Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Wireless LAN (WLAN) Management and Services

Published byDominic Parker Modified over 10 years ago

Similar presentations

Presentation on theme: "Enterprise Wireless LAN (WLAN) Management and Services"— Presentation transcript:

1 Enterprise Wireless LAN (WLAN) Management and Services
Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

2 Wireless Network Woes Corporations spend lots of $$ on WLAN infrastructure Worldwide enterprise WLAN business expected to grow from $1.1 billion this year to $3.5 billion in 2009 Wireless networks perceived to be “flaky”, less secure Microsoft’s IT Dept. logs several hundred complaints / month Users complain about: Lack of coverage, performance, reliability Authentication problems (802.1x protocol issues) Network administrators worry about Providing adequate coverage, performance Security and unauthorized access DefCon 2005 : WiFi Pistol, WiFi Sniper Rifle, WiFi Bouncing, AirSnarf box Better WLAN management system needed! 2

3 Requirements for a WLAN Management System
Integrated location service Mobile Clients Problems may be location-specific Multiple monitors Dense deployment Complex signal propagation in indoor environment Many orthogonal channels Asymmetric links Management system consists of a monitoring subsystem that gathers data, inference engine that processes it and then takes action. Wireless presents challenges for gathering and processing data Scalable Self-configuring Cope with incomplete data

4 State of the Art AP-based monitoring (Aruba, AirDefense, ManageEngine …) Pros: Easy to deploy (APs are under central control) Cons: Can not detect coverage problems using AP-based monitoring Single radio APs can not be effective monitors Limited coverage even with dual-radio APs MS IT currently uses dual-radio APs from Aruba Specialized sensor boxes (Aruba, AirTight, …) Pros: Can provide detailed signal-level analysis Cons: Expensive, so can not deploy densely Monitoring by mobile clients Research MSR [Adya et. al., MobiCom’04] Pros: Inexpensive, suitable for un-managed environments (Ranveer’s talk). Coverage not predictable (clients are mobile) Lack of density Battery power may become an issue Only monitor the channel they are connected on Aruba system works, but not clear how effective it is. Supposed to detect rogue APs. They found one recently – it was deployed by another group on our floor, but they have never detected ours – we have been doing this for good six months! Mo

5 + Observations DAIR: Dense Array of Inexpensive Radios
Desktop PC’s with good wired connectivity are ubiquitous in enterprises Outfitting a desktop PC with wireless is inexpensive Wireless USB dongles are cheap As low as $6.99 at online retailers PC motherboards are starting to appear with radios built-in + Leverage desktops to become wireless monitors Combine to create a dense deployment of wireless sensors DAIR: Dense Array of Inexpensive Radios Details: HotNets’05, MobiSys’06

6 Key Characteristics of DAIR
High sensor density at low cost Effective monitoring of multiple channels in indoor environments Tolerates failure of a few sensors Leverages existing desktop resources Sensors are stationary Provides predictable coverage Permits meaningful historical analysis Makes it easier to build an integrated location service Accuracy improves with sensor density Completely self-configuring Ease of deployment To reiterate, the key characteristics of DAIR are … Self configuration is not a direct consequence of the basic idea. Rather, it is a need (due to high sensor density), and we have explicitly designed our system to be so. 6

7 DAIR Architecture AirMonitor AirMonitor Land Monitor Wired Network
Summarized Data Commands Wired Network Commands and Database Queries Four main components: AirMon, LandMon: use wired services like DHCP, ex, Database, Inference AirMonitors: wireless sensors. Primarily passive, in certains cases generate active traffic LandMonitors: wired sensors. One per subnet. Inference engine: queries database, performs complex, cpu intensive computations. Database: goal is to support a small # of 100’s of clients per database Data from database Data to inference engine Summarized data from Monitors Other data: SNMP, Configuration Inference Engine Database

8 Monitor Architecture Extensibility : new task = new filter
Filters summarize what they hear, periodically submit summaries to a db server. Filter for Rogue wireless detection summarizes SSID and BSSID information. All support modules make the filters simple to write. 8

9 Managing Existing WiFi Networks using DAIR
Security Applications Detect Rogue APs, DoS attacks Response: Locate AP, Inform netops Launch DoS attacks against Rogue APs Performance management Monitor RF coverage: Detect poor coverage, RF holes Locate region of poor coverage Provide temporary coverage until an AP can be installed Load balancing: Detect overload, congestion, flash crowd, rate anomaly DAIR nodes temporarily serve as APs or repeaters Reconfigure AP power levels (cell breathing) Location service to support above applications Told you about challenges, now let’s look at some specific applications. We have already built blue ones. . And we have built a location service to support these apps.

10 Overview of location service
Distinguishing features: Self-configuring Can locate un-cooperative transmitters (e.g. unauthorized APs) Office-level accuracy How it works: AirMonitors locate themselves AirMonitors regularly profile the environment to determine radio propagation characteristics Inference engine uses profiles and observations from multiple AirMonitors to locate clients, sources of interference (DoS attack?), determine regions of poor performance Many wireless location systems have been proposed.

11 Example Application: Detecting Rogue AP
Problem: Careless employee brings AP from home, attaches it to the corporate network Bypasses security measures like 802.1x, allows unauthorized clients to gain access Once rogue network is installed, physical proximity is no longer needed Simple solution: (state of the art) Build database of authorized SSIDs (Network Names) and BSSIDs (AP MAC Addresses) Whenever an unknown entity appears (either SSID or BSSID), raise alarm False positives: Reason: Shared office building Solution: determine whether suspect AP is connected to corporate wired network Array of tests: association test, src/dst address test, replay test False negatives: Reason: Malicious user configures rogue AP with valid SSID/BSSID Solution: use location and breaks in packet sequence numbers to disambiguate Trivial to create a rogue ad-hoc network with a desktop machine 11

12 Current deployment Testbed: 40 nodes on one floor
Operational since Nov’05 NetGear USB Wireless Adapter Custom driver Database server: MS SQL 2005 on 1.7GHz P4 with 1GB RAM Inference engine server: 2GHz P4 with 512MB RAM Nodes submit summary data every 2 minutes (randomized) Inference engines query data every 1-3 minutes

13 One database server per building should be sufficient.
System Scalability Load on database server < 75% Additional load on desktops < 2-3% Wired network traffic per node < 5Kbps One database server per building should be sufficient.

14

15 Backup slides

16 See 2 & 3 during break after the talk
Demo ….. Rogue AP detection and location DoS attack (Disassociation attack) detection and location Location-aware client performance monitoring See 2 & 3 during break after the talk

17 How do AirMonitors locate themselves?
Monitor machine activity to determine primary user Look up ActiveDirectory to determine office number Parse office map to determine coordinates of the office Verify and adjust coordinates by observing which AirMonitors are nearby

18 Profiling the Environment to build a Radio Map
Each AirMonitor periodically transmits beacons Repeat for various channels, power levels, various times of day Other AirMonitors record signal strength Inference engine fits curve(s) to collected observations The curve is a compact and approximate representation of the radio propagation characteristics of the environment 802.11a (5GHz) Normal office hours 3rd floor of building 112 33 AirMonitors

19 Determining location of clients (any “transmitter”)
AirMonitors capture packets from the client, report observed signal strength of database Inference engine: Selects appropriate profile (frequency, time of day) Locates client using the observations from AirMonitors and the profile Spring-and-ball algorithm for fast convergence

Download ppt "Enterprise Wireless LAN (WLAN) Management and Services"

Similar presentations

SEMINAR ON Wi-Fi.

SEMINAR ON Wi-Fi.
Wi-Fi Technology.

Wi-Fi Technology.
Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)

Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)
1 Fault Analysis for Large-scale Campus-wide Wireless Networks Jian Chen 01-15-2009 Department of CS, Tsinghua University, Beijing, China.

1 Fault Analysis for Large-scale Campus-wide Wireless Networks Jian Chen Department of CS, Tsinghua University, Beijing, China.
1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl, Jitendra Padhye, Lenin Ravnindranath,

1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl, Jitendra Padhye, Lenin Ravnindranath,
Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
Rohan Murty Harvard University Jitendra Padhye, Ranveer Chandra, Alec Wolman, and Brian Zill Microsoft Research 1.

Rohan Murty Harvard University Jitendra Padhye, Ranveer Chandra, Alec Wolman, and Brian Zill Microsoft Research 1.
The Next Step NSW DET Standards.  Standard (“fat”) Access Point(s) (AP’s) installed  Multiple laptops connected  Security provided by WEP or WPA (or.

The Next Step NSW DET Standards.  Standard (“fat”) Access Point(s) (AP’s) installed  Multiple laptops connected  Security provided by WEP or WPA (or.
Doc.: IEEE 802.11-12/0898r2 Submission July 2012 Marc Emmelmann, FOKUSSlide 1 Fast Initial Service Discovery: An enabler for Self-Growing Date: 2012-07-16.

Doc.: IEEE /0898r2 Submission July 2012 Marc Emmelmann, FOKUSSlide 1 Fast Initial Service Discovery: An enabler for Self-Growing Date:
Network security Dr.Andrew Yang.  A wireless sensor network is network a consisting of spatially distributed autonomous devices using sensors to cooperatively.

Network security Dr.Andrew Yang.  A wireless sensor network is network a consisting of spatially distributed autonomous devices using sensors to cooperatively.
Wide Area Wi-Fi Sam Bhoot. Wide Area Wi-Fi  Definition: Wi-Fi (Wireless Fidelity) n. – popular term for high frequency wireless local area networks operating.

Wide Area Wi-Fi Sam Bhoot. Wide Area Wi-Fi  Definition: Wi-Fi (Wireless Fidelity) n. – popular term for high frequency wireless local area networks operating.
Www.planet.com.tw Technical Guide For Mesh AP – MAP-3120 What’s the difference between Mesh Bridge and AP WDS Bridge?

Technical Guide For Mesh AP – MAP-3120 What’s the difference between Mesh Bridge and AP WDS Bridge?
Location Based Services Lenin Ravindranath, Microsoft Research India.

Location Based Services Lenin Ravindranath, Microsoft Research India.
USRobotics Professional Access Point  Yosi Rafael.

USRobotics Professional Access Point  Yosi Rafael.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Wi-Fi Neighborcast: Enabling communication among nearby clients

Wi-Fi Neighborcast: Enabling communication among nearby clients
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl †, Jitendra Padhye †, Lenin Ravnindranath.

1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl †, Jitendra Padhye †, Lenin Ravnindranath.
A Location-Based Management System for Enterprise Wireless LANs Ranveer Chandra, Jitendra Padhye, Alec Wolman and Brian Zill Microsoft Research.

A Location-Based Management System for Enterprise Wireless LANs Ranveer Chandra, Jitendra Padhye, Alec Wolman and Brian Zill Microsoft Research.

Similar presentations

Ads by Google