1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl, Jitendra Padhye, Lenin Ravnindranath,

Slides:



Advertisements
Similar presentations
Wi-Fi Technology.
Advertisements

Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)
Computer Concepts – Illustrated 8th edition
What’s New in Fireware XTM
Polycom Unified Collaboration for IBM Lotus Sametime and IBM Lotus Notes January 2010.
1 UNIT I (Contd..) High-Speed LANs. 2 Introduction Fast Ethernet and Gigabit Ethernet Fast Ethernet and Gigabit Ethernet Fibre Channel Fibre Channel High-speed.
Enterprise Wireless LAN (WLAN) Management and Services
1 Fault Analysis for Large-scale Campus-wide Wireless Networks Jian Chen Department of CS, Tsinghua University, Beijing, China.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Doc.: IEEE /0046r0 Submission July 2009 Ari Ahtiainen, NokiaSlide 1 A Cooperation Mechanism for Coexistence between Secondary User Networks on.
Circuit Monitoring July 16 th 2011, OGF 32: NMC-WG Jason Zurawski, Internet2 Research Liaison.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Kommunikationssysteme FORSCHUNGSINSTITUT FÜR KOMMUNIKATION, INFORMATIONSVERARBEITUNG UND ERGONOMIE FGAN 0 Relay Placement for Ad-hoc Networks in Crisis.
WLAN Validation 1 Motorola Public Document Classification, October 2011 MODULE 18 WLAN VALIDATION.
Faculty of Computer Science & Engineering
1 Vidar Stokke Senior Engineer at the Norwegian University of Science and Technology, IT-division, Networking Programme: 1.History of wireless networks.
© 2009 VMware Inc. All rights reserved View Pool Image Configuration Considerations for Gold Images around Application virtualization and performance.
Chapter 1: Introduction to Scaling Networks
4/1/2017 Wireless Mobile IP CCRI ENGR 1500 CCRI J. Bernardini.
Rohan Murty Harvard University Jitendra Padhye, Ranveer Chandra, Alec Wolman, and Brian Zill Microsoft Research 1.
© 2011 Aerohive Networks CONFIDENTIAL WI-FI DESIGN 101: QUESTIONS EVERY MANAGER SHOULD ANSWER BEFORE PURCHASING WI-FI.
SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G
Squares and Square Root WALK. Solve each problem REVIEW:
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Introduction to Computer Administration Introduction.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 EN0129 PC AND NETWORK TECHNOLOGY I NETWORK LAYER AND IP Derived From CCNA Network Fundamentals.
The Next Step NSW DET Standards.  Standard (“fat”) Access Point(s) (AP’s) installed  Multiple laptops connected  Security provided by WEP or WPA (or.
Addition 1’s to 20.
25 seconds left…...
Week 1.
Introduction to Ad-hoc & Sensor Networks Security In The Name of God ISC Student Branch in KNTU 4 th Workshop Ad-hoc & Sensor Networks.
14.1 Chapter 14 Wireless LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Technical Guide For Mesh AP – MAP-3120 What’s the difference between Mesh Bridge and AP WDS Bridge?
1 ECE 776 Project Information-theoretic Approaches for Sensor Selection and Placement in Sensor Networks for Target Localization and Tracking Renita Machado.
New Opportunities for Load Balancing in Network-Wide Intrusion Detection Systems Victor Heorhiadi, Michael K. Reiter, Vyas Sekar UNC Chapel Hill UNC Chapel.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Security Awareness: Applying Practical Security in Your World
Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.
1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl †, Jitendra Padhye †, Lenin Ravnindranath.
A Location-Based Management System for Enterprise Wireless LANs Ranveer Chandra, Jitendra Padhye, Alec Wolman and Brian Zill Microsoft Research.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
Dartmouth’s Wireless Network May 16, 2005 David W. Bourque.
High Performance, Easy to Deploy Wireless. Agenda Foundry Key Differentiators Business Value Product Overview Questions.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
WIRELESS INTRUSION DETECTION SYTEMS Namratha Vemuri Balasubramanian Kandaswamy.
Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.
1 Architecture and Techniques for Diagnosing Faults in IEEE Infrastructure Networks Atul Adya, Victor Bahl, Ranveer Chandra, Lili Qiu Microsoft.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
MAHARANA PRATAP COLLEGE OF TECHNOLOGY, GWALIOR
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
Wireless Hotspots: Current Challenges and Future Directions CNLAB at KAIST Presented by An Dong-hyeok Mobile Networks and Applications 2005.
Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.
Enhancing the Security of Corporate Wi-Fi Networks Using DAIR Paramvir Bahl, Ranveer Chandra, Jitendra Padhye, Lenin Ravindranath, Manpreet Singh, Alec.
Wireless? A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier. The last link with the users is wireless, to give.
Challenges in (managing) Wireless Networks. Different types Licensed vs. unlicensed spectrum UWB GPRS Bluetooth Asymmetric networks (data on TV.
CO5023 Wireless Networks. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an.
Resolve today’s IT management dilemma Enable generalist operators to localize user perceptible connectivity problems Raise alerts prioritized by the amount.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Wireless LANs.
Module Overview Overview of Wireless Networks Configure a Wireless Network.
Outline What is Wireless LAN Wireless Transmission Types
Enhancing the Security of Corporate Wi-Fi Networks Using DAIR
Chapter 4: Wireless LANs
Wireless LAN Security 4.3 Wireless LAN Security.
Presentation transcript:

1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl, Jitendra Padhye, Lenin Ravnindranath, Manpreet Singh, Alec Wolman, Brian Zill Microsoft Research Cornell University

2 Observations Outfitting a desktop PC with wireless is becoming very inexpensive –Wireless USB dongles are cheap –PC motherboards are starting to appear with radios built-in Desktop PCs with good wired connectivity are ubiquitous in enterprises $6.99!

3 Key Insight Combine to provide a dense deployment of wireless sensors We can use this platform to realize the full potential of wireless networks –Enterprise wireless management tools –Enable new services where wireless is a key component

4 The DAIR Platform Wireless management tools –Improve security –Reduce IT ops costs –Increase quality of service New applications and services –Location services –Seamless roaming –Alternative data distribution channel

5 Outline Motivation DAIR architecture Management apps (& Rogue networks) Related work

6 Enterprise WLAN Management Corporations spend a lot on WLAN infrastructure –Worldwide enterprise WLAN business expected to grow from $1.1 billion this year to $3.5 billion in 2009 –MS IT dept. – 72% of costs are people Security and reliability are major concerns –Wireless networks are becoming a target for hackers –Reliability: MS IT receives ~500 WLAN helpdesk requests per month No easy way to measure cost of reliability problems

7 Advantages of the DAIR Approach –High density Wireless propagation is highly variable in enterprise environments (many obstructions) Lots of channels to cover: 11 for b/g, 13 for a Improves fidelity of many management tasks Enables accurate location (useful as a diagnosis tool) –Stationary sensing Provides predictable coverage Also helps enable location services Allows meaningful historical analysis –Desktop resources Spare CPU, disk, and memory Good connectivity to wired network Wall power

8 Outline Motivation DAIR architecture Management apps (& Rogue networks) Related work

9 DAIR Architecture

10

11 Outline Motivation DAIR architecture Management apps (& Rogue networks) Related work

12 Wireless Management Apps Performance and Reliability Performance monitoring –Site planning: AP placement, frequency selection –AP Load balancing –Isolating performance problems Helping disconnected clients –RF Holes –Misconfiguration, certificates, etc… Reliability –Recovery from malfunctioning APs –Recovery from poor association policies

13 Wireless Management: Security Apps Detecting DoS attacks: –Spoofing Disassociation –Large NAV values –Jamming Detecting Rogue Wireless Networks

14 Rogue Wireless Networks Detecting rogue APs and rogue ad-hoc networks An uninformed or careless employee who doesnt understand (or chooses not to think about) the security implications –An employee brings in an AP from home, and attaches it to the corporate network, creating a rogue AP –It is trivial to configure a desktop PC with a wireless interface to create a rogue ad-hoc network

15 Risks Attaching unauthorized AP to a corporate network –May allow unauthorized wireless clients to gain access A wireless client unknowingly connects to unauthorized AP on unauthorized network –May expose corporate information on that network Once rogue network is installed, physical proximity is no longer needed (esp. with directional antennas)…

16 A Simple Solution? Build a database of known: – SSIDs (network names) – BSSIDs (access point MAC addresses) Use DAIR infrastructure to scan – Whenever an unknown entity appears (either SSID or BSSID), raise an alarm This is the level at which most previous work solves this problem

17 False Alarms In many enterprise environments, one can hear other legitimate APs –E.g. shared office buildings Is the unknown wireless network connected to your corporate wired network?

18 Testing for Wired Connectivity Association test –Associate with suspect AP, contact wired node Mac address tests: –First-hop router test Wireless DEST = known router on wired network –ARP test Wireless DEST = known entity on local subnet DHCP signature test –For wireless routers: Identify device type through DHCP options Packet correlation test –Use timing and packet lengths to see traffic on both wired/wireless Replay test

19 First-Hop Router Test Land MonitorAir Monitor Subnet RouterDatabase Land Monitor discovers MAC addresses of all subnet routers, submits results to the database Client AirMonitor overhears a client communicating with an unknown access point Access Point ?

20 First-Hop Router Test Unencrypted HeaderEncrypted Payload ReceiverTransmitterDestination Access PointClientSubnet Router Frame (with encryption): MAC Addresses:

21 Outline Motivation DAIR architecture Management apps (& Rogue networks) Related work

22 Current Approaches & Related Research Many commercial offerings in this space Leverage existing access points (APs) –AirWave, ManageEngine, … –APs primary goal is to provide service to clients, limited time listening on other channels Specialized sensors –Aruba (MS IT choice), AirDefense, AirTight … –Expensive limited density [Adya et al. Mobicom 04] – use assistance of mobile clients –Difficult to provide predictable coverage –Less proactive due to energy constraints Other wireless monitoring

23 Wrapping Up… –Status Built much of the plumbing: AirMonitors, Inferencing Service, Management Console (GUI) Built set of wireless security apps, ongoing evaluation Deployed ~22 AirMonitors on one floor of our building –Next 6 months: Performance & reliability apps Provide location services Larger scale deployment –Longer Term: going beyond management tools Seamless roaming Self-configuring complete replacement for existing wireless infrastructure