Digital data travels from one network device to another across the network communication media. Three general types of transmission media are used to transmit data between networked devices: copper wire, light waves, and wireless radio frequency (RF) signals. In this chapter, you’ll learn to:
Digital data travels using three types of transmission media:
Each media type offers advantages that make them useful for networking in certain conditions. The main media-related considerations include their cost to implement, maximum data transmission rates, and noise immunity characteristics. Likewise, each media type has some limitations on its ability to transfer information.
This factor is also wrapped up in two considerations: its bandwidth and its attenuation. Bandwidth is the media’s capacity to carry data. Attenuation is a measure of how much signal loss occurs as the information moves across the medium. As you will see in the following sections, some media types can literally carry a signal for miles and still deliver it as recognizable information, while another type loses strength across the house. All individual media types have benefits and disadvantages over others.
The final media-related consideration is its noise immunity capabilities. Stray electrical energy (referred to as noise) moves through the atmosphere as a natural course. Electrical machines and devices can also generate electronic noise. These stray signals can interfere with organized data signals and make them unrecognizable. Therefore, cabling used to transmit data is expected to have some resistance to these stray signals.
Under the heading of copper cabling, there are basically two categories to consider: twisted-pair cabling and coaxial cabling.
Twisted-pair cabling consists of two or more pairs of wires twisted together to provide noise reduction. The twist in the wires causes induced noise signals to cancel each other out. In this type of cabling, the number of twists in each foot of wire indicates its relative noise immunity level.
When discussing twisted-pair cabling with data networks, there are two basic types to consider: unshielded twisted pair (UTP) and shielded twisted pair (STP). UTP networking cable contains four pairs of individually insulated wires, as illustrated in Figure 16.1.
STP cable is similar with the exception that it contains an additional foil shield that surrounds the four-pair wire bundle. The shield provides extended protection from induced electrical noise and cross talk by supplying a grounded path to carry the induced electrical signals away from the conductors in the cable.
Coaxial cable (often referred to simply as “coax”) is familiar to most people as the conductor that carries cable TV into their homes. Coaxial cable is constructed with an insulated solid or stranded wire core surrounded by a dielectric insulating layer and a solid or braided metallic shield. Both the wire and shield are wrapped in an outer protective insulating jacket, as illustrated in Figure 16.2.
In the past, coaxial cable was widely used for Ethernet LAN media. However, because the thickness and rigidity of coaxial cable make it difficult and time-consuming to install, the networking industry and network standards development groups have abandoned coaxial cable in favor of unshielded twisted-pair cabling.
Coax cable continues to be used for some applications, such as Internet service delivered to residential settings through the commercial cable television (CATV) system. In addition, several varieties of coaxial cable are available for transporting video and high-data-rate digital information. This comes into play with computers, audio/video equipment, and intelligent home products with residential networks.
Fiber-optic cable is plastic or glass cable designed to carry digital data in the form of light pulses. The signals are introduced into the cable by a laser diode and bounce along its interior until they reach the end of the cable, as illustrated in Figure 16.3. At the end, a light-detecting circuit receives the light signals and converts the information back into an electrical signal. This type of cabling provides tremendous capacity, offering potential signaling rates in excess of 200,000 Mbps. However, current access protocols still limit fiber-optic LAN speeds to 100 Mbps.
Light moving through a fiber-optic cable does not attenuate (lose energy) as quickly as electrical signals moving along a copper conductor. Therefore, segment lengths between transmitters and receivers can be much longer when using fiber-optic cabling. In some fiber-optic applications, the maximum cable length can range up to 2 kilometers.
Because it cannot be tapped without physically breaking the conductor, fiber-optic cable also provides a much more secure data transmission medium than copper cable. Basically, light introduced into the cable at one end does not leave the cable except through the other end. In addition, fiber-optic cable electrically isolates the transmitter and receiver so that no signal level matching normally needs to be performed between the two ends.
Wireless networks connect computer nodes using high-frequency radio waves. The IEEE organization oversees a group of wireless networking specifications under the IEEE-802.xx banner. The IEEE 802.11x (also known as Wireless Fidelity or Wi-Fi) wireless standards have gained wide acceptance as the preferred wireless networking technology for both business and residential network applications.
Bluetooth (IEEE 802.15.1) is a wireless networking specification for personal area networks (PANs) that has gained widespread acceptance in some areas, such as meshing together personal devices including PDAs, cell phones, and digital cameras, as well as PCs, notebooks, and printers, as shown in Figure 16.4. This bringing together of different types of digital devices in a common forum is referred to as convergence.
Bluetooth devices use low power consumption, short-range radio frequency signals to provide a low cost, secure communication link. The specification provides for three power classes. Thus, Bluetooth devices will be categorized as Bluetooth class 1, class 2, or class 3. A power class denotes the power level and range of that device. Power classes 1, 2, and 3 can project a power/range of 100 mW/100 meters, 2.5 mW/10 meters, and 1mW/1meter, as shown in Table 16.1.
TABLE 16.1 Bluetooth Parameters
Class | Maximum Power | Operating Range |
Class 1 | 100 mW (20 dBm) | 100 meters |
Class 2 | 2.5 mW (4 dBm) | 10 meters |
Class 3 | 1 mW (0 dBm) | 1 meter |
The Bluetooth specification implements Adaptive Frequency Hopping Spread Spectrum (AFHSS) in the license-free 2.4GHz range to provide security and avoid crowded frequency ranges. The Bluetooth protocol divides the 2.4 GHz frequency range into 79 different 1 MHz communication channels. The frequency-hopping mechanism changes channels up to 1,600 times per second. Lastly, the frequency hops channels in one of six predefined patterns. All this frequency hopping is done to lower the effects of other electronic interference.
The data transfer rate for Bluetooth version 1.1 and 1.2 devices is 723.1 Kbps and a big boost of 2.1 Mbps for Bluetooth 2.0 devices.
Bluetooth devices can be connected to only one device at a time; connecting to them will prevent them from connecting to other devices and showing up in inquiries until they disconnect from the other device. However, the standard also provides for constructing multipoint wireless networks using Bluetooth technologies.
Under the Bluetooth specification, up to eight devices can be grouped together to form a piconet. Any device can become the master device and assume control of the network by issuing a request broadcast. The other seven devices become slave devices until the master device releases its position.
The master device uses time division multiplexing to rapidly switch from one slave device to another around the network. In this manner, the Bluetooth network operates like a wireless USB network. Any device in the network can assume the master device role when it is available.
In the computer networking environment, the Bluetooth specification enables several Bluetooth peripheral devices to simultaneously communicate with a host device. In particular, Bluetooth is used with local host computers communicating with wireless input and output devices such as mice, keyboards, and printers.
Like Bluetooth, the ZigBee (IEEE 802.15.4) standard is a wireless, mesh-networked PAN protocol that provides for a 10-meter communication range with data transfer rates at 250 Kbps, as shown in Figure 16.5. The ZigBee standard has been embraced by the smart home automation and industrial controls communities, as well as several areas of the smart grid consortium. It is also being considered for use with personal biomedical sensors to provide secure, remote medical-data acquisition.
The IEEE 802.16 – WiMAX specification was established to provide guidelines for wider area wireless networking capabilities. WiMAX is a broadband wireless access standard designed to provide Internet access across large geographic areas such as cities, counties, and in some cases countries, as shown in Figure 16.6. It is also designed to provide interoperability with the 802.11 Wi-Fi standard.
As with other components of the network, transmission media security must be considered at two levels: physical security and logical security. Physical security involves securing the physical medium, along with the communication equipment and physical ports that interconnect the networked equipment. If attackers can gain uninterrupted access to the transmission media, they can find a way to exploit it.
Securing physical media becomes challenging when it leaves the controllable area of a private facility. Within the facility, optical and metal communication media are relatively safe as a physical tapping of the media is required to extract information from it. The same cannot be said for wireless communications because they can be extracted from the air through a simple antenna.
However, when physical media leaves the confines of the private facility, the information they carry becomes vulnerable to interception and capture along their route or at the receiving port of the message.
While wireless networks are very popular due to their ease of installation, there are a number of security issues concerning using them to communicate personal or otherwise sensitive information. Transmissions from wireless network devices cannot simply be confined to the local environment of a residence or business.
Although the range of most wireless network devices is typically limited to a few hundred feet, RF signals can easily be intercepted even outside the vicinity of the stated security perimeter. Any unauthorized mobile terminal can accomplish this using an 802.11 receiver. Any intercepted transmissions, being unencrypted, are then easily read.
In order to minimize the risk of security compromise on a wireless LAN, the IEEE-802.11 wireless standard provides for several encryption options. An early security feature called Wired Equivalent Privacy (WEP) provides a 128-bit mathematical key encryption scheme for encrypting data transmissions and authenticating each computer on the network. Enabling the WEP function adds some security for data being transmitted. However, at this time, WEP no longer provides the assurance it had years ago.
You will also need to enter the WEP key value (password), either in the form of hexadecimal number string or as an ASCII character string. Working with the ASCII option is easier for most people. Record this string for use with the network’s client computers. Each client computer will need to have the key installed the next time they attempt to connect to the network. When requested by the system, enter and confirm the WEP key.
While WEP was secure enough years ago, a patient or determined attacker today can easily crack it. This vulnerability led the wireless industry to create a stronger WiFi Protected Access (WPA) standard and then create an improved WPA2.
The weakness with WEP is how it encrypts every packet using the same static key. Therefore, a patient hacker only needs to collect enough packets and use brute force to discover the static key. With a reasonable amount of computing power, this is done in minutes or at most a few days. To counter this vulnerability, WPA uses the Temporary Key Integrity Protocol (TKIP) and IEEE 802.1X Extensible Authentication Protocol (EAP) user authentication protocol to provide increased security. This combination requires users to employ usernames and passwords to access the network. After the user logs in, the access point generates a temporary key that is used to encrypt data transfers between the AP and the client computer. WEP, WPA, and WPA2 are included on most APs and are relatively simple to configure.
All of the computers in a network must be configured to use the same key to communicate. Therefore, if you enable encryption on the AP, you will need to input the same key on each computer in the network. For home setups, encryption is enabled and configured by a browser-based configuration wizard. For corporate setups, encryption might be configured by browser or command line. In any case, if the configuration wizard provides for multiple encryption levels, you should select the highest (strongest) level of encryption that doesn’t result in a significant drop in throughput.
If possible, you should set up the router to use WPA-PSK along with a strong password. The PSK option enables WPA to use pre-shared keys instead of a separate Certificate Authority (CA) computer to provide user authentication. The PSK permits a password to be set on the router and shared with the rest of the users.
If WPA is simply not an option, you should enable WEP with 128-bit encryption. In addition, after you’ve installed and authenticated all the wireless clients, you should set the SSID Broadcast option to Disable, so that outsiders do not use SSID to acquire your address and data. Also, change the SSID name from the default value if you have not already done so.
If wireless networking technology is being used within a secure server room, additional physical hardening steps should be taken in securing the room. This may include physically hardening the room’s architecture, such as electrically isolating the server room’s ceiling and floor, as well as its walls to prevent the wireless signals from escaping.
The purpose of this lab is to examine some of the more advanced security configuration settings of your router. Logs will be examined and turned on. SSID broadcasting will be disabled. Next, antennas will have their power lowered and turned off entirely. Finally, Universal Plug and Play will be disabled.
Some of the default settings for the example router are to log router operation and attempted access to blocked sites and services.
It provides security through obscurity.
Turning off all the antennas would completely remove the wireless capabilities of the router.
Lowering the power on an antenna is a halfway measure between turning wireless signals off and still having wireless connectivity. In addition, this forces intruders into closer physical proximity to your router.
Once a threat agent is in your network, UPnP allows a threat agent to easily access the rest of your network. Turning it off reduces this threat.