Networking

• Campus Networking Services
• IP Services
• Point of Contact Database
• Certificate Authority
• Network/Service Outages
• Network Connection Policy
• Remote Access Services
• Tech Support Hotline
• Voice, Video & Data
  Transport
• Wireless Access
• Services Home
• OIT Home

Wireless Network Tips and Tools

Security Tips 

 
ALWAYS use encrypted means of communication!

• Use SSH for command-line communication
• Use SSL for sensitive web communication
• Use secure mail mechanisms
• Use VPN communication if desired
• Ensure that server communications have encryption enabled
• Ensure tight access lists
• Restrict access of wireless if possible or use VPNs

WEP

• Marginally better than nothing
• Easily cracked
  http://www.cs.rice.edu/~astubble/wep/wep_attack.html
• Pay attention to various clients' methods of WEP entry
• Is it ASCII or HEX?
• Mixed levels of WEP sometimes possible
  http://www.practicallynetworked.com/support/mixed_wep.htm
• Cisco and Avaya's proprietary methods of encrypting the wireless medium issue a single per-session WEP key.
• Each new user obtains a new key from the RADIUS server
• User must authenticate with RADIUS server before associating

Cisco and Avaya both have the concept of profiles for home vs. work use

• Somewhat useful

Point-to-Point

• Lock down MAC address association
• Enable WEP
  Try to mount with Fresnel zone higher than someone can easily sit in

Site Survey Tips

Maps! Maps! Maps!

Small wheeled cart with extendable paint pole attached - mount the AP and antenna on a wooden paint stick screwed to the top of the paint pole

• Mount UPS and extension cord on the bottom
• UPS keeps AP from resetting between trial locations

Have multiple antennae handy.

• Test with the different antennae in each building
• Understand that the actual pattern of an antenna can vary quite a bit from the ideal pattern
  http://www.practicallynetworked.com/support/mixed_wep.htm
• Cisco - Cisco Aironet Antenna Reference Guide - http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/agder_rg.htm
• Be careful of polarity of antennae!
• Antennae tend to respond more than their patterns might indicate
  e.g. use a Cisco 9dB patch antenna to cover 2 rooms behind as well as 3 in front

Treat each building like a first date. Observe it closely and woo it with attention to its finer features.

• Concrete block and steel rebar will bounce the signal
• Untreated window, single brick walls and sheetrock allow for great penetration
• Treated window (depending on treatment), HVAC ducting and elevator shafts are murder
• HVAC ducting sometimes make great waveguides

Point-to-Point

• Cisco Outdoor Bridge Range Calculation Utility - http://www.cisco.com/warp/public/cc/pd/witc/ao340ap/prodlit/obrc_in.xls
• Fix one antenna in general direction and then move the other
• Only move one antenna at a time

Troubleshooting Tips

Cisco LEAP/EAP authentication

• Look on APs for association
• Verify correct AP info in RADIUS database
• Ensure that the AP can talk to the RADIUS database. Can the RADIUS server ping the AP?
• Ensure that the IP of the AP is correct in the RADIUS database.
• Ensure that the shared secret between the RADIUS database and the AP is the same.
• Verify correct info in user database

Novell client

• If using the Novell client and Cisco or Avaya security, make sure that you set the Frame type appropriately for your client. The Novell client will default to 802.3 Frame type if you are using 'auto' and have not associated with the AP due to authentication.
• Make sure that you have a Novell server on the wireless vlan or within one hop. The Wireless medium has a high latency and IPX wants quick response.
• Sometimes issues arise with the installation order of the Novell client and proprietary security clients.

Bad quality signal typically implies interference

• Change frequency channel (center frequency)
• Mount in different location

Point-to-Point

• Rotate antennas so polarity is off-set (note: polarity of sending and receiving MUST match!)

Ethereal

• www.ethereal.com

Airopeek

• http://www.wildpackets.com/products/airopeek

NAI Wireless sniffer

• http://www.sniffer.com/products/wireless/default.asp?A=5
• Requires Symbol or Cisco 802.11b card

Untested Tools

Airsnort

• http://airsnort.sourceforge.net
• good for testing security of wireless implementation
• requires LINUX and Prism2 chipset on wireless card

wepcrack-perl

• http://sourceforge.net/projects/wepcrack
• PERL scripts for cracking WEP key

Wireless Security Auditor

• http://www.research.ibm.com/gsal/wsa/
• IBM research prototype of a tool on LINUX on an iPAQ PDA