Today I am sitting in on the first Asia Pacific #WiFiDesignDay - kindly brought to Sydney, Australia by @ekahau. Here is a brief play by play as it runs...
Mark Krischer from Cisco kicked off the day of guest presentations explaining the fundamentals of RF. The key take away was revealed nice and early. “You have two levers” which are increasing signal and reducing noise. This is a great lesson for newcomers to the WiFi space but equally important as a reminder to old-hats. To the new comer it creates new questions about how you might go about achieving positive outcomes with these levers. For old hats it should keep their minds wizzing around the concepts and realities of what these levers truly encompass. Matt Fowler (Mist) Discussed A.I. I’m not a fan of using the term A.I. to-date because it simply is a misnomer in the context it’s used. To be fair he also spoke a lot of Machine Learning which is actually the technology being implemented today (and called often wrongly labelled A.I.). It was great to see where Machine Learning can, Will and does improve our Wi-Fi networks and the workflows of those managing Wi-Fi networks. Jim Steinbacher from WatchGuard talked us through the present day threats and reality of hacking WiFi. The climax of Jim’s presentation was when he admitted he had been running a Karma attack using a discreetly placed Wi-Fi Pineapple. Jim was able to demonstrate how the attendees clients were sharing too much as he listed off the SSIDs many thought were private at their homes. It was cool to see the disbelief across the room. A lot of the attendees were initially stumped as to how this was happening. Having Keith Parsons (WLAN Professionals) in town was a treat. These days Keith comes to Australia a lot more than he used to to run various training courses (ESCE and CWNA). Keith started by encouraging those in the room who weren’t on Twitter or blogging to start both today. It was the classic hands up to solemnly swear they’ll get on it. Then Keith got to the meat... He explained that WiFi is working, even when the experience is bad. Keith showed the group that a system can be brittle if you don’t follow design rules. His analogy was brilliant, utilising LEGO and a simple set of requirements. What a great introduction. Keith is a master of story telling - and this is why you should do whatever it takes to go and sit in on one of Keith’s training courses. Even (if not especially) if you think you know it all about Wi-Fi. More to come after lunch... Aaron Scott (Aruba) has been spending a lot of time designing and overseeing the installation of a sports stadium in Sydney. He shared today some of his experiences on this project. After overcoming some extreme voice attenuation caused by a massive flame-red beard Aaron kicked off by outlining the great variation in requirements across the different areas and user scenarios in a stadium (from Media personnel to spectators lining up for food). Not everyone will have the pleasure of designing Wi-Fi for a stadium but a lot of the theory that goes in to planning this type of environment can be very useful across other designs. Aaron explained a method to calculating the total system throughput which can aid the backhaul planning requirements wired and Internet connectivity. From multi-stage stadium deployments (over years) to half covered, half non covered stadiums - Aaron has met many challenges which had to be overcome. Cost considerations and engineering experiences were great insights throughout the presentation. The day’s formalities were finalised with an expert panel prepared to answer the toughest attendees questions. Matt Fowler, Aaron Scott, Stephen Cooper, Keith Parsons and Jussi Kiviniemi sat up front and shared knowledge and opinion about:
There is an Easter Egg on the iOS version of the Ookla Speedtest app. Hold down the Go button for a long period of time until your phone starts vibrating. Then there was Beer! Thanks for following along.
Comments
Have you ever been asked if Wi-Fi is bad for our health? If you work with Wi-Fi you will have faced this question at least once, if not once every other month. There is a lot of misinformation, but lets not start with that. Recently I was asked to provide advice on the safety of Wi-Fi in regards to human health - this came up because I had made a recommendation to place Access Points underneath seats in a tiered seat (cinema style) theatre. The under-seat design is a story for another time. It occurred to me that the audience who had raised the concern of the proximity of Access Points to people would most likely be non-technical and would not had heard "The Spiel" before. I wanted to be as prepared as possible and armed with the most up to date information I could find. So I spent an entire Saturday reading through information - here is what I found. When reading about the effects of electromagnetic energy exposure it is important to note the radio frequencies of Wi-Fi are limited in range. Many of the studies and documents that are available relate to much wider frequencies (e.g. 0 - 300 GHz) or very targeted frequencies used in other technologies such as cellular base stations for mobile phones. The most common frequencies used for Wi-Fi occur between 2.4 GHz and 5.9 GHz. It is also important to note that the majority of Wi-Fi deployments will operate at a transmission power much lower to the services in other frequencies such as cellular, TV and Radio broadcast. While I've provided links to the various articles and content I have also included snippets for those who find it all a bit TLDR. Who's Who?ARPANSA - Australian Radiaton Protection and Nuclear Safety Agency Australian Government’s primary authority on radiation protection and nuclear safety. ARPANSA protect the Australian people and the environment from the harmful effects of radiation through understanding risks, best practice regulation, research, policy, services, partnerships and engaging with the community. ACMA - Australian Communications and Media Authority The independent statutory authority tasked with ensuring most elements of Australia's media and communications legislation, related regulations, and numerous derived standards and codes of practice operate effectively and efficiently, and in the public interest. ACMA is a 'converged' regulator, created to oversee the convergence of the four 'worlds' of telecommunications, broadcasting, radio communications and the internet. WHO - World Health Organisation The World Health Organization (WHO) is a specialized agency of the United Nations that is concerned with international public health. IEEE - Institute of Electrical and Electronics Engineers The IEEE Standards Authority is an organization within IEEE that develops global standards in a broad range of industries, including: power and energy, biomedical and health care, information technology and robotics, telecommunication among others. What They SayACMA: The ACMA and EME https://www.acma.gov.au/Citizen/Spectrum/About-spectrum/EME-hub/the-acma-and-eme The ACMA regulates EME from consumer devices such as mobile phones, baby monitors, cordless phones and smart meters with inbuilt antennas through the Radiocommunications (Compliance Labelling - Electromagnetic Radiation) Notice 2014 (the EME Labelling Notice) and the Radiocommunications (Electromagnetic Radiation-Human Exposure) Standard 2014 (the Human Exposure Standard). AMCA: Wi-Fi https://www.acma.gov.au/Citizen/Spectrum/About-spectrum/EME-hub/wifi The ACMA has found that EME exposure from Wi-Fi transmitters is significantly below the limits of the ARPANSA Standard. ARPANSA: Wi-Fi in Schools Measurement Study https://www.arpansa.gov.au/research/surveys/wi-fi-in-schools-measurement-study This study showed that the typical RF exposure of children from Wi-fi at school is very low and comparable or lower to other sources in the environment such as radio and TV broadcasts and mobile phone base stations. ARPANSA: Wi-Fi and Health https://www.arpansa.gov.au/understanding-radiation/radiation-sources/more-radiation-sources/wi-fi It is the assessment of ARPANSA and other national and international health authorities, including the World Health Organization (WHO), that there is no established scientific evidence of adverse health effects below current exposure limits. WHO: Electromagnetic Fields and Public Health http://www.who.int/peh-emf/publications/facts/fs304/en/ In fact, due to their lower frequency, at similar RF exposure levels, the body absorbs up to five times more of the signal from FM radio and television than from base stations. This is because the frequencies used in FM radio (around 100 MHz) and in TV broadcasting (around 300 to 400 MHz) are lower than those employed in mobile telephony (900 MHz and 1800 MHz) and because a person's height makes the body an efficient receiving antenna. Further, radio and television broadcast stations have been in operation for the past 50 or more years without any adverse health consequence being established. IEEE: Standard for Safety Levels with Respect to Human Exposure to Radio Frequency Electromagnetic Fields, 3 kHz to 300 GHz https://ieeexplore.ieee.org/document/1626482/ Federal Legislation: Radiocommunications (Electromagnetic Radiation - Human Exposure) Standard 2014 https://www.legislation.gov.au/Series/F2014L00960 The measurement methods to determine if the aware user device or non- aware user device meets the standard for performance in subsection 8 (1) or 8 (2) are the measurement methods identified in EN 62209-2 or IEC 62209- 2. A test report must comply with the requirements in EN 62209-2 or IEC 62209-2 which contained the measurement methods identified in accordance with subsection (2). WHO: Handbook on Establishing a Dialoge on Risks from Electromagnetic Fields http://www.who.int/peh-emf/publications/risk_hand/en/ Public Health England: Exposure to electromagnetic fields from wireless computer networks http://webarchive.nationalarchives.gov.uk/20140714093801tf_/http://www.hpa.org.uk/Topics/Radiation/UnderstandingRadiation/UnderstandingRadiationTopics/ElectromagneticFields/RadioWaves/WiFi/WiFiprojectreportonresultsSeptember2011/ The duty factor investigation shows that laptops and access points transmit for only small proportions of the time during typical lessons less than 1% of the time for laptops and less than 12% for access points. This means that the time-averaged exposure arising from the use of laptops in schools is even lower than those when laptops were measured under controlled conditions in the laboratory, and the SARs will also be smaller than those estimated above. Who Else Shares InformationThe Wi-Fi Alliance and Wi-Fi equipment manufacturers (aka Vendors) also submit perspectives and points of information to the mix. I deliberately leave material sourced from these organisations to last as it is, in most cases, referencing other material already covered by other organisations. It's also worth noting that both vendors and the Wi-Fi Alliance have an obvious bias towards finding and presenting the positive side of the story. It is my opinion that the Wi-Fi Alliance should not be considered a reliable source for health or medical based information. Vendor information should be followed for safe use and operation guidelines but like information from the Wi-Fi Alliance should not be used as the basis for medical advice. WFA - Wi-Fi Alliance Wi-Fi Alliance defines innovative, standards-based Wi-Fi technologies and programs, certifies products that meet quality, performance, security, and capability standards, provides industry thought leadership, and advocates globally for fair spectrum rules. WFA: Wi-Fi® and Health/Safety Brochure https://www.wi-fi.org/download.php?file=/sites/default/files/private/Wi-Fi_and_Health_Brochure_2015_0.pdf The wireless industry continually monitors information about RF health and related regulatory or policy changes to stay informed of up-to-date research and to be sure that the public can continue to have confidence in the safety of its products. In addition, Wi-Fi Alliance® supported two independent research studies both published in Health Physics, a peer-reviewed scientific journal. The first was an independent exposure study that conducted 356 measurements at 55 sites (including schools and hospitals) in four countries around the world. This study concluded that in all cases, the measured Wi-Fi signal levels were very far below international exposure limits (IEEE C95.1-2005 and ICNIRP) and in nearly all cases, far below other RF signals in the same environments. WFA: Wi-Fi and Health https://www.wi-fi.org/wi-fi-and-health Due to the ubiquity of Wi-Fi technology, questions about the safety of radio waves and Wi-Fi devices tend to arise from time to time. The wireless industry takes these concerns very seriously. Aruba’s Position on Health Concerns associated with Radio Frequency Exposure from WiFi https://arubapedia.arubanetworks.com/arubapedia/images/4/43/Aruba_Statement_on_WiFi_Health_Concerns.pdf Aruba is committed to providing products which are safe for our customers to own and use. Aruba’s wireless products are tested to ensure that they meet international RF safety standards. RF safety standards are regularly reviewed against the latest scientific studies to ensure they continue to protect the public’s health. Aruba: Regulatory Compliance and Safety Information Guide (AP-320) http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Method/attachment/Default.aspx?EntryId=21410 RF Radiation Exposure Statement: This equipment complies with FCC RF radiation exposure limits. This equipment should be installed and operated with a minimum distance of 7.87 inches (20cm) between the radiator and your body for 2.4 GHz and 5 GHz operations. Aruba: HPE Safety and Compliance Information Guide http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Method/attachment/Default.aspx?EntryId=26048 Exposure to Radio Frequency Radiation: The radiated output power of this device is below the FCC radio exposure limits. Nevertheless, the device should be used in such a manner that the potential for human contact during normal operation is minimized. To avoid the possibility of exceeding the FCC radio frequency exposure limits, human proximity to the antennas should not be less than 20 cm (8 inches) during normal operation. What's Next?There is always a possibility that the organisations referenced above will adopt new testing or theories which bring a different perspective. I recommend you stay informed and periodically review the information available. If you do find what I've shared here useful please let me know with a comment below.
Here are some resources I've collated relating to the recent WPA2 Wi-Fi vulnerability.
I would highly recommend following Mathy Vanhoef (aka @vanhoefm on Twitter) who has now been thrust in to the lime-light after being instrumental in the discovery of this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa https://www.kb.cert.org/vuls/id/228519 https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/ba-p/2099365 http://hpe.to/60158AqFZ https://www.krackattacks.com/ For a long time I was not a huge fan of predictive planning. I put this down in most part to a lack of an appropriate tool and also the influence of an employer. Much of my early design years were spent performing AP-on-a-stick RF signal readings. The good thing about having done countless surveys of this kind is the experience gained in understanding how RF is effected by different surfaces. I know first hand how walls that look the same can attenuate the RF of Wi-Fi in weird and wonderful ways, differing from one wall to the next. Also, how some windows seems to reflect signal more than others. The factual evidence you gain builds your working knowledge of how RF propagates through different spaces - and it’s all “factual" until your colleagues laptop shows wildly different results in the same exact software.
Predictive planning was thrust upon me when it was decided (by an employer) that physical presence on site was not feasible for every design. With inadequate tools this process was difficult, if not futile. The estimated signal propagation just never felt trustworthy so a conservative signal adjustment allowed for ever so slightly better educated guesswork. I wouldn’t dare try to estimate the margin of error. From a professional standpoint we know that this simply isn’t excusable, but as long as we learn from our mistakes, right? As my design and planning work has evolved I have a huge preference for a hybrid approach. Most of the upfront planning work is done in a predictive planning tool - now i have an industry standard application - and I will always visit a site where possible to get a visual understanding for scale, construction and layout. I like to see a space and visualise areas to try and think like a client and an AP from a transmission perspective. For high AP mount positions I like to get up there and scope the coverage zone out from that point of view. This can sound pretty weird when explaining my purpose to an uninitiated person who is accompanying me on a walk-through a site. It gets even weirder when I point my arms out in varying angles to determine an appropriate directionality of an antenna. If something needs testing I’ll either rig up a generic AP for rapid testing but there is a piece of me that still yearns for an AP on a Stick test once in a while, but it’s so inconvenient. Once a deployment is done tuning can only be done with real surveyed data. Capture-test-capture and repeat if necessary. The software available today has amazing visual analysis capabilities which make channel and transmit power tuning a much more achievable task. I look forward to the day when I can open up a case and deploy multiple miniature drones which will map out environments RF characteristics both pre and post implementation. We’re basically there technologically. Someone should productise this, I’d like to work for them! Very High Density venue environments are my favourite to design for. There is a real mixture of adjacent and non-adjacent spaces to account for each with different capacities and mountable surfaces. The complexity and challenge of these designs make them an endless learning experience. I’ve worked on designs for convention and exhibition centres, sports stadiums, horse racing venues and auditoriums. My approach to designing these spaces has largely remained consistent over the years even though the deployed technology has changed drastically. I require many visits to site, hours analysing maps and floor plans and multiple nights of disturbed dream-filled nights of sleep with the occasional moments of epiphany. It is not uncommon for a solution to a complex design to be masterminded through sleep. To overcome a great deal of design challenges I must acknowledge many colleagues and mentors. Through technology I have bridged international gaps and brought experts in to the environment with me with tools such as Skype and FaceTime so they can see the spaces I need to cover and observe the obstructions we can utilise. I once found an iPad application which allowed me to record a video and narration of a rudimentary sketch of an area while I explained my trigonometry based analysis of a space and how I might cover it with particular angled directional antenna. The trials of many before me has made much of the work in this space more approachable and comprehendible. Even vendor documentation is improving to allow for better communication with customers. Validated reference designs and the like really help to educate readers (both designers and customers) but also enhance dialogue surrounding expectations. No design is truly complete without measuring the most important metric. The metric of user experience is difficult to quantify and inherently burdensome to measure. These metrics, when they are collected, should be easily correlated to performance events as monitored at an infrastructure level yet even this data, in 2017, can be hard to come by. This topic is commonly discussed in our industry's conferences and online forums and will take time and experts at all levels to solve together. Being part of this type of collaboration is the pinnacle of all the years of experience and training that we go through in our careers. It’s inspiring to meet with peers who are willing to strive openly with others to enhance outcomes. ![]() Today we're testing Aruba ClearPass Policy Manager to show that a disabled user in Active Directory will not be successfully authenticated when connecting to a WLAN using 802.1X ![]() In ClearPass it is very easy to follow and deep-dive into the information of all access request attempts using the Access Tracker. Access Tracker can be accessed from Monitoring —> Live Monitoring in the left hand navigation menu. Access Tracker has a wealth of information which can be viewed in multiple ways and is so important to a ClearPass administrator that it deserves its very own browser tab when you are making changes to and testing new configuration in ClearPass. Here in Access Tracker we can see an access event where user “matt" requests and is granted access with a resulting enforcement profile of [Allow Access Profile]. You can see the Authentication method is EAP-PEA with EAP-MSCHAPv2 which is common in a Windows Domain, the authentication source is the AD to which the ClearPass server has been joined. The Authorisation source is "WFHX AD” which is the same domain but it has been setup in such a way that ClearPass can access attributes of domain accounts (both computer and user). ![]() Here is another access event showing the same user “matt” requesting access but being denied. The domain account for “matt” was disabled. You can see the authentication source is AD but the Authorisation source is not used this time as the process does not progress beyond the rejected authentication attempt. |
WifiHaxWe build and optimise networks. Continuous learning is our secret to being good. Along the learning journey we will share things here... Archives
May 2024
Categories
All
|