Wireles

s LAN
Propos
al
Limkokwing Executive Leadership College
(LELC)

This proposal is a wireless LAN proposal for

Limkokwing Executive Leadership college. WLANs are
very popular these days put most of the WLAN
implementation are buggy and unsecure. We in this
proposal are recommending a secure wireless LAN
deployment.

BASHIR ABDU MUZAKKARI

Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

INTRODUCTION
An unsecured wireless network is an open invitation to hackers to walk right in to your computer
and steal your personal information, upload malware onto your computer, and otherwise terrorize
you.

Aside from the threat of unauthorized users accessing your network and eaves-dropping your
internal network communications by connecting with your wireless LAN (WLAN), there are a
variety of threats posed by insecure or improperly secured WLAN such as Rogue WLAN,
Spoofing internal communication, and information theft.

This can be protected through:

Changing Administrator Passwords and Usernames

After you've taken your Wi-Fi router out of the box and started the setup process, you will be
asked to sign on to a specific Web page and are required to enter information such as your
network address and account information. In theory, this Wi-Fi setup page is protected with a
login screen (username and password).

The Problem: Though the username and password are intended to allow only you to get access
to your Wi-Fi setup and the personal information you have entered, the fact remains that the
logins provided are usually given to everyone with the same model router, and because most
people never change them, they remain an easy target for hackers and identity thieves. In fact,
there are sites that list the default usernames and passwords for wireless routers, making a
hackers job even easier.

The Solution: Change the username and password for your Wi-Fi setup immediately after the
first login. And if you are going to spend the time changing your password, make sure it is
difficult to guess. Your name, birth date, anniversary date, child's name, spouse's name, or pet's
name are going to be among the hacker's first guesses. And because many hackers use a

Page | 2
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

technique called 'dictionary hacking,' (running a program that tries common English words as
passwords) you should make sure that your password isn't just a common English word, but
rather is a combination of letters and numbers.

 Upgrading your Wi-Fi Encryption

If the information sent back and forth over your Wi-Fi network isn't adequately encrypted, a
hacker can easily tap into the network and monitor your activity. When you type personal or
financial information into a Web site, that hacker can then steal that information and use it to
steal your identity.

The old encryption standard Wired Equivalent Privacy (WEP) can be hacked within 30 seconds,
no matter the complexity of the passphrase you use to protect it. Unfortunately, millions of Wifi
users are still using WEP encryption technology to encrypt their information, despite the
availability of the vastly superior WPA2 encryption standard.

The Problem: Despite the superior encryption protection that WPA2 provides, most Wifi home
users have failed to upgrade their protection because they were unaware of the problem, or
simply felt overwhelmed by the technical prospects of upgrading. As a result, many continue to
use WEP encryption, which is now so simple to hack that it is widely regarded as little better
than no encryption at all.

The Solution: The solution, of course, is to upgrade your Wi-Fi encryption to WPA2. But before
you can add WPA2 protection, you will have to complete a few steps in order to update your
computer. The first step is to download and install Microsoft's WPA2 hotfix for Windows XP.
You will also likely need to update your wireless card driver. These updates, if needed, will be
listed in Microsoft's Windows Update page under the subheading "Hardware Optional".

Now that your computer and wireless card are up to date, you will need to log into your router's
administration page through your web browser (this is the page you signed into in order to setup
the Wi-Fi router the first time you opened it up, the specific URL can be found in your router's
instruction manual.) Once signed in, change the security settings to "WPA2 Personal" and select

Page | 3
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

the algorithm "TKIP+AES". Finally, enter your password into the "Shared Key" field and save
your changes.

Changing the Default System ID

When you got your Linksys or D-Link router home from the store and set it up, it came with a
default system ID called the SSID (Service Set Identifier) or ESSID (Extended Service Set
Identifier). This ID is also commonly referred to as the name of your Wi-Fi setup.

The Problem: Usually, manufacturers assign identical SSID sets to their devices, and 80 percent
of Wi-Fi home users leave their system on the default setting. So that means that 80 percent of
homes have Wi-Fi systems titled, "Default" or "LinkSys" or whatever your provider sets as the
default name.

The problem with these default settings is that they serve as strong signals to hackers who have
been known to just cruise neighborhoods looking for Wi-Fi networks with default names to hack
into. Though knowing the SSID does not allow anyone to break into your network, it usually
indicates that the person hasn't taken any steps to protect their network, thus these networks are
the most common targets.

The Solution: Change the default SSID immediately when you configure your LAN. This may
not completely offer any protection as to who gains access to your network, but configuring your
SSID to something personal, e.g. "The Smith House Wi-Fi Network", will differentiate you from
other unprotected networks, and discourage hackers from targeting you. As an added bonus,
having a Wi-Fi network with a unique name also means that neither you or your family will
make the mistake of connecting through a neighbor's Wi-Fi network, and thus exposing your
computers through their unprotected setup.

MAC Address Filtering

If you've had an unsecured Wi-Fi setup in your home in the past, you can be fairly certain that at
least one of your neighbors is mooching off your Wi-Fi to connect to the Internet. While
everyone loves a friendly neighbor, providing an easy resource for others to steal Internet access

Page | 4
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

is morally and legally questionable, but even scarier is the harm those moochers can do to your
computer.

In order to check who has been using your network, you'll need to check the MAC address.
Every Wi-Fi gadget is assigned a unique code that identifies it called the "physical address" or
"MAC address." Your Wi-Fi system automatically records the MAC addresses of all devices that
connect to them. But busting your Internet-stealing neighbors isn't all that MAC addresses are
good for, they can actually be a great help in securing your WLAN.

The Problem: You are not sure who or what is accessing and endangering your Wi-Fi network,
and once you find out that someone or something is mooching off your network, you want to
stop them. But how?

The Solution: Checking the MAC address long for your Wi-Fi network will give you a quick
view of all the devices accessing your network. Anything that isn't yours, you will want to keep
out. To do this, you will need to manually key in the MAC addresses of your home equipment.
This way, the network will allow connections only from these devices, so your mooching
neighbors will be out of luck. Caution: This feature is not as powerful as it may seem. While it
will stop your average neighborhood moocher or amateur hacker, professional hackers use
advanced software programs to fake MAC addresses.

Stop Publicly Broadcasting your Network

By now you've renamed your Wi-Fi so that hackers won't see the default name as they sweep for
unprotected Wi-Fi setups. But wouldn't it be even better if hackers and curious neighbors didn't
know you had a Wi-Fi setup at all? Usually, your access point or router is programmed to
broadcast the network name (SSID) over the air at regular intervals. While broadcasting is
essential for businesses and mobile hotspots to let people find the network, it isn't needed at
home, so eliminate it.

The Problem: Why broadcast to the world that you have a wireless connection? You already
know it; why do strangers need to know? For most personal uses, you are better off without this
feature, because it increases the likelihood of an unwelcome neighbor or hacker trying to log in

Page | 5
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

to your home network. The broadcast works like an invitation to the hackers who're searching for
just that opportunity.

The Solution: Most Wi-Fi access points allow the SSID broadcast feature to be disabled by the
network administrator. If you are using a Linksys router, instructions to disable your SSID
broadcast are here, and for those of you using D-Link, your instructions are here (See Figure 1.6
on page 4). Otherwise, you will need to check the manual for your hardware for specific
instructions on how to disable broadcasting for your router.

 Positioning of the Router or Access Point

Wi-Fi signals don't know where your house ends and where your neighbor's begins. This Wi-Fi
signal leakage gives hackers and neighbors the opportunity to find your wireless network and
attempt to access it.

The Problem: While a small amount of overflow outdoors is not a problem, it is important to
keep this leakage to a minimum. This is important because the further your signal reaches into
the neighborhood, the easier it is for others to detect and exploit.

The Solution: If you haven't yet installed your wireless home network, make sure to position the
router or access point in the center of the home rather than near windows or doors. If you live in
an apartment, consider that a Wi-Fi network is restricted in part based upon the materials that it
must pass through, the more walls, doors, and metal the signal passes through, the weaker it is.
So if your goal is to reduce leakage, you might consider mounting your Wi-Fi in a closet in order
to reduce signal strength.

When to Turn Off the Network

Most of us know that it is impractical to constantly turn devices on and off. Having a Wi-Fi
connection is in large part a device of convenience, and having to turn it off every time you aren't
using it, eliminates much of that convenience. Unfortunately, a Wi-Fi connection is vulnerable
when it is on; therefore shutting off your wireless signal when not in use would be a huge boon
to its security.

Page | 6
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

The Problem: There is an inherent tension between convenience and security in deciding
whether to turn off a wireless access point between connections.

The Solution: Just as you take extra home security measures when taking a vacation, like asking
your neighbors to pick up the mail and leaving a light on, so also should you take extra Wi-Fi
security measures when your network will not be in use for expended periods of time. Shutting
down the network is a basic but effective security measure that can protect your network when
you are not around to protect it, and hackers may take the opportunity to mount their attack.

Putting your Improvements to the Test

Now that you've made all these changes to your Wi-Fi setup, it would be nice to know that you
are secure. Unfortunately, the only surefire test for how secure you are is to wait to see if you get
hacked. Trial by fire is no way to test your security, however, so thankfully there is a program to
help audit your Wi-Fi security.

The Problem: There is no way for the average home Wi-Fi user to know if the changes they
made to upgrade their wireless security will really prove successful in keeping them safe.

The Solution: The Netstumbler utility, by Marius Milner will both determine your network's
vulnerabilities and unauthorized access points. In addition to these security concerns, the
downloadable program will also reveal the sources of network interference and weak signal
strength, so that you can improve the strength of your Wi-Fi signal. Netstumbler is free for
download, although the author asks that those who find the tool helpful make a donation to
support the creation of future utilities.

Page | 7
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

SITE SURVEY
One of the single most important steps in implementing a wireless network is performing a site
survey. The findings from the site survey could mean the success or failure of the wireless LAN
implementation. The key factor in this site survey is to make sure all the class rooms and staff
rooms receive a proper wireless range. In our site survey we mostly emphasized on the following
topics:

Facility Diagram
A current floor plan was sketched and approximate measurements were taken. Below is the site
diagram. According to the floor plan class room 12 and class room 7 are the largest. And both
rooms are next to one another partitioned by a brick wall.

We also noticed
12m
that most of the
walls are

42m

14m

36m

14m
Figure 1: Site Measurements (aprox.)

constructed with standard brick. And some of the walls had glass windows attached. Some
windows cover half the wall while other windows are attached at the top of the walls near the
ceilings. The bigger windows are tinted so as to block the internal view of the class room. We

Page | 8
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

have taken some pictures of the site for visual inspection. Some of the class rooms are
partitioned with plywood, for example class room 1 and 2.

Figure 2: Class Room , with tinted window Figure 1: Hall way of c4, c12 and c7

Figure 4: Hall way to main staff room

Figure
and c12
5: c1 and c2, with small windows at the top

Page | 9
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

The inside of the class rooms and hall ways doesn’t have much RF barriers other than the walls
separating them. We did not have a chance to check the staff rooms and management rooms as
they are out of bound to students. There might be RF frequency interruption devices such as
cordless phones or other microwave devices.

Main User Areas

We have identified the user areas and the areas where usage is most likely to be heavy and areas
where most number of users will be using the wireless network. Below is a diagram marking the
above mentioned areas. The dimmer the color the lesser the usage or the number of users.

High Usage, with relatively high number of users

Relatively low usage

Low number of users, with low usage

According to our
prediction the
most number of
users that will use
the wireless
network
Figure 6: User area chart simultaneously
will be in the area
Figure 7: Class room 12, with 100 seats
marked in red. Class room 12 and class room 7 are relatively larger than the rest of the class
rooms in the facility. Each of these classes can accommodate 100 students.

Page | 10
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

Also the student lounge is a hot area where students

tend to do their research when they don’t have a class.
It is also one of the areas where demand might go high
in certain periods.

Figure 8: Student lounge

Access Point Locations and Coverage

Based on our finding we have plotted the access point locations on the floor plan below.

AP1: Inside C-12 on wall separating C-7

AP2: Inside C-1 Near Staff room

AP3: Outside staff room

Table 1: Access Point Locations

Access Location Description

Point
AP1 Inside C-12 on wall separating This Access point will cover the largest
C-7 two class rooms in the facility. Even
though the class rooms are separated by a
brick wall both have big class windows
where signals can travel easily.
AP2 Inside C-1 Near Staff room This access point will cover c-1, c2, c3,
c4, main staff room and the walk way in
front of the class rooms.

Page | 11
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

AP3 Outside staff room This AP will cover the rest of the facility.
The purpose of this AP is to provide
greater coverage to the student lounge
while still covering the less usage areas
like class 9,10 and 11.

Obstacles to signal strength

Walls: Most of the walls are constructed with brick. In some class rooms one room is separated
from the other by merely plywood partitions. Most walls have windows attached to them. So
there might not be much impact on the signal strength due to this.

Furniture: All the class rooms are equipped with plastic chairs with minimal steel, white boards
and projectors and speakers for multimedia. There is nothing much that could affect the signal
strength in an adverse manner. Since we did not have a chance to check the Staff Rooms we will
consider those places out of scope of signal strength and obstacles.

Coated Glass: The larger windows attached to some class room walls are tinted. But it does not
have any wire mesh embedded in it. Therefore generally these glasses should not be of much
obstacle to the signal strength.

IEEE 802.11 STANDARDS

Home and business networkers looking to buy wireless local area network (WLAN) gear face an
array of choices. Many products conform to the 802.11a, 802.11b, 802.11g, or 802.11n wireless
standards collectively known as Wi-Fi technologies. Additionally, Bluetooth and various other
non Wi-Fi technologies also exist, each also designed for specific networking applications.

The standards 802.11a, 802.11b, 802.11g, or802.11n are the ones most wireless products
conform to, a comparison between them will show which is the most beneficial to have.

The 802.11b was the first standard, it supported max bandwidth of 2mbps and therefore is now
obsolete. The 802.11b supports a bandwidth of 11mbps, and uses unregulated radio signaling

Page | 12
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

frequency of 2.4 GHz, this is a good bet as it is cheap and has good signal strength, however it is
slow and prone to interference form other appliances.

In contrast 802.11a has a speed of 54mbps, but it is expensive and is therefore more popular for
business networks. It uses a frequency of 5 GHz. Some vendors offer hybrids but these are
mutually dependent on the other working properly. The speed is much better and interference is
lessened, but it is more expensive and the range of the signal is shorter.

The 802.11g has a bandwidth of 54 Mbps, it utilizes a 2.4 GHz frequency and hence has a
greater range. It is backwards compatible with 802.11b, so their respective access points and
adapters can work with each other. It is faster and has a better signal but is very costly and is
prone to interference from similar frequency appliances.

The 802.11n, which supports data rates of over 100 Mbps. It has a better range than earlier Wi-Fi
standards because of improved signal strength and in addition is compatible with 802.11g
equipment. It has the best speed and signal and is resistant to interference. However it happens to
be the most costly and has interference problems with 802.11b and g networks.

Page | 13
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

STANDALONE & CENTRAL WLANS

Standalone Wireless Network
A Standalone access point in wireless network depends on the integrated functionalities of each
access point to enable wireless services, authentication and security. Standalone network is
characterized by:

i. Access points in the network are independent of each other in terms of operations.
ii. Encryption and decryption is done at the access point.
iii. Each access point has its own configuration file.
iv. Larger networks normally rely on different management.
v. The network configuration is static and does not respond to changing network
conditions such as interfering rogue access points or failures of neighboring APs.

Wireless Network with Standalone Access Points (ProCurve Networking by HP)

Page | 14
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

Centrally Coordinated Wireless Network

Centrally Coordinated wireless network or often called thin access points or radio ports, have
much simpler responsibilities; most of the heavy lifting is performed by a centralized controller,
which handles functions such as roaming, authentication, encryption/decryption, load balancing,
RF monitoring, performance monitoring and location services. Because configuration is done
once, at the controller, adding additional radios to cover new office areas is as simple as plugging
them in. As shown in Figure 3, this kind of network can be characterized as follows:

i. Access point activity is coordinated by a wireless centralized controller.

Encryption/decryption and authentication are performed at the controller, instead of at
the individual access points.
ii. To maintain the health of the network, the controller can reconfigure access point
parameters as needed, providing a self-healing WLAN.
iii. The wireless LAN controller performs tasks such as configuration control, fault
tolerance and network expansion.
iv. Redundancy can be provided through redundant controllers in separate locations that
can assume control in the event of a switch or controller failure.

Wireless Network with Coordinated Access Points (ProCurve Networking by HP)

Page | 15
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

IMPLEMENTATION CONSIDERATIONS
Which type of Wireless Network: Standalone or Central AP?
Which type of Wireless Network: Centrally Coordinated or Standalone AP?

Both the standalone and centrally coordinated architectures have advantages and disadvantages,
depending on the age of the wired infrastructure, deployment area, building architecture, and
types of applications that you want to support. Regardless which approach you choose, it is
essential that your architecture provide you with a way to manage your network efficiently and
effectively.

Standalone Access Point WLAN

A standalone access point WLAN is particularly well suited in environments where:

i. There is a smaller isolated wireless coverage area that requires only one or a few
access points.
ii. There is a need for wireless bridging from a main site building to a branch office or to
a remote portable or temporary building such as a portable classroom.

However, the operational overhead to manage and maintain a wireless LAN increases with the
size of the wireless LAN deployment.

Centrally Coordinated Access Point WLAN

A Centrally Coordinated WLAN is well suited to deployments where:

i. There are one or more large wireless coverage areas that require multiple radio ports
possibly accompanied by several smaller isolated coverage areas.
ii. RF network self-healing is required.
iii. A redundant stateful-failover solution is required.

In conclusion, a centrally coordinated network offers many benefits, including:

i. Lower operational costs. Centralized management facilitates ease of deployment and

ongoing management.
ii. Greater availability. In this architecture, it’s easier to respond in real-time to changes
in the network performance and spikes in user demand.

Page | 16
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

iii. Better return on investment. Fast client roaming and enhancements in Quality of
Service enable traffic-sensitive applications such as voice over wireless LAN.

Coordinated AP deployments are most appropriate in larger organizations with a wireless

overlay throughout the facility, campus-wide. This kind of deployment allows a facility to
address operational concerns, simplify network management, and assure availability and
resiliency.

Dual-band radios and dual radio access

802.11a/b/g dual-band access points with two radios can simultaneously support both 2.4 GHz
(802.11b/g) and 5 GHz (802.11a) RF bands. They offer backward compatibility (to preserve
existing investments) along with a larger number of channels and consequently increased
throughput. A wireless station with a dual-band radio typically looks first for an 802.11a access
point. If it cannot find one, it then scans for an 802.11g, and ultimately for an 802.11b.

802.11a and 802.11g dual radio support (ProCurve Networking by HP)

Dual-band access points are well suited to a wide range of network topologies. In addition to the
benefits of increased bandwidth, it is fairly common to find deployments that use dual-band
access points to segregate data types onto the different RF bands. The access point’s 802.11a
radio can service wireless traffic from data clients (such as notebooks), while the 802.11b/g radio
supports time-sensitive voice traffic from VoWLAN handsets, thus reducing data and voice
traffic contention by creating two separate RF networks.

Page | 17
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

REFERENCES
Brian P. Crow, I. W. (1997, 09). IEEE 802.11 Wireless Local Area Networks. IEEE Communications
Magazine.

Business WLAN. (n.d.). Retrieved 06 April, 2011, from

http://www.dlink.com/products/category.asp?cid=1&sec=2

Color Laser Printers. (n.d.). Retrieved 06 April, 2011, from

http://h10010.www1.hp.com/wwpc/us/en/sm/WF02a/18972-18972-3328060.html

Geier, J. (2002, 04 18). Defining WLAN Requirements: In Depth. Retrieved 06 01, 2008, from
http://www.wi-fiplanet.com/tutorials/article.php/1011991

Geier, J. (2002, May 22). WLAN Deployment Risks. Retrieved 05 29, 2008, from http://www.wi-
fiplanet.com/tutorials/article.php/1142791

Hewlett-Packard Development Company. (2003). Wireless LANs: Planning the Site Assessment.
Retrieved 06 April, 2011, from
http://www.hp.com/rnd/pdf_html/wirelessLANsite_assessment.htm

HP. (2003). Planning a Wireless Network. Hewlett-Packard Development Company.

HP ProLiant ML Servers. (n.d.). Retrieved 06 April, 2011, from

http://h10010.www1.hp.com/wwpc/pscmisc/vac/us/en/sm/proliant/proliant-ml.html

IEEE Computer Society. (2007). Part 11: Wireless LAN Medium Access Control (MAC) and
Physical Layer (PHY) Specifications. LAN/MAN Standards Committee.

McGraw-Hill. (1995). The McGraw-Hill Internetworking Handbook.

Tri-Mode Dualband 802.11a/b/g (2.4/5GHz) Wireless 108Mbps1 Access Point with PoE. (n.d.).
Retrieved 06 03, 2008, from http://www.dlink.com/products/?sec=2&pid=356

Page | 18
Wireless LAN Proposal
Limkokwing Executive Leadership College (LELC)

Wi-Fi. What is it? (n.d.). Retrieved 06 April, 2011, from http://www.wilcorpinc.com/Wi-

Fi_history.htm

ProCurve Networking by HP: Planning a Wireless Network, retrieved 06 April, 2011, from
www.accountingweb-cgi.com/.../hp_planning_wireless_network.pdf

Page | 19