3Com Secure Converged Network ( Wireless LAN ) - PowerPoint PPT Presentation

1 / 45

About This Presentation

Title:

3Com Secure Converged Network ( Wireless LAN )

Description:

3Com Secure Converged Network Wireless LAN – PowerPoint PPT presentation

Number of Views:193

Avg rating:3.0/5.0

Slides: 46

Provided by: john3170

Category:

more less

Transcript and Presenter's Notes

Title: 3Com Secure Converged Network ( Wireless LAN )

1
3Com Secure Converged Network ( Wireless LAN )

December 2005 gtgt Mr. Anusit Ratchadalertnarong
Anusit_ratchadalertnarong_at_3com.com

2
Technology Forces

Miniaturization, portability, mobile power
Increasing bandwidth, wired and wireless
Convergence data, voice, video,
Connection and connection-less models
Virtualization compute, storage, network
Service oriented architectures integration

3
Broadband Wireless Access Evolution
Mass-production
Production
Pilots
Concept
EDGE
HSUPA
GSM
GPRS
TD-CDMA / UMTS-TDD
UMTS/WCDMA
HSDPA
EDGEPh2
ETSI
CDMA 1x EV-DO
CDMA 1x EV-DV
CDMAIS-95A
CDMA 2000 1xRTT
IEEE
802.16e
802.16a
802.16-2004
802.20
MC-CDMA / Navini
Proprietary
Flash OFDM / Flarion
TDMA/FDMA/SDMA / iBurst
4
What is WiMAX?

WiMAX Worldwide Interoperability for Microwave
Access
Refers to wireless technologies based on 802.16
standard
Standard designed to provide cost-effective
fixed, portable, and eventually mobile broadband
connectivity at speeds as fast or faster than
cable/DSL for residential and T1/E1 for
businesses
Fixed WiMAX applications
Residential and business connectivity where
cable/DSL or fiber not available
Rural and suburban areas of developed countries
and developing countries
Mobile WiMAX applications
Personal broadband experience for consumer
Urban areas become MetroZones for broadband
access everywhere

5
Broadband Wireless Sweet Spot
6
WiMAX Network Models Time Frames
Access 2005
Portable 2006
Mobile 2007/8
Metrozone
Fixed Outdoor
Fixed Indoor
Enterprise Campus Piconet
Backhaul
Wi-Fi Hotspot
Mobile
7
WiMAX Technology Overview
8
Broadband Wireless Access Evolution
Mass-production
Production
Pilots
Concept
EDGE
HSUPA
GSM
GPRS
TD-CDMA / UMTS-TDD
UMTS/WCDMA
HSDPA
EDGEPh2
ETSI
CDMA 1x EV-DO
CDMA 1x EV-DV
CDMAIS-95A
CDMA 2000 1xRTT
IEEE
802.16e
802.16a
802.16-2004
802.20
MC-CDMA / Navini
Proprietary
Flash OFDM / Flarion
TDMA/FDMA/SDMA / iBurst
9
Choose Your 802.11 Flavor with No Limit to Your
Security Preference
802.11a 802.11b 802.11g
Standard Ratified 2002 1999 2003
Radio Band 5GHz 2.4GHz 2.4GHz
Data Rates Up to 54Mbps Up to 11Mbps Up to 54Mbps
Coverage Area Up to 50 Meters Up to 100 Meters Up to 100 Meters
Pros Less potential for interference Good support for multimedia apps and densely populated user environments Large installed base Compatible with 802.11b High data rates and broad coverage area
Cons Requires hardware upgrade Less coverage area Slower data rate Interference in 2.4GHz band Interference in 2.4GHz band
10
More Channels Avoids Interference
802.11a/g
802.11b/g
1
1
Distance to Center Cell
2
2
4
3
3
3
3
7
6
14
1
10
1
1
1
10
2
13
2
2
2
12
3
3
3
3
1
3
7
16
1
1
14
1
11
1
2
2
2
2
4
6
8
13
3
3
3
5
15
10
1
1
1
10
13
1
8
2
2
2
15
3
9
3
3
6
9
1
12

16 non-overlapping channels and 408.5MHz of
spectrum at 2.4 and 5GHz makes it possible to set
up networks without co-channel interference for
enterprises, public hot spots, and other large
installations
3 non-overlapping channels and 83.5MHz of
spectrum at 2.4GHz make co-channel interference
and performance degradation inevitable

11
802.11X Standards

WLAN Systems
802.11a 5GHz System, 54 Mbps
802.11b 2.4GHz System, 11 Mbps
802.11g 2.4GHz System, 54 Mbps
WLAN Enhancements
802.11c MAC Routing (moved to 802.1c)
802.11d Country compatibility (roaming) for
802.11b
802.11e Enhanced MAC for QoS
802.11f Inter Access Point Protocol
802.11h Channel Selection and Transmit Power for
802.11a
802.11i Secure MAC
802.11j Channel Selection for Japan
802.11k Client feedback
802.11n High speed
802.11r Roaming
802.11s Defines a MAC and PHY for meshed networks
802.1X Authentication

12
WLAN Deployment Considerations

Site planning
Coverage and Capacity
Mobility
Roaming User management
RF Management
Rogue detection
Power Channel management
Security
Authentication Encryption
Network Management
Network Extension

13
3Com Secure Converge Network
3Com Switch 7750/8800
3Com TippingPoint
3Com VCX System
3Com Router
Video Server
3Com SuperStack 3 Switch
3Com AP 8250/7250
3Com AP 3750
3Com AP 2750
3Com AP 2750
Mobile User
Multicast User
Wi-Fi PDA
Mobile User
Wi-Fi Phone
14
Site Planning
15
3Com Secure Converge Network
3Com Switch 7750/8800
3Com TippingPoint
3Com VCX System
3Com Router
3Com Wireless Switch Manager
3Com Wireless Switch
Video Server
3Com SuperStack 3 Switch
3Com AP 8250/7250
3Com AP 3750
3Com AP 2750
3Com AP 2750
Mobile User
Multicast User
Wi-Fi PDA
Mobile User
Wi-Fi Phone
16
Easy and Powerful Site Planning

Plan and Configure
Enter building plans, including walls wall
materials
Result
AP location recommendations for coverage pattern
Predictive modeling capabilities allow user to
try different scenarios
Deploy and Manage
Install APs as described in the deployment plan
Management software will sweep the environment
and adjust channel and power settings to optimize
the network

3Coms Wireless Switch Manager Deployment
Software Tool
17
Mobility
18
3Com Secure Converge Network
3Com Switch 7750/8800
3Com TippingPoint
3Com VCX System
3Com Router
3Com Wireless Switch Manager
3Com Wireless Switch
Video Server
Wireless Roaming Wi-Fi Multimedia ( WMM)
3Com SuperStack 3 Switch
3Com AP 8250/7250
3Com AP 3750
3Com AP 2750
3Com AP 2750
Mobile User
Multicast User
Wi-Fi PDA
Mobile User
19
RF Management
20
RF ManagementCentralized Control of AP
Environment
3Com Wireless Switch

Dynamic real time control of RF environment
Centralized control of AP radios, including
Channel selection and amplification
Automatic channel assignment
Load balancing based on of users and traffic to
optimize throughput
Adjust radio power to eliminate coverage gaps,
even on large networks
Allows direct control of RF optimization
Control of all radio channels gain

21
3Com Secure Converge Network
3Com Switch 7750/8800
3Com TippingPoint
3Com Router
3Com Wireless Switch Manager
3Com Wireless Switch
Video Server
3Com SuperStack 3 Switch
3Com AP 8250/7250
3Com AP 3750
3Com AP 2750
3Com AP 2750
Mobile User
Multicast User
Wi-Fi PDA
Wi-Fi Phone
Rogue AP
22
Intrusion Detection System ( IDS )

RF Management
Listen to all communication
Correlate Data
Identify
Rogue APs
Users of rogue APs
Ad hoc user groups
Locate
Triangulation
Improves with density
Active Scan
Utilization of all radios all the time

RF Management
23
3Com Secure Converge Network
3Com Switch 7750/8800
3Com TippingPoint
3Com Router
3Com Wireless Switch Manager
3Com Wireless Switch
Video Server
Rogue Detection and Containment
3Com SuperStack 3 Switch
3Com AP 8250/7250
3Com AP 3750
3Com AP 2750
3Com AP 2750
Mobile User
Multicast User
Wi-Fi PDA
Wi-Fi Phone
Rogue AP
24
Security
25
Two Key Elements in Security ProtectionAuthentic
ation Encryption
Safeguard Data Broadcast
Valid User???

Authentication
Is this a valid user of your network?
Is this user who you think he is?
Verify with password control access lists

Encryption
Wireless data is by nature broadcast
Scramble data to safeguard the data network
Need sophisticated algorithms for best protection

Need both Authentication Encryption for
Protection
26
What Types of Authentication are There?

Authenticate to prove user identity
802.11 Authentication
Shared key based (password)
Happens before Access Point association
Open system (no authentication)
MAC address filtering (aka local MAC
authentication)
Shared key (encrypted challenge with WEP key)
802.1X Authentication
Certificate based
Happens after Access Point association
Uses Extended Authentication Protocol (EAP)
Offers full suite of secure authentication
protocols
LEAP, PEAP, EAP-TLS, EAP-TTLS,
Much better than 802.11 authentication

27
Auto VLAN and QoS Assignment using 802.1X
HR
Red VLAN
Bule VLAN
28
Auto VLAN Assignment using 802.1X with Wireless
Access Points
HR
Red VLAN
Bule VLAN
29
3Com Secure Converge Network
3Com Switch 7750/8800
3Com TippingPoint
3Com VCX System
3Com Router
3Com Wireless Switch Manager
3Com Wireless Switch
Video Server
IEEE 802.1x ( User name Password ) Radius
Authenticated Devices Access ( RADA)
3Com SuperStack 3 Switch
3Com AP 8250/7250
3Com AP 3750
3Com AP 2750
3Com AP 2750
Multicast User
Wi-Fi PDA
Wi-Fi Phone
30
Radius Authenticated Devices Access ( RADA )
HR
Red VLAN
Bule VLAN
31
What Types of Wireless Security Options Do I
Have?

Remember
Authenticate
Message Integrity Check
Encrypt

OPEN
No authentication
CRC message checking
No encryption
WEP/WEP2
Optional MAC address filtering (aka local MAC
authentication)
CRC message checking
Static shared key encryption (password)
40/104-bit RC4 cipher key
WEP2 adds a rotating key (e.g. DSL or LEAP)
WPA (ratified July 2003)
802.1X authentication (requires EAP)
MIC/CRC message checking
TKIP (128-bit RC4 cipher rotating, 128-bit AES
optional)
802.11i (ratified June 2004)
802.1X authentication (requires EAP)
MIC/CRC message checking
TKIP or AES (256-bit AES is mandatory)

Stronger Security
32
WarChalking
33
Wireless Tools

Types of Monitoring tools
Stumbling
Sniffing
Handheld
Hacking tools
WEP Cracking
ARP Spoofing

34
Netstumbler

http//www.netstumbler.com
Free
Window based
Very simple GUI
GPS capable

35
Wellenreiter

http//www.remote-exploit.org
Free
Linux based
Supports many
wireless cards
GPS capable

36
AirMagnet

http//www.airmagnet.com/
Pocket PC based

37
WEP Cracking Tools

WEPCrack
http//wepcrack.sourceforge.net/
AirSnort
http//sourceforge.net/projects/airsnort/
BSD-Tools dweputils
http//www.dachb0den.com/projects/dweputils.html

38
New 802.11i Security

Addresses the main problems of WEP and Shared-Key
Authentication
Temporal Key Integrity Protocol (TKIP)
Message Integrity Control Michael
AES Encryption replacement for RC4
Robust Security Network (RSN)
Require new wireless hardware
Ratification YE 2004

39
Information Security Hype Cycle
Visibility
Key Time to Plateau
Less than two years Two to five years Five to 10
years More than 10 years Obsolete before Plateau
Instant Messaging Security
Deep Packet Inspection Firewalls
Spam Filtering
All-in-One Security Appliances
Patch Management
Secure Sockets Layer VPNs
Personal Intrusion Prevention
Web Services Security Standards
Vulnerability Management
Hardware Tokens
Federated Identity
Security Smart Cards
Scan and Block
Biometrics
Secure Sockets Layer/Trusted Link Security
Reduced Sign-On
Trusted Computing Group
Managed Security Service Providers
Identity Management
Security Platforms
Data-at-Rest Encryption Appliances
Public Key Operations/ Soft Tokens
Digital Rights Management (enterprise)
Intrusion Detection Systems
WPA Security
Compliance Tools
As of June 2004
Technology Trigger
Peak of Inflated Expectations
Trough of Disillusionment
Slope of Enlightenment
Plateau of Productivity
Maturity
Acronym Key VPN virtual private network WPA Wi-Fi
Protected Access
40
3Com Secure Converge Network
3Com Switch 7750/8800
3Com TippingPoint
3Com VCX System
3Com Router
3Com Wireless Switch Manager
3Com Wireless Switch
Video Server
3Com SuperStack 3 Switch
3Com AP 8250/7250
3Com AP 3750
3Com AP 2750
3Com AP 2750
Mobile User
Multicast User
Wi-Fi PDA
Mobile User
Wi-Fi Phone
41
3Com IPS Primary Function Block Malicious
Traffic

External Attackers
Industrial Spies
Govt Spies
Terrorists
Cyber Thieves
Pranksters

TippingPoint blocks malicious traffic in the
network before it damages your companys
information assets

Internal Attackers
Disgruntled Employees
Dishonest Employees

Good traffic passes through
The IPS blocks malicious traffic based on filters
settings.
Valid User Application Traffic
Cisco IOS
42
3Com TippingPoint Quarantine ServiceSecure
Converged Networks

TippingPoint Intrusion Protection Systems works
with 3Com switches for Quarantine Protection
Quarantine protects endpoints and enforces policy
Requires no software client or agent
Protection is flexible, automatic and fast

Switch 7750/5500
43
3Com Wireless Enterprise Solution
44
3Com Wireless Switch Solution
3Com Wireless LAN Controller WX4400