Upload
lamdan
View
215
Download
1
Embed Size (px)
Citation preview
Designing Wireless (WiFi) Networks for Buildings
Ronald van Kleunen CEOGloberon Pte Ltd / Globeron Security
SynopsisHave you ever wondered: • How to design a wireless WiFi network? • Why home WiFi networks are different from Enterprise WiFi? • What impact security has on WiFi networks? • How to do a site survey? • To do a professional wireless design training and get BICSI CECs? • What wireless design & survey tools are available? If so, then this workshop will help you in better designing WiFi networks and this presentation will help you to get deeper insight what is needed in the wireless industry.
Organizations' wireless communications become business and sometimes mission critical. Therefore a good wireless WiFi design is important to meet the demand of customers. This 3-hour hands-on workshop will help you to better understand how to do a wireless design, how it relates to the cabled infrastructure and which tools are available to do a wireless design.
What attendees will learn
Attendees • gain knowledge about the business needs and wireless service requirements for different vertical
industries in relation with wireless design standards• gain knowledge how to do Wireless WiFi designs for buildings and which tools are available and how
to validate a wireless design• Understand the importance of wireless security and the affect on the design of a wireless network
• The instructor is at CWNE (Certified Wireless Network Expert) level andCWNT - Certified Wireless Network Trainer
• Participants need to bring their own laptop to join the hands-on workshops in group exercises. Concepts will be shown how to do the wireless designs with tools and students can follow these.
Designing wireless (WiFi) networks for buildingsWhat are the issues ?
BICSI – Cabling and WirelessBuildings (Note: BICSI = Building Industry Consulting Service International)
Backhaul cabling capacity is importantas well does the cable go to the right location where the Access Points need to be installed to service customers ?
The issues: installations “BAD-FI”
Where is the AP?
Cage of Faraday
AND MANY MOREEXAMPLES !
The issues: RF Coverage planning Outdoor / Indoor
The issues: Radio Frequencies (RF) Spectrum challenges
For exampleOSI layer 1 – Spectrum Bad WiFi Channel planning(non-WiFi or WiFi interference) (co- and adjacent interference)
The issues: Explosive growth of wireless devices and internet of things, everything and wireless protocol/frame coordinations
Protocol analyzer / frame coordination analysis• Corrupted Frames• Retries• And many more details can be obtained
High DensityWireless cities - millions of people
• very dense areas (apartments, hotels, houses)• 24x hours people are on the streets (moving crowd)• One big WiFi zone in the city, • No channel coordination between ISPs and it is not possible with
people managing their own WiFi at home both 2.4 GHz and 5 GHz are not enough, but will it ever be?
• Security capabilities of wireless devices(internet of things / everything will have limitations)
• Mobility in the enterprise– Bring Your Own Device (BYOD)– Bring Your Own Application (BYOA)– Mobile Device Management (MDM)
• Roaming users – Café– Home– Travelling
• Cyber Security and Government regulations
The issues: Wireless Security
The issues: Capacity, Scalability and Management
• Number of client devices per Access Point (AP)• Type of applications running on the devices (Voice, Video, Data)• Performance and Roaming requirements• New standards IEEE 802.11ac MU-MIMO (aka “Wave 2”)• Backhaul capacity and Power over Ethernet requirements• Number of Access Points managed by a Wireless Controller
or connecting to a Cloud based controller• International regulations for Cloud based management systems• Location Based Services / Real Time Location Services• Data/Voice integrations between Cellular/Mobile and WiFi networks
(“3G / 4G” offload and Hotspots and Homespots)
The issues: skilled wireless professionals
Certified Wireless Trainer
Certified Wireless & Cabling installers and the right wireless + cabling measurement tools
Certified Wireless Support teams
Certified Sales PersonSelling Wireless
Certified Wireless Auditor
Certified Wireless Designerand Technical Specialist
Certified Wireless Professionals & customer
CustomerCustomer
The issues: Wireless Standardization, Certification Accreditation & Auditing
Will be covered:• Wednesday • 23 September 2015• 9am – 10am
Where to start ?
Resources to do a WiFi Design
BICSI Wireless Design Reference Manual (WDRM) Third Edition (2004 1st release- retired in 2014)
Third Edition 1st Chapter:Download 1st Chapter in PDF format
BICSI – Distributed Antenna System (DAS)
https://www.bicsi.org/book_details.aspx?Book=BICSI-006-CM-15-v5
Standard: ANSI/BICSI 006-2015 Distributed Antenna System (DAS) Design and Implementation Best Practices
Best practices for WiFi DesignsBest Practices for WiFi Designs• Vendor neutral - Certified Wireless Design Professional (CWDP)• Vendor Specific – e.g. Cisco or Aruba Validated Reference Design (VRD) and many other vendors
for High Density Client environments and Very High Density 802.11ac Networks
Workshop 1
Business & Wireless Requirements• What do you want to know from the customer?• What do you put in the proposal ?• Which legal documents need to be in place?
Shop
Workshop 2Which tools do you need?Hint: think about the wireless issues we saw before!1. Before we do a wireless design2. To create a wireless solution3. During implementation of the wireless solution4. After the implementation5. To support the wireless solution
Shop
Workshop 3Who need to be involved during a site survey?and during installation ?
What are the deliverables to the customer?
Sign-off, disclaimers, responsibilities and support processes
Shop
Wireless and Vertical market requirements
• Government (e.g. Security, Public WiFi)• Military (e.g. Security)• Retail (e.g. PCI-DSS Compliance) • Healthcare (e.g. Location Services)• Hospitality (e.g. Captive Portals)• Education (e.g. High density)• Telecom (e.g. Service Availability)• Finance (e.g. Security)• Manufacturing (e.g. Interference at WaferFabs)• Entertainment (e.g. High Density Stadiums)
Building Construction / Materials
Building Materials and wireless behavior / attenuation• Concrete walls• Metal (elevators, cabinets in the office• Air-conditioning / lowered ceilings• Cubicle walls• Water (e.g. swimming pool)• Mirrors• People (e.g. conference room)• StadiumLoss in dB levels (see Site Survey tools for simulation)Reflection, Refraction, Absorption, Diffraction, Scattering, Interference
Antenna’s and RF visualization
Regulations (Output power, Channels, DFS)
Antenna types, polarization• Omni-Directional antenna
– Low Gain / High Gain
• Directional antenna– Dish– Reflector Grid– Yagi– Patch/Panel
• Integrated antenna
Wireless Tools & requirements – Laptop basedCategories:• Reconnaissance (WiFi) OSI Layer 2
– Typically will work with many built-in adapters and dongles (external adapters)• Spectrum Analysis (WiFi uses 2.4 GHz / 5 GHz) OSI Layer 1
– A special dongle is required (dual-band)• WiFi Protocol Capture/Analysis OSI Layer 2
– Special requirements for the adapter to set it into “monitor” mode (promiscuous) to capture the wireless frames. Furthermore IEEE 802.11a/b/g/n/ac and spatial stream requirements and dual band
• Site Survey tools mainly OSI layer 2, some integrate with OSI Layer 2– Special requirements for the adapter to set it into “monitor mode” and dual band
• Security tools (e.g. for Security Audits/Penetration testing)– Special requirements for the adapter to set it into “monitor mode” and dual band
Workshop 4
WirelessReconnaissance
Shop
Example of Tools: Dongle requirements:Apple built-in• WiFi ScannerWindows built-in adapter• Metageek inSSIDer• Xirrus WiFi InspectorAndroid built-in adapter• WiFi Analyzer
Workshop 5
WirelessSpectrum Analysis
Shop
Example of Tools: Dongle requirements:Apple iPad/iPhone• WiPry (Oscium) 2.4GHz only WiPry dongleWindows • Metageek Chanalyser WiSpy dongle• Fluke Network/Spectrum XT SpectrumXT dongle• Cisco Cognio SpectrumExpert Use a Cisco AP (3500)Android• ?
Note: some Enterprise solutions can use the “Sensor-mode” on the AP to do Remote Spectrum Analysis
Workshop 6
WirelessProtocol Analysis
Shop
Example of Tools: Dongle requirements:Apple• MacOS X built-inWindows • Wireshark AirPCAP dongle• Savvius OmniPeek Several (Atheros, etc.)• Fluke Network WiFi Analyzer Several (Atheros, etc.)• TamoSoft CommView Several (Atheros, etc.)Android• ?
Note: some Enterprise solutions can use the “Sensor-mode” on the AP to do Remote Protocol Analysis
Workshop 7
WirelessSite Survey
Shop
Example of Tools: Dongle requirements:Apple• ? Windows • Fluke Networks Site SurveyPro Several (Atheros, etc.)• Ekahau Site Survey (ESS) Several (Atheros, etc.)• TamoGraph Site Survey Several (Atheros, etc.)• VisiWave Built-in• Zebra LAN Planner/AirDefense Several (Atheros, etc.)Android• Fluke Networks - AirMapper
Note: some Enterprise solutions can use the APs and “Sensors” to visualize the RF propagations on an map.
Workshop 8
Wireless Security (Auditing / PenTest)
Shop
Example of Tools: Dongle requirements:Apple• ?Linux Tool-kits (LiveCDs) • Kali Linux (aka BackTrack) Several (Atheros, Ralink)• PenToo Several (Atheros, Ralink)• OSWA Several (Atheros, Ralink)Embedded• WiFi PineApple
Workshop 9
Enterprise Level Wireless ManagementService + Security + MDM (BYOD)
Shop
Example of Tools: WLAN Management (or Cloud) WIPS solutions MDM (Mobile Dev. Mgmt)• Cisco Prime NCS / Cisco Meraki Cisco Meraki (AirMarshall) Mobile Iron• HP IMC Fluke Network AirMagnet Ent. Maas 360 (Fiberlink / IBM)• Aruba AirWave AirTight Networks WIPS AirWatch (Vmware)• Zebra (Motorola) AirDefense AirDefense WIPS• AirTight Networks• Ruckus • 7 Signals (Performance Mgmt)
Wireless Tools & requirements – Centralized / Enterprise
Categories:• Access Points
– Light weight / Autonomous / Hybrid– Dual band / Tri band (multiple radios)– Sensor capabilities (“Radio in monitor mode”)
• Wireless Controllers• Wireless Cloud Controllers• Power over Ethernet switches• Cabling• Authentication Services (e.g. RADIUS, Captive Portals)
Wireless ConfigurationsMany configuration options and probably not optimized- Channels- Number of SSIDs (Service Set Identifiers)- Security- Protocol settings (e.g. Frame Aggregation)- Quality of Service (QoS)
Wireless Service Performance and Security impact
Wireless Service Performance need to be monitored as it changes by minute/hour/daily depending on the environment (e.g. a shopping mall during opening time)It is a continuous cycle to go through and to do 24x performance monitoring
Security impacts the Wireless Infrastructure Performance• Authentication (RADIUS and location, Captive Portal)• Encryption (complexity)• Complexity of the Security framework used• Firewalls, inline Intrusion Prevention systems,• Virtual Private Networks (VPN), etc.
Skilled Wireless Professionals
Similar as with data and electricity cabling and building “Code of Conducts”, also the wireless industry need to be inline with these requirements / standardization.
With skilled Wireless Professionals there will be an improvement of the:1. Wireless Service Quality (for business critical services)2. Wireless Security (inline with Cyber Security requirements)
Wireless Professionals and BICSI Credentials (Valid 27 March 2014 - 2016) Continuing Education Credits (CECs)
BICSI Credentials for CWNP training(Valid period 27 March 2014 – 2016):• CWTS - 24 BICSI CECs• CWNA - 36 BICSI CECs• CWAP - 32 BICSI CECs• CWSP - 32 BICSI CECs• CWDP - 24 BICSI CECs
Globeron - BICSI Member: #237560
Globeron advised BICSI and CWNP LLC to add the CWNP training under BICSI for CECs (Continuing Education Credentials)
Verification (search on CWNP as provider)https://www.bicsi.org/forms/search/outsidevendors/default.aspx
Wireless Service and Security Management Standard
Wireless Service Security Management Standard (WSSMS)Note: Wireless = Mobile/Cellular, WiFi and indoor/outdoor mission/business critical wireless technologies
WSSMS auditor / Certified Wireless Security Auditor is a wireless security professional with the knowledge and skills required to assess the conformance of an organization's wireless services management system as part of the ISO/IEC 27001 ISMS standard.
Wireless Service Management Standard (WSMS)Note: Wireless = Mobile/Cellular, WiFi and indoor/outdoor mission/business critical wireless technologies
WSMS auditor / Certified Wireless Service Auditor is a wireless services professional with the knowledge and skills required to assess the conformance of an organization's wireless services management system as part of the ISO/IEC 20000 ITSM standard.
Together we need to get better quality wireless networksfor mission and business critical services
1. Click hereWireless Service management & audit aligned with ITSM / ISO/IEC 20000:2011
2. Click hereWireless Security management & audit aligned with ISMS / ISO/IEC 27001:2013
3. Standardization is needed for:• Design• Analysis • Security • Audit (end to end service & security management)
4. Accreditation Body for wireless services/technology Cellular/Mobile, WiFi, etc.
Ronald van Kleunen [email protected]
CEO Globeron Pte Ltd / Globeron SecurityCertified: CISM #1117595, CISSP #99801, GIAC #1395658 (GCIH), BICSI #237560, CWNE #108, CWNP #307052 (CWNT, Wireless#/CWTS, CWNA, CWSP, CWAP, CWDP, CWNE)ITILv2 and ITILv3 #819214, CSOEP #100600 (DataCentre, Infrastructure, Process, Management, Security)IRCA ISO/IEC 20000 ITSM (IT Service Management) #01193718, IRCA ISO/IEC 27001 ISMS (Security Management) #01193718