YOU ARE DOWNLOADING DOCUMENT

Please tick the box to continue:

Transcript
Page 1: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Enterprise Wireless LAN (WLAN) Management and Services

Jitu Padhye

(Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Page 2: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Wireless Network Woes

• Corporations spend lots of $$ on WLAN infrastructure– Worldwide enterprise WLAN business expected to grow from $1.1 billion

this year to $3.5 billion in 2009

• Wireless networks perceived to be “flaky”, less secure– Microsoft’s IT Dept. logs several hundred complaints / month

– Users complain about: Lack of coverage, performance, reliability Authentication problems (802.1x protocol issues)

– Network administrators worry about Providing adequate coverage, performance Security and unauthorized access

– DefCon 2005 : WiFi Pistol, WiFi Sniper Rifle, WiFi Bouncing, AirSnarf box

Better WLAN management system needed!

Page 3: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Requirements for a WLAN Management System

Integrated location service

Complex signal propagation in indoor

environment

Many orthogonal channels

Asymmetric links

Multiple monitorsDense deployment

Mobile Clients

Problems may be location-specific

Cope with incomplete data

Scalable Self-configuring

Page 4: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

State of the ArtAP-based monitoring (Aruba, AirDefense, ManageEngine …)

– Pros: Easy to deploy (APs are under central control)– Cons:

Can not detect coverage problems using AP-based monitoring Single radio APs can not be effective monitors Limited coverage even with dual-radio APs

– MS IT currently uses dual-radio APs from Aruba

Specialized sensor boxes (Aruba, AirTight, …)– Pros: Can provide detailed signal-level analysis– Cons: Expensive, so can not deploy densely

Monitoring by mobile clients – Research prototype @ MSR [Adya et. al., MobiCom’04]– Pros: Inexpensive, suitable for un-managed environments (Ranveer’s talk).– Cons:

Coverage not predictable (clients are mobile) Lack of density Battery power may become an issue Only monitor the channel they are connected on

Page 5: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Observations

• Desktop PC’s with good wired connectivity are ubiquitous in enterprises

• Outfitting a desktop PC with 802.11 wireless is inexpensive– Wireless USB dongles are cheap

As low as $6.99 at online retailers

– PC motherboards are starting to appear with 802.11 radios built-in

Combine to create a dense deployment of wireless sensors

DAIR: Dense Array of Inexpensive Radios

+

Details: HotNets’05, MobiSys’06

Page 6: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Key Characteristics of DAIR

• High sensor density at low cost– Effective monitoring of multiple channels in indoor environments– Tolerates failure of a few sensors– Leverages existing desktop resources

• Sensors are stationary – Provides predictable coverage– Permits meaningful historical analysis– Makes it easier to build an integrated location service

Accuracy improves with sensor density

• Completely self-configuring– Ease of deployment

Page 7: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Commands

Wired Network

Database

AirMonitor

Summarized Data

Commands

and Database Queries

Data from

databaseData to

inference engineSummarized data

from Monitors

AirMonitor Land Monitor

Inference Engine

DAIR Architecture

Other data:SNMP,

Configuration

Page 8: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Command Processor

Filter Processor

Driver Interface

Filter

WiFi Parser

SQL Client

Remote Object

Command (Enable/Disable Filter/

Send Packets)Heart Beat

CommandIssuer

Custom Wireless Driver SQL Server

Deliver Packets to all the Registered Filters

Enable/Disable Filters

Enable/Disable Promiscuous/Logging

Summarized Packet Information

Dump summarized data into the SQL Tables

Get Packets/Info from the Device

Send Packets/Query Driver

DHCP Parser

Other Parser

Wired NIC Driver

FilterFilter

Sender

Packet

Packet Constructor

Send Packet

Monitor Architecture

Page 9: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Managing Existing WiFi Networks using DAIR

Security Applications– Detect Rogue APs, DoS attacks

Response:

– Locate AP, Inform netops

– Launch DoS attacks against Rogue APs

Performance management– Monitor RF coverage: Detect poor coverage, RF holes

Response:– Locate region of poor coverage

– Provide temporary coverage until an AP can be installed

– Load balancing: Detect overload, congestion, flash crowd, rate anomaly Response:

– DAIR nodes temporarily serve as APs or repeaters

– Reconfigure AP power levels (cell breathing)

Location service to support above applications

Page 10: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Overview of location service

• Distinguishing features: – Self-configuring

– Can locate un-cooperative transmitters (e.g. unauthorized APs)

– Office-level accuracy

• How it works:1. AirMonitors locate themselves

2. AirMonitors regularly profile the environment to determine radio propagation characteristics

3. Inference engine uses profiles and observations from multiple AirMonitors to locate clients, sources of interference (DoS attack?), determine regions of poor performance

Page 11: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Example Application: Detecting Rogue AP

Problem:– Careless employee brings AP from home, attaches it to the corporate network– Bypasses security measures like 802.1x, allows unauthorized clients to gain access– Once rogue network is installed, physical proximity is no longer needed

Simple solution: (state of the art)– Build database of authorized SSIDs (Network Names) and BSSIDs (AP MAC

Addresses)– Whenever an unknown entity appears (either SSID or BSSID), raise alarm

False positives: – Reason: Shared office building– Solution: determine whether suspect AP is connected to corporate wired network

Array of tests: association test, src/dst address test, replay test

False negatives: – Reason: Malicious user configures rogue AP with valid SSID/BSSID– Solution: use location and breaks in packet sequence numbers to disambiguate

Page 12: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Current deployment

• Testbed: 40 nodes on one floor – Operational since Nov’05

• NetGear USB Wireless Adapter

– Custom driver

• Database server: MS SQL 2005 on 1.7GHz P4 with 1GB RAM

• Inference engine server: 2GHz P4 with 512MB RAM

• Nodes submit summary data every 2 minutes (randomized)

• Inference engines query data every 1-3 minutes

Page 13: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

System Scalability

• Load on database server < 75%

• Additional load on desktops < 2-3%

• Wired network traffic per node < 5Kbps

One database server per building should be sufficient.

Page 14: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)
Page 15: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Backup slides

Page 16: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Demo …..

1. Rogue AP detection and location

2. DoS attack (Disassociation attack) detection and location

3. Location-aware client performance monitoring

See 2 & 3 during break after the talk

Page 17: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

How do AirMonitors locate themselves?

• Monitor machine activity to determine primary user

• Look up ActiveDirectory to determine office number

• Parse office map to determine coordinates of the office

• Verify and adjust coordinates by observing which AirMonitors are nearby

Page 18: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Profiling the Environment to build a Radio Map

• Each AirMonitor periodically transmits beacons– Repeat for various channels, power levels, various times of day

• Other AirMonitors record signal strength

• Inference engine fits curve(s) to collected observations

• The curve is a compact and approximate representation of the radio propagation characteristics of the environment

y = 60*e-0.11x

y = -1.4 x + 35.7

0

10

20

30

40

50

60

0 10 20 30 40

Distance

No

rmal

ized

Sig

nal

Str

eng

th

802.11a (5GHz)Normal office hours

3rd floor of building 11233 AirMonitors

Page 19: Enterprise Wireless LAN (WLAN) Management and Services Jitu Padhye (Joint work with Ranveer Chandra, Alec Wolman, Brian Zill & Victor Bahl)

Determining location of clients (any “transmitter”)

• AirMonitors capture packets from the client, report observed signal strength of database

• Inference engine:1. Selects appropriate profile (frequency, time of day)

2. Locates client using the observations from AirMonitors and the profile

– Spring-and-ball algorithm for fast convergence


Related Documents