Deploying an enterprise class wireless network requires considerable
planning. Even more difficult is maintaining it after deployment. There are many
reasons for this. One is security, because you can't really control how far the
signal of your wireless network will go. Another is speed, which can vary
considerably from time to time depending upon how many users are connected to
it. A third issue is that wireless networks are shared. As a result, as more
users are added onto it, the throughput also reduces considerably.
Therefore, while deploying APs, we have to be careful about the number of
users per AP. Plus, we have to be careful about the positions of their antennae
as well.
The good news is that there are plenty of tools available for managing
wireless networks. We will take a look at some of these in this article, and
will also tell you which issues are they capable of resolving.
Let's start with tools to help you plan and deploy a wireless network.
Once you scan your network with LANSurveyor, it creates a map with all devices and links |
Planning and Deploying
While deploying APs, one of the key things to do is to locate black spots.
For this, a number of spectrum analyzers are available. A spectrum analyzer is
essentially a software coupled with a specialized RF receiver, which can connect
to a laptop either via a PCMCIA or USB port. Once installed, it can check for
the type and approximate location of other RF devices such as Bluetooth,
cordless phones, RF cameras, and even WiFi Jammers that are nearer to your AP.
AirMagnet's Spectrum Analyzer
We tried out this easy to deploy app in our labs. All you have to do for
using this is to install it and plug in the AirMagnet CardBus antenna, which
comes with the package. Run this app, and it will start receiving RF signals and
matching patterns of the captured devices. On the left side of the main
interface window it will list all devices found, and will then categorize them
by their types.
You will be able to see real time noise levels generated by those devices and
also the approximate center of noise. You can view the results in spectrum,
device and channel formats.
The most useful view option would be channel, using which you can see which
device is interfering with which channel and affecting which AP. You can order
this application from www.airmagnet.com /products/ spectrum_analyzer/.
You can simulate all your APs on the blueprint of the network that you have created using AirMagnet Surveyor |
AirMagnet Surveyor
The next app which we are going to use for planning the placement of APs
within the building is AirMagnet Surveyor. You can get it from http://www.airmagnet.
com/products/survey/. You can even request for a fully functional demo from the
same website (though it will be valid for one day).
Installing this application is again simple. Just take the Setup file and run
it. This will open the Setup wizard; a few clicks on the 'Next' button and you
are through with the installation. After that, you would be asked to select the
exact WLAN card model, which is there in your laptop. Interestingly, it works
with most of the recent Intel, Cisco and even Centrino cards as well.
Once the card is selected, run the app and provide the blueprint of the
building where you want to place the APs. Provide the blueprint, mention its
size and start the wizard. After importing the blueprint, this wizard will
provide you with a window in which you can place and simulate all your APs.
Select the AP for which you want to create the live survey map, and go near the
actual AP, so that this software can measure the actual strength of the device.
Now, click on the 'Play' button on the right. You will see the animated
'walking man' icon. Place the icon at the exact position in the blueprint where
the actual AP is present or where you are likely to deploy it, by clicking on
the location. Once you do so, the AP will be placed and you will be able to see
its range in the blueprint.
The range of an AP is calculated on the basis of actual performance judged by
the software and is pretty much accurate.
You can now deploy all APs on the blueprint first to see the simulation of
coverage which you will get after actually deploying them in the building. In
this simulated environment it becomes very easy for an administrator to get the
best possible placements.
You can monitor all access points on your network using Kismet. As shown, it even alerts you if any suspicious client is found connected to any of the access points |
Securing and Monitoring
To secure a wireless network, one should regularly perform its penetration
testing. We discuss below a few tools meant for this specific purpose.
Airsnort
This is a free tool meant for checking your WEP strength. It is available
for both Windows and Linux. It monitors as well as captures encrypted data that
is being transmitted over the wireless network and then recovers the WEP key. It
needs approximately 5 — 10 million packets for decrypting the key.
This same tool can be used for checking the strength of your WEP keys and
also for calculating the number of days that a standard machine will take to
break the WEP key that you are using. If this tool has calculated approximately
five days will be taken by anyone to break your WEP key, then you can use the
'auto changing WEP key' option and set it to three days or less to make sure
that your WEP key gets renewed even before someone is able to crack it.
Installing Airsnort in Linux is simple. Just run the command below and you
are through with installation.
# yum install airsnort
Execute Airsnort by writing 'kismet' on the terminal or navigate to
Application > Internet and then click on 'Airsnort' item (on a Linux system).
This will open the 'Airsnort' application window.
By default, this tool will scan for wireless networks on all channels. If you
want to scan a specific channel, then select the 'channel' radio button provided
on the application window, and specify the channel number.
Now, select the network device from the drop-down list that this tool should
use; it can be 'eht1' or 'eth0' depending upon your hardware configuration.
Specify the driver type: Host AP/Orinoco, wlan-ng and others, this is to tell
Airsnort that how it can place your card in the monitoring mode.
Airsnort uses probabilistic approach to crack the 40 and 128 bit passkey.
When it acquires approximately 10 weak packets from a particular access point,
then it tries for the crack. The 'crack breadth' option specifies the number of
attempts it should try on a group of weak packets that are captured. By default
it is 3 for cracking 40 bit passkey and 2 for 128 bit passkey, though you can
define the number of attempts within a range of 1-20. Going for maximum number
of attempts is recommended as probability of cracking a passkey increases. Using
this tool you can save data in two different formats.
The first is 'pcap' dump file format; you must initiate this option before
you start capturing data, it saves all the data that is being captured. For
this, click on 'Log to file' item found under the File menu. The second option
is the crackfile format, which saves minimum amount of data that Airsnort
captures during the access point discovery along with the data found in the weak
packets.
A good wireless IDS and Kismet are other important tools which are required
in any wireless network. We'l discuss about them in the following paras.
This wireless network protocol analyzer collects all TCP packets and organizes them as a conversation, which could further be viewed in ASCII, EBCDIC or hex formats |
Kismet
Kismet is one of the most popular wireless network monitoring tools, and
provides you with features like a sniffer, network detector and an Intrusion
detection system.
It works with all those network cards that support monitoring mode and can
sniff a, b, and g traffic. This tool can sniff into any wireless network. It
starts monitoring the network without sending any information packet to the
access point or to the client (connected to that AP) so that they can log in,
and hence is completely promiscuous in nature.
Unlike other tools, this tool is divided into three parts: kismet server,
kismet client and GPSMAP. Kismet server captures data, logs, and takes care of
the GPS data. Its client version provides you with the front-end part that
connects to the server and displays the statistics of the network. The GPSMAP is
the most interesting feature; you can plot your APs or an image on a map by
using this feature. For this, it reads the GPS data from an external GPS device
and network XML data files.
Installing Kismet is simple, but using it is a bit complex. For installing
it, write the following command on the Linux terminal.
# yum install kismet
After installation, open the configuration file 'kismet.conf', which resides
in the '/etc/kismet/' folder. Find the statement 'source = none,none,addme' in
the code and change it to 'source=orinoco,eth1,root'. The first parameter
defines the source type, which could be Orinoco, Prism or Cisco based. The
second parameter defines the interface card, which should be used for capturing
packets, and the third parameter defines the name of the user. Save the file and
then exit. To start Kismet, write the following command on the terminal.
# kismet
Once Kismet is ready you can view all of the access points of your network.
You can even figure out if any fake APs are there in your network. For further
configurations, press the 'H' key, it will show all the options that are
available. You can change the ones that you want or require.
Channel highlighted in red is the most congested one. It indicates that one should reduce the load on that channel, so as to enhance the overall performance |
Wireshark
This is another favorite data capturing tool for network administration,
formerly known as Ethereal. Now, we have a special version of Wireshark-Wireshark
WiFi. It is a GUI based wireless network protocol analyzer used for network
troubleshooting and analysis. It is free and available for all platforms: Linux,
UNIX, Mac and Windows.
This tool captures packet data from your wireless network and lets you browse
or analyze the captured packets. The unique feature that makes this tool stand
out from the crowd is that it can
collect all TCP packets and organizes them as a conversation. Further you can
view these conversations in ASCII, EBCDIC or hex format. Apart from these you
can apply a filter on almost all fields, which could be done using other tools
too, but you don't get as many options as you get from this one.
The best and easiest way to find Wireshark for a wireless network is to
search it in the Backtrack CD. When you start this tool, it does not start
capturing data at once. For capturing data click on the 'show the capture
options,' which you can find on the toolbar. After that choose the wireless
interface card that will be used by Wireshark WiFi for capturing the packets.
Once you have selected the interface, then simply click on the 'Start'
button, and this tool starts capturing packets such as TCP, UDP, ICMP, ARP, IPX
and many more. Once you have sufficient captured packets, then it's time to stop
the capturing process, for this click on the 'Stop' button. Now, Wireshark WiFi
will display the information about each packet i.e. source of the packet,
destination of the packet, which protocol was used and some miscellaneous
information about the packet.
With this information you can find out if some hacker is broadcasting too
many packets for blocking your WiFi device. Then you can analyze and figure out
the source from where this data is getting generated, and hence could prevent
the attack.
WirelessMon
This tool monitors several WiFi access points located across your
enterprise, and helps in testing whether these access points are working
properly or not. It also checks the strength of the wireless network and keeps a
check on the security of the access points. For keeping a track of the network
activity, it generates logs, which could be further saved as a file and used for
reference in future. One of the interesting features of this tool is the GPS
system.
To use this feature, you have to upload the blueprint or an image that
resembles your building architecture. Then travel to the location where the
access point is located, and then set the point on the map by clicking on the
Set P1 or Set P2 option.
This tool works on any standard Windows machine, and requires a wireless
adapter that supports NDIS_802.11. The user must be logged in through the
administrator account for using this tool. You can get this tool from the
PCQProfessional CD of this month.
Just follow the on screen instructions for installation. Once you are through
with installation, then go to the start > Programs > WirelessMon option and
launch the application. A window displaying all the necessary information about
the nearby access points such as the SSID, Mac address, strength in dBm unit,
authentication type , frequency, channel, and GPS signal will pop up.
Net Stumbler
This tool detects all the wireless APs which follow 802.11 a/b/g standards
and gathers information about them. This tool can be installed on any system
having Windows 98 or above.
You pick up any scrape laptop, which supports monitor mode and has a WiFi
adapter, and this tool will automatically start scanning of all the access
points, even those running on different channels and groups them accordingly.
This grouping helps you in identifying which all channels are overcrowded, and
hence need re-configuration etc.
For installation, double click on the 'Net Stumbler' icon and follow the
onscreen instructions. For launching this application, select the start >
programs > Net stumbler option. Scanning of the wireless access points must
begin automatically,but if it doesn't happen then click on the 'play' button
provided in the tool bar to start the scanning.
Anindya Roy, Rakesh Sharma, Vijay Chauhan