2 cissp ® Official Study Guide Eighth Edition

Securing Wireless Access Points

Download 19,3 Mb.

Pdf ko'rish

bet	443/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 439 440 441 442 443 444 445 446 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Securing Wireless Access Points
Wireless cells
are the areas within a physical environment where a wireless device can con-
nect to a wireless access point. Wireless cells can leak outside the secured environment and
allow intruders easy access to the wireless network. You should adjust the strength of the
wireless access point to maximize authorized user access and minimize intruder access.
Doing so may require unique placement of wireless access points, shielding, and noise
transmission.
802.11
is the IEEE standard for wireless network communications. Various versions
(technically called amendments) of the standard have been implemented in wireless net-
working hardware, including 802.11a, 802.11b, 802.11g, and 802.11n. 802.11x is some-
times used to collectively refer to all of these specific implementations as a group; however,
802.11 is preferred because 802.11x is easily confused with 802.1x, which is an authentica-
tion technology independent of wireless. Each version or amendment to the 802.11 stan-
dard offered slightly better throughput: 2 MB, 11 MB, 54 MB, and 200 MB+, respectively,
as described in Table 11.7. The b, g, and n amendments all use the same frequency; thus,
they maintain backward compatibility.

474
Chapter 11
■
Secure Network Architecture and Securing Network Components
TA b l e 11. 7
802.11 wireless networking amendments
Amendment
Speed
Frequency
802.11
2 Mbps
2.4 GHz
802.11a
54 Mbps
5 GHz
802.11b
11 Mbps
2.4 GHz
802.11g
54 Mbps
2.4 GHz
802.11n
200+ Mbps
2.4 GHz or 5 GHz
802.11ac
1 Gbps
5 GHz
When you’re deploying wireless networks, you should deploy wireless access points con-
fi gured to use
infrastructure mode
rather than
ad hoc mode
. Ad hoc mode means that any
two wireless networking devices, including two wireless network interface cards (NICs),
can communicate without a centralized control authority. Infrastructure mode means that
a wireless access point is required, wireless NICs on systems can’t interact directly, and the
restrictions of the wireless access point for wireless network access are enforced.
Within the infrastructure mode concept are several variations, including stand-alone,
wired extension, enterprise extended, and bridge. A
stand-alone
mode infrastructure occurs
when there is a wireless access point connecting wireless clients to each other but not to any
wired resources. The wireless access point serves as a wireless hub exclusively. A
wired exten-
sion
mode infrastructure occurs when the wireless access point acts as a connection point to
link the wireless clients to the wired network. An
enterprise extended
mode infrastructure
occurs when multiple wireless access points (WAPs) are used to connect a large physical area
to the same wired network. Each wireless access point will use the same
extended service set
identifi er (ESSID)
so clients can roam the area while maintaining network connectivity, even
while their wireless NICs change associations from one wireless access point to another. A
bridge
mode infrastructure occurs when a wireless connection is used to link two wired net-
works. This often uses dedicated wireless bridges and is used when wired bridges are inconve-
nient, such as when linking networks between fl oors or buildings.
The term
SSID
(which stands for
service set identifier
) is typically misused
to indicate the name of a wireless network. Technically there are two types
of SSIDs, namely
extended service set identifier (ESSID)
and
basic service
set identifier (BSSID)
. An ESSID is the name of a wireless network when a
wireless base station or WAP is used (i.e., infrastructure mode).
Indepen-
dent service set identifier (ISSID)
is the name of a wireless network when in
ad hoc or peer-to-peer mode (i.e., when a base station or WAP is not used).
However, when operating in infrastructure mode, the BSSID is the MAC
address of the base station hosting the ESSID in order to differentiate mul-
tiple base stations supporting a single extended wireless network.

Wireless Networks
475
Wireless Channels
Within the assigned frequency of the wireless signal are subdivisions of that frequency
known as
channels
. Think of channels as lanes on the same highway. In the United States
there are 11 channels, in Europe there are 13, and in Japan there are 14. The differences
stem from local laws regulating frequency management (think international versions of
the United States’ Federal Communications Commission).
Wireless communications take place between a client and access point over a single
channel. However, when two or more access points are relatively close to each other
physically, signals on one channel can interfere with signals on another channel. One way
to avoid this is to set the channels of physically close access points as differently as pos-
sible to minimize channel overlap interference. For example, if a building has four access
points arranged in a line along the length of the building, the channel settings could be 1,
11, 1, and 11. However, if the building is square and an access point is in each corner, the
channel settings may need to be 1, 4, 8, and 11.
Think of the signal within a single channel as being like a wide-load truck in a lane on the
highway. The wide-load truck is using part of each lane to either side of it, thus making
passing the truck in those lanes dangerous. Likewise, wireless signals in adjacent chan-
nels will interfere with each other.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 439 440 441 442 443 444 445 446 ... 881