Category Archives: access point

iBwave Wi-Fi Training – Day Two

I am still going through the three-day iBwave Wi-Fi certification training class. It is now day two. Today, we started the class using output maps. iBwave supports the following output map templates, which can all be fully customized:

  • Signal strength
  • Best channel
  • Overlap zone
  • Maximum achievable data rate
  • SNR
  • Co-Channel Interference
  • Average downlink data rate
  • Capacity

They can all be generated for 2.4 or 5 GHz bands. You can also create a new output map to more specifically meet your needs. In addition, you can run the prediction for an output map, lock it, and then create another one like it, make changes to the plan and run the prediction. This allows you to compare the new results with the locked results – a very good feature.

The following image shows the CCI output map with three APs intentionally set to channel 1 in 2.4 GHz to illustrate the tool. It is important to note that such tools cannot really predict client-generated CCI. They only indicate the CCI that will result in areas from APs that can be seen on the same channel. Some guesswork could be used (possibly based on fancy statistics), but most tools just report on the AP-generated CCI. For my definition of CCI, see my blog post Defining Wi-Fi: CCI.

CCI Output Map - iBwave
CCI Output Map – iBwave

When creating the capacity map, you can configure several parameters to define the capacity. These include:

  • Market share (percentage of clients) for 2.4 vs 5 GHz
  • Percentage of SISO, 2×2 and 3×3 MIMO devices
  • Usage profiles defining Mbps in the link and throughput in Kbps
  • Application services including email, online gaming, web browsing and file downloads
  • Equipment limits (number of clients per AP radio)

The following image shows the Capacity Output map based on one capacity zone in the lower right corner and every other area defined as standard office use.

Capacity Output Map - iBwave
Capacity Output Map – iBwave

Data collection was the next topic of the day. Data collection is used to perform either a manual site survey or a validation survey. Like most tools in this category, both active and passive surveys are supported and iBwave Wi-Fi provides a communication server for the active survey.

Once collected, survey data can be used to calibrate modeling for the design as shown in the following image.

Calibration Model - iBwave
Calibration Model – iBwave

An extensive reporting solution is also included to generate all the documentation required by your design ranging from heat maps to bill of materials. The components database is extensive as well and updated regularly.

Tomorrow will be all about the lab. So I will report on the experience there and then you can expect a review blog at CWNP.com within a few days as well.

Until tomorrow!

Tom

iBwave Wi-Fi Training – Day One

For the next three days, I am attending a training class with Ricardo Rosa, of iBwave on the iBwave Wi-Fi solution. As a WLAN design tool, it has some very interesting and useful features. During my first day of training, I was exposed to exceptional design features and also noticed some areas for improvement in the application.

First, the key areas requiring improvement are in the terms used throughout the application. Many areas seem to have borrowed terms from the cellular and DAS design world that don’t really fit into WLAN design. For example, for now, the application requires you to say you are connecting to a DAS, just to connect to an external antenna. Additionally, some parts of the interface seem to indicate you can do something (like have different channels for downlink and uplink, which, of course, we don’t do in Wi-Fi). Those aside, some excellent capabilities remain.

Connecting to an External AP Antenna - iBwave Wi-Fi
Connecting to an External AP Antenna – iBwave Wi-Fi

As you would expect from any application of this type, iBwave Wi-Fi allows you to start your planning from AutoCAD files with building materials (and even furniture) defined. Once loaded, you can customize the materials for your needs.

When drawing walls and other items, features you would expect are there: snap to corners, delete last point (for those accidental clicks) and so on. A full collection of building materials are provided and the database is open for modification as well.

Today was focused mostly on layout plans and project settings. Importing a floor plan, configuring settings and adding walls for a typical single floor building can all be done in 20-30 minutes once you get the hang of the interface. More time, of course, will be required when you have a multi-floor project or massive square footage with a single or multiple floor project.

Scaling a floor plan using Google Earth KML files is a nice feature when working with large buildings. This is particularly useful if you are not able to go onsite first. I will be using this for a project I’m working on for a local hotel this weekend.

When adding APs, as expected, the easiest way to add them is automatically. I NEVER recommend doing this, but it is a feature. Instead, they should be added individually and configured as appropriate. Now, if you want a quick picture of what is possible, the automatic placement can be useful. But, please, please, remember, you must be the expert. Tweak, tune, rip and replace, do what it takes to build a solid design.

The Design Plan view is a nice added benefit that allows you to see the overall topology of the network in a logical way. It can automatically pull in components that have been placed on floors into appropriate areas. The end result is an excellent topological view of the network design.

Design Plan View - iBwave Wi-Fi
Design Plan View – iBwave Wi-Fi

So far, without question, the 3D modeling feature is my favorite. The ability to nearly instantaneously truly see in 3D space how RF passes through floors is useful.

That’s about it for day one, I’ll be blogging more about my experience tomorrow. Talk to you then!

-Tom

That Pesky SSID and Your Wireless LAN

The service set identifier (SSID) is meant to differentiate networks from one another. The default SSID should be changed on all access points having a default SSID. Access points are often set to a default SSID when they are first purchased. For example, most Linksys access points are set to the network name of linksys, most early Cisco access points had a default SSID of tsunami, most Netgear access points are set to netgear, and so on. These default SSIDs are widely documented on the Internet and are well known by any cracker. The fact that the SSID is still set to the default is often a glaring banner to the attacker that reads, “Please attack me as I am still configured to all default settings!”  While it may not be true that “all” settings are still at their defaults, let’s just say there is a very good chance.

When access points are first installed, the SSID should be changed to something cryptic and not something that could be used to determine the company to whom the access point belongs. This recommendation assumes that other companies may be nearby. If no other companies are nearby, the attacker can assume that any visible SSID with a good signal strength is the local company’s network. Changing the SSID to something meaningful such as a department name can provide an intruder valuable information. For example, if a wireless network is installed for the accounting department, and you set the SSID to accounting, any intruder will know there could be financial information on the network to which the access point is attached.  However, with all that being said, proper security makes it all a moot point – and you should have proper security (WPA2-Personal or WPA2-Enterprise these days).

Some wireless security professionals will suggest that you set the SSID according to strong password principles. I disagree with this suggestion as it implies that the SSID somehow affords security itself. While you can give away too much information about the intent of the network with the SSID name (such as in the accounting department example in the preceding paragraph), you cannot really ensure security through what you might call a cryptic SSID or a strong SSID. Skilled attackers can find and access a wireless network that has no security other than a cryptic SSID very easily. Ultimately, I suggest you use the SSID for its intended purpose: to differentiate between networks and not to provide security.

By default, an access point broadcasts the SSID several times per second in beacons (10 times for most standards-based implementations). By listening for these beacons, intruders are provided the opportunity to gather the SSIDs of any access point within range. “Closing the system” by not broadcasting SSIDs in beacons prevents intruders from passively locating the network. Closed system features are not part of the 802.11 series of standards and they are not supported on all access points. When SSIDs are not broadcast, operating systems like Windows XP do not automatically discover the SSID. This configuration causes a potential intruder to put forth a little more effort to gain access to the network—something an intruder may not be willing to do. Unless your organization is protecting something that a cracker knows is valuable, most crackers will attack the “low hanging fruit” first, meaning that any networks that are broadcasting an SSID will be the first targets for intrusion.

However, even when SSID broadcasting is disabled, the SSID can be discovered using utilities that perform active scanning (sending probe request frames) or wireless packet analyzers (which hear all frames types). Sometimes disabling SSID broadcasting may go against business goals, such as with public wireless networks. These networks must be open to allow customers to easily access network resources (usually Internet access). In the end, again, use the SSID for network differentiation and not for security.

Now, to be clear, you can certainly have different security settings associated with different SSIDs, but this is not the same thing as saying that SSIDs give you security. They do not. Can we rid ourselves of this thinking once and for all? I hope so.

SUMMARY: Use the SSID attribute to provide organizational structure to your wireless network and as an indicator to your users as to what network they are accessing. Do not use it as a security solution.