Delivery in day(s): 4
MN603 Wireless Network & Security Assignment
Today, wireless networks are inseparable part of business. MN603 Wireless Network Security Assignment is bring a lot efficiency in networking but also need not to ignore security practices associated with it to secure the data. The report will identified the tools and techniques for a WLAN network with vulnerability assessment evaluation. Later report will work on some cases to design and develop the WLAN network along with sufficient information about WLAN technologies.
Tool and techniques to secure WLAN
Wireless networks are easy to capture on devices those are not known to implementer of network. In comparison of wired connection, wireless networks are difficult to manage and secure because of diverse nature of components and open availability of packets. However, there are number of security practices expected to implement for survival of network under attack attempts and performance degradation cases. Some common cases are listed below to illustrate why there is a need to implement security and management tools in WLAN:
Organizations commonly share business related and personal private information in wireless LAN. There are possibilities that someone from outside but within range of wireless may be monitoring and receiving the communication. In such case, organization needs to encrypt the transactions and network ID so that outsiders can be prevented to get enrolled in network.
Multiple devices supporting wireless network in organization may be stole on configuration and physical access. To avoid this type of vulnerabilities, organization needs to pre-configure the devices as according to standard practices. Attacker may enter into network and can control network components for traffic on own site and purpose to be persistent in network for information . This becomes necessary to find the open holes in wireless network.
In order to save time and cost on management of large wireless network consisting a big number of components, organization needs to implement some sort of trusted software which is capable to centralise the network management and security analysis with auto monitoring and troubleshooting facility to common issues.
In all the above conditions, it is clear that enterprise needs to implement some type of wireless analyser and testing tool to automate the operations. As a Wi-Fi consultant, AirMagnet Wi-Fi analyser pro is recommended tool in enterprise environment as described in scenario 4. This tool is a WLAN analysis tool with vulnerability assessment technique .
AirMagnet is a set of tools used for network monitoring and troubleshooting. AirMagnet analyser is used for enterprise level organizations for network monitoring and proofing it against the vulnerabilities issues. This is paid and available in demo version for testing purpose only. Some of well know features of tool are given below:
- Faster and smarter to work with all type of wireless technologies.
- Compatible to work with different devices
- Notification based security and vulnerability features
- Full customization
- Set of effective tools and easy interface.
This tool can be used to carry out following functionalities in enterprise system for analysing as well as vulnerability assessment:
Discovering Wi-Fi networks:
AirMagnet tool can be used to discover the wireless networks within range. Tool is capable to discover reachable network of different types like 802.11a/b/g/n and ac networks in real time and independent manner. The result from analysis made to discover networks are accurate and reliable. Tool provides easy interface and effective layout of information to users for network discovery. AirMagnet provides the additional information about the network like name, SSID, security strength, source type and basic address of network. Below is given a snapshot of AirMagnet with some clues for information.
To discover the networks nearby the enterprise:
- Select start from navigation bar.
- Go to file menu and click discover which will identify the devices in network along with their addresses and strengths.
- To get into depth, select left most graphs from main screen and move to desired channel to expand the section. Sample observed results are given below.
Fugure 2: Capture networks and component details
Above figure shows the device name or MAC address, visible SSID, security information and last connectivity dates along with other information. In this manner tool also facilitate users to safeguard the network against weakness shown in discovered results.
Troubleshooting connectivity issues
An intelligent tool like AirMagnet always helps professionals to reduce their overhead to troubleshoot the connectivity issues by assisting them possible leaks in connections. AirMagnet provides diagnostic tool which helps to identify mismatched configuration of devices. It is possible that device may not be set to correct details like SSID, WEP passphrases, transmission rates, preambles and radio frequency channel. Trouble shooting also helps to keep the problem limited in network so that other part of network can be isolated from failed portion. Isolation steps may include probe discovery, sign in to network, re-connecting and potential failure of hardware in network . Troubleshooting assists the professional to be directed towards the main failing point rather than to re-examine whole network again from the starting point. In order to troubleshoot problems in client station, following steps can be followed:
- Check WLAN card of client station or MAC address table in AirMagnet to identify the MAC address of device.
- Ensure that client station is still working.
- Place the computer device running AirMagnet application near to client station.
- In AirMagnet tool, select Diag tab which also can be navigated from tools in menu bar. Following screen will be appeared.
- Client MAC address can be selected from STA drop down.
- Select the possible AP to which client may be connected from AP dropdown list.
- Click play icon or go button to start the association process.
Click on search icon or view button to list the troubles in client station configuration.
Number of buttons is given to list the log details in step wise list, process information, export options and cancel diagnostics.
Verifying Wi-Fi coverage
AirMagnet offers facility to users to measure and verify Wi-Fi coverage for selected network in enterprise. Coverage tool is provided in build facility to users to over view RF signalling on wireless network of enterprise which helps in pre and post installation work on networks. RF signal moving from one cell to another can be viewed easily during the analysis of RF signal network . It also generates log file which helps to adjust the size of RF cells so that enough area can be covered. Following steps show how to configure the tool for signal coverage testing.
- Select Coverage Tab from the AirMagnet tool and screen will appear as shown above.
- Navigate to Tab Coverage.
- Enter desired information and submit with Ok button.
- Now to measure site RF signalling in coverage, select the SSID and click the start button next to it to start the process.
- It also wants to measure signal distribution among device, navigate to next tab named Signal Dist and click Start for selected AP 
- In the same manner, jitter and DHCP tabs can be configured for more accurate and appropriate information about the coverage of network.
Managing a laptop’s Wi-Fi connection
In order to manage laptop’s own Wi-Fi connection, user can navigate to Tools option in navigation bar at bottom of main screen. Tools provide easy to use 11 tools which can be used to configure and manage network easily. Moreover functions can be found in tools/ configuration from main menu of application. This tools provides functionality to create own wireless network and hotspot with desired password and SSID 
Detecting rogue APs
AirMagnet tool is capable to find the rogue AP along with physical location of such devices. A rogue AP is an access point in wireless network which has been installed without the authentication to administrator. It may be activity of employee or attacker. For security purpose, it is essential to find and block rogue devices in network. To locate rogue AP and devices in network:
- Click AirWISE in navigation bar and select Rogue AP and client from it.
- Identify a rogue AP and note down its SSID and MAC address
- In SSID list, select the SSID of rogue device and choose channel.
- Specify the AP in find option
- Start the process and lock the result you want to monitor.
- Move in direction where meter is showing increasing strength 
- You can turn on audio and high the volume to find rogue device easily.
Above used steps was part of vulnerability assessment in network. As an effective tool, AirMagnet provides all the functions and tools to diagnostic network environment for vulnerability issue. Tool is capable to find and manage rogue devices and AP in network. Addition to it, tool also manages the access control lists (ACL) in network . Following effectiveness has been found with vulnerability assessment technique:
- Effective to analyse performance as well management of components in network.
- Easy to configure and alarm weaker section of wireless network.
- Easy analytical results and exportation in form of reports and logs for administrative purpose .
- Discovery of nearby wireless networks for security and maintenance purpose.
However, some of wireless technologies like 802.11 g etc are away from the testing with AirMagnet tool and not detectable in current assessments. Also, vulnerability assessment technique is somehow typical to deal with devices connected through wired connection but is in same network. Overall results and performance along with testing and verification are effective to use the tool in given scenario.
Investigation of Steve’s Cafeteria for WLAN
Addition to provided information, it is also seems necessary to analyse the surrounding environment of Steve’s cafeteria which will help to identify the range of other WLAN in coverage. Internal space can be rearranged or grouped to provide wired access to staff members in cafeteria for faster speed. In order to facilitate internet access to customers setting in garden outside the infrastructure of cafeteria, it should be analysed the approaches used to implement WLAN devices or existing may be increased in coverage area but it also should be consider that it is not accessible outside the boundaries and not so open in configuration to be heist. Internal places can be find those should be safe and away for unauthorised access .
Wired vs. Wireless network speed
In my opinion, wired network always provide the high speed because there is no effect of environmental changes on communication channel. Also there is fibre optic cable which has great speed due to no loss of data and no chances of data congestion in channel . Dedicated functionality provided by wired network has no compromises with other networks and their ranges in present one. All these reasons makes wired network faster and secure than wireless networks.
3.1 Addressing issues in RF propagation
To address the issues coming in propagation of RF for WLAN, multiple unidirectional RF devices can be added to outside of cafeteria. One or two unidirectional RF devices can be placed so that they can cover most of space. Also their cross positioning will help to be connected either with one of RF device so that seamless service can be used to access internet. Addition to it, RF devices can be placed securely at adaptable height so that leaves and branches has minimum barrier in propagation. All the devices can be configured on same frequency and antennas can be directed to line of sight for better performance.
3.2 Selection of WLAN types
Infrastructure of cafeteria is open space and has no boundaries but required high speed and security. Infrastructure mode can be used inside the cafeteria because it has facility to connect with hubs and fibre optic cables . Also it is of permanent type and needs less maintenance over the time. Only one base station is enough to serve cafeteria inside the building. In infrastructure mode, sub partitions of networks are connected to their AP and APs are connected to a single back bone for communication. Backbone channel may be linked to internet or local server to provide services to users. Ad-hoc is another type that can be used outside to connect remote devices as users move rapidly. Ad-hoc also does not need any base station to control the communication among all devices. Thus devices can communicate with each other directly. In ad-hoc, there is no AP and basic device of network as all the devices are independent to each other and connected to single ad hoc point.
4.1 Security measure for wireless network
Security measurements in wireless networks are different in comparison of wired network because it uses the different set of protocols and security algorithms to deliver the packages to destination. In wired where it is easy to identify the destination, a wireless network is more sensitive to integrated data packages and paths identification. Also the algorithms and devices can be altered in configuration to redirect the traffic towards remote centre. In wireless network, encrypted packages of data are available to all those are in range, thus encryption needs to be stronger . All this makes wireless security different then wired network. Wireless networks are also more vulnerable to attacks because of open access to connecting devices which can be controlled remotely. Wireless networks are more vulnerable to physical implementation as strong metallic walls and high number of boundaries between two devices reduces the penetration power of wireless signals. Outsiders can hack the wireless if proper security practices are not followed to prevent the unauthorized request in network.
4.2 Hotspot access and WLAN access
One major difference is that WLAN access is provided to others by the access points those are hardware devices whereas hotspot is created with a device has data access. In hotspot devices communicate with each other and share the data access provide by one of them but access points are used to offer data access to all devices those are configured for connection with WLAN access. Addition to it, range of access point is much larger than hotspot because used to serve a large number of devices in network. Hotspot is limited to cover devices in few meters. Hotspots are also easy to create and manage in comparison of wireless access because access points are used to connect a group of wireless stations . WLAN access is compatible to connect with Ethernet interface whereas hotspot is solely dependent on wireless technology.
5.1 Network components for Steve Cafeteria
Extended service set (ESS) is recommended to use with Steve cafeteria because it contain basic service set connected through distributed channel but also has own access point which is helpful to separate the management computers form whole network. For that routers can be used to create multiple service sets in network. Routers have capability to filter incoming packages and to decide effective path to destination with secured and encrypted data . Routers use the routing tables to map the path which is smaller in term of distance and great for speed and performance. Nearby routers are connected to gather information about all the devices which are connected wireless in network. One router can be assigned as head to basic service sets in network. This strategy is useful to isolate the management computing systems away from the access of guest users.
Also a router can be configured to manage all the underlying devices in it. Switches are another type of component used to extend the network inside the building and to bring it outside with routers. Normally switches has one input to it but multiple outgoing connections from switch helps to obtain connectivity among more devices with same speed and equal distribution of channel. Switches also helps Steve to make used of distribution of channel and speed among number of devices those are similar to an objective in cafeteria. Distribution system is used to connect two or more access points in network. It can be made up of fibre optic cable which is faster and fault resistant with surrounding environment. Twisted coaxial cable is another alternative for distribution channel but may be compromise for speed and performance standards for that organization is seeking implementation.
5.2 Proposed WLAN Solution
Below given is a sketch of WLAN for Steve cafeteria in which campus LAN is used to provide services in interior of building. Building area also has wired computer connections along with controller. Garden in front of cafeteria is designed with switches and routers to extend the network outside the physical boundaries. In outer space, remote devices like laptops and mobiles can connect to any of access point available to them in coverage . Controller is used to manage network devices and authentication process for managerial computers in cafeteria. Also it has been mentioned that infrastructure mode is effective to meet the requirements inside the building of cafeteria and ad-hoc is useful in garden area where limited number of visitors are seeking for connectivity. However, both types are intermixed with some wired connections and have enough security parameters to secure the transaction of visitors. In internal portion of cafeteria contains some computers those are encrypted and managed well for users those are more aware about private and secure browsing.
The report has been identified tool and technique to evaluate secure parameters and vulnerability assessments with WLAN network in an enterprise. Also report has described the basic information of WLAN technology to design and develop network for cafeteria and a campus. Report has described required points with suitable diagrams.
J. Andrews, R. Ganti, M. Haenggi, N. Jindal and S. Weber, "A primer on spatial modeling and analysis in wireless networks", IEEE Commun. Mag., vol. 48, no. 11, pp. 156-163, 2010.
I. Broustis, K. Papagiannaki, S. Krishnamurthy, M. Faloutsos and V. Mhatre, "Measurement-Driven Guidelines for 802.11 WLAN Design", IEEE/ACM Transactions on Networking, vol. 18, no. 3, pp. 722-735, 2010.
D. Nemade and A. Bhole, "Securing Mobile Ad Hoc Networks with Intrusion Detection System: A Review", IJARCCE, pp. 149-154, 2015.
H. Yang, "Analysis of RF radiation interference on wireless communication systems", Antennas Wirel. Propag. Lett., vol. 2, no. 1, pp. 126-129, 2003.
D. Lu and X. Tang, "Analysis and design of compact wide bandpass filter with ultra-wide stopband using multi-stub loaded resonator", Int. J. Microw. Wireless Technol., pp. 1-8, 2016.
K. Staniec, M. Habrych, K. Rutecki and B. Miedzi?ski, "Practical Remarks on Designing a Local Segment in a Wide-area Wireless Sensor Network for Measuring Factors Hazardous to the Environment",Electronics and Electrical Engineering, vol. 18, no. 9, 2012.
A. Martian, "Real-time spectrum sensing using software defined radio platforms", Telecommunication Systems, 2016.