Wireless Communication

1. Introduction

The term "wireless" has become a generic and all-encompassing word used to describe communications in which electromagnetic waves or RF (rather than some form of wire) carry a signal over part or the entire communication path.

It is the transfer of information over a distance without the use of electrical conductors or "wires".

The distances involved may be short (a few meters as in television remote control) or long (thousands or millions of kilometers for radio communications). When the context is clear, the term is often shortened to "wireless". Wireless communication is generally considered to be a branch of telecommunications.

2. Examples

It encompasses various types of fixed, mobile, and portable two-way radios, cellular telephones, personal digital assistants (PDAs), and wireless networking. Other examples of wireless technology include GPS units, garage door openers and or garage doors, wireless computer peripherals ( like mice, keyboards and headsets ), satellite television, wireless gaming and cordless telephones.

3. Modes of Wireless Communication

Wireless communication can be via:

• radio frequency communication,
• microwave communication, for example long-range line-of-sight via highly directional antennas, or short-range communication, or
• infrared (IR) short-range communication, for example from remote controls or via Infrared Data Association (IrDA).

1.    Applications

Applications may involve point-to-point communication, point-to-multipoint communication, broadcasting, cellular networks and other wireless networks.

2.    Advantages of Wireless Communication

1. Mobility

Provides access to real-time information anywhere in the organization. Boosts productivity and service opportunities not possible  with wired network.

2. Installation Speed and Simplicity

Fast and easy installation and eliminate the need to pull cable through walls and ceilings.

3. Installation flexibility

            Allows the network to go where wire can’t go.

4. Reduced Cost of Ownership

Though the initial investment is high, it supports long time cost benefits in dynamic environment requiring frequent moves and changes.

5. Scalability

Change of configuration from peer-to-peer networks suitable for a small no. of users to full infrastructure networks of thousands of users that enable roaming over broad area.

  Radio Frequency (RF) Fundamentals

1. Introduction to Radio Frequency

Radio frequencies are high frequency alternating current (AC) signals that are passed along a copper conductor and then radiated into the air via an antenna.  An antenna converts/transforms a wired signal to a wireless signal and vice versa. When the high frequency AC signal is radiated into the air, it forms radio waves.  These radio waves propagate (move) away from the source (the antenna) in a straight line in all directions at once.

If you can imagine dropping a rock into a still pond (Figure 2.1) and watching the concentric ripples flow away from the point where the rock hit the water, then you have an idea of how RF behaves as it is propagated from an antenna.  Understanding the behavior of these propagated RF waves is an important part of understanding why and how wirelesses LANs function. Without this base of knowledge, an administrator would be unable to locate proper installation locations of equipment and would not understand how to troubleshoot a problematic wireless LAN. 

FIGURE 2.1 Rock into a pond

2. Basic Components of RF Communication

1. RF Transmitter

2. Antenna System

3. RF Propagation

4. RF Receiver

3. Modes of Propogation

1. Ground wave propagation

For freq. less than 2 Mhz, Used in A.M Radio

2. Sky wave propagation

                   Uses ionization layer for reflection, Freq: 2-30 Mhz.

3. Line of sight propagation

           Freq: >30 Mhz.

    Remote Site Connection

3.1        Introduction to Remote Access

In telecommunication, the term remote access pertains to communication with a data processing facility from a remote location or facility through a data link. One of the more common methods of providing this type of remote access is using a VPN.

Remote access can refer to remote desktop, remote terminal (like telnet) or any type of remote application (including remote browser).For remote access, individual authorization codes are usually required.

1. Ways to connect remote sites

There are two ways to connect to a remote site:

1. Use a dedicated line (a private network).
2. Use the Internet.

1. Not private, so need to secure the connection.
2. Want to keep internal network hidden from Internet.
3. Want to allow two sites to access LAN at each site as if part of same network.
4. The secure access using the Internet instead of a dedicated line is what makes it a Virtual, Private Network.

1.     Why VPN ???

1. WAN connections between the main corporate network and branch offices require flexibility.
2. Use of dedicated leased lines or frame-relay circuits are expensive.
3. Such circuits do not provide the flexibility required for quickly creating new partner links or supporting project teams in the field.
4. Number of telecommuters is growing.
5. Sales force is becoming more mobile.
6. Building modem banks and remote-access servers do not provide the necessary flexibility for growth.
7. Fast, secure and reliable connection between separated networks.
8. Full access on resources from everywhere -> building a virtual local connection.
9. Reasonable access: building connection only to local ISP (Internet Service Provider).

   Virtual Private Network (VPN)

4.1     HISTORY

VPN was developed in 1995 by the Automotive Industry Action Group to facilitate communication in a secure way among automotive manufacturers, dealers, and suppliers.

4.2    Introduction to VPN

As the popularity of the Internet grew, businesses turned to it as a means of extending their own networks. First came intranets, which are password-protected sites designed for use only by company employees. Now, many companies are creating their own VPN (virtual private network) to accommodate the needs of remote employees and distant offices.

          B asically, a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses "virtual" connections routed through the Internet.

          In VPN, “virtual” implies that the network is dynamic, with connections set up according to organizational needs. It also means that the network is formed logically, regardless of the physical structure of the underlying network (the internet).Unlike the leased lines used in traditional corporate networks, VPNs do not maintain permanent links between the end points that make up the corporate network. Instead, when a connection between two sites is needed, it is created; when the connection is no longer needed, it is torn down, making the bandwidth and other network resources available for other users. Thus the connections making up a VPN do not have the same physical characteristics as the hard-wired connections used on the LAN, for instance.

        Virtual private networks help distant colleagues work together, much like desktop sharing.

4.3    Overview of VPN

Virtual Private Network:

1. Service offering secure communication across a public network.
2. “A virtual private network is the extension of a private network that     encompasses links across shared or public networks like the internet”.

              (Microsoft, White Paper –Virtual Private Networking in Windows 2000)

3. Cisco defines a VPN as “an encrypted connection between private networks over a public network, such as the Internet”.
4. VPN provides a secure pathway for data from end to end among multiple computers.
5. Virtual Private Networks are subscription based.
6. VPN uses TCP/IP layers 1 and 2.
7. VPNs are used for remote access.
8. VPN uses one of the following two methods:

8.1. Point-to-Point Tunneling

8.2. IPSec

FIGURE 4.1 VPN Model

4.3.1   Tunneling

1. Tunneling is the method for transferring data of a private network over a public network.
2. Tunnels are special pathways through public Internet.
3. Tunnel is a logical path using a special encryption method, through which encapsulated packets travel.
4. Tunneling allows one network to send data through another network securely.
5. Microsoft provides PPTP (Point-to-Point Tunneling Protocol) software.
6. PPTP is based on PPP and TCP/IP
7. PPP offers authentication, privacy, and compression
8. IP provides routing capability for the packet
9. Tunneling is achieved by PPTP by wrapping information inside IP packets.

FIGURE 4.2 Tunneling Diagram

Tunneling requires three different protocols:

Carrier protocol 

 The protocol used by the network that the information is traveling over

Encapsulating protocol

 The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped around the original data

Passenger protocol

 The original data (IPX, NetBeui, IP) being carried

Tunneling has amazing implications for VPNs. For example, you can place a packet that uses a protocol not supported on the Internet (such as NetBeui) inside an IP packet and send it safely over the Internet. Or you could put a packet that uses a private (non-routable) IP address inside a packet that uses a globally unique IP address to extend a private network over the Internet.

4.3.1.1        Tunneling: Site-to-Site

 In a site-to-site VPN, GRE (generic routing encapsulation) is normally the e ncapsulating protocol that provides the framework for how to package the passenger protocol for transport over the carrier protocol, which is typically IP-based. This includes information on what type of packet you are encapsulating and information about the connection between the client and server. Instead of GRE, IPSec in tunnel mode is sometimes used as the encapsulating protocol. IPSec works well on both remote-access and site-to-site VPNs. IPSec must be supported at both tunnel interfaces to use.

4.3.1.2            Tunneling: Remote-Access

 In a r emote-access VPN, tunneling normally takes place using PPP. Part of the TCP/IP stack, PPP is the carrier for other IP protocols when communicating over the network between the host computer and a remote system. Remote-access VPN tunneling relies on PPP.

Each of the protocols listed below were built using the basic structure of PPP and are used by remote-access VPNs.

L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any authentication scheme supported by PPP.

PPTP (Point-to-Point Tunneling Protocol) - PPTP was created by the PPTP Forum, a consortium which includes US Robotics, Microsoft, 3COM, Ascend and ECI Telematics. PPTP supports 40-bit and 128-bit encryption and will use any authentication scheme supported by PPP.

L2TP (Layer 2 Tunneling Protocol) - L2TP is the product of a partnership between the members of the PPTP Forum, Cisco and the IETF (Internet Engineering Task Force). Combining features of both PPTP and L2F, L2TP also fully supports IPSec

.

L2TP can be used as a tunneling protocol for site-to-site VPNs as well as remote-access VPNs. In fact, L2TP can create a tunnel between:

1.Client and router

2.NAS and router

3.Router and router

Think of tunneling as having a computer delivered to you by UPS. The vendor packs the computer (passenger protocol) into a box (encapsulating protocol) which is then put on a UPS truck (carrier protocol) at the vendor's warehouse (entry tunnel interface). The truck (carrier protocol) travels over the highways (Internet) to your home (exit tunnel interface) and delivers the computer. You open the box (encapsulating protocol) and remove the computer (passenger protocol). Tunneling is just that simple!

As you can see, VPNs are a great way for a company to keep its employees and partners connected no matter where they are.

4.3.2  IPSec

1. IPSec stand for Internet Protocol Security.
2. IPSec was developed for IPv6.
3. IPv4 devices also support IPSec.
4. When IPSec encrypts data only, it is called transport security.
5. When IPSec encrypts the entire packet it is called a tunnel.
6. In remote connections, users connect using a local ISP to establish the VPN connection.
7. VPN service is usually outsourced to large telecommuters. 

   VPN CONCEPTS

1. Key Features

1. Strength of security
2. Firewall inter-operability
3. Network address translation (NAT)
4. Mobile user support
5. Key and policy management, authentication
6. Scalability 
7. Reduced cost

VPN solution can be either hardware or software based.  Software based solutions do not provide the same level of security as hardware based solutions.

2. VPN Implementation

1. VPN support is built into Microsoft server operating systems.
2. VPN is simple to set up.
3. Some of the main issues to be considered in implementing a VPN are as follows:

1. Supported platforms (UNIX, Windows, Mac).
2. Proprietary or open solution (standards support).
3. Ease of use (end user and network manager/SNMP).
4. Performance (pkts/sec, encryption bandwidth, compression).

3. Typical VPN Applications

1. E-mail
2. Web browsers
3. Client/server programs

4. VPNs Benefit the following:

1. Telecommuters
2. Mobile users
3. Remote offices
4. Business partners
5. Clients
6. Customers

5. VPNs - Three Basic Categories:

5.5.1.  Remote access

5.5.2.  Site-to-Site Intranet VPNs

5.5.3.  Extranet

1. Remote Access

A virtual private dial-up network (VPDN) is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access server (NAS) and provides the remote users with desktop client software for their computers. The telecommuters can then dial a toll-free number to reach the NAS and use their VPN client software to access the corporate network.

A good example of a company that needs a remote-access VPN would be a large firm with hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third-party service provider.

• User-to-LAN connection.
• Dial-up to local ISP.
• Employee needs external access on corporate network.

FIGURE 5.1 Remote Access VPN

2. Connecting computers over intranet

If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN.

• E.g. departments LAN physically disconnected from intranet because of very sensitive data.        
• Connection via separated VPN server.

FIGURE 5.2 Intranet VPN

3. Connecting networks over internet(extranet)

When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all of the various companies to work in a shared environment.

• Dedicated lines to connect a branch office to corporate LAN.
• Dial-up line to connect a branch office to corporate LAN.

FIGURE 5.2 Extranet VPN

5.6        Analogy : VPN  VS  ISLAND

  Imagine that you live on an island in a huge ocean. There are thousands of other islands all around you, some very close and others farther away. The normal wa y to travel is to take a ferry from your island to whichever island you wish to visit. Of course, traveling on a ferry means that you have almost no privacy. Anything you do can be seen by someone else.

Let's say that each island represents a private LAN and the ocean is the Internet. Traveling by ferry is like connecting to a Web server or other device through the Internet. You have no control over the wires and routers that make up the Internet, just like you have no control over the other people on the ferry. This leaves you susceptible to security issues if you are trying to connect between two private networks using a public resource.

Continuing with our analogy, your island decides to build a bridge to another island so that there is easier, more secure and direct way for people to travel between the two. It is expensive to build and maintain the bridge, even though the island you are connecting with is very close. But the need for a reliable, secure path is so great that you do it anyway. Your island would like to connect to a second island that is much farther away but decides that the cost are simply too much to bear.

This is very much like having a leased line. The bridges (leased lines) are separate from the ocean (Internet), yet are able to connect the islands (LANs). Many companies have chosen this route because of the need for security and reliability in connecting their remote offices. However, if the offices are very far apart, the cost can be prohibitively high -- just like trying to build a bridge that spans a great distance.

In our analogy, each person having a submarine is like a remote user having access to the company's private network.

So how does VPN fit in? Using our analogy, we could give each inhabitant of our islands a small submarine. Let's assume that your submarine has some amazing properties:

It's fast.

It's easy to take with you wherever you go.

It's able to completely hide you from any other boats or submarines.

It's dependable.

It costs little to add additional submarines to your fleet once the first is purchased.

Although they are traveling in the ocean along with other traffic, the inhabitants of our two islands could travel back and forth whenever they wanted to with privacy and security. That's essentially how a VPN works. Each remote member of your

network can communicate in a secure and reliable manner using the Internet as the medium

 to connect to the private LAN. A VPN can grow to accommodate more users and different locations much easier than a leased line. In fact, scalability is a major advantage that VPNs have over typical leased lines. Unlike with leased lines, where the cost increases in proportion to the distances involved, the geographic locations of each office matter little in the creation of a VPN.

5.7         VPN Security

VPN connection and data sharing can be secured in four ways:

1. Firewall
2. Encryption
3. IP Sec
4. AAA Server

1. Firewall

A firewall provides a strong barrier between your private network and the Internet. You can set firewalls to restrict the number of open ports, what type of packets are passed through and which protocols are allowed through. Some VPN products, such as Cisco's 1700 routers, can be upgraded to include firewall capabilities by running the appropriate Cisco IOS on them. You should already have a good firewall in place before you implement a VPN, but a firewall can also be used to terminate the VPN sessions.

      (2)Encryption

        Encry ption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Most computer encryption systems belong in one of two categories:

Symmetric-key encryption

Public-key encryption

Symmetric-key encryption

 Each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to another computer. Symmetric-key requires that you know which computers will be talking to each other so you can install the key on each one. Symmetric-key encryption is essentially the same as a secret code that each of the two computers must know in order to decode the information. The code provides the key to decoding the message. Think of it like this: You create a coded message to send to a friend in which each letter is substituted with the letter that is two down from it in the alphabet. So "A" becomes "C," and "B" becomes "D". You have already told a trusted friend that the code is "Shift by 2". Your friend gets the message and decodes it. Anyone else who sees the message will see only nonsense.

The sending computer encrypts the document with a symmetric key, then encrypts the symmetric key with the public key of the receiving computer. The receiving computer uses its private key to decode the symmetric key. It then uses the symmetric key to decode the document.

Public-key encryption:

It uses a combination of a private key and a public key. The private key is known only to your computer, while the public key is given by your computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. A very popular public-key encryption utility is called Pretty Good Privacy (PGP), which allows you to encrypt almost anything.

(3)IP Sec

        Internet Protocol Security Protocol (IPSec) provides enhanced security feat ures such as better encryption algorithms and more comprehensive authentication.

IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of this protocol. Also, all devices must use a common key and the firewalls of each network must have very similar security policies set up. IPSec can encrypt data between various devices, such as:

1. Router to router

2. Firewall to router

3. PC to router

4. PC to server

(4)AAA Servers

        AAA (authentication, authorization and accounting) servers are used for more secure access in a remote-access VPN environment. When a request to establish a session c omes in from a dial-up client, the request is proxied to the AAA server. AAA then checks the following:

Who you are (authentication)

What you are allowed to do (authorization)

What you actually do (accounting)

The accounting information is especially useful for tracking client use for security auditing, billing or reporting purposes.

5.8        VPN Technologies

Depe nding on the type of VPN (remote-access or site-to-site), you will need to put in place certain components to build your VPN. These might include:

1 Desktop software client for each remote user

2 Dedicated hardware such as a VPN concentrator or secure PIX firewall 

3 Dedicated VPN server for dial-up services 

4 NAS (network access server) used by service provider for remote-user VPN access

5 VPN network and policy-management center

Because there is no widely accepted standard for implementing a VPN, many companies have developed turn-key solutions on their own. In the next few sections, we'll discuss some of the solutions offered by Cisco, one of the most prevelant networking technology companies.

5.8.1        VPN Concentrator

                  Cisco VPN 3002-8E concentrator

Incorporating the most advanced encryption and authentication techniques available , Cisco VPN concentrators are built specifically for creating a remote-access VPN. They provide high availability, high performance and scalability and include components, called scalable encryption processing (SEP) modules, that enable users to easily increase capacity and throughput. The concentrators are offered in models suitable for everything from small businesses with up to 100 remote-access users to large organizations with up to 10,000 simultaneous remote users.

5.8.2        VPN-Optimized Router

          Cisco 1751 Modular Access Router

Cisco's VPN-optimized routers provide scalability, routing, security and QoS (quality of se rvice). Based on the Cisco IOS (Internet Operating System) software, there is a router suitable for every situation, from small-office/home-office (SOHO) access through central-site VPN aggregation, to large-scale enterprise needs.

5.8.3        Cisco Secure PIX Firewall

                   Cisco Secure PIX Firewall 535

An  amazing piece of technology, the PIX (private Internet exchange) firewall combines dynamic network address translation, proxy server, packet filtration, firewall and VPN capabilities in a single piece of hardware.

Instead of using Cisco IOS, this device has a highly streamlined OS that trades the ability to handle a variety of protocols for extreme robustness and performance by focusing on IP.

1. Benefits of Deploying VPNs

1. Cost savings.
2. Security (using Encryption, Authentication, Certification etc.)
3. Scalability.

1. Cost Savings

1. Elimination of expensive dedicated WAN circuits.
2. Elimination of banks of dedicated modems.
3. ISPs provide Internet connectivity from anywhere at any time.

2.  Security

Private on public infrastructure

1. Encryption
2. Authentication
3. Compression
4. Certification

3. Scalability

1. With VPN technologies, new users can be easily added to the network.
2. Corporate network availability can be scaled quickly with minimal cost.
3. A single VPN implementation can provide secure communications for a variety of applications on diverse operating systems.

6. VPN Drawbacks

1.   VPN devices are not fault tolerant.
2. Software solutions are not very effective in large networks.
3. VPN follows the maxim “Law of diminishing returns,” namely, higher the security lower the simplicity.

CONCLUSION

VIRTUAL PRIVATE NETWORK (VPN) has brought a revolution in the field of wireless networking and has unfolded a new approach to secure communication of information in the corporate world. It has prominently provided privacy with security in the otherwise unsecure internet. It’s implementation and scope is dynamic and on a high in the today’s world.

BIBLIOGRAPHY

WEB RESOURCES: -

• www.wikipedia.com
• www.howstuffworks.com
• www.cisco.com

STUDY MATERIAL:-

• Provided by TULIP TELECOM LTD.