Replacing Desktop Ethernet With Wireless
Filed under: 802.11n, Architecture, Poll Questions | Tags: Super Tuesday Poll Question
Comments (3) CWAP Study Guide (Book Review)
Filed under: Book Review, External Training, Professional Development, Troubleshooting | Tags: Certified Wireless Network Administrator, CWAP, CWNA, CWNE, Wireless Analysis
Comments (2) 
I read this book to prepare re-certify my CWNE (Certified Wireless Network Expert).
This is an *excellent* read, especially for seasoned wireless LAN engineers. It goes into a lot of the “beeps and squeaks” of wireless networking. It takes an in-depth look into the MAC and PHY layers, including all the bitwise fields of the 802.11 MAC header. A well written book that I have gone through at least 3 or 4 times.
There are not too many books that go this in-depth on Layers 1 and 2 of wireless networking. The IEEE 802.11 Handbook is the “official” study guide for the CWNE, but I don’t think it is a clear as the CWAP Study Guide.
It isn’t a book that I would suggest for beginners. For those folks, I would suggest either the McGraw Hill or the Sybex “CWNA Study Guide”.
Happy reading!
How to Disable 802.11d Flag on Motorola/Symbol Handhelds
Filed under: Troubleshooting, WLAN Vendors | Tags: 802.11d, how-to, Motorola/Symbol handheld scanners
Comments (7) I recently had a customer that wanted to disable the 802.11d flag (setting) on their Motorola/Symbol handheld scanners. Even when my customer disabled that setting manually, it came back upon reboot. Apparently they were using Wavelink’s Avalanche system to centrally manage the scanners, which would download a fresh configuration each time it was powered up (including re-setting the 802.11d flag).
In this post, I will explain the research I conducted as well as two possible solutions. First, here is a little background on 802.11d taken from Wikipedia:
802.11d, is an amendment to the IEEE 802.11 specification that adds support for “additional regulatory domains”. This support includes the addition of a country information element to beacons, probe requests, and probe responses. The country information elements simplifies the creation of 802.11 wireless access points and client devices that meet the different regulations enforced in various parts of the world.
The current 802.11 standard defines operation in only a few regulatory domains (countries). This supplement adds the requirements and definitions necessary to allow 802.11 WLAN equipment to operate in markets not served by the current standard. Enable the 802.11d feature/option if you are operating in one of these “additional regulatory domains”.
At any rate, I ran the issue with the 802.11d flag to ground. These are the steps I took:
I found the 802.11d flag is a radio level setting specific to the handheld device – in this case, the Symbol/Motorola scanners.
Therefore, I tried to figure out if we could disable the 802.11d through Wavelink’s Avalanche tool. I found the following Q&A on their support forum (and called into their tech support this morning to verify):
Q: Can you disable the 802.11d radio file through The AMC product?
A: No. This is a symbol radio file and we do not have the tools in our mobility center to disable specific radio files. These need to be disabled manually.
Then, I tried to figure out if there was a way to disable the setting centrally from Motorola. I believe you can do this through Motorola’s MSP (Mobility Services Platform). For reference, here are instructions to disable 802.11d through MSP: http://support.symbol.com/support/search.do?cmd=displayKC&docType=kc&externalId=11407&sliceId=SAL_Public&dialogID=107746501&stateId=1%200%20107736747
Therefore, we had to disable the 802.11d setting in each device manually and keep it disabled through a cold boot.
| Here are the steps on how to accomplish that :
1. Tap the Fusion icon (blue radio card icon) located on the lower |
Personal Pre-Shared Keys (PPSKs) – Super Tuesday Poll
Filed under: Poll Questions, Wi-Fi Masterminds, Wireless Security | Tags: Personal Pre-Shared Keys, PPSKs, Wireless Security
Leave a Comment 2.4 GHz vs. 5 GHz
Filed under: 802.11n, Architecture, Deployment Considerations, Implementation/Integration | Tags: 2.4 GHz, 5 GHz, 802.11 frequency utilization, 802.11n, channel planning, wireless interference
Comments (7) This is a guest post that originally appeared on CWNP.com – the post generated a LOT of comments, so I thought I would pull it out of “the valut” and re-publish here at WiFiJedi.com
————————————————————————————-
I recently ran a poll on my blog (WiFiJedi.com) about frequency band utilization for 802.11n deployments. Here are the results:
In what frequency band do you plan to deploy 802.11n?
- 2.4 GHz = 17%
- 5 GHz = 12%
- Both (2.4 GHz and 5 GHz) = 18%
- Not sure – why does it matter? = 8%
- No plans to deploy 802.11n = 45%
Personally, I found the results surprising for two reasons. First, I was surprised by the large number of respondents who said they have no plans to deploy 802.11n. I wonder what factors are keeping them from deploying 802.11n? Price? Security? Reliability? Scalability?
Second, I was surprised by the low number of respondents who chose a pure 5 GHz 802.11n deployment. I believe there are numerous advantages to deploying WLANs in the 5 GHz band, especially when it comes to 802.11n.
Consider the following:
Number of Available Channels
There are only three non-overlapping channels in the 2.4 GHz frequency band. Channels 1, 6, and 11. There are 23 non-overlapping channels between the 5GHz lower, middle, and upper bands.
Total Capacity
Because there are many more non-overlapping channels in the 5 GHz range, it can deliver greater total capacity. 802.11g networks offer 54 Mbps of capacity on each of the three non-overlapping channels in the 2.4 GHz spectrum. This equates to a total capacity of 162 Mbps. 802.11a has the same speed, 54 Mbps, but offers a total of 1.24 Gbps of capacity across its 23 non-overlapping channels. This holds true for 802.11n networks as well. With speeds of 150 Mbps per channel, there are 450 Mbps of 802.11n capacity with 2.4 GHz use and 3.45 Gbps of capacity with 5 GHz use.
Interference
The 2.4 GHz frequency band is crowded with interfering devices. Other Wi-Fi access points, microwave ovens, cordless phones, Bluetooth devices, baby monitors, etc. all make for a noisy environment. This degrades the overall signal-to-noise ratio (SNR). The 5 GHz band is considerably cleaner in most areas – see for yourself with a spectrum analyzer!
Channel Planning
With nearly 8 times the number of channels to chose from in the 5 GHz band, planning is far simpler than in the 2.4 GHz band. I realize that most enterprise grade solutions have some sort of auto-channel or automatic radio management feature to assist with this, but co-channel interference remains a concern, especially in tight spaces or high-density environments. The additional choices in 5 GHz minimizes the possibility that two APs will utilize the same channel in the same areas.
Channel Bonding
Sure, some organizations need to support legacy devices in the 2.4 GHz spectrum. However, I don’t think it makes sense to deploy 802.11n networks in this band. One of the main technical improvements available in 802.11n is channel bonding. There is only space for one bonded channel in the 2.4 GHz band which, if utilized, would increase the probability of co-channel interference and make channel planning even more complex.
Conclusion
Last week, at the Gartner Mobile & Wireless Summit in Chicago, Michael King and Timothy Zimmerman gave a presentation on Next-Gen WLANs. In their presentation, they said that 802.11n networks are faster, cheaper, more secure, more reliable, and better managed than the wired infrastructure deployed in most enterprises today. Additionally, they said enterprises should align networking investments to an all-wireless office. I agree with them. But to maximize your chance of success, do it in 5 GHz.
Are you legally liable for running an open wireless network?
Filed under: Access Point Configuration, Security, Wireless Security | Tags: Assassin711, legal aspects of wireless, wi-fi legalities
Comments (1) Earlier this week, I read an interesting blog post discussing the legal aspects of whether you should secure your home wireless network or leave it unencrypted. The post was actually written by a good friend of mine, Aamir Lakhani, who blogs at http://www.assassin711.com and micro-blogs on Twitter @Assassin711.
I wrote a blog post about it over at Computerworld, including my opinion on running open wireless networks.
http://blogs.computerworld.com/legal_aspects_of_running_an_open_wireless_network
Read it. Digg it. Comment on it.
Or comment on it here… What do YOU think? Should people secure their home wireless networks? Why or why not? Should people be concerned about their data ?
SMX Advanced – Day 1 Recap
Filed under: blogging, Industry Events, Professional Development, Security, Social Media | Tags: Link Juice, Search Engine Ranking Factors, SMX, SMX Advanced, Twitter, Twitter tactics, Twitter tools
Leave a Comment 
I was lucky enough to be up in Seattle yesterday to sit in on the sessions at SMX Advanced. SMX stands for Search Marketing Expo and SMX Advanced is one in a series of a half dozen conferences run around the world each year. Each of these conferences is dedicated to Search Marketing.
My favorite session of the morning was “Twitter Tactics and Search Marketing”. There were several presenters, including Michael Gray, President, Atlas Web Service and Joanna Lord, Co-Founder & CMO, TheOnlineBeat.
Michael was my favorite presenter of the show. His presentation was fast paced and insightful – very difficult to put into words. He started his presentation with “There is no right or wrong way to use Twitter. You need to determine what works for you”, which set a very down-to-Earth tone. Michael listed off what seemed like a thousand tools and tactics for twitter, but my favorite soundbite of his presentation is that “the re-tweet is Twitter gold“. He suggested that you RT (re-tweet) the most self-serving tweets of people you want to notice you.
Although Michael was a hard act to follow, Joanna definitely held her own. She offered great advice with regards to Twitter use and security. She suggested the following:
- RESEARCH an application/tool BEFORE giving them your PASSWORD
- Read.The.Link.Before.You.Push!!! (reference to the use of URL shorteners and re-tweeting links)
My favorite afternoon session talked about Search Engine Rank Factors (SERFs) in 2009 and had heavyweight presenters Rand Fishkin, CEO of SEOmoz, Laura Lippay, Dir. Technical Marketing at Yahoo, and Marty Weintraub, President of aimClear. What I took away from the session was that Search Engine Optimization (SEO) is more than meta tags, inbound links, keyword density, etc. It is about being viral, creating buzz, and creating a great product. Laura suggested asking yourself “What is it going to take to outrank our top competitor?” Simple, yet profound. I don’t think many people ask themselves this question. I think fewer people are disciplined enough to follow through with the actions needed to become #1.
Besides the great educational sessions, there was an excellent vendor in conjunction with the conference. All the large players were there such as Google, Microsoft, Facebook, and SEOmoz. Microsoft had the most interesting booth promoting their new “Bing” search engine. I particularly liked that you could use an XBox 360 controller to control maps provided by Bing. The best swag was provided by SEOmoz, who gave away cans of “Link Juice”. The LinkJuice reminded me of the case of Brawndo that I bought off the Internet before Christmas (a reference to the movie Idiocracy, if you haven’t seen it).
Unfortunately, I had to leave the conference before the evening keynote on Day 1 due to client commitments. It looked like there were some great Day 2 sessions as well as vendor sponsored parties. I am definitely going to keep Search Marketing Expo events on my radar over the coming year.
http://interop09.wordpress.com
If you didn’t catch all the fun and excitement at INTEROP Las Vegas, May 17-21… well… you missed it!
Don’t fret just yet – Xirrus is giving you a second chance to experience all the fun! If you have been following my blog, you probably know that Xirrus ran a “Melee at the Mandalay” campaign with Live Men’s and Women’s Boxing. We recorded many of the matches and uploaded them to YouTube.
Additionally, we have uploaded tons of videos (boxing, product demos, interviews, etc.), pictures, and a whole lot more to a blog located at http://interop09.wordpress.com
Normally what happens in Vegas, stays in Vegas. Not this time! We documented all the buffoonery, to include Miss Nevada 2009 knocking out our product manager, Brian Mason (see below). Check out the blog to see what else happened!
Related Posts:
WiFi Pilot Post on CWNP.com
Filed under: Industry Events, Packet Analysis, Troubleshooting, WLAN Vendors | Tags: AirPcap, CACE Technologies, MetaGeek, Sharkfest, WiFi Pilot, Wireless Analysis, wireless packet analysis, WiSpy
Leave a Comment 
As you can see from the graphic on the left, I have a new blog post available on the CWNP homepage, http://www.cwnp.com
If you are unfamiliar with the CWNP program, they are a vendor-neutral certification body for wireless networking and security.
My most recent blog post at CWNP talks about a new product offering from CACE Technologies and MetaGeek, called “WiFi Pilot”. The WiFi Pilot WLAN Analysis kit contains a WiSpy Spectrum Analyzer, an AirPcap wireless packet capture device, and the WiFi Pilot analysis software.
Check out the review on CWNP for an extended discussion of product functionality, pricing, etc.
One other thing that I mention in the post is the Sharkfest Conference for Wireshark Users and Developers. The conference is being held Jun 15th – 18th. I am attending the conference and *super* excited about it – feel free to email me at douglashaider <at> hotmail <com> if you are attending. I would love to meet up and chat!
Related Posts:
Personal PSKs (Wi-Fi Masterminds)
Filed under: Wi-Fi Masterminds, Wireless Security, WLAN Vendors | Tags: 802.1X, Personal Pre-shared Key, Wi-Fi Masterminds, WPA/WPA2
Comments (2) This is the second in a series of posts that I am dubbing “Wi-Fi Masterminds” (TM). I will ask questions to a series of panelists and they will answer in round-robin fashion, where they can answer the question as well as respond to others.
If you have ever seen the show “Around the Horn” on ESPN, that is the type of interaction I am looking for.
I am planning on a pool of 6-8 masterminds, bit will limit each question to a panel of three members. I will try to minimize my own involvement in the questions to only provide structure where needed or correct any factual errors.
Here are today’s panelists:
Keith Parsons CWNE#3 : @keithparsons http://wlaniconoclast.blogspot.com A gifted presenter, Keith is known for his wit and broad technical expertise. He holds over 50 technical certifications and has earned an MBA from the Marriott School of Management. He is author (or editor) of a dozen technical publications and has developed seven technical certification programs. He travels throughout North America, Europe, Africa, Asia and Australia in behalf of a wide variety of IT vendors, explaining networking technology to industry professionals.
Bruce Hubbert : Bruce is a veteran of the security industry since 1993, currently functions as the Principal Systems Engineer for AirMagnet. Bruce is the primary pre-sales technical expert for this market leading and award winning wireless analysis and WLAN security systems manufacturer. Bruce has represented AirMagnet to the media and has been featured in the Washington Post, New York Times, Wireless Week, The IEEE, EE Times, Information Week, Techworld Japan (in English Here) and on Television on the History Channel’s “Tactical to Practical” and ABC News “Business Now”. You can read Bruce’s wireless blog, “Freakquency” at http://www.hubbert.org/
Ken Hall, CWSP, RFID+ : As a Senior Technology Solutions Consultant with over 20 years in IT, Ken has designed and/or deployed approximately 100 wireless networks; including the design and initial deployment of the Air Force’s 2nd Generation Wireless LAN. His background includes security, routing, and switching with a smattering of everything else in between. Ken enjoys consulting due to the constant change in architectures and the possibility of helping customers resolve complex networking issues.
Today, the panelists are tackling questions related to the use of Personal Pre-shared Keys (PPSK):
Several WLAN companies have recently developed alternatives to 802.1X networks that include a per-user pre-shared key (PSK). What role do you see this technology playing in the enterprise? What are its advantages? What are the disadvantages?
Keith: Traditionally, we have had in the WiFi industry three common ways to access a WiFi network.
1 – Open Authentication
- Great for Hotspots
- Easy to setup and use
- Hand-held devices and VoIP handsets easy to configure
- All traffic sent in the clear
- No control or QoS
- No-cost
2 – Pre-Shared Key (SoHo)
- Single authentication key for SSID
- Everyone shares the same key
- Encryption keys are based from this key
- Traffic sent encrypted
- Easy to implement
- No-cost
3 – 802.1X or 802.11i with a Radius Server
- Authenticates Users with a variety of methods
- Each user gets unique encryption keys
- Hard to setup and configure
- May be more costly depending…
But now a couple of vendors are entering the fray with an additional access method. One that has the ease of use of Pre-Shared Keys, but with the per-individual ability of 802.1X!
These PPSK systems offer an alternative to an 802.1X implementation. Guests can be given unique credentials that can be easily revoked, or based on time duration. This makes the management of WiFi encryption much much easier. Client devices also can be more easily configured and can roam quicker using the PSK method.
Depending on the size and security policies of your enterprise, this might be a great new service to speed and maintain security for your now-open WiFi network. I look forward to more vendors opting for this easy, simple solution.
Bruce: I remember awhile back that T-Mobile allowed it’s subscribers to utilize 802.1x with EAP-TTLS and PAP via their hotspots (http://www.hubbert.org/2006/12/t-mobile-wpa-without-nasty-client-sw.html) and I used that method all the time. It was fast and secure. I wish more Hotspot providers would do that. It just used you standard login as a T-Mobile subscriber.
There is also the company, DeviceScape who has a method to pre-authenticate you to a hotspot without the nasty splash page, which is handy. Neither of these systems, however can assist you if you rolling out to an Enterprise or SOHO. There you are stuck with 802.1x and WPA/WPA2-PSK
I am not a big fan of Proprietary systems and I think most IT administrators agree. It can lead one down a long road to a possible dead end with a large amount of time and effort wasted. If you are Ruckus or Aerohive or Aruba and your system is a good one, then why not pony it up to the IEEE for consideration. I really do like the idea of per-user PSK’s, however, so I am hoping that these vendors do the right thing and present it as a new task group. Pre-Shared Keys, especially ones with a real world association (think “a real English word or phrase”) have serious issues. With only one key used to authenticate, the hacker need only crack it to get in. per user PSKs would theoretically allow you a much higher degree of control as you might be able to limit access to subnets on a per user basis.
I was at ShmooCon in Washington DC in 2006 when RenderMan release the Church of WiFi Rainbow Tables (http://www.renderlab.net/projects/WPA-tables/) which made it quick and trivial to crack pre-shared keys for both WPA and WPA2. The solution? On his website, RenderMan puts it this way:
‘The fact that we found a way to speed up WPA-PSK cracking does not mean that it is broken. Far from it. The exploit used by coWPAtty and other similar tools is one of dumb passphrases. The minimum number of characters for a WPA-PSK passphrase is 8. The maximum is 63. Very few users actually use more than about 20 characters. As well, they also choose known words and phrases, likely to be in a dictionary. This allows us to leverage a human element in obtaining the key.
To get decent protection from WPA-PSK, you should use a very long, very random, alphanumeric string longer than 20 characters. To protect yourself further, particularly against the WPA-PSK hashtables, you should use a SSID not on the top 1000 list. This will force the attacker to compute their own list, rather than use one of the CoWF tables.
All that said; you should be using WPA2 with a radius server to get more reliable protection.”
I think time will tell, through testing, debate and consensus building which method is best but I am resisting any method not adopted by the industry as a whole.
Ken: Maybe I’m old-fashioned, but I typically keep my employee access limited to PEAPv0 (EAP-MSCHAPv2) and guest access to open authentication/no encryption or a captive portal/walled garden. While a per-user PSK may be beneficial in some solutions, I believe it will prove to be a niche-market. Most organizations want to decrease the amount of management required to implement a solution. With a typical, centrally-managed, overlay WLAN solution, once it’s initially configured, it doesn’t tend to need a great deal of extra management. All of the wireless users are already managed through other resources (i.e. AD, LDAP, etc.); and guest users are severely policy restricted and quite possibly on a physically separate network, so the typical recommendation would be for them to use a layer 3 method (i.e. VPN, etc.) for their encryption. The per-user PSK will increase the amount of “touch” required to manage those unique users/devices, but at the same time will provide a more secure previously unavailable method of authentication/encryption mechanism. So, yes, I believe it is a feasible technology and there is certainly a case for it…but, I also believe that it will see more application specific deployment than wide-spread adoption and use.
What do YOU think? Are Personal PSKs a legitimate form of WLAN security or just marketing fluff? Let our panelist know what you believe by submitting a comment!
Related Posts:
![[LinkedIn]](https://i0.wp.com/farm4.static.flickr.com/3477/3463037125_247575d1f3_m.jpg)
![[LinkedIn]](https://i0.wp.com/farm4.static.flickr.com/3598/3463037145_924738ec38_m.jpg)
![[del.icio.us]](https://i0.wp.com/images.del.icio.us/static/img/delicious.small.gif){kind=small}
WiFi Jedi.com 
You must be logged in to post a comment.