As I am now coming back from my summer hiatus, I thought I would get back into the swing of things with all of the features of the WiFiJedi.com site, including the “Super Tuesday” poll.
Related Posts:
Intelligent Security at the Network Edge Minimizes Risk in Wi-Fi Networks
Thousand Oaks, CA – Xirrus, Inc., the only Wi-Fi “Power-Play” in the industry, announced today its advanced RF Security Manager (RSM) for improving security and minimizing the risk in deploying 802.11n wireless networks. Leveraging an integrated 24/7 threat sensor and hardware-based encryption/decryption in each Array, RSM secures the Wi-Fi network from multiple types of threats. The result delivers uncompromised overall network security with greater flexibility and performance compared to traditional centralized Wi-Fi networks.
Today’s Wi-Fi networks face a number of potential security threats in the form of rogue access points, ad-hoc clients, unauthorized clients, wireless-based attacks, eavesdropping, etc. As 802.11n continues its increased adoption in enterprise networks, the importance of defending against these threats is becoming more critical.
The Xirrus Wi-Fi Array enables the efficient deployment of high performance, maximum security 802.11n networks with a multi-radio design that integrates a dedicated 24/7 threat sensor. With this threat sensor radio scanning all channels in the 2.4GHz and 5GHz spectrums, RSM searches for security threats and automatically mitigates them. Traditional Wi-Fi solutions must time-slice a user servicing radio with the security scan function, compromising the performance of the wireless users and the effectiveness of the security scan.
High performance encryption/decryption in the enterprise Wi-Fi network is a MUST. The Wi-Fi network needs to support each client using the highest level of encryption (WPA2 Enterprise/128 bit AES) and without degrading the overall performance of the network. The Xirrus Wi-Fi Array incorporates hardware-based encryption/decryption into each Array, delivering line-rate encryption at the edge of the network instead of at a choke point within the centralized controller of traditional Wi-Fi solutions.
“RSM provides a simple, scalable security solution that enables any organization to proactively mitigate wireless threats, enforce enterprise policies, and prevent performance problems. It offers the visibility and control over the wireless airspace needed to enable an enterprise to reliably deliver the same standards of security performance and compliance for their wireless networks that they expect from their wired networks,” said Dirk Gates, founder and CEO of Xirrus.
The RSM (RF Security Manager) package includes:
• Wireless IDS/IPS
• Wireless stateful firewall
• Line-rate encryption/decryption
• Security alerts and logging
• User group policies
• Authenticated guest access gateway
• NAC integration
• PCI audit compliance enforcement
RSM is part of a family of functionality packages for the Xirrus Wi-Fi Array, which also includes the RF Performance Manager (RPM) and RF Analysis Manager (RAM). RSM is available now in the Xirrus ArrayOS 4.0.6 software release.
Sign up for your free site survey by visiting us at www.xirrus.com/sitesurvey or by calling 800-947-7871.
What makes up a wireless LAN (WLAN)? Is it just the Access Point(s) and any associated WLAN controller(s)? Does it include anything else? Personally, I think of wireless LANs as a system. In my mind, there are three main parts to this system:
- The infrastructure
- The clients
- The environment
The Infrastructure
This includes not only the access point(s) and the WLAN controller(s), but any of the routing & switching gear used for uplinks. Also included in the infrastructure would be any of the network infrastructure / services leveraged by the wireless LAN (examples include RADIUS, Network Time Protocol, Syslog, etc.)
The Clients
The IEEE 802.11 specification refers to these as “stations”. Clients/stations could be computers such as laptops or tablet PCs. Other examples of wireless stations include dual-mode phones, handheld scanners, etc. When thinking about the clients, realize this includes not only the hardware, but the software (such as a client driver or management supplicant).
The Environment
This most commonly refers to the Radio Frequency environment. The RF environment can be evaluated with a spectrum analyzer, which can show you the signal level of your APs, the noise floor, and any interference in the area. Interference can come from other Wi-Fi devices, or non Wi-Fi devices (such as microwave ovens, cordless phones, and Bluetooth). I also think of the Physical environment, which is the type of construction materials used, the amount of vegitation in the area, the terrain/line-of-sight, etc.
I often get called out in troubleshooting situations. In many of these cases, the infrastructure has been evaluated as a potential source for issues (for example, are the authentication/encryption settings correct), but the clients and the environment have been neglected.
Conclusion
In these troubleshooting scenarios, it is imperative to take a thorough look at all three components. Not only should you take a look at the configuration file of the infrastructure, but ensure that wireless clients have the most up-to-date drivers. Look to see that clients power-save and roaming agressiveness settings are appropriate for the application. Double-check to see there is no interference from Wi-Fi or non Wi-Fi sources, etc. In short, evaluate your WLAN as a system.
As you *may* have noticed, I took a hiatus from blogging over the summer. Now, it’s time to get back to work! “But Douglas”, you say, “It’s November. Summer was over long ago.” To that, I will remind you that I live in Phoenix. The high temperature is 94 degrees today. So in that sense, summer isn’t *entirely* over for me, but I’ll start back with blogging anyway…
Yesterday, I wrote a post for Computerworld titled: “It’s Not About ‘Full Bars’, Stupid”. It actually combines two of my passions: NFL football and wireless. The wireless portion discusses wireless’ hidden weakness: network congestion.
I don’t want to put any “spolier” information here, so you’ll just have to head over to Computerworld Blogs and check it out for yourself.
I read this book to prepare re-certify my CWNE (Certified Wireless Network Expert).
This is an *excellent* read, especially for seasoned wireless LAN engineers. It goes into a lot of the “beeps and squeaks” of wireless networking. It takes an in-depth look into the MAC and PHY layers, including all the bitwise fields of the 802.11 MAC header. A well written book that I have gone through at least 3 or 4 times.
There are not too many books that go this in-depth on Layers 1 and 2 of wireless networking. The IEEE 802.11 Handbook is the “official” study guide for the CWNE, but I don’t think it is a clear as the CWAP Study Guide.
It isn’t a book that I would suggest for beginners. For those folks, I would suggest either the McGraw Hill or the Sybex “CWNA Study Guide”.
Happy reading!
I recently had a customer that wanted to disable the 802.11d flag (setting) on their Motorola/Symbol handheld scanners. Even when my customer disabled that setting manually, it came back upon reboot. Apparently they were using Wavelink’s Avalanche system to centrally manage the scanners, which would download a fresh configuration each time it was powered up (including re-setting the 802.11d flag).
In this post, I will explain the research I conducted as well as two possible solutions. First, here is a little background on 802.11d taken from Wikipedia:
802.11d, is an amendment to the IEEE 802.11 specification that adds support for “additional regulatory domains”. This support includes the addition of a country information element to beacons, probe requests, and probe responses. The country information elements simplifies the creation of 802.11 wireless access points and client devices that meet the different regulations enforced in various parts of the world.
The current 802.11 standard defines operation in only a few regulatory domains (countries). This supplement adds the requirements and definitions necessary to allow 802.11 WLAN equipment to operate in markets not served by the current standard. Enable the 802.11d feature/option if you are operating in one of these “additional regulatory domains”.
At any rate, I ran the issue with the 802.11d flag to ground. These are the steps I took:
I found the 802.11d flag is a radio level setting specific to the handheld device – in this case, the Symbol/Motorola scanners.
Therefore, I tried to figure out if we could disable the 802.11d through Wavelink’s Avalanche tool. I found the following Q&A on their support forum (and called into their tech support this morning to verify):
Q: Can you disable the 802.11d radio file through The AMC product?
A: No. This is a symbol radio file and we do not have the tools in our mobility center to disable specific radio files. These need to be disabled manually.
Then, I tried to figure out if there was a way to disable the setting centrally from Motorola. I believe you can do this through Motorola’s MSP (Mobility Services Platform). For reference, here are instructions to disable 802.11d through MSP: http://support.symbol.com/support/search.do?cmd=displayKC&docType=kc&externalId=11407&sliceId=SAL_Public&dialogID=107746501&stateId=1%200%20107736747
Therefore, we had to disable the 802.11d setting in each device manually and keep it disabled through a cold boot.
| Here are the steps on how to accomplish that :
1. Tap the Fusion icon (blue radio card icon) located on the lower |
This is a guest post that originally appeared on CWNP.com – the post generated a LOT of comments, so I thought I would pull it out of “the valut” and re-publish here at WiFiJedi.com
————————————————————————————-
I recently ran a poll on my blog (WiFiJedi.com) about frequency band utilization for 802.11n deployments. Here are the results:
In what frequency band do you plan to deploy 802.11n?
- 2.4 GHz = 17%
- 5 GHz = 12%
- Both (2.4 GHz and 5 GHz) = 18%
- Not sure – why does it matter? = 8%
- No plans to deploy 802.11n = 45%
Personally, I found the results surprising for two reasons. First, I was surprised by the large number of respondents who said they have no plans to deploy 802.11n. I wonder what factors are keeping them from deploying 802.11n? Price? Security? Reliability? Scalability?
Second, I was surprised by the low number of respondents who chose a pure 5 GHz 802.11n deployment. I believe there are numerous advantages to deploying WLANs in the 5 GHz band, especially when it comes to 802.11n.
Consider the following:
Number of Available Channels
There are only three non-overlapping channels in the 2.4 GHz frequency band. Channels 1, 6, and 11. There are 23 non-overlapping channels between the 5GHz lower, middle, and upper bands.
Total Capacity
Because there are many more non-overlapping channels in the 5 GHz range, it can deliver greater total capacity. 802.11g networks offer 54 Mbps of capacity on each of the three non-overlapping channels in the 2.4 GHz spectrum. This equates to a total capacity of 162 Mbps. 802.11a has the same speed, 54 Mbps, but offers a total of 1.24 Gbps of capacity across its 23 non-overlapping channels. This holds true for 802.11n networks as well. With speeds of 150 Mbps per channel, there are 450 Mbps of 802.11n capacity with 2.4 GHz use and 3.45 Gbps of capacity with 5 GHz use.
Interference
The 2.4 GHz frequency band is crowded with interfering devices. Other Wi-Fi access points, microwave ovens, cordless phones, Bluetooth devices, baby monitors, etc. all make for a noisy environment. This degrades the overall signal-to-noise ratio (SNR). The 5 GHz band is considerably cleaner in most areas – see for yourself with a spectrum analyzer!
Channel Planning
With nearly 8 times the number of channels to chose from in the 5 GHz band, planning is far simpler than in the 2.4 GHz band. I realize that most enterprise grade solutions have some sort of auto-channel or automatic radio management feature to assist with this, but co-channel interference remains a concern, especially in tight spaces or high-density environments. The additional choices in 5 GHz minimizes the possibility that two APs will utilize the same channel in the same areas.
Channel Bonding
Sure, some organizations need to support legacy devices in the 2.4 GHz spectrum. However, I don’t think it makes sense to deploy 802.11n networks in this band. One of the main technical improvements available in 802.11n is channel bonding. There is only space for one bonded channel in the 2.4 GHz band which, if utilized, would increase the probability of co-channel interference and make channel planning even more complex.
Conclusion
Last week, at the Gartner Mobile & Wireless Summit in Chicago, Michael King and Timothy Zimmerman gave a presentation on Next-Gen WLANs. In their presentation, they said that 802.11n networks are faster, cheaper, more secure, more reliable, and better managed than the wired infrastructure deployed in most enterprises today. Additionally, they said enterprises should align networking investments to an all-wireless office. I agree with them. But to maximize your chance of success, do it in 5 GHz.
Earlier this week, I read an interesting blog post discussing the legal aspects of whether you should secure your home wireless network or leave it unencrypted. The post was actually written by a good friend of mine, Aamir Lakhani, who blogs at http://www.assassin711.com and micro-blogs on Twitter @Assassin711.
I wrote a blog post about it over at Computerworld, including my opinion on running open wireless networks.
http://blogs.computerworld.com/legal_aspects_of_running_an_open_wireless_network
Read it. Digg it. Comment on it.
Or comment on it here… What do YOU think? Should people secure their home wireless networks? Why or why not? Should people be concerned about their data ?
![[LinkedIn]](http://farm4.static.flickr.com/3477/3463037125_247575d1f3_m.jpg)
![[LinkedIn]](http://farm4.static.flickr.com/3598/3463037145_924738ec38_m.jpg)
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
