designing wireless (wifi) networks for buildings - bicsi · pdf file• why home wifi...

Designing Wireless (WiFi) Networks for Buildings

Ronald van Kleunen CEOGloberon Pte Ltd / Globeron Security

SynopsisHave you ever wondered: • How to design a wireless WiFi network? • Why home WiFi networks are different from Enterprise WiFi? • What impact security has on WiFi networks? • How to do a site survey? • To do a professional wireless design training and get BICSI CECs? • What wireless design & survey tools are available? If so, then this workshop will help you in better designing WiFi networks and this presentation will help you to get deeper insight what is needed in the wireless industry.

Organizations' wireless communications become business and sometimes mission critical. Therefore a good wireless WiFi design is important to meet the demand of customers. This 3-hour hands-on workshop will help you to better understand how to do a wireless design, how it relates to the cabled infrastructure and which tools are available to do a wireless design.

What attendees will learn

Attendees • gain knowledge about the business needs and wireless service requirements for different vertical

industries in relation with wireless design standards• gain knowledge how to do Wireless WiFi designs for buildings and which tools are available and how

to validate a wireless design• Understand the importance of wireless security and the affect on the design of a wireless network

• The instructor is at CWNE (Certified Wireless Network Expert) level andCWNT - Certified Wireless Network Trainer

• Participants need to bring their own laptop to join the hands-on workshops in group exercises. Concepts will be shown how to do the wireless designs with tools and students can follow these.

Designing wireless (WiFi) networks for buildingsWhat are the issues ?

BICSI – Cabling and WirelessBuildings (Note: BICSI = Building Industry Consulting Service International)

Backhaul cabling capacity is importantas well does the cable go to the right location where the Access Points need to be installed to service customers ?

The issues: installations “BAD-FI”

Where is the AP?

Cage of Faraday

AND MANY MOREEXAMPLES !

The issues: RF Coverage planning Outdoor / Indoor

The issues: Radio Frequencies (RF) Spectrum challenges

For exampleOSI layer 1 – Spectrum Bad WiFi Channel planning(non-WiFi or WiFi interference) (co- and adjacent interference)

The issues: Explosive growth of wireless devices and internet of things, everything and wireless protocol/frame coordinations

Protocol analyzer / frame coordination analysis• Corrupted Frames• Retries• And many more details can be obtained

High DensityWireless cities - millions of people

• very dense areas (apartments, hotels, houses)• 24x hours people are on the streets (moving crowd)• One big WiFi zone in the city, • No channel coordination between ISPs and it is not possible with

people managing their own WiFi at home both 2.4 GHz and 5 GHz are not enough, but will it ever be?

• Security capabilities of wireless devices(internet of things / everything will have limitations)

• Mobility in the enterprise– Bring Your Own Device (BYOD)– Bring Your Own Application (BYOA)– Mobile Device Management (MDM)

• Roaming users – Café– Home– Travelling

• Cyber Security and Government regulations

The issues: Wireless Security

The issues: Capacity, Scalability and Management

• Number of client devices per Access Point (AP)• Type of applications running on the devices (Voice, Video, Data)• Performance and Roaming requirements• New standards IEEE 802.11ac MU-MIMO (aka “Wave 2”)• Backhaul capacity and Power over Ethernet requirements• Number of Access Points managed by a Wireless Controller

or connecting to a Cloud based controller• International regulations for Cloud based management systems• Location Based Services / Real Time Location Services• Data/Voice integrations between Cellular/Mobile and WiFi networks

(“3G / 4G” offload and Hotspots and Homespots)

The issues: skilled wireless professionals

Certified Wireless Trainer

Certified Wireless & Cabling installers and the right wireless + cabling measurement tools

Certified Wireless Support teams

Certified Sales PersonSelling Wireless

Certified Wireless Auditor

Certified Wireless Designerand Technical Specialist

Certified Wireless Professionals & customer

CustomerCustomer

The issues: Wireless Standardization, Certification Accreditation & Auditing

Will be covered:• Wednesday • 23 September 2015• 9am – 10am

Where to start ?

Resources to do a WiFi Design

BICSI Wireless Design Reference Manual (WDRM) Third Edition (2004 1st release- retired in 2014)

Third Edition 1st Chapter:Download 1st Chapter in PDF format

BICSI – Distributed Antenna System (DAS)

https://www.bicsi.org/book_details.aspx?Book=BICSI-006-CM-15-v5

Standard: ANSI/BICSI 006-2015 Distributed Antenna System (DAS) Design and Implementation Best Practices

Best practices for WiFi DesignsBest Practices for WiFi Designs• Vendor neutral - Certified Wireless Design Professional (CWDP)• Vendor Specific – e.g. Cisco or Aruba Validated Reference Design (VRD) and many other vendors

for High Density Client environments and Very High Density 802.11ac Networks

Workshop 1

Business & Wireless Requirements• What do you want to know from the customer?• What do you put in the proposal ?• Which legal documents need to be in place?

Shop

Workshop 2Which tools do you need?Hint: think about the wireless issues we saw before!1. Before we do a wireless design2. To create a wireless solution3. During implementation of the wireless solution4. After the implementation5. To support the wireless solution

Shop

Workshop 3Who need to be involved during a site survey?and during installation ?

What are the deliverables to the customer?

Sign-off, disclaimers, responsibilities and support processes

Shop

Wireless and Vertical market requirements

• Government (e.g. Security, Public WiFi)• Military (e.g. Security)• Retail (e.g. PCI-DSS Compliance) • Healthcare (e.g. Location Services)• Hospitality (e.g. Captive Portals)• Education (e.g. High density)• Telecom (e.g. Service Availability)• Finance (e.g. Security)• Manufacturing (e.g. Interference at WaferFabs)• Entertainment (e.g. High Density Stadiums)

Building Construction / Materials

Building Materials and wireless behavior / attenuation• Concrete walls• Metal (elevators, cabinets in the office• Air-conditioning / lowered ceilings• Cubicle walls• Water (e.g. swimming pool)• Mirrors• People (e.g. conference room)• StadiumLoss in dB levels (see Site Survey tools for simulation)Reflection, Refraction, Absorption, Diffraction, Scattering, Interference

Antenna’s and RF visualization

Regulations (Output power, Channels, DFS)

Antenna types, polarization• Omni-Directional antenna

– Low Gain / High Gain

• Directional antenna– Dish– Reflector Grid– Yagi– Patch/Panel

• Integrated antenna

Wireless Tools & requirements – Laptop basedCategories:• Reconnaissance (WiFi) OSI Layer 2

– Typically will work with many built-in adapters and dongles (external adapters)• Spectrum Analysis (WiFi uses 2.4 GHz / 5 GHz) OSI Layer 1

– A special dongle is required (dual-band)• WiFi Protocol Capture/Analysis OSI Layer 2

– Special requirements for the adapter to set it into “monitor” mode (promiscuous) to capture the wireless frames. Furthermore IEEE 802.11a/b/g/n/ac and spatial stream requirements and dual band

• Site Survey tools mainly OSI layer 2, some integrate with OSI Layer 2– Special requirements for the adapter to set it into “monitor mode” and dual band

• Security tools (e.g. for Security Audits/Penetration testing)– Special requirements for the adapter to set it into “monitor mode” and dual band

Workshop 4

WirelessReconnaissance

Shop

Example of Tools: Dongle requirements:Apple built-in• WiFi ScannerWindows built-in adapter• Metageek inSSIDer• Xirrus WiFi InspectorAndroid built-in adapter• WiFi Analyzer

Workshop 5

WirelessSpectrum Analysis

Shop

Example of Tools: Dongle requirements:Apple iPad/iPhone• WiPry (Oscium) 2.4GHz only WiPry dongleWindows • Metageek Chanalyser WiSpy dongle• Fluke Network/Spectrum XT SpectrumXT dongle• Cisco Cognio SpectrumExpert Use a Cisco AP (3500)Android• ?

Note: some Enterprise solutions can use the “Sensor-mode” on the AP to do Remote Spectrum Analysis

Workshop 6

WirelessProtocol Analysis

Shop

Example of Tools: Dongle requirements:Apple• MacOS X built-inWindows • Wireshark AirPCAP dongle• Savvius OmniPeek Several (Atheros, etc.)• Fluke Network WiFi Analyzer Several (Atheros, etc.)• TamoSoft CommView Several (Atheros, etc.)Android• ?

Note: some Enterprise solutions can use the “Sensor-mode” on the AP to do Remote Protocol Analysis

Workshop 7

WirelessSite Survey

Shop

Example of Tools: Dongle requirements:Apple• ? Windows • Fluke Networks Site SurveyPro Several (Atheros, etc.)• Ekahau Site Survey (ESS) Several (Atheros, etc.)• TamoGraph Site Survey Several (Atheros, etc.)• VisiWave Built-in• Zebra LAN Planner/AirDefense Several (Atheros, etc.)Android• Fluke Networks - AirMapper

Note: some Enterprise solutions can use the APs and “Sensors” to visualize the RF propagations on an map.

Workshop 8

Wireless Security (Auditing / PenTest)

Shop

Example of Tools: Dongle requirements:Apple• ?Linux Tool-kits (LiveCDs) • Kali Linux (aka BackTrack) Several (Atheros, Ralink)• PenToo Several (Atheros, Ralink)• OSWA Several (Atheros, Ralink)Embedded• WiFi PineApple

Workshop 9

Enterprise Level Wireless ManagementService + Security + MDM (BYOD)

Shop

Example of Tools: WLAN Management (or Cloud) WIPS solutions MDM (Mobile Dev. Mgmt)• Cisco Prime NCS / Cisco Meraki Cisco Meraki (AirMarshall) Mobile Iron• HP IMC Fluke Network AirMagnet Ent. Maas 360 (Fiberlink / IBM)• Aruba AirWave AirTight Networks WIPS AirWatch (Vmware)• Zebra (Motorola) AirDefense AirDefense WIPS• AirTight Networks• Ruckus • 7 Signals (Performance Mgmt)

Wireless Tools & requirements – Centralized / Enterprise

Categories:• Access Points

– Light weight / Autonomous / Hybrid– Dual band / Tri band (multiple radios)– Sensor capabilities (“Radio in monitor mode”)

• Wireless Controllers• Wireless Cloud Controllers• Power over Ethernet switches• Cabling• Authentication Services (e.g. RADIUS, Captive Portals)

Wireless ConfigurationsMany configuration options and probably not optimized- Channels- Number of SSIDs (Service Set Identifiers)- Security- Protocol settings (e.g. Frame Aggregation)- Quality of Service (QoS)

Wireless Service Performance and Security impact

Wireless Service Performance need to be monitored as it changes by minute/hour/daily depending on the environment (e.g. a shopping mall during opening time)It is a continuous cycle to go through and to do 24x performance monitoring

Security impacts the Wireless Infrastructure Performance• Authentication (RADIUS and location, Captive Portal)• Encryption (complexity)• Complexity of the Security framework used• Firewalls, inline Intrusion Prevention systems,• Virtual Private Networks (VPN), etc.

Skilled Wireless Professionals

Similar as with data and electricity cabling and building “Code of Conducts”, also the wireless industry need to be inline with these requirements / standardization.

With skilled Wireless Professionals there will be an improvement of the:1. Wireless Service Quality (for business critical services)2. Wireless Security (inline with Cyber Security requirements)

Wireless Professionals and BICSI Credentials (Valid 27 March 2014 - 2016) Continuing Education Credits (CECs)

BICSI Credentials for CWNP training(Valid period 27 March 2014 – 2016):• CWTS - 24 BICSI CECs• CWNA - 36 BICSI CECs• CWAP - 32 BICSI CECs• CWSP - 32 BICSI CECs• CWDP - 24 BICSI CECs

Globeron - BICSI Member: #237560

Globeron advised BICSI and CWNP LLC to add the CWNP training under BICSI for CECs (Continuing Education Credentials)

Verification (search on CWNP as provider)https://www.bicsi.org/forms/search/outsidevendors/default.aspx

Wireless Service and Security Management Standard

Wireless Service Security Management Standard (WSSMS)Note: Wireless = Mobile/Cellular, WiFi and indoor/outdoor mission/business critical wireless technologies

WSSMS auditor / Certified Wireless Security Auditor is a wireless security professional with the knowledge and skills required to assess the conformance of an organization's wireless services management system as part of the ISO/IEC 27001 ISMS standard.

Wireless Service Management Standard (WSMS)Note: Wireless = Mobile/Cellular, WiFi and indoor/outdoor mission/business critical wireless technologies

WSMS auditor / Certified Wireless Service Auditor is a wireless services professional with the knowledge and skills required to assess the conformance of an organization's wireless services management system as part of the ISO/IEC 20000 ITSM standard.

Together we need to get better quality wireless networksfor mission and business critical services

1. Click hereWireless Service management & audit aligned with ITSM / ISO/IEC 20000:2011

2. Click hereWireless Security management & audit aligned with ISMS / ISO/IEC 27001:2013

3. Standardization is needed for:• Design• Analysis • Security • Audit (end to end service & security management)

4. Accreditation Body for wireless services/technology Cellular/Mobile, WiFi, etc.

Ronald van Kleunen ronald@globeron.com

CEO Globeron Pte Ltd / Globeron SecurityCertified: CISM #1117595, CISSP #99801, GIAC #1395658 (GCIH), BICSI #237560, CWNE #108, CWNP #307052 (CWNT, Wireless#/CWTS, CWNA, CWSP, CWAP, CWDP, CWNE)ITILv2 and ITILv3 #819214, CSOEP #100600 (DataCentre, Infrastructure, Process, Management, Security)IRCA ISO/IEC 20000 ITSM (IT Service Management) #01193718, IRCA ISO/IEC 27001 ISMS (Security Management) #01193718