Access Points – CompTIA Security+ SY0-501 – 2.1

Your wireless network requires as much security (or more) than your wired network. In this video, you’ll learn about access points, wireless security considerations, frequency use, and antenna coverage.

<< Previous Video: Load Balancers Next: SIEM >>


In this video, we’re going to talk about wireless access points or WAPs. This is not the wireless router that you might have at home. Wireless router actually has a router inside of it– a switch and a wireless access point. So in this video, we’re just going to talk about the wireless side of things.

A wireless access point is a bridge. It’s a switch configuration that’s taking traffic from the wireless network and switching it on to the Ethernet network. So we can think about a wireless access point– very similar to a switch as a layer 2 device on the network.

The way that we’re able to see these wireless access points on our mobile devices and on our desktops is that there’s a name associated with the network. This is the SSID or service set identifier. And when we pull up a list of all of the wireless networks around, we’re seeing a list of the available SSIDs that are being broadcast by the wireless access point.

We generally would change these SSIDs so that they don’t describe the wireless access point manufacturer like Linksys or Netgear. Instead, we create an SSID that matches the type of network we’re connecting to. This is something that a lot of people will disable in their wireless access point so that if you pull up a list of available SSIDs, your SSID will not appear because you’ve disabled the SSID broadcasting. This is not really a security feature. The SSIDs are there for more of an organizational capability.

You can easily determine what the SSID is of a wireless access point by performing some packet captures on the wireless network. So disabling the SSID provides no real security function. If anything, this is really security through obscurity which in reality is not any type of security because it’s so easy to circumvent the supposed security functionality.

Most access points allow you to configure a MAC-level filtering in the access point itself. That stands for Media Access Control– it’s referring to the hardware or the MAC address of the devices that are on the wireless network. This MAC filtering allows you then to limit access to the wireless network to only certain physical devices that might be on your network. This is very commonly used to keep neighbors out of your wireless access point or to make sure that only people who are a part of your organization can access or connect to certain wireless access points.

One of the problems with MAC filtering is that it is very easy to circumvent. All you need is a packet capturing device to be able to see what MAC addresses are allowed to communicate on this network and then simply spoof that MAC address on your device. This is another example of security through obscurity which means that you may be trying to set up this MAC filtering as a security mechanism, but it’s so simple to be able to circumvent that it really provides no security at all.

Some wireless access points allow you to set how much power will be used by the wireless network. This means that you could limit the power of the signal to the inside of your building but maybe prevent that signal from being heard on the outside of your building in the parking lot. The idea is that you should set it as low as possible to still be functional to all of your users. But how low is really low enough? This may require some additional studies and testing to make sure that you don’t set it too low for everybody who’s on your network.

You also want to consider the receiving stations and what type of antennas they might have. A high-gain antenna is able to hear and receive traffic much better than a low-gain antenna, so you might be able to set the power much lower for those devices. Again, the location of where the access point and where the users are becomes very, very important.

We usually define the speed of these wireless networks as throughput values and usually refer to them as maximum theoretical throughputs. That’s because there are so many different variables that can affect the communication over a wireless network, so it’s impossible to tell somebody exactly the throughput that they’re going to get on their system from any particular place on that wireless network. There’s also a number of frequencies that can be configured on these wireless access points, and it also depends on the type of standards that are being used for your wireless network. Some standards and access points support the 2.4 GHz range and others support the 5 GHz range and in some cases, an access point can support both of those simultaneously.

It might also be important to define what distance this access point needs to communicate. And so you may need to specify a different kind of antenna for the access point that you’re using. Once you’ve determined what frequencies will be in use for your access point, you’re able to set of channels for that frequency that you’ll be using. Instead of us having to remember the specific frequency and 2.4 GHz or the 5 GHz band, we can simply use a set of predefined channels that are already configured to match a particular set of frequencies.

Let’s look at the different frequencies available for the different bands in the United States. Let’s start with the 2.4 GHz spectrum, and you can see there are three non-overlapping IEEE channels– channel 1, channel 6, and channel 11. And each of these channels is 20 megahertz in bandwidth. Now, there’s also the 5 GHz spectrum. Look at the differences in the available channels for 5 GHz.

You can see that everything that is yellow, blue, and green is available to be used in the 5 GHz range. Anything marked in red are not available for the 802.11 networks. If you use larger bandwidths for the 802.11 standard, you can see the differences for the 40 megahertz bandwidths, the 80 megahertz bandwidths, and the 160 megahertz bandwidths in the 5 GHz spectrum. You can see there is a significant difference in frequency availability for 5 GHz than the much more crowded 2.4 GHz spectrum.

There are many different types of antennas that you can connect to your wireless access points. One of the most common and the one that probably came with your wireless access point is an omnidirectional antenna. This means that the signal will relatively speaking be distributed evenly on all sides of this antenna. The omnidirectional antenna is a good choice for an access point if you want to put the access point in the middle and then have everybody communicate to that access point from wherever they happen to be around it.

One challenge you have with an omnidirectional antenna, of course, is there’s no way to really focus the signal. From all the way around this access point, the signal will effectively be the same. If you need to focus that to go a longer distance, then you’ll need a different kind of antenna.

One of the challenges we have when deciding where an antenna is going to go is we need to cover a large area, but we want to make sure if we have multiple access points that were not overlapping any of the frequencies. A good way to do this with the 2.4 GHz frequency ranges is to use channels 1, 6, and 11 since none of those overlapped each other. That way we’re able to put channel 1 next to channel 6 and channel 11 and not worry about any of the frequencies conflicting with each other.

If we need to go a longer distance with our wireless network, we may want to use an antenna that’s very directional. This allows us to focus the signal and go a much longer distance between access points. We can also send and receive in a very focused way by using these directional antennas. We measure the performance of these antennas by looking at the amount of db gain. This is the decibel gain that we’re using across these particular links.

Decibels use a logarithmic scale. So every time we double the antenna power, the decibel gain will increase by three decibels. So every time you’re doubling it to three decibels is doubled. You double that when you go to 6 decibels. It’s doubled again when you go to 9 decibels.

One type of directional antenna is the Yagi antenna. This is the Yagi antenna here at the top. It’s a very directional antenna and provides very high gain.

Another good directional antenna is the parabolic antenna where it has a curved front. The signals are coming in and being focused and bouncing to a feed horn that’s right on the front of the antenna. It’s focusing all of those signals that it’s receiving to that single point on the antenna. Being able to manage all of these different access points in your environment can be a bit of a challenge.

One of the things that most people will do is have a centralized wireless LAN controller. This means that you can manage all of those wireless access points from one single screen. If you need to deploy new access points, you need to monitor the performance and the security of those access points. And if you need to update or make any changes to all of those access points, you can do that all at once from the single management console.

From a security perspective, we can even run reports and look at access to the wireless network from this management front end. This is usually a proprietary system. It’s based on the type of access point you’re using.

And if you’re deploying a number of access points in your environment, then you’re probably also going to want to deploy one of these wireless LAN controllers. These wireless LAN controllers are able to communicate to these wireless access points using some standardized protocols. One very common standardized protocol is LWAPP. This is the lightweight access point protocol.

LWAPP is a Cisco proprietary standard but there is an open standard called CAPWAP. This allows you to manage those access points simultaneously all from that management console. Some access points may be configured as thick access points or fat access points. That means that the access point itself contains all of the intelligence to be able to manage the communication going in and out of that access point. The switch that this wireless access point is connected to really has no control or management over any functions of the wireless access point.

Another type of access point is the thin access point. This is one that doesn’t have as much intelligence on the access point and instead it moves that intelligence to the switches. This means that the access points are less expensive to deploy, and you’re able to centralize all of the access point management in the switch that it’s connected to.