This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
DAIR: Dense Array of Inexpensive Radios
Managing Enterprise Wireless Networks Using Desktop Infrastructure
Victor Bahl†, Jitendra Padhye†, Lenin Ravnindranath†, Manpreet Singh‡,
Alec Wolman†, Brian Zill†
† Microsoft Research ‡ Cornell University
2
Observations
• Outfitting a desktop PC with 802.11 wireless is becoming very inexpensive– Wireless USB dongles are cheap
– PC motherboards are starting toappear with 802.11 radios built-in
• Desktop PC’s with good wired connectivity are ubiquitous in enterprises
$6.99!
3
Key Insight
• Combine to provide a dense deployment of wireless “sensors”
• We can use this platform to realize the full potential of wireless networks– Enterprise wireless management tools– Enable new services where wireless is a key
component
4
The DAIR Platform
Wireless management tools
– Improve security
– Reduce IT ops costs
– Increase “quality of service”
New applications and services
– Location services
– Seamless roaming
– Alternative data distribution channel
5
Outline
• Motivation
• DAIR architecture
• Management apps (& Rogue networks)
• Related work
6
Enterprise WLAN Management
• Corporations spend a lot on WLAN infrastructure– Worldwide enterprise WLAN business expected to
grow from $1.1 billion this year to $3.5 billion in 2009– MS IT dept. – 72% of costs are people
• Security and reliability are major concerns– Wireless networks are becoming a target for hackers
– Reliability: • MS IT receives ~500 WLAN helpdesk requests per month• No easy way to measure cost of reliability problems
7
Advantages of the DAIR Approach
– High density• Wireless propagation is highly variable in enterprise
environments (many obstructions)• Lots of channels to cover: 11 for 802.11b/g, 13 for 802.11a • Improves fidelity of many management tasks• Enables accurate location (useful as a diagnosis tool)
Doesn’t IPsec/VPN just solve the rogue AP problem?
• It certainly helps, but…– Doesn’t address the bootstrapping problem– Doesn’t address the AP impersonation scenario– Not all corps use IPsec and/or VPNs to secure
wireless– IPsec difficult to deploy in multi-vendor installations
– Multiple levels of security
26
Association Test
• One Air Monitor attempts to associate with suspect AP– If this step succeeds, the Air Monitor makes a
TCP connection to a well known entity on CorpNet (e.g. http://hrweb at Microsoft)
– Test fails if AP is not “open”• Mac Address filtering, WEP, WPA, 802.1x, etc…
27
Details of 1st Hop Router Test
• With encryption and/or MAC filtering, the 802.11 MAC addresses may still tell us something – MAC addresses are not encrypted– AP acts as an Ethernet bridge
• Suppose we can see an associated client using the suspect AP– If the client is communicating off the local subnet,
then the destinaiton MAC on the air = the MAC address of the 1st Hop router
– ARP test handles the case where the wired communication endpoint is on the local subnet
28
Details of DHCP Signature Test
• Wireless router != Wireless AP– MAC addresses seen on the air will not match those on the wire
• A router needs to get a wired IP address• DHCP requests are easy to observe
– Sent to the IP broadcast address
• DHCP protocol has many options• Can create device type signatures:
– Typical DHCP request from Windows looks very different from a wireless router
– Initial results look good: tested these techniques on 3 major brands of wireless routers: NetGear, D-Link, and ZyWall
– At IETF, observed many types of end hosts (Windows, Apple, Linux)