WLAN Security Case Study

Topology
Why this topology?
We are going to use Cisco Aeronet 1000 LAP. Based on the Datasheet we found that if we use
802.11a we would get a 14m range indoor at full speed but if we user 802.11g we get 27meters at
full speed indoor. We choose 802.11g and designed the network with a 25meters of range per access
point. Because of roaming, we need at least 30% overlap between APs. But on the other hand we
don't want collisions on the access points, so we need at least two channels. In the diagram, the red
range is one channel (channel 1) and the green is the other (channel 12).

Concusion of design
We need 6 access points with omnidirectional antennas, placed as in the picture. Each access point
should support about 30 users.

User separation
We would have tree groups:
• guests
• employees
• VoIP Phones
Separation between the groups will be made through VLANs. Each VLAN will be matched to a
SSID.

Groups

Guests
They are not vital and should have minimal access to the network (only Internet use). The
connection should be easy to setup, so it needs to be open. The access control will be made through
ACLs on the Firewall.

Employees
The people who work inside the company should have more access, but this access needs to be over
a secure connection. On this connection we will use WPA2. The authentication will be made
through 802.1x based on data from a RADIUS server. LEAP will be used to authenticate.

VoIP Wireless Phones

The data on this network is very sensitive so it should be protected through QoS mechanisms. It
must also be secured, but most phones don't support WPA2, so WPA will be used (phones with
WPA2 support will be too expensive). LEAP will also be used here.

Hardware and protocols

The Access points will be Cisco Aeronet 1000 Lightweight Access Point (6 of them) because they
have a very good coverage, have all needed protocols implemented and integrate in a Cisco built
network.
Each AP will broadcast all tree SSIDs (because of roaming) and the SSID will be matched to a
broadcast domain (VLAN) and the data will be transmitted though trunks on the wired network.
The Access Points will be controlled by a central device, a Wireless LAN Controller. The WLC
will control the management of the users associated to the access points because it will have a
global view of the wireless network.
The authentication will be done though 802.1x on each AP but controlled by the WLC that allow
users on the network based on the RADIUS server. The authentications will be negotiated through
LEAP.
We also need a router and a RADIUS server. The router needs to implement ACLs.
The IP wireless IP phones need to support WPA and dot1x.

Possible threats
• DOS attacks from inside or outside
• devices that block or interfere with the radio channels
• VLAN hopping
• WLC is single point of failure
• packet capturing on the open network