Please enable JavaScript.
Coggle requires JavaScript to display documents.
11 - Wireless Networks - Wi-fi - Coggle Diagram
11 - Wireless Networks - Wi-fi
General
wireless network = unbound network
wired network = bound network
IEEE 802.11 = Wifi standard
2 modes
Ad hoc (alias peer-to-peer) mode = two wireless devices can communicate together (no central device)
Ad hoc supports only WEP
Wifi direct (ad hoc upgraded version) supports WPA2 and WPA3
infrastructure mode
Require a Wireless Access Point (WAP)
Variations
Stand-alone mode
Connect wireless clients to one another but not to any wired resources
wired extensions
Connection point linking wireless clients to the wired network
enterprise extended
Multiple WAP are used to connect a large physical area to the same wired network
Each WAP will use the same ESSID
bridge
When a wireless connection is used to link two wired networks
Types of access points
Thin access points: transmit radio signal to a wireless controller where routing is done
Fat access point: operates as a standalone wireless solution
Types of SSID
Extended SSID (ESSID)
User when there are multiple WAPs supporting the same network by name over a larger area
Independent Service Set Identifier (ISSID)
Used by Wi-Fi Direct or in ad hoc mode
Basic SSID (BSSID)
MAC address of the base station
Wireless channels
2.4 Ghz
Better for far distance between APs and wall penetration
Overlapping between channels
Can use only channels 1,6,11 simultaneously
5 GHz
Faster, but worse wall penetration
No interference between channels
Site survey
Assessment of wireless signal strength, quality and interference using an RF signal detector
Goal: maximize performance in the desired areas while minimizing ease of unauthorized access in external areas
Produce a heatmap
Wi-fi security
Wi-Fi security standards
Wired Equivalent Privacy (WEP)
2 authentication methods
Open System Authentication (OSA)
Often cleartext
No real authentication
Shared Key Authentication (SKA)
Uses a predefined shared RC4 secret key for authentication and encryption
Wi-Fi Protected Access (WPA)
Does not use the same static key to encrypt all communications. It negotiates a unique key set with each host.
Separate authentication from encryption
Uses a predefined shared RC4 secret key
Wrap RC4 with TKIP/LEAP
Wi-Fi Protected Access 2 (WPA2) / Wi-Fi Protected Access 3 (WPA3)
Uses AES-CCMP for encryption
Authentication options
IEEE 802.1X / enterprise (ENT)
RADIUS
UDP/1813: accounting
UDP/1812: authentication and authorization
EAP methods
Protected EAP (PEAP)
TLS + password (MSCHAPv2)
EAP-TLS
mTLS + certificates
EAP-TTLS
TLS + flexible inner methods
Password Authentication Protocol (PAP)
Challenge-Handshake Authentication Protocol (CHAP)
MSCHAP
Preshared Key (PSK) / personal (PER)
Wi-Fi Protected Setup (WPS)