAN in your building A and wanted to extend it to a
leased building, B, one mile away. One solution might be to install a directional
antenna on each building, each antenna targeting the other. The antenna on A is
ed to your wired network via an access point. The antenna on B is similarly
connected to an access point in that building, which enables wireless LAN
connectivity in that facility.

3. Wireless LAN Standards

A short gallery of the most famous Wireless L
AN standard (but unfortunately
not necessarily the most widespread...).


Network Layers

When dealing with networking, you may hear the terms "network model" and
"network layer" used often. Network models define a set of network

and how
they i
nteract. There are several different network models depending on what
organization or company started them. The most important two are:

The TCP/IP Model

This model is sometimes called the DOD model since it
was designed for the department of defense It i
s also called the internet model
because TCP/IP is the protocol used on the internet.

OSI Network Model

The International Standards Organization (ISO) has
defined a standard called the Open Systems Interconnection (OSI) reference
model. This is a seven
layer architecture listed in the next section.

The OSI Network Model Standard

The OSI network model layers are arranged here from the lower levels starting with
the physical (hardware) to the higher levels.


Physical Layer


The actual hardware.


Data Li
nk Layer


Data transfer method (802x ethernet). Puts data in frames
and ensures error free transmission. Also controls the timing of the network
transmission. Adds frame type, address, and error control information. IEEE
divided this layer into the two fo
llowing sublayers.

Logical Link control (LLC)


Maintains the Link between two
computers by establishing Service Access Points (SAPs) which are a
series of interface points. IEEE 802.2.

Media Access Control (MAC)


Used to coordinate the sending of
data b
etween computers. The 802.3, 4, 5, and 12 standards apply to
this layer. If you hear someone talking about the MAC address of a
network card, they are referring to the hardware address of the card.


Network Layer


IP network protocol. Routes messages using

the best path


Transport Layer


TCP, UDP. Ensures properly sequenced and error free


Session Layer


The user's interface to the network. Determines when the
session is begun or opened, how long it is used, and when it is closed.

Controls the transmission of data during the session. Supports security and
name lookup enabling computers to locate each other.


Presentation Layer


ASCII or EBCDEC data syntax. Makes the type of data
transparent to the layers around it. Used to transla
te date to computer specific
format such as byte ordering. It may include compression. It prepares the data,
either for the network or the application depending on the direction it is going.


Application Layer


Provides services software applications need
. Provides
the ability for user applications to interact with the network.

Many protocol stacks overlap the borders of the seven layer model by operating at
multiple layers of the model. File Transport Protocol (FTP) and telnet both work at
the applicati
on, presentation, and the session layers.

The Internet, TCP/IP, DOD Model


This model is sometimes called the DOD model since it was designed for the
department of defense It is also called the TCP/IP four layer protocol, or the internet
protocol. It has

the following layers:




Device driver and interface card which maps to the data link and
physical layer of the OSI model.




Corresponds to the network layer of the OSI model and includes
the IP, ICMP, and IGMP protocols.




sponds to the transport layer and includes the TCP and UDP




Corresponds to the OSI Session, Presentation and Application
layers and includes FTP, Telnet, ping, Rlogin, rsh, TFTP, SMTP, SNMP,
DNS, your program, etc.

Please note the
four layer TCP/IP protocol. Each layer has a set of data that it


The Link layer corresponds to the hardware, including the device driver and
interface card. The link layer has data packets associated with it depending on
the type of network bei
ng used such as ARCnet, Token ring or ethernet.


The network layer manages the movement of packets around the network and
includes IP, ICMP, and IGMP. It is responsible for making sure that packages
reach their destinations, and if they don't, reporting er


The transport layer is the mechanism used for two computers to exchange data
with regards to software. The two types of protocols that are the transport
mechanisms are TCP and UDP. There are also other types of protocol
s for
systems other than TCP/I


The application layer refers to networking protocols that are used to support
various services such as FTP, Telnet, BOOTP, etc. Note here to avoid
confusion, that the application layer is generally referring to protocols such as
FTP, telnet, ping, and o
ther programs designed for specific purposes which are
governed by a specific set of protocols defined with RFC's (request for
comments). However a program that you may write can define its own data
structure to send between your client and server program
so long as the
program you run on both the client and server machine understand your
protocol. For example when your program opens a socket to another machine,
it is using TCP protocol, but the data you send depends on how you structure



The main problem of radio networks acceptance in the market place is that there
is not
one unique standard

like Ethernet with a guaranteed compatibility between all
devices, but many proprietary standards pushed by each independent vendor and

incompatible between themselves. Because corporate customers require an
established unique standard, most of the vendors have joined the IEEE in a effort to
create a standard for radio LANs. This is
IEEE 802.11


IEEE 802.3
Token Ring

IEEE 802.5


IEEE 802.12

Of course, once in the 802.11 committee, each vendor has pushed its own
technologies and specificities in the standard to try to make the standard closer to its
product. The result is a standard which took far too muc
h time to complete, which is
overcomplicated and bloated with features, and might be obsolete before products
come to market by newer technologies. But it is a standard based on experience,


versatile and well designed and including all of the optimizations

and clever
techniques developed by the different vendors.

The 802.11 standard specifies one MAC protocol and 3 physical

Frequency Hopping 1 Mb/s (only), Direct Sequence 1 and 2 Mb/s and diffuse infrared
(can we really call it a "standard" when in

includes 3 incompatible physical
Since then, it has been extended to support 2 Mb/s for Frequency Hopping and 5.5
and 11 Mb/s for Direct Sequence (802.11b). The MAC has two main standards of
operation, a distributed mode (CSMA/CA), and a coordin
ated mode (polling mode

not much used in practice). 802.11 of course uses MAC level retransmissions, and
also RTS/CTS and fragmentation.

The optional power management features are quite complex. The 802.11 MAC
protocol also includes optional authenticat
ion and encryption (using the WEP, Wired
Equivalent Privacy, which is RC4 40 bits

some vendors do offer 128 bits RC4 as
well). On the other hand, 802.11 lacks to defines some area (multirate, roaming, inter
AP communication...), that might be covered by
future developments of the standard
or complementary standards. Some 802.11 products also implement proprietary
extensions (bit
rate adaptation, additional modulation schemes, stronger
encryption...), those extensions may or may not be a
dded to the standar
d over time.

When 802.11 was finalized (September 97), most vendors were slow to
implement 802.11 products because of the complexity of the standard and the number
of mandatory features (and in some cases they also need to provide backward
compatibility wi
th their own previous line of products). Some of the optional features
(encryption and power saving) did only appear months after the initial release of the
product. But things seem to be sorted out and we now have fully featured products on
the market. Th
e complexity of the specification, the tightness of the requirements and
the level of investment required made 802.11 products expensive compared to the
previous generation of wireless LANs, but because of the higher standardization and
higher vo
lumes, pri
ces are now dropping.

Even if vendors eventually have launched 802.11 products, the standard doesn't
fully guarantee inter

the products have to use at least the same physical
layer, the same bit rate and the same mode of operation (and there i
s so many other
little important details...). The most cooperative vendors have been busy lately sorting
out interoperability issues with independent testing labs, but it is still a touchy

.2 802.11
b and 802.11
a (802.11 at 5 GHz)

After 7 yea
rs of arguing in sub
committees making 802.11, you would think that
most people would had enough of it. In fact no, the 802.11 committee is now busy
pushing a new standard at 5 GHz, and also higher speed at 2.4 GHz (by tweaking the
Direct Sequence physical

layer). Both standards make changes only to the physical
layer, so that the 802.11 MAC can be reused totally unmodified, saving costs.


(802.11 at 5

GHz) was standardized first (spring 99), based on
and using the UNII band (
the band between

5.2 and 5.8 GHz)
. The OFDM physical
layer is a very close copy of the one used in
HiperLan II
, using 52 sub carriers in a 20
MHz channel, offering 6, 12 and 24 Mb/s and optional 9, 18, 36, 48 and 54 Mb/s bit
rates. No products are

yet on the market.

e building high speed system like

were complaining that adding
to their products an Equalizer necessary to combat delay spread was a major cost. So,
they invented a new technique to get similar or better performance at lower cost,

hogonal Frequency Division Multiplex).


Using equalization is a post
processing technique, which tries to overcome delay
spread by brute force. OFDM is a pre
processing technique, where the signal
transmitted on the band is prepared in such a way that the i
mpact of delay spread is

Delay spread is damaging because the symbol time is very short, so OFDM will
only use large symbol time. However, by increasing the symbol time we reduce the
rate. To overcome this constraint, OFDM transmit the symbols

no longer serially
but in parallel! This way, we have very high bit rate with large symbol time.

OFDM use a set of sub carrier frequencies, the frequencies being orthogonal.
Each sub carrier is modulated individually, the bit rate and signal strength of e
ach sub
carrier can be adapted to get maximum performance of the system (we put more bits
on the good sub carriers and less on the bad ones). Then, the system splits the bits to
transmit between the subs carriers; each sub carrier is modulated and then com
to produce the transmitted signal (using a Fast Furrier Transform).

The main drawback of OFDM is that it require a greater frequency accuracy (we
traded timing accuracy to frequency accuracy). As the OFDM signal contains many
sub carrier very close t
o each other in frequency, the system must be very accurate to
match all of them.

Very soon after, 802.11 did standardize

(802.11 HR), based on a
modified DS physical layer (
a DS system generate signal which occupy around 22
MHz of bandwidth
. T
he goal was to extend the life of the 2.4 GHz band by
overcoming the major drawback: low speed. On top of the original 802.11
standard, 802.11
b offer additional 5.5 Mb/s and 11 Mb/s bit rates. It was approved by
the FCC and they are now products on the

market (which are quite popular).

.3 HiperLan


is the total opposite of
. This standard has been designed by a
committee of researcher within the
, without strong vendors influence, and is
quite different from existing products. The st
andard is quite simple, uses some
advanced features, and has already been ratified a while ago (summer 96

we are now
only waiting for the products).

The first main advantage of Hiperlan is that it works in a dedicated bandwidth
(5.1 to 5.3

GHz, allocate
d only in Europe), and so doesn't have to include spread
spectrum. The

rate is 23.5

Mb/s, and 5 fixed channels are defined. The
protocol uses a variant of CSMA/CA based on packet time to live and priority, and
MAC level retransmissions. The proto
col includes optional encryption (no

mandated) and power saving.

The nicest feature of Hiperlan (apart from the high speed) is the ad
hoc routing

if your destination is out of reach, intermediate nodes will automatically forward it
through the

optimal route within the Hiperlan network (the routes are regularly
automatically recalculated). Hiperlan is also totally ad
hoc, requiring no configuration
and no central controller.

The main deficiency of Hiperlan standard is that it doesn't provide rea
isochronous services (but comes quite close with time to live and priority), doesn't
fully specify the access point mechanisms and hasn't really been proved to work on a
large scale in the real world. Overhead tends also to be quite large (really big pac

HiperLan suffers from the same disease as

the requirements are tight
and the protocol complex, making it very expensive.


.4 HiperLan II



is the total opposite of
. The first HiperLan was designed
to build ad

the second HiperLan was designed for managed
infrastructure and wireless distribution systems. The only similarities is the HiperLan
II is being specified by the ETSI (Broadband Radio Access Network group), operate
at 5 GHz (5.4 to 5.7 GHz) and t
he band is dedicated in


II was the first standard to be based on

Each sub
carrier may be modulated by different modulations (and use different convolutional
code, a sort of FEC), which allow to offer multiple bit
rates (6
, 9, 12, 18, 27 and 36
Mb/s, with optional 54 Mb/s), with likely performance around 25 Mb/s bit
rate. The
channel width is 20 MHz and includes 48 OFDM carriers used to carry data and 4
additional are used as references (pilot carriers

total is 52 carrier
s, 312.5 kHz


II is a
Wireless ATM

system, and the MAC protocol is a TDMA
scheme centrally coordinated with reservation slots. Each slot has a 54

B payload, and
the MAC

SAR (segmentation and reassembly

fragment large packets i

B cells, see

the Fragmentation unit bellow
) and ARQ (Automatic Request

retransmissions, see

the Retransmissions unit bellow)


The radio medium has a higher
error rate

than a wire.
ost products includ

MAC level retransmissions
to avoid losing packets.

MAC level retransmission solves this problem, but is not really performant. If
the packet to transmit is long and contains only one error, the node needs to retransmit
it entirely. If the error rate is significantly high, we could
come to some situation were
the probability of error in large packet is dangerously close to 1 (we can't fit a packet
between the bursts of errors due to fading or interferers), so we can't get packet

This is why some products use
Fragmentation is sending the big
packets in small pieces over the medium. Of course, this adds some overhead, because
it duplicates packet headers in every fragment. Each fragment is individually checked
and retransmitted if necessary. The first advantage
is that in case of error, the node
needs only to retransmit one small fragment, so it is faster. The second advantage is
that if the medium is very noisy, a small packet has a higher probability to get through
without errors, so the node increases its chan
ce of success in bad conditions.

MAC retransmissions

As we have seen in the previous chapter, the main problem of the

is that the transmitter can't detect collisions on the medium. There is also a
higher error rate on the air than on a wi
re, so a higher chance of packets being
corrupted. TCP doesn't like very much packet losses at the
MAC layer
. Because of
that, most MAC protocols also implement
positive acknowledgement

level retransmissions

to avoid losing packets on the air.

principle is quite simple: each time a node receives a packet, it sends back
immediately a short message (an ack) to the transmitter to indicate that it has
successfully received the packet without errors. If after sending a packet the
transmitter doesn't
receive an ack, it knows that the packet was lost, so it will
retransmit the packet (after contending again for the medium, like in Ethernet).

Most MAC protocols use a stop and go mechanism; they transmit the next
packet of the queue only if the current p
acket has been properly acknowledged (no
sliding window mechanism like in TCP). The rationale is that it makes the protocol


simpler, minimize latency and avoid desenquencing packets (something that TCP
doesn't like as well).

MAC retransmissions in CSMA/


The acks are "embedded" in the MAC protocol, so they are guaranteed not to
collide (the contention starts after the ack

see figure). These acks

are very different
from the TCP acks, which work at a different level (and on a different time frame). Of
course, broadcast and multicast packets are not acknowledged, so they are more likely
to fail...

If all modern Wireless LAN protocols implement this

essential feature, some old
products may lack it. Wireless WAN protocols (like satellite links) don't implement
that either, because the round trip delay in their case is so long that by the time they
would receive the ack they could have sent another pac
ket. If your Wireless LAN
doesn't implement MAC level retransmissions, all is not lost

: students of Berkeley
have created a protocol called

which filters the TCP acks and retransmits the
lost packets before TCP even notices that they are lost (this
is still a link level
retransmission, but done just over the MAC).

The scheduler (in the central coordinator) is flexible and adaptive, with a call
admission control, and the content of the TDMA frame change on a frame basis to
accommodate traffic needs. H

II also defines power saving and security


II is designed to carry ATM cells, but also IP packets, Firewire
packets (IEEE 1394) and digital voice (from cellular phones). The main advantage of
HiperLan II is that it can offer bett
er quality of service (low latency) and
differentiated quality of service (guarantee of bandwidth), which is what people
deploying wireless distribution system want. On the other hand,
it could be a problem
with the

protocol overhead, especially for IP tra

.5 OpenAir

OpenAir is the proprietary protocol from
. As Proxim is one of the
largest Wireless LAN manufacturer (if not the largest, but it depends which numbers
you are looking at), they are trying to push OpenAir as an alternative to 802.11

through the

(Wireless LAN Interoperability Forum). Proxim is the only one
having all the detailed informations on OpenAir, and strangely enough all the
OpenAir products are based on Proxim's module.


OpenAir is a pre
802.11 protocol, using Frequency
Hopping and 0.8 and

Mb/s bit rate (2FSK and 4FSK). The radio turnaround (size of contention slots and
between packets) is much larger than in 802.11, which allow a cheaper
implementation but reduces performance.

The OpenAir MAC protocol is CSMA/CA wit
h MAC retransmissions, and
heavily based on RTS/CTS, each contention slot contains a full RTS/CTS exchange,
which offer good robustness but some overhead. A nice feature of the protocol is that
the access point can send all its traffic contention free at t
he beginning of each dwell
and then switch the channel back to contention access mode.

OpenAir doesn't implement any encryption at the MAC layer, but generates
Network ID based on a password (Security ID). This provide some security only
because Proxim co
ntrols the way all the implementation behave (they don't provide a
way to synchronise to any network as 802.11 manufacturers do). OpenAir also
provide coarse power saving.

.6 HomeRF & SWAP


is a group of big companies from different background
formed to
push the usage of Wireless LAN in the home and the small office.
This group is
developing and promoting a new Radio Lan


The Home is a good market for Wireless LAN because very few houses are
nowadays cabled with Ethernet wire bet
ween the different rooms, and because
mobility in the home is desired (browse the web on the sofa). The use of the 2.4 GHz
band allows a free worldwide deployment of the system.

The HomeRF has decided to tackle the main obstacle preventing the deployment
of Wireless

. Most users just can't afford to spend the money required to
buy a couple of Radio LAN cards to connect their PCs (without talking of the access

The main cost of a radio LAN is the modem. As this is analog and high power
electronics, it doesn't

Moore's law

(the market trend that allow you to buy a

at the price of a calculator after a few years) and modems tend
to be fairly stable in price.
Frequency Hopping

modems tend to be less expensive, but

specification impose tight constraints on the modem (timing and filtering),
making it high cost. The

specification, by releasing slightly those constraints,
allows for a much cheaper implementation, but still keeps a good performance.

MAC protocol is implemented in software and digital, so doesn't contribute
that much to the final cost of the product (except in term of development cost).
Releasing some hardware constraints prevented the use of the 802.11, which anyway
was much too compl
ex and including too many features not necessary for the task.

The main killer application that the HomeRF group envisages is the integration
of digital cordless telephony and the computing word, allowing the PC to reroute the
phone calls in the home or t
o offer voice services to the users.

A new MAC protocol has been designed, much simpler, combining the best
feature of DECT (an ETSI digital cordless phone standard) and IEEE

a digital
cordless phone and ad
hoc data network, integrated together.

The voice service is carried over a classical

protocol (with interference
protection, as the band is unlicensed) and reuse the standard DECT architecture and
voice codec. The data part use a

access mechanism similar to 802.11 (with


MAC level r
etransmission, fragmentation...) to offer a service very similar to

The 1

Mb/s Frequency Hopping physical layer (with optional 2

Mb/s using
4FSK) allows 6 voice connections and enough data throughput for most users in the
Home. The voice quality

should be equivalent to DECT in Europe and much better
than any current digital phone in the US. Data performance should be slightly lower
than 802.11. The MAC protocol has also been designed in a very flexible way,
allowing to develop very cheap handset
or data terminals and high performance
multimedia cards for PCs...


specification is an open standard (in fact, more open than 802.11,
because there should be no royalty or patent issues), quite simple and straightforward.
In fact, the combination

of voice and data gets already most marketing people
drooling ! The only drawback is that you will have to wait a bit before seeing SWAP
products in your favourite supermarket...

.7 BlueTooth

BlueTooth is a
cable replacement

technology mostly developed
and promoted

with the help of
, offering point to point links and no native support
for IP (need to use PPP). It may be good for some applications, but not for Wireless

he BlueTooth specification,
are not very

, expect by

the size of the
thing (more than 1500 pages

!). BlueTooth offers the functionality of a
, and in fact looking into the huge specification we can see some similarities in
the design.

BlueTooth offers the possibility to create a set of point to

point wireless serial
pipes (
) between a master and up to 6 slaves, with a protocol (
) to bind
those pipes to a specific application or driver. The BlueTooth mindset is very vertical,
with various profiles defining every details from bit level to

application level. TCP/IP
is only one profile, implemented through PPP in a specific pipe. There are other pipes
for audio, Obex... With BlueTooth, nodes need to be explicitely connected, but they
remember bindings from one time to another.

This is miles

away from the current wireless LAN approach (connectionless
broadcast interface, native IP support, cellular deployement, horizontal play), so
BlueTooth doesn't fit TCP/IP and wireless LAN applications too well. On the other
hand, as a wireless USB, it fu
lfil a role that regular wireless LANs can't, because
TCP/IP discovery and binding protocols are more heavyweight.

Currently, BlueTooth is moving very slow due to its complexity and the inherent
limits due to the protocol design (people are learning how t
o workaround "features"),
eventually some products should reach the market and later on software support
should come...

Bluetooth: Connectivity without wires

Flexibility and mobility make wireless LANs an attractive alternative to wired
networks. Wire
less LANs provide all the functionality of wired LANs, without the
physical constraints of the wire itself. Besides offering end
user mobility within a
networked environment, wireless LANs enable portable networks, allowing LANs to
move with the end users.

All three types of networks are differentiated by range, data
rates, power consumption and cost.

WPANs, such as Bluetooth piconets, provide short
range connectivity for
devices such as laptops, PDAs, cell phones and even PCs in a network with small
aphical spread, and support low data rates and


limited ranges to achieve low cost and minimal power drain. On the other hand,
WLANs, such as 802.11b wireless Ethernet, offer higher speeds

and longer ranges in office buildings and homes. WWANs, such as ce
networks, work over a large area, but offer much lower data rates than WPANs and

Bluetooth, named after Harold Bluetooth, a 10th century Danish king who
united Norway and Denmark, is a short
range radio technology that allows voice and
connections to be made up to 10 meters (about 30 feet). The range can be
extended to 100 meters with an amplifier. The first generation of the technology
delivers performance up to 1Mbps. Subsequent versions are expected to deliver
anywhere from 2 Mbps to
12 Mbps of throughput. Spanning telecommunications,
personal computing, networking, and consumer electronic devices, Bluetooth free
users from working with wires paving the way for a host of new conveniences.

Under the Hood: How it works?

Bluetooth uses
the FHSS (Frequency Hopping Spread Spectrum) protocol as the
wireless LAN standard. Most wireless LAN systems use spread
spectrum technology;
a wideband radio frequency technique developed by the military for use in reliable,
secure, mission
critical commu
nications systems. Spread
spectrum is designed to
trade off bandwidth efficiency for reliability, integrity, and security. Frequency
hopping spread spectrum (FHSS) uses a narrowband carrier that changes frequency in
a pattern known to both transmitter and
receiver. Properly synchronized, the net effect
is to maintain a single logical channel. To an unintended receiver, FHSS appears to be
duration impulse noise. FHSS cannot avoid channels that have been obliterated
by noise (It must hop through all 79
channels on a continuous cycle), which causes
interference by appliances like Microwaves. Radios in Bluetooth can be master or
slave, or be in simultaneous scenarios. Two possible Bluetooth networks exist:
piconet and scatternet. When you bring Bluetooth r
adios within range of each other,
they connect and form a piconet. One unit becomes a master, the other a slave. The
master controls all the traffic in a piconet. Bluetooth radios in a piconet frequency
together. Each piconet can have up to seven simul
taneous or more than 200 active

Radios in a piconet can be in one of five states: standby, inquire, page, connect
and park/hold. Standby is a radio waiting to join a piconet. Inquire is a radio seeking
other radios to connect. Page is a master rad
io asking to connect to a specific radio.
Connect is a radio active on a piconet as a master, slave or simultaneous. Park/hold is
a low
power connected state. The master gives all the slaves in a piconet its clock
device ID and sets the unique hopping sequ
ence based on the master's device address.

Scatternets occur when multiple masters exist in range of each other. A master
radio may also be a slave radio on another piconet. Each piconet is hopping with a
different sequence sharing the same 2.4
GHz band.
Because of the different hopping
sequences, there is very little chance that any master will hit a channel at the same
time as another master.

Bluetooth Stack

A better understanding of Bluetooth's functionality would be to understand its
underlying archi
tecture. A Bluetooth stack has a physical layer (Baseband), data link
layer (LMP) and an adaptation layer (L2CAP).


1. Baseband: Baseband is the physical layer of Bluetooth that manages physical
channels and links apart from other services like error corre
ction, data whitening, hop
selection and Bluetooth security.

2. Bluetooth radio: Bluetooth radio is a transceiver, which transmits and receives
modulated electrical signals from peer Bluetooth devices. The radio for compatibility
reasons should have some
defined transmitter and receiver characteristics.

3. ACL: ACL is Asynchronous Connection
Less physical link for transmitting
data over physical channels. ACL link provides a packet switched connection between
the master and all the active slaves.

4. SCO:

SCO is Synchronous Connection
Oriented physical link for voice
information. It is a symmetric, point
point link between the master and a specific
slave. It behaves like a circuit
switched connection

5. Link Manager essentially handles link set
, security and control. It provides
services like authentication, encryption control, power control and provides QoS
capabilities. It also manages devices in different modes (standby, inquire, page,
connect and park/hold).

6. L2CAP is the Logical Link Con
trol and Adaptation Layer protocol. It resides
in the data link layer and provides connection
less and connection
oriented data
services to upper layer protocols with protocol multiplexing capability, segmentation
and reassembly operation and group abstrac
tions. L2CAP permits higher
protocols and applications to transmit and receive L2CAP data packets up to 64 KB in

7. SDP is Service Discovery Protocol for applications to discover which services
are available and to determine the characterist
ics of these available services.

8. RFCOMM is a simple transport protocol. It supports up to 60 simultaneous
connections between two Bluetooth devices.

The topology can best be described as a multiple piconet structure. The full
duplex da
ta rate within a multiple piconet structure with 10 fully loaded, independent
piconets is more than 6 Mbps.

Normal range 10 m (0dBm)

Optimal range 100m (+20Bm)

Normal transmitting power 0dBm (1mW)

Optional transmitting power
30 to +20dBm (100mW)


iver sensitivity

Frequency Band 2.4 GHz

Gross Data rate 1Mbits

Max Data Transfer 721+56 kbit/3 Voice Channels

The wireless industry is full of opinions about why and how 802.11 might and
might not compete with each other although the truth

is that they can coexist.
Bluetooth provides short
range connectivity for devices such as laoptops, PDAs and
networks with a small spread, and support low data rates and limited ranges to
achieve low cost and minimal power drain.

WLAN's, such as 802.11b
wireless Ethernet, offer higher speeds and longer
ranges in office buildings and homes.
hey are not exactly competing technologies
but complementary as both are servicing a particular set of objectives. However
spectrum overlap battles between 802.11 and
Bluetooth specifications since both of
them operate in the unlicensed frequency would become a reality since. Already a
host of devices have the potential o interfere with your Bluetooth device e.g. car
remotes, and microwave ovens since they all operate i
n the same unlicensed
frequency. Another scenario that is slowly catching on is the promotion of non
standardized solutions that are promoted by special interest groups or industry
consortiums. In the wireless LAN space 802.11 promotion efforts are led by
IEEE and
Bluetooth has its own Special Interest Group, HiperLAN, which is now widely
regarded as a powerful competition is promoted by an Industry consortium. What the
world probably needs now is a slower innovation and a standard widely accepted.

fication Comparison




Home RF

Data Rate (Kbps)




Distance (m)




No. of Devices




Voice channels





Point to Multipoint

Point to Point



. Managing Secure Wireless LANs:

.1 The Inextricable Link

Wireless Network Security and

Network Management

Wireless network security is increasingly becoming an executive
level issue in
enterprises and other large organizations due to concerns about Sarbanes Oxley,
HIPAA, Visa’s

CISP program, and other regulations. IT security experts have focused
primarily on three Wi
Fi security issues: (1) data encryption, (2) authentication and
access control, and (3) intrusion detection. While this debate has driven the Wi
industry to rap
idly improve security standards in each of these areas, security
specialists have largely failed to address a critically important fourth component of
WLAN security: wireless network management. Network management and network
security are not separate iss
ues that can be addressed in isolation. They are two sides
of the same coin: if a Wi
Fi network is not managed, it cannot be secure.

Fi Security: The Basic Requirements

Any organization planning a wireless network must have a strategy for
sing each of these critical areas of wireless LAN security:

1) Data Encryption

In a secure wireless network, the most obvious requirement is that all data
transmitted between wireless client devices and wireless access points must be
encrypted to prevent i
ntruders from viewing the data.

2) Authentication & Access Control

The second absolute requirement of a secure wireless network is that only
authorized, authenticated users should be able to connect to the network.

3) Intrusion Detection

Organizations must

have an intrusion detection strategy that encompasses not
just the detection of unauthorized network users but also location unauthorized
wireless network devices (access points) connected to the network

4) Wireless Network Management

To implement a secu
re wireless network, the enterprise must define security
policies and ensure that these policies are implemented uniformly across the entire
network infrastructure.

The organization must continuously audit the infrastructure to ensure that these
policies r
emain in effect at all times. If this is not done, the enterprise must assume
that its wireless network is not secure.

Wireless Data Encryption

Early Wi
Fi networks relied on the Wired Equivalent Privacy (WEP) standard,
which uses a flawed security a
lgorithm that provides a single security “key” for all
users. This proved relatively easy to crack. As a result, early enterprise adopters of
Fi technology often required their wireless users to connect to the WLAN using a
(Virtual Private Network)
or proprietary client for encryption rather than relying
on WEP alone.

To address the shortcomings of WEP, the Wi
Fi industry introduced a new
standard known as Wi
Fi Protected Access (WPA). WPA uses longer 128


encryption keys and utilizes TKIP (Tempo
ral Key Integrity Protocol) to provide
unique encryption keys for each user and session. As a result, WPA provides much
stronger data encryption than WEP and is being adopted rapidly by many enterprises.
The primary barriers to WPA adoption are that it req
uires all client devices and access
points to support the WPA standard and for the appropriate settings to be enabled on
each of those devices.

While most devices sold in recent years are WPA
compliant, legacy devices
remain in most organizations today. T
o address this timing issue, many organizations
are using multiple VLANs
(Virtual LAN)
on their wireless networks. One VLAN is
for users with WPA
enabled devices while other users are segmented on an
“untrusted” VLAN which has limited network access privil
eges and often forces users
through a VPN or firewall.

To provide even more secure data encryption, the Wi
Fi industry has ratified the
WPA2 (802.11i) standard, which uses an even stronger encryption algorithm known
as AES

Advanced Encryption Standard
While WPA2
compliant products are now
available on the market, few enterprises have yet adopted WPA2 since it also requires
older client devices and access points to be updated with new software or replaced
outright. In many cases, legacy Wi
Fi hardware ma
y have to be replaced entirely to
convert to WPA2 since the computational requirements of AES encryption are
relatively high. As a result, enterprise conversion to WPA2 will likely be a very
gradual process.

Still, most enterprises are planning to impleme
nt WPA2 at some point in the
future and are starting to specify that all new APs and client devices be WPA
compliant to facilitate this transition.

Authentication and Access Control

Most enterprises are migrating to 802.1x port
based authenticatio
n and access
control solutions for their wireless networks. In an 802.1x authentication framework,
every port is protected and each network user is verified through an authentication
server, usually RADIUS. 802.1x was originally developed with wired networ
security in mind, but has been too costly to implement on wired networks because
organizations would have to replace many of their existing switches with 802.1x
compliant switches. Ironically, since all


wireless APs support the
802.1x fr
amework, 802.1x is being adopted much more rapidly for wireless network
security than on the wired network. For example, both WPA and WPA2 rely on
802.1x and Extensible Authentication Protocol (EAP) for authentication.

Most enterprise IT organizations are

already familiar and comfortable with the
802.1x framework. The primary barrier to its adoption is the requirement that all
client devices and access points have the appropriate settings and firmware.

There are many different EAP variants (PEAP, LEAP, WP
A, WPA2, etc.).
Organizations using the 802.1x framework must set a policy and ensure that the EAP
variant they select is uniformly supported on all their clients and APs. As
organizations transition, many are using the same type of ‘multiple VLAN’ strateg
they are using to migrate from WEP to WPA or WPA2 (see above). Once again, these
organizations use two or more VLANs on their wireless networks: a secure one for
enabled devices and a separate VLAN for other devices.

The organizations experie
ncing the greatest difficulty migrating to the 802.1x
framework are:


Retailers and manufacturers using legacy or non

handheld devices that do not support 802.1x.

Colleges and universities with a wide variety of client devices with non
rd configurations.

Wireless internet service providers (WISPs) who must support a wide variety of
users’ client devices.

Where it has not been feasible to implement 802.1x port
based authentication,
organizations have adopted other means to secure their w
ireless networks, including
wireless gateways, access control lists (ACLs), and various remote access control
solutions like VPNs and firewalls.

Because wireless gateways provide access control without requiring specific
client configurations, they are par
ticularly useful in environments where there are
many different types of client devices or where the IT organization does not have full
control over clients (such as in the university and WISP markets). However,
proprietary gateways can be expensive and di
fficult to manage when deployed in
large numbers, making them a costly access control solution for most enterprises.

based access control lists are often used in environments with large
numbers of legacy client devices without sufficient ‘intelligence’

for robust
encryption and where cost is a major factor. In these instances, the access point is
configured to permit only a predefined list of end devices (identified by MAC
address) to connect to the network. While inexpensive to deploy, ACLs are
ible to MAC spoofing and can be hacked without great difficulty. As a result,
they are typically not used in high
security environments.

In other environments, VPNs and firewalls are still required to provide
extremely high levels of security. Since most
organizations have these solutions in
place today, they can leverage their existing investment in security on the wireless
network. However, since most VPNs were designed to support remote users only, as
the wireless network expands and the user base grows

these systems can be stretched
beyond their limits, forcing IT to consider costly updates as the WLAN scales.

While organizations today may adopt different approaches to access control and
authentication, there is growing momentum to adopt 802.1x
based so
lutions for
secure, scalable wireless LAN roll
outs. No matter what policy is adopted, however, it
is critical for the organization to define those policies centrally and ensure they are
enforced uniformly across the network.

Intrusion Detection

traditional wired networks, the primary function of an intrusion detection
system is to determine whether unauthorized
have connected to the network.
Since wireless LANs are typically installed as extensions of the existing Ethernet
infrastructure, t
hese same solutions can usually be leveraged effectively to identify
unauthorized users of the wireless network. However, wireless networks introduce a
significant new intrusion risk: IT must not only worry about unauthorized users, but
also about the poss
ibility that unauthorized network
will be connected
directly to their network.

In the past, the cost, complexity, and size of wired Ethernet network equipment
meant that it was practically unheard of for an employee or intruder to connect an
thorized switch or router to the corporate network. If they did, detecting and
locating the equipment would be relatively easy. With the rise of wireless LANs,
however, this is no longer the case. Wi
Fi access points are inexpensive, portable, and


easily a
vailable to the general public. They can quickly be connected to the network
and can be difficult to detect with conventional tools.

As a result, it is now essential that enterprises have an intrusion detection
strategy to combat this new threat by detect
ing any unauthorized, unsecured wireless
access points.

Whether deployed by well
meaning employees or malicious intruders, rogue
access points provide an open window into the enterprise network. There are two
primary methods through which rogue APs can be

detected on the network:

Wired Network Scans designed to identify rogues from the wired side of the
network to which they are connected; and Wireless Scans using authorized wireless
devices to detect the RF signal being broadcast by the rogue access poi

Ideally, organizations should use a combination of wired and wireless network
scans to gather as much information as possible about rogue access points and to
locate them on the network. As always, the appropriate intrusion detection solution
for any
organization will be determined by a combination of requirements, time, and

Wired Network Scans

Because few (if any) organizations have wall
wall wireless coverage via
authorized APs or sensors, wired network scans represent the baselin
e intrusion
detection that must be used by every organization.

grade wireless intrusion detection systems like the AirWave
Management Platform™ conduct wireline scans in two ways:

(1) “Fingerprinting” known makes and models of wireless access po
ints so they
can be detected automatically as soon as they are connected to the network. It is
particularly important to detect the SOHO access points that are rarely used in
authorized enterprise deployments but are the most common rogue APs. The AirWave
Management Platform automatically identifies the fingerprints of more than 70 makes
and models of AP.

(2) Interrogating routers and switches to identify every device connected to the
network and assign each device a ‘score’ based on the likelihood of it be
ing an
unauthorized AP.

Wireline scans provide a great deal of information about the rogue device (such
as the switch port to which the device is connected, the IP address of the device, etc.)
that can be used to pinpoint the location of the device on the

Wireless Network Scans

Wireless scans are a particularly effective means to detect rogue APs, because
any functioning access point (including rogues) broadcasts an RF signal that can be
detected wirelessly. Because wireless scans detect t
his RF signal,, they are highly
accurate and have a very low rate of ‘false positive’ identifications. The greatest
limitation of wireless scans is that a sensor device (an authorized AP, client device, or
dedicated hardware probe) must be within a few hun
dred feet of the rogue in order to
detect it.

The most cost
effective way to conduct wireless scans is typically to use
existing, authorized access points to ‘listen’ for other unknown APs and ad hoc
networks within range. The AirWave Management Platform c
an remotely instruct
most enterprise
grade APs to conduct this type of wireless scan and to report the


results. AMP then compares the list discovered APs to its database of authorized
access points to identify potential rogues. RF scanning via existing acc
ess points is
very cost
effective because it requires no new or proprietary hardware. The primary
limitation of this methodology is that only rogue APs within range of authorized APs
can be discovered. The combination of AP
based wireless scans with wireli
detection techniques and client
based wireless scans (see below) helps address this

Similarly, with appropriate software, WiFi
enabled client devices can also be
used to report RF activity within range.

The AirWave Management Client™ softwa
re, for example, enables Windows
based client devices to report all the Aps within range. AMP then determines which of
the detected Aps are authorized and which are potential rogues. In this way, client
devices can help fill coverage gaps where there is no

wall RF signal from
existing APs.

Organizations with stringent security requirements and large capital budgets
may consider using wireless IDS systems based on proprietary RF probes in addition
to wireline scans and wireless detection via authori
zed APs and clients. While
requiring costly hardware to be installed in all covered locations, these wireless IDS
systems gather robust RF data that enable them to detect rogue APs, unauthorized
client devices, man
middle attacks, denial
attacks, and more.

Wireless Network Management

A robust, comprehensive Wi
Fi management solution like the AirWave
Management Platform™ is the final element of a secure wireless security architecture.
To safeguard a wireless network, a management solution must give administrators
total control over the
network infrastructure.

Network Discovery

A wireless LAN management solution must first automatically discover all
wireless access points and other Wi
Fi devices connected to the wireless LAN
infrastructure to ensure that network administrators hav
e authorized each of these

To ensure discovery of all APs, the management solution must use a
combination of Layer 2 discovery protocols (such as CDP, OSU NMS, WNMP, etc)
as well as SNMP and HTTP network scans.

Once all APs have been discovered,
the management solution must then
generate accurate inventory reports for the IT staff to use to ensure (1) that no
unknown devices have been connected to the network and (2) they can account for all
previously installed devices.

Automated Configura

Implementing secure encryption and access control on a wireless network
requires that (1) the organization has defined centralized configuration policies, and
(2) these policies are applied uniformly to all wireless APs and other devices. For
, if an organization specifies a security policy based on WPA with PSK, then
every AP must have all the appropriate WPA settings enabled. If this organization is
also using separate VLANs and/or SSIDs for different classes of network users (i.e.,



vs. guests), then these specific settings must also be applied correctly to
each AP on the network.

Configuring these settings manually creates numerous opportunities for human
error that could jeopardize security.

The Gartner Group has estimated that up

to 70% of wireless LAN attacks will
be the result of misconfigured APs and devices. The only way to provide true WLAN
security is to use a solution like the AirWave Management Platform that
automatically configures network hardware from all leading vendor

Good network security also requires that passwords, SSIDs and other key
security settings be rotated on a frequent basis.

Without a centralized management solution that makes such configuration
changes quickly and efficiently, best security practices a
re unlikely to be followed
because of the labor required to manage settings on thousands of devices.

An efficient configuration solution is also essential when a wireless network is
under attack. With a centralized solution like AMP, remote administrators

immediately shut down entire segments of the wireless network during an attack.
They can even help avert attacks by scheduling the entire wireless network to shut
down after hours, when there are no legitimate business users of the wireless network
nd schedule the network to turn on once again at the start of business the next day.

Audit Management

It is not enough to configure wireless APs and infrastructure devices correctly
once, at the time of installation. Especially in large organizatio
ns with multiple IT
staff members, it is extremely common for an access point to become misconfigured
during trouble
shooting or due to human error.

Worst case, if a malicious intruder connects to an AP’s physical interface, he or
she may be able to alter
the configuration in a way that undermines all security
policies put in place.

To combat misconfigured APs, wireless network management solutions must
provide a detailed audit trail and system log to track each configuration change by
user. By tracing the
source of all configuration changes and errors, AMP ensures
accountability and helps IT ensure that any staff members who cause configuration
errors are better trained in the future.

In addition to providing accountability and training, organizations must

frequent audits of the configuration of each AP to ensure that its actual configuration
always conforms to security policies. These audits simply cannot be conducted
manually, since there can be hundreds of settings that must be checked on each
reless access point. Only a centralized management solution like AMP can quickly
compare actual AP configurations to pre
defined policies, and automatically report
any discrepancies. AMP uses a highly efficient process for polling devices and
assessing the
ir current configurations, enabling it to conduct audits on a continuous
basis. Administrators can even set up the AirWave Management Platform to ‘auto
repair’ any configuration mismatches to ensure that all APs conform to network
policies at all times.


this way, a wireless network management solution can eliminate the risk that
misconfigured access points will expose the network to attack.

Firmware Management


An efficient solution for updating the software on access points and other
network devi
ces is a requirement for WLAN security.

First, as hardware vendors identify and release patches to address security
vulnerabilities in their devices, it is essential for the organization to be able to
distribute these update efficiently to hundreds or even

thousands of devices. Second,
as organizations migrate to new security standards like WPA and WPA2, many of
their legacy access points and devices will need to receive firmware updates to
support these standards.

The AirWave Management Platform gives IT
staff the ability to specify
minimum acceptable firmware versions for each make and model of access point on
the network. AMP contains an integrated TFTP server that allows it to automatically
schedule and deliver these firmware updates after hours to avoi
d disrupting network

Network Monitoring & Alerting

A real
time monitoring solution that tracks each user by username is critically
important component of network security. Using real
time monitoring views,
administrators can determine
exactly who is connected to the network, where they are
connected, whether they have been authenticated, and more.

If unauthorized users have associated to a wireless access point but have not
been authenticated onto the network, a monitoring system can he
lp IT pinpoint
identify these users, determine where they are connected to the network, and assess
whether they are authorized users experiencing authentication problems or
unauthorized users being blocked.

A monitoring solution can quickly alert IT when
current usage patterns diverge
significantly from expected, historical patterns, indicating the possibility of a security
breach or other network problem. For example, the AirWave Management Platform
can be configured to generate automated alerts when cumu
lative bandwidth through
an AP exceeds a set threshold, as in a denial of service attack. Similarly, AMP may be
programmed to generate an alert if the number of users connected to an AP in a
warehouse or distribution facility exceeds the number of authoriz
ed devices or if the
bandwidth being used by an individual device exceeds the threshold required for the
supported applications in that facility. AMP’s monitoring screens and reports even
enable IT to view a detailed roaming and connection log for each use
r, tracking every
session on the wireless network for both security and planning purposes.


Without a wireless network management solution, it is virtually impossible to
secure a large WLAN. Without a management solution in place, other ste
ps take to
secure the Wi
Fi network are incomplete and ineffective:

An organization may require strong encryption settings to protect data
transmitted over the wireless network. Without a management solution, however, it is
extremely difficult for the o
rganization to ensure that these settings are applied
uniformly on all network devices. Without this assurance, the organization cannot be
sure that its data is protected.

The enterprise may specify access control policies designed to ensure that only
thorized users are permitted to connect to the corporate network. If the organization
cannot guarantee that all wireless devices, RADIUS servers, and other network


infrastructure are configured to conform with these policies, the organization runs the

that unauthorized users will connect directly to their network wirelessly.

For an intrusion detection solution to differentiate between authorized and
unauthorized devices and users, it must first have a full and accurate inventory of all
the authorized

devices on the network.

Defining policies,

onfiguring devices

uditing configuration settings
aintaining accurate inventories

ll of these are management tasks that must be
performed routinely and reliably for a wireless network to be secure. The inf
security team at any organization deploying a wireless LAN must insist on a
comprehensive management solution like the AirWave Management Platform.
Without it, they cannot do their jobs and cannot guarantee the security of the
organization’s secur
e network resources.

5. How wireless LANs are used in the real world



Wireless LANs frequently augment rather than replace

wired LAN networks
often providing the final few meters of

connectivity between a wired network and the
mobile us

The following list describes some of the many applications

made possible
through the power and flexibility of

wireless LANs:

• Doctors and nurses in hospitals are more productive because hand
held or
notebook computers with wireless LAN capability deli
ver patient information

• Consulting or accounting audit teams or small workgroups increase
productivity with quick network setup.

• Students holding class on a campus greensward access the Internet to consult

of the Library of Con

• Network managers in dynamic environments minimize the overhead caused by
moves, extensions to networks, and other changes with wireless LANs.

• Training sites at corporations and students at universities use wireless
connectivity to ease access to

information, information exchanges, and learning.

• Network managers installing networked computers in older buildings find that
wireless LANs are a cost
effective network infrastructure solution.

• Trade show and branch office workers minimize setup requ
irements by
installing pre
configured wireless LANs needing no local MIS support.

• Warehouse workers use wireless LANs to exchange information with central
databases, thereby increasing productivity.

• Network managers implement wireless LANs to provide b
ackup for mission
critical applications running on wired networks.

• Senior executives in meetings make quicker decisions because they have real
time information at their fingertips.

The application scenarios

5.2.1 Public buildings

In today’s global

environment, the development of intelligent buildings based on
wireless communication networks has become important. The mobility of people


combined with the need for an integrated
communication system have stimulated the
development of advanced indoor wi
reless communication systems.

The public buildings sector imposes specific requirements due to the nature of
the functionality of public buildings.

The communications environment of public buildings is different from other
wireless communications environme
nts because of the presence of
people. This presence creates new needs related to security, building functionality,
and/or maintenance of the communication service.

Some possible scenarios for wireless communications in public buildings are
cribed as follows.

Education scenarios
: Bearing in mind the development of IT, the
students, teachers, and administration personnel of a school campus need
wide connectivity. Wireless so
lutions are cheaper to install than
traditional wired solutions

and easy to reinstall. Wireless links also
provide high speed communications.

Health care scenarios
The access to updated information in real time is
a very important objective in health care environments. Communications
in such environments affect three

important groups or elements: patients,
hospital staff (physicians, nurses, pharmacy staff etc.) and equipment.

Law court scenarios:
Wireless systems have a strong field of application
in courtrooms an

courthouses. Courtroom computer use makes access
reference documents, and the documents storage easier. Electronic
storage facilit
ates the organization and indexing of information, allowing
easy access to documents (such as depositions, transcriptions, and
memos). Documents can be available to plaintiffs
, defendants , judges
and juries. Because law courts are usually situated in old buildings, a
wireless solution for computer interconnection would be the most
convenient technology.

Buildings needing high security (museums) :

Wireless data
communication s
ystem applied to public buildings with high security
requirements, such as museums, can be an interesting way of providing
security control. Imagine a museum where every visitor is asked to carry
a transceiver unit. This unit would continuously transmit a
signal, which would, in turn, be received by the distributed antenna
system. The processing of the received signals would reveal the current
position of every visitor. Upon leaving the public building, visitors
would place their personal uni
ts into a special pocket to be deleted from
the database. Further study is needed to identify the buildings needing
such high security requirements and he communication services to be
provided and to develop a functional entity model for such an

Wireless systems are also suitable for other public buildings that
experience high visitor traffic, such as ballparks, arenas, sports grounds,
stadiums, and theatres. Wireless systems can be used to c
heck entrance
tickets, thus avoiding ticket fraud. To

work in such a compatible
installed wireless network, each of the entrance checking points would
be equipped with a wireless unit that was, in turn, connected with a
central computer containing a record of all sold tickets. Every time a
ticket is scanned
at an entrance checking point, the ticket data are
transmitted to the central computer to validate the ticket data are


transmitted to the central computer to validate the ticket in real time.
Once the ticket has been validated, the central computer transmi
entrance approval to the entrance checking point.

Public transportation scenarios
stations and airports:
Airports have
become very sensitive to the need to keep flights on schedule. Thus, the
development of a wireless communication network to control pa
flow and the delivery of short messages within the airports is of great
interest. An electronic and/or magnetic card given to the passenger upon
checking in can function not only as a boarding card but also as a pager
as a badge
. The network under
study controls passenger flow and
transmits information to passengers. The broadcasting is performed by a
distributed antenna system with full coverage of the airport, while the
security and the flow control are carried out by reading the card with

devices installed at the entrances of each of the airport’s rooms.
In such an environment, a mixed IR and RF network can be used to
transmit and display the information to the users. The benefits are
security enhancement, the minimization of departure del
ays, and the
provision of better broadcast services to passengers. The architecture of
such a system must satisfy several functional constraints from both the
passenger and the network operator’s point of view:

Passenger constraints: Minimum delay and user

Operator constraints: Simplification of communication protocols, easy
integration, expandability, manageability, adaptability, security, and
minimum human resources.


Business environment

The possibilities of application of wireless commun
ication system in office
environments depend on the nature of the office, the functions carried out, and the real
business purposes of the office.

The main
advantages offered by wireless communication systems are mobility,
portability and reconfiguration r

It is well known that the costs of wire installation are significant and that, in
some cases, wired systems are inadvisable, as in old or historic buildings.

The installation of wireless communication systems in an office depends on the
ication infrastructure already installed in the office. The needs may vary:

Extension of the existing indoor wired networks

New installation of a wireless communication system

Wireless interconnection between close buildings that want to connect
their exis
ting wired networks.

The installation process of wireless networks is faster and cheaper than the
installation of wired networks. Wireless networks can be installed to connect new or
temporary work groups in an office, to connect portable equipment, and in

general, to
expand existing wired networks.

Today, commercially available equipment for wireless networks has
performance qualities (speed, security, reliability etc.) comparable with the equipment
for wired networks. As a result, professional staff invol
ved in the communications
infrastructure design can exp
ect to find wireless equipment that is flexible and easy to
integrate into wired systems.


As an example of wireless network installation, consider the case of the Bank of
America Securities LLC (BAS).
BAS is a full
service investments bank and
brokerage firm. Quick communication between BAS and the clients and the
monitorization of changes in the market are fundamental for the organisation.
Accordingly, it has installed a WLAN that allows workers to sec
urely monitor the
market from any place in the building. The wireless network also allows the company
to set up temporary work groups in an easy an flexible way.

5.2.3 Domestic buildings (the home)

Communication in the home environment deals with the
exchange of control
information as well as video and sound signals. Several solutions have been studied to
link home equipment, each type of which uses a different technology, such as
communications through the power line, wireless IR, RF, and microwave (M
communications. Communications in a home environment include house wide
communications, connection to the public networks, entertainment services, and
energy management.

Wireless communications are easy to install. They offer modularity in such a
way th
at adding new equipment or removing old equipment is easy to do. In addition,
these systems are cheaper than the traditional wired ones. It is important that wireless
systems be easy to use by everybody in the house.

An important factor in in
house wireles
s networks is the privacy of the
information travelling through the network. This information can contain telephone
signals, data signals from a personal computer, or video signals that cannot be
accessed by unauthorized personnel. On the other hand, inter
ference with
neighbouring systems must be avoided, meaning that a network installed in a house
cannot interfere with the network of the neighbouring house. Accord
ingly, wireless
systems for in
house applications must include mechanisms for information

5.2.4 Industrial sector

Wireless communication technologies have an important field of application in
the industrial environment. Two different wireless applications can be considered in
an industrial environment. One of them is open
air wireless

communications, which
can be interesting for those industries that have several buildings, each one with its
own data network. These industries spend a lot of money on telephone lines for
building interconnection. Using wireless links for these purposes w
ould decrease
telephone line costs considerably.

On the other hand wireless links can be used in industry for indoor
communications purposes. This allows people working in the company to be able to
monitor any information involved it the production process

anywhere and at any time.
Using these systems, all the documents involved in the manufacturing process can be
electronically formatted, avoiding the need for paper copies of documents. This
means that the information related to such items as product order
s, tickets, report, and
invoiced can be located in a central computer. Thus, the information is available in
real time and accessible from anywhere in the company.


Moreover, the installation of wireless communication systems in manufacturing
plants, distri
bution centers, or production lines makes the management of control
processes easier. Reconfiguration processes are also easier due to the reconfiguration
facilities inherent in wireless systems.

Several wireless communication systems have been installed i
n the industrial
sector. For example, the Ford Motor Company has installed WLANs in its product
plants and distribution centers. As a result of the installation the company has noticed
that the identification of recurrent quality problems takes place in re
al time, instead of
days. This has resulted in higher productivity, cost savings on rework, an higher
product quality.

As in other environments, the wireless communication medium in the industrial
sector can be IR (LED, laser), MW, or RF. The choice must be made according to
environmental factors, such as the presence of obstacles, thermal radiation, range, and
EMI. (elect
romagnetic interference).





, 2002