Wednesday, 22 October 2014

Wireless Networking Basics

It's been a while since my last post. So this time I have come up with a new topic, Wireless Networking! Wireless networking have been around for many years and is being used widely in many industries. I have prepared an FAQ about basic wireless networking which might help the WiFi beginners. As usual, if you have any comments or queries then do get in touch.

1.) What is a Wireless Network (WLAN)?

A wireless local area network (WLAN) is an interconnection of two or more devices using a wireless media. Wireless networks are made up of network adapters that transmit high frequency radio signals, instead of using wires or cables, to send information to other computers or devices on a network.

This gives users the ability to move around within a local coverage area and still be connected to the network. Most modern WLANs are based on IEEE 802.11 standards, marketed under the Wi-Fi brand name.

2.) What is a Wired Network?

A wired network connects devices to the Internet or other networks using cables. In the past, wired networks were sometimes thought to be faster than wireless ones. However, today’s WLANs have minimized that difference.

3.) What are the differences between a Wired and Wireless Network?

Wired Network
Wireless Network
Use Ethernet switches to interconnect endpoints.
Access points and Controllers interconnect endpoints.
Less mobility
Greater Mobility
Inexpensive
Expensive
Difficult to configure and manage
Easy to set up and manage.
Data travels through dedicated wires.
Data travels through Air. Radio waves are the media.
Single path for data to travel (wires).
Multiple path for data (channels).
Speed doesn't change with distance.
Speed varies with distance – Follows the inverse square law.
Signal physically secure.
Accessible to anyone. Security must be implemented.

Wired network                                                           Wireless network

4.) What are the major similarities of a wired and wireless network?
  • On both wired and wireless network packets are send from one MAC address to another.
  • Both are prone to bandwidth issues : Congestion and over utilization.
  • Both are reliant upon the major protocols like DHCP, DNS, RADIUS etc.
  • Both subject to problems in the backbone network like network failure, looping etc.

5.) What are the major devices used to build a WLAN?

Below are some important devices need to build a WLAN:

a.)  WLAN controller -> It is a device (either hardware or software) that directs or regulates traffic on the wireless network. The main purposes of a WLAN Controller are:

Centralized Control : Management of Wireless Access Points from a centralized location (like a Domain Controller)
Simplified Operations : It simplifies network deployment, operations, and management.

b.)  Wireless Access Points (WAP): A wireless access point (AP) allows wireless devices to communicate and are commonly connected to cabled networks to allow wireless users access to the network. This also helps us to extend the Wireless network over a wide range.

c.)  WLAN Network Interface card : Used in Laptops to connect with the WLAN.

d.)  RADIUS or (TACACS+): To provide Authentication, Authorization and Accounting (AAA), a security mechanism.

e.)  End devices such as Laptops, Tablet PCs', Mobile phone, Printer, VOIP etc.

f.) Power over Ethernet (PoE) : To provide power to APs', VOIP phones etc

Along with this there are many management/security software available in the market which are vendor specific. eg. RingMaster software of Juniper.

6.) What are the types of Wireless Network?

WLAN operates in two basic modes:

a.) Ad hoc mode -> Mobile units transmit directly (peer-to-peer)

b.)  Infrastructure mode -> Mobile units communicate through an access point that serves as a bridge to other networks (such as Internet or LAN).


7.) What is the major protocol used in Wireless Network?

IEEE 802.11. Mainly operating at 2.4 and 5 GHz.


8.) How to Secure WLANs?

To increase security, WLANs require:

User authentication, to prevent unauthorized access to network resources, authenticate users to be sure you know who is using the WLAN. Open Authentication, Shared Key Authentication , EAP Authentication (802.1x), MAC Address Authentication , Combination of MAC-Based, EAP, and Open Authentication, WPA Key Management (802.1x), Captive portal are the examples of wireless authentication solution.


Data encryption/privacy, to protect the integrity and privacy of transmitted data, encrypt data that travels on the network. WEP and WPA/WPA2 are the two important encryption mechanisms available. Wired Equivalent Privacy (WEP) encryption is not adequate nowadays, but WPA and WPA2 give you stronger options.

• Physically hide or secure access points to prevent tampering.

Basically while designing a wireless network we need choose the security protocol needs to be used in it. It can either be WEP or WPA/WPA2.

For example WPA2 is a security scheme that specifies two main aspects of your wireless security:
  • Authentication: Your choice of PSK ("Personal") or 802.1X ("Enterprise").
  • Encryption: Always AES-CCMP.

If you're using WPA2 security on your network, you have two authentication choices: You either have to use a single password for the whole network that everyone knows (this is called a Pre-Shared Key or PSK), or you use 802.1X to force each user to use his own unique login credentials (e.g. username and password).

Regardless of which authentication type you've set up your network to use, WPA2 always uses a scheme called AES-CCMP to encrypt your data over the air for the sake of confidentiality, and to thwart various other kinds of attacks.

802.1X is based on EAP, the Extensible Authentication Protocol that was originally developed for PPP, and is still used extensively in VPN solutions that use PPP inside the encrypted tunnel (LT2P-over-IPSec, PPTP, etc.). In fact, 802.1X is generally referred to as "EAP over LANs" or "EAPoL".


9.) What is the difference between WEP and WPA ?

WEP
WPA
Wired Equivalent Privacy
Wi-Fi Protected Access
A security protocol for wireless networks introduced in 1999 to provide data confidentiality comparable to a traditional wired network
A security protocol developed by the Wi-Fi Alliance in 2003 for use in securing wireless networks; designed to replace the WEP protocol.
Through the use of a security algorithm for IEEE 802.11 wireless networks it works to create a wireless network that is as secure as a wired network.
As a temporary solution to WEP's problems, WPA still uses WEP's insecure RC4 stream cipher but provides extra security through TKIP, AES, CCMP.
Wireless security through the use of an encryption key and uses CRC for Integrity check.
Wireless security through the use of a password. Uses Integrity check.
Open system authentication or shared key authentication. Mainly using MAC address for authentication.
Authentication through the use of a 64 digit hexadecimal key or an 8 to 63 character passcode. User Authentication is possible.


10.) Which are all the major vendors in WLAN market?

Cisco, Aruba, HP, Ruckus, Motorola, Meru, Juniper etc.

11.) What does WiFi mean? 

WiFi is the popular term for a high-frequency wireless local area network (WLAN). It is also is a set of standards for wireless local area networks (WLAN) currently based on the IEEE 802.11 specifications to ensure interoperability of wireless networking products.

12.) Which are the standards bodies primarily responsible for implementing WLANs?

IEEE : Defines the mechanical process of how WLANs are implemented in the 802.11 standards so that vendors can create compatible products.

The Wi-Fi Alliance : Basically certifies companies by ensuring that their products follow the 802.11 standards, thus allowing customers to buy WLAN products from different vendors without having to be concerned about any compatibility issues.
Frequencies bands.

13.) Some Basic Wireless Terminologies

Radio Frequency (RF)

Before we look into the radio frequency let's have a look into the electromagnetic spectrum as RF is a part of the electromagnetic spectrum.

The electromagnetic radiation spectrum is the complete range of the wavelengths of electromagnetic radiation, beginning with the longest radio waves and extending through visible light all the way to the extremely short gamma rays that are a product of radioactive atoms.

Now what is this electromagnetic radiation? Electromagnetic radiation (EM radiation, EMR, or light) is a form of energy released by electromagnetic processes. Electromagnetic radiation is made when an atom absorbs energy. The absorbed energy causes one or more electrons to change their locale within the atom. When the electron returns to its original position, an electromagnetic wave is produced. Depending on the kind of atom and the amount of energy, this electromagnetic radiation can take the form of heat, light, ultraviolet, or other electromagnetic waves.

Electromagnetic radiation travels in waves, just like waves in an ocean. The energy of the radiation depends on the distance between the crests (the highest points) of the waves, or the wavelength. In general the smaller the wavelength, the higher the energy of the radiation. Gamma rays have wavelengths less than ten trillionths of a meter which is about the size of the nucleus of an atom. This means that gamma rays have very high-energy. Radio waves, on the other hand, have wavelengths that range from less than one centimeter to greater than 100 meters (this is bigger than the size of a football field)! The energy of radio waves is much lower than the energy of other types of electromagnetic radiation. The only type of light detectable by the human eye is visible light. It has wavelengths about the size of a bacteria cell, and its energies fall between those of radio waves and gamma rays.

The types of electromagnetic radiation are broadly classified into the following classes:

Gamma radiation
X-ray radiation
Ultraviolet radiation
Visible radiation
Infrared radiation
Terahertz radiation
Microwave radiation
Radio waves

This classification goes in the increasing order of wavelength, which is characteristic of the type of radiation.


The below diagram explain electromagnetic spectrum more clearly.


Now let's look into RF in more detail.

Short for radio frequency, RF is any frequency within the electromagnetic spectrum associated with radio wave propagation. When an RF current is supplied to an antenna, an electromagnetic field is created that then is able to propagate through space. The current actually excites electrons within the antenna and the energy moves outward in the form of an electromagnetic wave.

Many wireless technologies are based on RF field propagation. Radio frequency is also abbreviated as rf or r.f.

RF basically range between a frequency range of 3 kHz and 300 GHz.

Here is an excellent video which describes RF in simple words https://www.youtube.com/watch?v=FVmTooGICNc

Also a great guide about RF and Antenna Fundamentals can be found at http://faculty.ccri.edu/jbernardini/JB-Website/ETEK1500/1500Notes/CWNA-ed4-Chapter-2.pdf

Service Set

A service set is a set consisting of all the devices associated with a consumer or enterprise IEEE 802.11 WLAN. It can also be called as a wireless cell or wireless workgroup.

  SSID  : To identify a service set we use Service Set Identifier (SSID). On an AP SSID is the combination of its MAC address and network name.

  BSS   : BSS(Basic service set) is an area where an AP service or It is a single wireless area for an infrastructure mode wireless LAN.

  BSSID : To identify BSS we use BSSID.

  ESS   : If the AP connects to a Wireless Controller over a wired connection (multiple APs' will be there in such a situation), then all together we call it as ESS.

Active and Passive Scanning

  Passive Scanning : Beacon frames are being sent out from the AP (typically every 100 milli second) to announce the presence of a wireless LAN. This frame contain many information like SSID, Capability information, Supported rates etc. [More about becon @ http://www.wi-fiplanet.com/tutorials/print.php/1492071] Laptops listens to these becon frames and connect to the desired WLAN. The process of listening to beacon is called Passive Scanning.

Whereas in Active Scanning clients will search for APs' through probe request. Active scanning is required when enabled the "SSID Hide" in AP. APs' respond with a probe response frame, containing capability information, supported data rates, etc., when after it receives a probe request frame.

Authentication, Association and Re-association

  Authentication

  Authentication frame: 802.11 authentication is a process whereby the access point either accepts or rejects the identity of a radio NIC. The NIC begins the process by sending an authentication frame containing its identity to the access point. With open system authentication (the default), the radio NIC sends only one authentication frame, and the access point responds with an authentication frame as a response indicating acceptance (or rejection). With the optional shared key authentication, the radio NIC sends an initial authentication frame, and the access point responds with an authentication frame containing challenge text. The radio NIC must send an encrypted version of the challenge text (using its WEP key) in an authentication frame back to the access point. The access point ensures that the radio NIC has the correct WEP key (which is the basis for authentication) by seeing whether the challenge text recovered after decryption is the same that was sent previously. Based on the results of this comparison, the access point replies to the radio NIC with an authentication frame signifying the result of authentication.

  Deauthentication frame: A station sends a deauthentication frame to another station if it wishes to terminate secure communications.

  Association

  Association request frame: 802.11 association enables the access point to allocate resources for and synchronize with a radio NIC. A NIC begins the association process by sending an association request to an access point. This frame carries information about the NIC (e.g., supported data rates) and the SSID of the network it wishes to associate with. After receiving the association request, the access point considers associating with the NIC, and (if accepted) reserves memory space and establishes an association ID for the NIC.

  Association response frame: An access point sends an association response frame containing an acceptance or rejection notice to the radio NIC requesting association. If the access point accepts the radio NIC, the frame includes information regarding the association, such as association ID and supported data rates. If the outcome of the association is positive, the radio NIC can utilize the access point to communicate with other NICs on the network and systems on the distribution (i.e., Ethernet) side of the access point.

  Reassociation

  Reassociation request frame: If a radio NIC roams away from the currently associated access point and finds another access point having a stronger beacon signal, the radio NIC will send a reassociation frame to the new access point. The new access point then coordinates the forwarding of data frames that may still be in the buffer of the previous access point waiting for transmission to the radio NIC.

  Reassociation response frame: An access point sends a reassociation response frame containing an acceptance or rejection notice to the radio NIC requesting reassociation. Similar to the association process, the frame includes information regarding the association, such as association ID and supported data rates.

Beacon and Probe

  Beacon frame: The access point periodically sends a beacon frame to announce its presence and relay information, such as timestamp, SSID, and other parameters regarding the access point to radio NICs that are within range. Radio NICs continually scan all 802.11 radio channels and listen to beacons as the basis for choosing which access point is best to associate with.

  Probe request frame: A station sends a probe request frame when it needs to obtain information from another station. For example, a radio NIC would send a probe request to determine which access points are within range.

  Probe response frame: A station will respond with a probe response frame, containing capability information, supported data rates, etc., when after it receives a probe request frame.

Interference

Interference is anything which modifies, or disrupts a signal as it travels along a channel between a source and a receiver. The term typically refers to the addition of unwanted signals to a useful signal.

Effects of Interference

> A decrease in the wireless range between devices
> A decrease in data throughput over Wi-Fi
> Intermittent or complete loss of the wireless connection

Causes of Interference

The five main interference factors are :

1.) Absorption
2.) Reflection
3.) Multipath
4.) Scattering
5.) Refraction

Some common causes of interference can be found @ http://packetworks.net/blog/common-causes-of-wifi-interference

How to avoid common Interference



Frequencies and Channels

What is a channel?

In a communication network a channel refers to a physical transmission medium such as a wire, or to a logical connection over a multiplexed medium such as a radio channel. A channel is used to convey an information signal, for example a digital bit stream, from one or several senders (or transmitters) to one or several receivers. A channel has a certain capacity for transmitting information, often measured by its bandwidth in Hz or its data rate in bits per second.

In a Wireless network each wireless radio operates on a configured radio frequency (RF) channel identified by numbers. A radio assigned to a particular channel both transmits and receives all traffic on that channel.

Depending upon the network configuration, some channels might have less interference than others. Choosing the right channel lets you optimize performance.

There are 14 channels designated for wireless networks in the 2.4-GHz frequency band and 42 channels in the 5-GHz frequency band.

The 14 channels in the 2.4-GHz band are spaced 5 MHz apart. The protocol requires 25 MHz of channel separation, meaning that it is possible for adjacent channels to overlap and then interfere with each other. For this reason, only channels 1, 6, 11 are typically used in the US to avoid interference. In the rest of the world, the four channels 1, 5, 9, 13 are typically recommended. The 2.4-GHz frequency band is heavily used because most devices can operate on that band.

The 5-GHz band is actually four frequency bands: 5.1 GHz, 5.3 GHz, 5.4 GHz, and 5.8 GHz. The 5-GHz band has a total of 24 channels with 20- MHz bandwidth available. Unlike the 2.4-GHz band, the channels are non-overlapping, therefore all channels have the potential to be used in a single wireless system. Because only 802.11a devices formerly used this band (occasionally 802.11n uses it also) this band is less crowded and targeted for increased use for new 802.11 technologies under development.

For best performance, choose a channel at least 5 channels apart from your neighbors' networks. Determine this by completing a site survey—a site survey includes a test for RF interference.

Try to use non-overlapping channels (eg. 1, 6, 11), or minimize overlap of signals by using channels as far apart as possible from other networks in range.

List of WLAN channels can be found at http://en.wikipedia.org/wiki/List_of_WLAN_channels

What is Frequency?

Frequency is the number of occurrences of a repeating event per unit time. Radio Frequency, which range around 3KHz to 300GHz is used for communication (basically a wifi network works at 2.4 GHz to 5GHz).

The 802.11 workgroup currently documents use in five distinct frequency ranges: 2.4 GHz, 3.6 GHz, 4.9 GHz, 5 GHz, and 5.9 GHz bands.

Site Surveying

A radio frequency (RF) site survey is the first step in the deployment of a Wireless network and the most important step to ensure desired operation. A site survey is a task-by-task process by which the surveyor studies the facility to understand the RF behavior, discovers RF coverage areas, checks for RF interference and determines the appropriate placement of Wireless devices.


Useful Links


Sunday, 16 February 2014

Emulating Cisco ASA 8.4.2 on GNS3 [ Included GNS3 1.3 - Updated on 07/04/2015]

This post will take you through a step-by-step guide to emulate Cisco ASA 8.4.2 on GNS3. In GNS3 QEMU is an emulator which emulates the hardware environment for a Cisco ASA device. Please make sure that your computer have got at least 4GB of RAM before you begin.

The below steps are pretty simple and straight forward. So let's begin.

Edit on 28/10/2014: On the latest version of GNS3 i.e   GNS3 1.0, adding ASA from Qemu is a little different. Just follow the steps mentioned under the topic 'In GNS3 1.0' below.

1.) Download and install GNS3. You can get the software from http://www.gns3.com . You may need to register/login to get the software.

2.) Get a copy of ASA 8.4.2 code. You can get it from your live ASA device by copying the image to a TFTP server.

3.) Unpack the image and you will get two files, asa842-initrd.gz and asa842-vmlinuz.

[For GNS3 1.0 (latest) follow the steps under the topic 'In GNS3 1.0']

4.) Now Open GNS3 and go to Edit -> Preferences -> Qemu -> ASA.

5.) Configure the 'ASA Settings' and 'ASA Specific Settings' like below:

Identifier name: Cisco-ASA

RAM : 1024 MiB

Number of NICs : 6

Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32

Initrd: Browse and select the 'asa842-initrd.gz' file from the unpack process

Kernel: Browse and select the 'asa842-vmlinuz' file from the unpack process

Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536

Finally click Save and click OK. Also refer the below screenshot for more info regarding the above configuration.



Now drag and drop ASA Firewall to the project area and start configuring your ASA device!



In GNS3 1.0 [Edit on 28/10/2014]

Follow up to step 4 above.

1.) Expand QEMU  > QEMU VMs

2.) Click New and type a name of your ASA device

3.) Select the type as ASA 8.4(2) and click Next

4.) Leave the Qemu binary and RAM as it is and click Next

5.) Now browse the initrd and Kernal image which you have extracted before and click Finish

That's it! You are done with ASA configuration in GNS3. No need to give Qemu Options or Kernel cmd line, everything is already set in GNS3. Below you can find a screenshot of the configuration.


Now go to your GNS3  > Security devices and drag your ASA to work-space, enjoy!



Add ASDM and connect your ASA

You can connect ASA from the computer from which you are running GNS3. Follow the steps below to do this:

1.) Add a Microsoft Loop-back to your computer (refer http://www.groovypost.com/howto/install-loopback-adapter-windows-8-server-2012/) and provide an IP address as below (use any IP) :


2.) Drag and drop 'Cloud' to the GNS3 work-space and connect it with an Ethernet Switch. Refer below screenshot :


3.) Configure 'Cloud' and add the Loop-back adapter which you have added instep 1 as mentioned in below figure:



4.) Take a console session to your ASA from GNS3 and configure one of its interface like below:

interface GigabitEthernet1
 nameif inside
 security-level 100
 ip address 192.168.1.10 255.255.255.0

5.) Now try to ping your computer's Loopback IP from ASA and vice-verse (Make sure that you disable firewall/antivirus etc on your local PC which is installed with GNS3.)

6.) Download ASDM ( asdm-649.bin) 

7.) Install a TFTP server in your local PC and keep the above file in its root directory.

8.) Now upload the asdm-649.bin to the ASAs' flash using the below commands: (If the upload fails , then try disabling any other network adapter other than the Loop-back adapter temporarily and try)

ciscoasa# copy tftp: flash:
Address or name of remote host? 192.168.1.100
Source filename? asdm-649.bin
Destination filename [asdm-649.bin]?

Accessing tftp://192.168.1.100/asdm-649.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
18927088 bytes copied in 143.10 secs (132357 bytes/sec)

9.) Initiate the below commands to load ASDM on the ASA and enable http server:

ciscoasa(config)# asdm image flash:asdm-649.bin
ciscoasa(config)# http server enable
ciscoasa(config)# http 192.168.1.10 255.255.255.0 inside
ciscoasa(config)# username admin password 1234 privilege 15

ciscoasa(config)# write memory

10.) Now get to your local PC, open a browser and type https://192.168.1.10 and you will get a page open like below:


11.) Click on 'Run ASDM' and enter with the username and password which you have created on step 9. You will be presented with the ASA dashboard.



I hope this helps. You can expect ASA configuration examples and tech notes soon in my blog.