You are on page 1of 35




Wi-Fi Technologies
Wi-Fi Architecture
Wi-Fi Network Elements
How a Wi-Fi Network Works
Wi-Fi Network Topologies
Wi-Fi Configurations
Applications of Wi-Fi
Wi-Fi Security
Advantages/ Disadvantages of Wi-Fi

Wireless Technology is an alternative to Wired

Technology, which is commonly

connecting devices in wireless mode.



Wi-Fi (Wireless Fidelity) is a generic term that

refers to the IEEE 802.11

standard for Wireless Local

Area Networks

Wi-Fi Network connect computers to each other, to

the internet and to the wired network.

Wi-Fi Networks use Radio Technologies to

transmit & receive data at high speed:
IEEE 802.11b
IEEE 802.11a
IEEE 802.11g
IEEE 802.11n

Appear in late 1999

Operates at 2.4GHz radio spectrum
11 Mbps (theoretical speed) - within 30 m

4-6 Mbps (actual speed)
100 -150 feet range
Most popular, Least Expensive
Interference from mobile phones and
Bluetooth devices which can reduce the
transmission speed.

Introduced in 2001
Operates at 5 GHz (less popular)
54 Mbps (theoretical speed)
15-20 Mbps (Actual speed)
50-75 feet range
More expensive
Not compatible with 802.11b

Introduced in 2003
Combine the feature of both standards

100-150 feet range
54 Mbps Speed
2.4 GHz radio frequencies
Compatible with b

Introduced in 2009
Improved network from 54 Mbit/s to 600

175 Feet range
300 Mbps - 450 Mbps+ Speed
2.4/5 GHz radio frequencies
802.11n is faster than 802.11g.

Access Point (AP) - The AP is a wireless LAN

transceiver or base station that can connect one or many

wireless devices simultaneously to the Internet.

Wi-Fi cards They accept the wireless signal and relay

information. They can be internal and

(e.g PCMCIA Card for Laptop and PCI Card for Desktop PC)
Safeguards - Firewalls and anti-virus software protect

networks from uninvited users and keep information secure.

Basic concept is same as Walkie talkies.

A Wi-Fi hotspot is created by installing an access

point to an internet connection.

An access point acts as a base station.
When Wi-Fi enabled device encounters a hotspot the
device can then connect to that network wirelessly.
A single access point can support up to 30 users and
can function within a range of 100 150 feet indoors
and up to 300 feet outdoors.
Many access points can be connected to each other
via Ethernet cables to create a single large network.

AP-based topology (Infrastructure Mode)

Peer-to-peer topology (Ad-hoc Mode)
Point-to-multipoint bridge topology

The client communicate through Access Point.

BSA-RF coverage provided by an AP.
ESA-It consists of 2 or more BSA.
ESA cell includes 10-15% overlap to allow roaming.

AP is not required.
Client devices within a cell

directly with each other.

can communicate

It is useful for setting up of a wireless network

quickly and easily.

This is used to connect a LAN in one building to a

LANs in other buildings even if the buildings are
miles apart. These conditions receive a clear line
of sight between buildings. The line-of-sight range
varies based on the type of wireless bridge and
antenna used as well as the environmental

Wireless technology doesnt remove any old security

issues, but introduces new ones

Man-in-the-middle attacks
Denial of Service

Easy to perform, almost impossible to detect

By default, everything is transmitted in clear


Usernames, passwords, content ...

No security offered by the transmission medium

Different tools available on the internet

Network sniffers, protocol analysers . . .
Password collectors
With the right equipment, its possible to

eavesdrop traffic from few kilometers away


Attacker spoofes a
disassociate message
from the victim


The victim starts to

look for a new access
point, and the attacker
advertises his own AP
on a different channel,
using the real APs
MAC address


The attacker connects

to the real AP using
victims MAC address

Attack on transmission frequecy used

Frequency jamming
Not very technical, but works
Attack on MAC layer
Spoofed deauthentication / disassociation messages
can target one specific user
Attacks on higher layer protocol (TCP/IP


SYN Flooding

The requirements for Wi-Fi network security can be

broken down into two primary components:
User Authentication
Server Authentication


Keeping unauthorized users off the network

User Authentication
Authentication Server is used
Username and password
Data (username & password) send before secure

channel established
Prone to passive eavesdropping by attacker

Establishing a encrypted channel before sending
username and password

Server Authentication
Digital Certificate is used
Validation of digital certificate occurs automatically within

client software

802.1X Access Control

Wireless Protected Access (WPA)

Designed as a general purpose network access control mechanism

Authenticate each client connected to AP (for WLAN) or switch port

(for Ethernet)

Authentication is done with the RADIUS server, which tells the

access point whether access to controlled ports should be allowed

or not
AP forces the user into an unauthorized state
user send an EAP start message
AP return an EAP message requesting the users identity
Identity send by user is then forwared to the authentication server by AP
Authentication server authenticate user and return an accept or reject

message back to the AP

If accept message is return, the AP changes the clients state to
authorized and normal traffic flows

WPA is a specification of standard based, interoperable security

enhancements that strongly increase the level of data protection
and access control for existing and future wireless LAN system.
User Authentication
TKIP (Temporal Key Integrity Protocol) encryption
dynamic encryption keys (session based)
New 128-bit key
per packet key mixing function

Uses Message Integrity check

Ensures data integrity

WPA comes in two flavors

use pre-shared key
For SOHO environments
Single master key used for all users

WPA Enterprise
For large organisation
Most secure method
Unique keys for each user
Separate username & password for each user

It replaced original WPA since 2006

It is based on IEEE 802.11i technology
Used on Home Networks
Depends on WPA-2 PSK (Pre Shared Key)

Small Businesses or SOHO
Large Corporations & Campuses
Health Care
Wireless ISP (WISP)

Ease of Installation
Use unlicensed part of the radio spectrum

Degradation in performance
High power consumption
Limited range