Views

Telecom:OSS:WLAN-Management

Contents

[edit]

Navigation



[edit]

Related categories

Free NMS · Resources · SNMP · CIM & DMTF ·


[edit]

About this page

We apologize for the little information we provide, this page is still under construction. Please stay tuned.
Image:Construction_worker.gif

[edit]

Wireless Infrastructure Market outlook

The Wireless Infrastructure Provider market is still quite fragmented, although uncontested market leaders like Cisco, Aruba Networks, Symbol or Meru start to emerge. Comparing the Gartner "Magic Quadrant for Wireless Infrastructure" for 2006 and 2005 one can see that the market consolidates around a few leaders. Consequently, a Wireless Network Management solution has to provide good support for equipment from multiple vendors (e.g. Airwave). The wireless LAN market surpassed $3.6 billion in 2006, growing 15 percent over sales in 2005. Much of the growth was with the SOHO 802.11g and draft-compliant high-speed 802.11n devices. Cisco Systems led the market for worldwide WLAN equipment sales in 2006, growing at a steady yearly 35 percent. Sales of enterprise WLAN solutions were enabled by the advent of centralized WLAN solutions. Symbol Technologies, now owned by Motorola, followed but took a sales dip of 21 percent. The fastest-growing vendor for the segment was Aruba, whose sales grew 62 percent to the No. 3 spot. 3Com followed in fourth with a sales decline of 37 percent, while HP's ProCurve Networking division finished fifth with a 47% sales boost.

[edit]

Wireless LAN Management Technology Drivers

A 2004 Survey by Infonetics ("User Plans for Wireless LANS") found that more than 60% of enterprises believed mobile computing drives employees' productivity increases but more than half of enterprises felt that security was a concern to implementation. In the meanwhile, as the security aspects of the Wireless LAN (WLAN) were addressed by solution vendors, it is expected that by 2010 over 80% of North American organizations would adopt wireless LANs [1] Out of these organizations many would opt for deployment of mobile VoIP solutions [2], taking advantage of the increasing number of PDAs and mobile phones incorporating WiFi technology. These organizations envision new applications of the technology:
  • Healthcare - timely and convenient access on-line mobile patient/customer records and drug information can
reduce the risk of misdiagnosis or the improper prescription of medications that may conflict with each other. However tight information-security regulations (HIPAA) represent challenges for the solutions providers and integrators.
  • Manufacturing - inventory systems can automatically update new levels and push information in real-time
to various stakeholders in the production process, who can also benefit of more efficient workflows through Wireless VoIP.
  • Business "road warriors" - mobility is essential and public internet hotspots (already 500K deployed by 2007) are a driver
for the adoption of the new business model of a converged mobility service provider
  • Hospitality - guest information can be accessed at a glance by service and facilities staff and up-to-date
information and alerts can be pushed to security personnel, while wireless VoIP can enable faster collaboration and problem resolution.
  • Mobile IT Staff - phone calls can be handled on the go and helpdesk tickets can be received, updated and closed
on the handheld device without running back to a desk.
  • Operational cost savings - reducing or eliminating the IT administrative burden associated with employee Moves/Adds/Changes (MAC)
in environments where floor plans may change frequently, such as retail stores

[edit]

Technology Challenges

A wireless network with weak security can compromise an entire organization’s security and create more problems than it solves, hence the need of strong authentication of users, intrusion protection and privacy protection of the delivered data.

[edit]

Network Management solutions for a Wireless Environment

Beside the need for Availability- , Fault- and Performance Management, managing a Wireless LAN infrastructure involves much more emphasis on security and roaming than the management of the "wired" network environment. Of paramount importance are:
  • Network Change and Configuration Management (NCCM) of the Wireless Access Points (AP)
    • Automatic auditing of existing configurations and raising alarms in case of anomalies being detected
    • Automatic configuration of AP devices according to security-compliant templates
    • Archiving of AP configurations and automatic restore thereof in case of inconsistencies being detected
    • Automatic update of firmware on AP devices
  • Intrusion detection and prevention
    • Automatic detection of "rogue" AP or clients and raising alarms thereof
    • Continuous "sniffing" of network traffic with automatic detection and alerting of suspicious "intrusion patterns" like
      • "Long frames” attack
      • DOS attacks (through disassociation flooding or jamming)
      • "Man in the middle" attacks through SSID or MAC spoofing
    • Automatic disabling of detected "rogue" devices (e.g. flooding them with disassociation packets, blocking rogue-AP MAC addresses in the switch ports or using the "honeypot" techniques)
  • Automatic monitoring of signal-coverage and interference patterns and automatic adjustment of power-levels for optimal roaming and to avoid leaks outside the security perimeter.
  • Auditing and logging of client access and roaming into the network as well as of AP connected into the network.
  • Monitoring of intra-ESS roaming performance (hand-off times)


[edit]

Intrusion detection and prevention

From a security standpoint it is important that the WLAN Management System monitors in real time the network for the presence of unauthorized ("rogue") devices - either AP or clients - alerts when it finds any and eventually block or disables them.

[edit]

Rogue scanning

There are several methods that can be used for rogue-device detection and they can be generally classified as "over the air" and "on the wire":
  • Over the Air
    • Utilizing Enterprise APs supporting the scanning feature (e.g. Intel, Symbol, Proxim, Avaya, Cisco and Colubris)
    • Utilizing Software Agents deployed on client workstations
    • Using specialized RF sensors distributed across the security perimeter
  • On the Wire
    • Querying APs, switches and routers for unauthorized IP- or MAC-addresses they've detected
    • Listening for specific protocol messages
  • Integration with External IDS systems (e.g. Cisco WLSE/WCS, AirMagnet, WildPackets OmniPeek, etc)


Specialized Intrusion Detection/Prevention tools exist from AirMagnet, AirTight Networks, Aruba and products from other vendors (e.g. Adventnet ManageEngine WiFi Manager) However, there are many infrastructure- and vendor-specific peculiarities to be considered when chosing such an IDS/IPS solution.
  • Tolly Group 2007 and 2006 studies evaluating and comparing side-by-side the IDS/IPS solutions
  • Who Leads in WLAN Security - Comparative Evaluation of Vendor Offerings and Positioning [3]
  • Tolly Group Benchmarking Strategies for Wireless Intrusion Prevention Systems
    • White Paper for 3Com
    • White Paper for AirDefense and AirTight [4]


[edit]

Mesh Networks

A Wireless Mesh Network is a cloud of wireless nodes in which there are at least two pathways of communication to each node. A Wireless Mesh Network relies on ad-hoc connectivity, adaptive radio technology and dynamic routing in order to maximize the bandwidth availability. The 802.11 mesh technology relies on the IEEE 802.11s extensions, still in draft status, that allow for broadcast and multicast operation. The technology is not obvious and had significant growth pains (w.g. the 1'st generation, Google-sponsored WiFi mesh in Mountain View) , currently being at the 3'rd generation


[edit]

Wireless (and related) resources

  • Public Safety Wireless Technology Links [5]
  • Wireless links [6]
  • YesTurnkey Wired/Wireless Network Operations Center (WiNOC) [7]
  • MobiLib: Community-wide Library of Mobility and Wireless Networks Measurements [8]
  • Wireless resources [9]
  • Wireless networks technologies [10]
  • 802.11 Technical Introduction [11]
  • The IEEE 802.11 standard [12]
  • The 802.11 Family of WLAN Standards - "Untangling the Alphabet Soup" [13]
  • Wireless resources [14]
  • Developing a WIFI Network in. an iSeries Environment [15]
  • Wi-Fi documents [16]
  • 802.11-based Wireless LANs Architecture and Physical Layer [17]
  • QoS in Wireless Data Networks [18]
  • Wi-Fi Alliance Knowledge Center [19]
  • Introduction to 802.11e [20]
  • Wireless LAN (IEEE 802.11 class of protocol suite) [21]
  • Euro NGI - QoS in multi-service wireless networks [22]
  • Enterprise Wireless Alliance (EWA, formerly ITA and AMTA) [23]
  • Why not Cisco? - a "Network Computing" article on WLAN market consolidation drivers [24]


[edit]

Cisco Wireless LAN and related technologies

  • Cisco Enterprise Mobility 3.0 Design Guide [25]
  • Cisco Structured Wireless-Aware Network (SWAN) [26]
  • Structured Wireless-Aware Network (SWAN) primer
  • Managing Cisco WLANs [27]
  • Cisco Unified Wireless LAN update [28]
  • Internet Accounting - TACACS+ [29]
  • Conducting a WIPT survey (with AirMagnet Surveyor) [30]


[edit]

Wireless Network Management and IDS/IPS solutions

In this competitive space three types of solutions can be identified:
  • "Free" solutions (that actually evolved out of the hacking tools)
  • Solutions pushed by equipment manufacturers (e.g. Cisco, Aruba, Colubris) to support their own uni-platform management.
  • Multi-platform solutions pushed by specialized software vendors (e.g. AirWave, AirTight Networks, AirDefense, AirMagnet)


[edit]

Wireless security resources

  • Wireless attack & penetration and Countermeasures (local copy)
  • Intrusion Detection and Monitoring for Wireless Networks [31]
  • Wi-Fi trickery - secure, break and have fun with Wi-Fi [32] presentations
  • Distributed Wireless Security Monitors review [33] (comparative matrix)
  • Tolly Group 2007 and study evaluating and comparing side-by-side the IDS/IPS solutions
  • Unplugged - article on WLAN security from Information Security Magazine [34]
  • Assessing the security of a wireless environment [35]
  • NIST Special Publication 800-48. Wireless Network Security [36]
  • Adventnet - Rogue Detection And Blocking Using WiFi Manager [37]
  • The necessity of rogue AP detection - E&Y whitepaper [38]
  • Time to tighten the wireless net [39]


[edit]

Free solutions for Wireless Network Security

  • NetStumbler displays wireless access points, SSIDs, channels, whether WEP encryption is enabled and signal strength. NetStumbler can connect with GPS technology to accurately log the precise location of access points.
  • Ministumbler a smaller version of NetStumbler designed to work on PocketPC 3.0 and PocketPC 2002 platforms. It provides support for ARM, MIPS and SH3 CPU types.
  • Black Alchemy's Fake AP generates thousands of counterfeit 802.11b AP as part of a honeypot or as an instrument to confuses attackers scanning the network.
  • Kismet is an 802.11 wireless network detector, sniffer, and IDS that can identify named networks or decloak hidden (non-beaconing) ones.
  • WifiScanner analyzes traffic and detects 802.11b stations and access points from all 14 channels, writing packet information in real time for post-analysis and searching APs and associated client stations.
  • wIDS is a wireless IDS that detects the jamming of management frames and could be used as a wireless honeypot. It can decript on the fly data frames and re-inject them onto another device.
  • AirSnare - an IDS tool that notifies whenever it detects a "rogue" MAC address not included in the list of friendly MAC addresses.
  • WAVEMON - a monitoring application for wireless network devices
  • Network Security Toolkit including the top 100 recommended by Insecure.org
  • Turning a Linksys WRT54G into more than just a Wireless Router [40]
  • Mitigating Rogue Access Points in Corporate Environments - Wireless IDS based on WRT54G OpenWRT probes [41]
  • "Design and Implementation of a Wireless IDS" - a Shmoocon 2005 presentation by Laurent Butti and Franck Veysset
  • "Deploying a Wireless IDS Solution for Your WLAN" - wireless IDS comparison
  • Hackers Perspective - the Linksys WRT54G - how-to for a kismet-based IDS
  • Stumbling software - Netstumbler, Ministumbler, Kismet, Wavemon


[edit]

Airwave Managememnt Platform (AMP)

The AirWave Management Platform (AMP) is a software solution that installs on standard Linux server hardware (Centos 4.3 + PostgreSQL) in a WNOC. Provides a web-based UI that gives users a single point of intelligent control for remotely monitoring and configuring multi-vendor wireless AP and connected devices (routers and switches). The software offers device discovery, centralized policy definition, automated configuration management and audit, firmware distribution, real-time monitoring, diagnostics, and reporting. AMP supports hardware from many enterprise-grade vendors, including Aruba, Cisco, HP, Symbol, Meru and others. AMP collects data in real time (through SNMP, HTTP, SSH, etc..) from every wireless device or controller connected to the network, including configuration information and used-connection data. This data is continuously monitored and analyzed by AMP’s analytical engine to alert IT whenever problems may impact wireless network service or security. Depending on the nature of the problem, AMP may automatically implement corrective actions or enable network administrators to remotely reconfigure the network as required. AMP can be configured to use an external TACACS+ user database to simplify password management for AMP admins and users. AMP can also resolve clients' MAC addresses to user names by collecting RADIUS accounting records from Cisco ACS servers. The Airwave Managememnt Platform comes with a number of options:

Image:airwave_features.jpg

  • The VisualRF module provides real-time graphical reports on WLAN KPI and a coverage map of any facility in the WLAN, for
use in troubleshooting or planning, graphical depictions of each wireless user’s physical location on the network and visual reports identifying the location of potential rogue access points.
  • The RAPIDS (Rogue AP Intrusion Detection System) is a server-side software application that automatically detects and
locates unauthorized access points through a combination of RF scanning and wireline “fingerprinting.” RAPIDS can command authorized APs to scan the RF airspace for any rogue devices or it collects this information from other NMS and IDS/IPS systems like:
  • Cisco WLSE or WCS
  • Airmagnet Enterprise [42]
It also scans the wired network to determine whether any unknown APs are connected outside the range of the authorized access points.
  • AirWave Wireless Site Plan (AWSP) is a Visio-based software application that helps designing a graphical RF site
plan that provides the coverage while minimizing RF interference. Once the site design is finalized in AWSP, an administrator can simply upload the design to the AirWave Management Platform, which automatically configures the wireless network infrastructure to match the plan.
  • AirWave Management Link (AML) is a Java application that facilitates integration and communication between AMP
and other NMS such as HP OpenView NNM, HP ProCurve Manager and others. Normaly the AirWave Management Platform can be configured to notify by E-Mail or SNMP traps whenever a critical or abnormal condition is detected and an intervention is required.

The Airwave Management Platform integrates with third-party Network Management and IDS/IPS systems
  • Cisco WLSE [43]
  • Airmagnet Enterprise solution
  • Aruba MobileEDge management solution [44]


[edit]

Airmagnet Enterprise

The AirMagnet solution offers the following features:
  • Wireless Selective Blocking by stopping wireless threats at the source and making a rogue device unable to make or maintain any wireless connections.
  • Wired-Side Blocking by block threatening devices' access at the wired switch port.
  • Locating Threats by pinpointing on a facilities' map the exact location of rogues and intruding devices.
  • Analytical Device Tracing, spanning multiple switches and pinpointing where the device is attached to the wired infrastructure.
  • Triggering automated response to threats based on predefined policies.


AirMagnet is able to infer presence of "rogue" devices based on MAC address characteristics, channel/frequency usage or SSID. It also provides compliance assessment and reporting (SOX, HIPAA, DoD, etc) for devices and policies. The SmartEdge sensors support IEEE 802.3af POE and have local analysis capability of the sensed RF environment for potential threats. In terms of scalability a single AirMagnet Enterprise Server (configurable in Fail-Over mode) can support up to 1,500 SmartEdge sensors, each monitoring up to hundreds of wireless devices. Beside the SmartEdge Sensors, AirMagnet Enterprise integrates Cisco 1130/1200 "scanning" APs, using the "AirWISE Agent", an application installed on a separate machine, which collects, analyzes and forwards data and alarms sent by Cisco scanning APs. The AirMagnet Spectrum Analyzer Sensor collects RF spectrum data for network design optimization, capacity planning and troubleshooting. The AirMagnet Laptop Wireless LAN Analyzer is a software application installed on a laptop that facilitates troubleshooting of wireless environments and can also be used in "sensor mode". The AirMagnet Handheld Analyzer runs on a Pocket PC (802.11b only) and can locate APs with their MAC addresses and IP addresses. Like the Laptop Analyzer it can identify MAC address spoofing attacks looking at vendor IDs and protocol sequences. It can also (with the Find Tool) physically locate rogue access points or clients/acces points operating insecurely.. The Airmagnet solution had its inception in 2005, based on Cognio's ISMS (Intelligent Spectrum Management System). A number of wireless-spectrum analysis products from Airmagnet, WildPackets and Fluke Networks are based on OEM'd Cognio technology. Wireless spectrum analysis is essential in areas where interference is likely, as it is for instance the case with hot-spot networks in airports. The core of the Cognio technology is the proprietary SAgE chip-set. Cognio went through some $20 million via a few rounds of VC developing their proprietary SAGE chip and software over the years.
In September 2007, Cisco acquired Cognio for an undisclosed amount in stock swap, making Cisco an important player in the Wireless-spectrum analysis market. The new Cisco product using the Cognio technology is the laptop-based Spectrum Expert. It seems that the Cisco product is extremely similar to Airmagnet's Spectrum Analyzer - including GUI, look&feel, menus and the similarity comes from the fact that both are based on Cognio's technology. What Cisco brings as added-value is integration with WCS. The street-price for the product is around $2500. The Cognio acquisition by Cisco raises some questions with the longer-term viability of Cisco's competitors in this market - Airmagnet, Fluke and WildPackets, all using the same Cognio (now Cisco) technology.

Some AirMagnet resources:
  • AirMagnet Survey Pro [45] Spectrum Analyzer
  • SmartEdge sensors features [46]
  • Conducting a WIPT survey (with AirMagnet Surveyor) [47]
  • Best Practices for Rogue Detection and Annihilation [48]
  • Network Computing - Wireless IPS/IDS review [49]
  • AirMagnet Enterprise 5.0 Evaluation Guide [50]


[edit]

Other IDS/IPS solutions

  • AirDefense Enterprise [51]
  • Network Chemistry RF Protect Scanner [52]
  • AirTight SpectraGuard Enterprise [53]
Retrieved from "http://www.mindtrek.dnsalias.net/components/com_mambowiki/index.php/Telecom:OSS:WLAN-Management"