1VLANsandWireless VLANsNavigateBy Paul RollinsECE 636 Project Report PresentationProfessorDr. Kris (Krzysztof) GajPrepared For George Mason University, Fairfax, VirginiaDepartment of Electrical and Computer EngineeringSlide 2Introduction• VLAN VPN Comparison• VLANs• VLAN Security• Wireless LANs• Wireless LAN Security• Wireless VLANs• Conclusion2Slide 3VLAN Intro• Idea Started in Early 90s• 802.1Q Standardized in 1996• Broadcast Domain SegregationSWSWHH HHH HHSWSWVLAN 4VLAN 3VLAN 2VLAN 1VLAN 5HH HHSlide 4VPN Intro• Means to use cheap public networks forsensitive/private use.• Make use of strong encryption to provideprotection3Slide 5VPN/VLANComparison• VLANs segregate physically connectedmachines into groups/domains that act asthough they were NOT physicallyconnected.• VPNs attempt to aggregate machines thatare physically separated into groups/domains that act as though they are co-located.Slide 6VLAN History• Network usage increases• Collision Domains: Hubs -> Switches• Switches faster/cheaper, too• Broadcast Domains : LANs -> VLANS• Membership via Port, MAC, IP4Slide 7VLAN Protocols• CISCO Proprietary Inter-Switch Link (ISL)• IEEE 802.10• ATM LAN Emulation (LANE)• IEEE 802.1D• IEEE 802.1QSlide 8LANE•LAN Emulation Clients (LEC)•LAN Emulation Servers (LES)•Switched Virtual Circuits (SVC)5Slide 9802.1Q• Positions Function within Architecture• Defines Functions• Defines Control Information• Specifies MAC Tag Format• Defines Automatic Configuration• Defined Management Functionality• Establishes Conformance RequirementsSlide 10802.1Q Header Tag•Tag Protocol Identifier (TPID)•Tag Control Identifier (TCI)•TR Encap. Flag(CFI)•VLAN Identifier (VID)6Slide 11VLAN Security• Router/FW in Switch (ACLs)• Reduced Eavesdropping• Protection Against “Casual” Attack• Switch-level ACLsSlide 12VLAN Weaknesses• No Cryptographic Security (Not a designgoal)• Software Implementation Errors -VLANHopping (Unavoidable)• Administrative Complexity7Slide 13Wireless LAN Intro• IEEE 802.11Slide 14Wireless LAN Intro• IEEE 802.11• 2.4 GHz RF Broadcast• 802.11 = 1Mbps, 2Mbps• 802.11b = 5.5Mbps, 11Mbps• Ethernet-Like Addressing• Ethernet-Like CSMA/CA8Slide 15WEPKeystream = RC4(iv,k)Message CRC CiphertextIV,KeyIDPlaintextTransmitted DataSlide 16WEP Weaknesses•IV Reuse– Known Plain/Cipher = IV/Keysequence– Dictionary– Known plaintext from own packets, broadcasts, email...• CRC Linearity– Modify MSG and CRC WHILE ENCRYPTED– RC4(IV,K) (M X,crc(M) crc(X))• CRC Keylessness– Attacker can create checksums, Insert Traffic9Slide 17Wireless VLANs• Can’t Limit Broadcast Domain (NoPerf. Gain)• Multiple Hosts/Port (Via AP) Sodifficult to use Port-based VLAN• Roaming Between APs• Can Use MAC-based VLANsSlide 18Conclusion• VLAN Can Improve Performance Greatly• VLAN Can Improve Security Marginally• VLANs Still Need External LAN Security• WLANs Offer Convenience, Mobility• WEP “Raises the Bar,” but fails to meet goals• VLANs Still Need External LAN Security• VLAN/WLAN Can be made to co-exist, but notsynergistic/complementary
View Full Document