Part 2 Issue with deploying enterprise wireless in the mining industry

 

This is continuing on form Part 1 which can be found in the below link

Issue of deploying Enterprise wireless in the Mining environment Part 1

 

The aim of this blog is to highlight some of the common issues that I have faced when designing and installing enterprise wireless network in the mining industry.

Wireless technology deployed on sites is Cisco.

A picture paints a thousand words, so I am going use them as part of my explanations.

AP Placement:

IMG_1199

Picture: one CAT795F dump truck in a 8 bay garage

Picture above, highlights many issues I face with Antenna selection and AP placement.

  • Overhead mobile cranes systems, can dislodge APs or cause shadow zones
  • Heavy vehicles (massive tonka trucks)
  •  Insulation on walls and roofs. Antenna selection and AP placement consideration need to be taken into account to avoid excess reflections

Part 3 will doing into the specific of AP placement.

 

 

IMG_5337.JPG

Picture: CAT797B dump truck (RF Killer)

Cabling

IMG_1205.JPG

Picture 2: Cable trays

Running data and power cabling can be a very costly exercise given the size and structural design of the locations most installation required specialised equipment to be hired such as scaffolding, mobile elevated work platforms and at time cranes. All  equipment needs to be mine rated and requires  permits and license to operate.

Existing cable trays are often used for LV and HV cabling so alternate paths are need for data.

Locations

 IMG_0290.JPG

Picture: Coal wash plant

Certain locations where client devices may operate are extremely problematic for RF propagation and AP installation, sometimes the customer may need to be educated and shown an alternate solution as ubiquitous coverage is not always  possible in certain environments as well considering the cost.

IMG_1845.JPG

Picture: Water plant

  • AP’s require maintenance, due to getting covered in material$$$
  • AP’s require specialised  engineered mounting brackets due to excessive vibration
  • AP life span is reduce due chemicals and material in area.

Some site contain locations that  are rather old and contain asbestos which can be a headache for the installation of cabling and AP’s

Point-to-point

Locations can be remote with no connection back to the main site, so a P2P link sometimes is required, but over time the link stops working and you discover that the mine has decided to put a massive stock of ore which once use to be road that now blocks the link.

Rogue Networks

Mine site use wireless mesh network for there production networks and mobile fleets, technologies suchs as Rajant and TropOS are the most common I have seen, which can operate up 4watts.

IMG_0092.JPG

Picture: Rajant Breacrumbs Antennas installing workshop

Apart form the ACI and CCI issue they can cause, some locations  have business SSID being broadcast over the mesh network. When a fleet vehicle enters a non-production are it can cause client connectivity issues given the EIRP and client behaviour. A simple solution would be to remove it from SSID form the meshed network but nothing is simple.

Contracting company’s  install there on wireless networks, most of the time its with the default 80MHz wide channels.

Mice

Mice eating newly installed fibres, this occurs often over the winter period. To install mice traps etc. requires approval which can be difficult depending on sitemice eat fibre.PNG

Picture: Mice have chewed fibre( notice the paw prints and mice shit).

 

Part 3 will address AP placement and considerations  to provide wireless coverage based

Part 1: Issue of deploying Enterprise wireless in the Mining environment

The purpose of this blog post is to highlight some of the issues that I have faced over the past 6 years of trying to deploy enterprise and non enterprise wireless solutions in the mining industry.

Given the need for mobility,  guest access  and the demand for increased productivity, I have seen a dramatic increase in enterprise wireless networks being deployed in the mining industry.

dit.PNGPicture: Coal Mine

The mining industry is  a complex harsh beast. There are extremes of both hot and cold weather,  shift work, long 12-14hr days in environments where safety keeps you alive. Locations  are remote, some of the mines are hundreds or thousand of miles from the nearest town. Aside from the work environment, there are a great deal of  challenges and hoops one must jump through before even getting on to site.

For instance one cannot simply walk around with their Laptop and collect information easily, compared to an office environment ( love those surveys)

Each mine site has different access and safety requirement before you can enter  site and subsequent areas.

Things that are common:

  • Site and area specific Personal Protective equipment (PPE)
    • Depending on the PPE requirements can make it rather difficult to conduct a WSS .
      • At minimum it is always
        • Hard hat
        • Eye glasses
        • Ear protection
        • Gloves( sometimes you have 2-3 different pairs)
        • High visibility clothing , long sleeved and pants
        • Steel cap lace up boots (some sites have specific boots to wear that are issued in location)
        • at worst, I have had to wear a full face respiratory system in the hot Australian summer  (could not see shit).
  • Site and  area specific inductions
    • These can  be 1hr to a full  day depending on the area.
  • Safety inductions
    •  Sometimes require additional first aid training
    •  Electric safety awareness induction
    • Working at heights( (some roof heights are 20m+)
  • Work permits
    •  May be required to sign on or have to have  you own specific work permit generated. this again is time consuming as it requires approvals.

Once you have the basic out of the way,  you maybe able (I stress “maybe”  as you still need approval by the on shift superintendent or supervisor) to enter the area and most of the time depending on the work being performed you many need an area approved  escort.

In my experience floor plans provided are never correct.  Most of the time I have to draw them up or use evacuation plans located near fire exits .

  • Given the time constraints and environment an APoS is not able too be performed in most cases

heavey.PNG

Picture: Heavy Vehicle workshop

  • Restricted areas:
    • production outage can cause large amounts of dollars per hour.   Miners will not stop working so you can walk around and collect some data points on a production equipment. All the time you stick to the designated walk way and collect what information you can.
  • Information gathering can be an issue as some locations have restriction on the types of equipment that is allowed into an area.  So a note pad and pen is all you have and given these environments are  extremely dirty, muddy and wet,  you need to ensure you look after (Zip lock bag) your gear. There is limited chance of  a second bite of the cherry if you forget to get the switch model number/details and communications cabinet number.

dustry.PNG

Picture: Dusty areas

cisco.PNG

Picture: standard comms cabinet out in the field (not one of mine)

  • Damage to equipment
    • As mentioned before these environments are dirty and can be depending  extremely hot or cold  depend on the time of year. Your equipment is your life line, and it will get dirty. So far I have been lucky(or unlucky) and so far only damaged the screen on my Surface Pro 4. Still was able to use it complete WSS. Everything I have is stored in Pelican cases.

 

Picture: Pelican cases of equipment

case 3.PNG

Picture: Tripod

csae2.PNG

Picture: Couple of Pelican case when they were brand new.

damge.PNG

Picture: Damaged SP4 but still could charge on, used an iPad screen protector to keep it together.

Once you have completed the survey and collected all your required information, next comes the joy of trying to design the wireless network based on the environment and  wireless criteria.

Which I will discuss in my next blog post

CWNP (CWAP, CWSP, & CWDP) Certifications worth it

Is it worth undertaking the time and effort to achieve any of the CWNP Professional certification such’s as CWAP, CWSP and CWDP?

YES it is, without a doubt worth it.

After I complete my CWNA, I was wondering what certification track to embark on next, I was looking into CCNP wireless as I already hold a CCNA Wireless, and the company I work for is a Cisco shop.

However I decided to embark on the CWDP certification, as I was currently doing a great deal of wireless site surveys and designs, I also was very luck to have the opportunity to work on a project with a 2x CCIE and CWNE, which motivated me to not only study for my CWDP but also achieve the other 2 certifications and go for my CWNE, as he offered to endorse me, ( part of the application process to become a CWNE requires 3x endorsement one of which is highly recommend to be current CWNE) after 7 months of study I pass all 3 CWNP exams first time with 85% pass on all of them.

The order I completed the exams was CWDP , CWAP and CWSP this is not the most recommend way to complete the exams but suited my strengths and interests which is what I suggest.

The study time line is as follows

  • CWDP: just under 2 months
  • CWAP: just over 3 months
  • CWSP: just over 2 months

I spent on average 2-3hrs a day studying for these exams, while juggling university studies, family and work life.

my average Mon-Friday day consisted of the following while studying

  • 3:50am wake Up (caffeine lots of it)
  • 4:00am study  CWNP study
  • 5:00am  Exercise
  • 5:45am family/work routing
  • 7:00am study CWNP on train 50mins
  • 12:00pm lunch study CWNP 15mins
  • 4:30pm study on strain 50mins
  • 7:30pm study on CWNP and uni
  • 9:30pm Bed

Weekends

  • 5:00am wake Up (caffeine lots of it)
  • 5:15am study CWNP study
  • 8am-6:30pm family time/ go to the gym for 1hr
  • 7pm Uni study
  • 9:30pm Bed

when I had university assignments and exams coming up my daily routine was different as well life, work and kids always make things interesting but the above is the average.

The CWNP study guides are excellent and some of the best I have read. Exams as straight forward and if you know the material the question wont trick you up like some exams.

I actually found the CWSP exam the hardest out of all them, most say they find the CWAP the hardest, but for me it was not the case.

I can honestly say I really enjoyed studying for the CWNP certifications, as there is nothing worse  than having to read something you couldn’t give a rats ass about.

The knowledge and skills I learnt from this have greatly assisted me with in ever aspect of my job as a Wireless network engineer and I recommend the certifications to anyone.

Now that I have completed the CWNP track I will be applying for my CWNE which deserve a blog post on its own.

Mgig interface and Wave 2 AP’s

I was asked in a work team meeting by one of the network engineers part of the network refresh project about the Mgig interface on the new Wave 2 AP’s and if we should upgrade the switch interface to benefit from the information provided by the vendor data sheets

The below paragraphs is my attempt to explain to him and anyone else that would listen in the meeting that yes upgrading the switch and APs is a great idea, however based on good enterprise wireless design requirements and the nature of 802.11, we would not be able to achieve the theoretical wireless throughput rate of up to 5.2Gbp as per vendors data sheet.

To even come close to achieve this theoretical wireless data rate the AP requires to be configured with dual 5GHz radios (2.6Gbps per radio), both using 160MHz wide channels, and ideal RF conditions (RSSI greater the -48dBm and a Signal to noise ratio of above 40dB).

The major problem with this theoretical data rate is the channel width. In the 5GHz band we only have 25 20MHz wide non overlapping channels to play with (when using DFS Channels), If we where to utilise 160Mhz wide it only leaves us with 2.

Wireless is half duplex and given the mechanisms that an 802.11 device use to determine if the medium is free before sending traffic, having only 2 channels makes avoiding interference issue impossible. Client devices operating in a noise environment reduces the aggregate wireless throughput, due to the excess amount management traffic caused by corrupted frames being retransmitted ( more management traffic equals less data traffic).

When we design Enterprise wireless networks, a major design consideration is how to best design based on the RF spectrum available, frequency reuse, amount/type of client devices and data SLA, with these requirements identified we can determine the number of APs, placement and channel plan in order to avoid or reduce wireless issues such’s as co-channel, adjacent channel and overlapping basic service set interference.

Below are   some other reason why 160MHz wide via it not viable and won’t get the benefits of that Mgig interface in Enterprise Wireless deployment.

–           Currently no client devices support 160MHz wide channels

–           No normal wireless client device requires that amount of data throughput

–             Wireless Management and control traffic is sent a legacy data rates

–             Wireless is half duplex

–             TCP/IP overhead

–            Dual 5GHz AP deployments won’t work due to continued support for 2.4GHz clients.

–             When using the other radio as a 2.4GHz radio with a max 20MHz wide channel it has a  data rate of 288.9Mbps

–           Recommendations by a vendor for a dual 5GHz AP is 100Mhz spacing between channels, cannot use dual    160MHz wide channels are not able to be deployed.

–          Unrealistic RSSI and SNR values to achieve the MCS9 VHT Data rates

–         Multi-user multiple in multiple out (mu-mimo) but device need to capable and its only on the downlink.

Three types of data encryption standards for WiMAX networks

When data is transmitted and received over WiMAX Wireless infrastructure they can use many types of encryption methods below I will quickly highly 3 types of encryption standards that can be used with WiMAX.

 

  • Advanced Encryption Standard (AES) with 128-bit key
  • Rivest, Shamir and Adleman (RSA) with 1024-bit key
  • Triple Digital Encryption Standard (3-DES)

 

Both Advanced Encryption Standard (AES) and Triple Digital Encryption Standard (3-DES) are symmetric encryption algorithms using a block-cipher method.

Screen Shot 2017-09-29 at 8.03.46 am.png

Figure 1: Symmetric-Key Encryption

Where Rivest, Shamir and Adleman (RSA) is an asymmetrical algorithm. The main difference between symmetric and asymmetric encryption algorithms is that with symmetric encryption both keys are the same for encryption and decryption an unlike asymmetric encryption which uses two different keys.

Screen Shot 2017-09-29 at 8.01.14 am.png

Figure 2: Asymmetric-Key Encryption

 AES with 128-bit key was developed by the National Institute of Standards and Technology (NIST) in 2001 it used the Rijndael algorithm, it was designed to replace Digital Encryption Standard (DES) AES is the one of the most secure encryption standards in used today.

Screen Shot 2017-09-29 at 8.00.55 am.png

Figure 3: Advanced Encryption Standard

Triple Digital Encryption Standard (3-DES) encrypts its data three times with a 56-bit key. It is not as secure as AES, as such AES meant and designed to replace 3-DES.

Screen Shot 2017-09-29 at 8.01.06 am.png

Figure 4: Triple Digital Encryption Standard

RSA developed in 1977 is an asymmetrical algorithm that uses a public and a private key, one key is used to encrypt the traffic and the other key is used to decrypted. RSA is mainly used today for authentication, it can have key lengths of up to 2048 of which 1028 is the average size. Asymmetrical algorithms such’s as RSA require more CPU overhead to generate and maintain compared to Symmetrical algorithms like the ones mention.

Screen Shot 2017-09-29 at 8.00.47 am.png

Figure 4: RSA Encryption

All of the encryption standards mentioned provide confidentiality by turning clear text into cipher text.

Screen Shot 2017-09-29 at 8.05.18 am.png

Critical reflection on the topic of Energy Harvest for wireless Communication systems

 In following paragraphs, I will provide my critical reflection on the topic of ‘Energy Harvest’ after reading the following white papers.

Shaikh, Faisal Karim, and Sherali Zeadally. “Energy harvesting in wireless sensor networks: A comprehensive review.” Renewable and Sustainable Energy Reviews 55 (2016): 1041-1054.

Ulukus, Sennur, et al. “Energy harvesting wireless communications: A review of recent advances.” IEEE Journal on Selected Areas in Communications 33.3 (2015): 360-381

Both authors have addressed the different techniques of energy harvesting, hardware design requirements as well the efficiency and advances in technology required to be able to make this a viable option for wireless sensor networks (WSN).

While the concept of energy harvesting is an excellent idea and a possible solution to many of the issue that plague remote wireless senor networks, both authors admit it is still in its infancy, due to technology constraints and manufacturing cost.

The issue I see still being a problem in the future is the dependency on a battery backup in the event that its main energy source is not available as well as the requirement to perform on-going maintenance work on the energy harvesting equipment.

I have experience when it comes to the deployment, installation and maintenance of wireless sensor networks, coming from the mining section, we use WSN to relay information form Programmable Logic Controllers (PLC) that are connected to remote monitoring equipment or machines. While the idea of being able to deploy these in a small form factor devices in a set and forget mind-set dependant on the life span of the equipment is great, what I have found given my experience is that the main issue is actually the energy harvesting device whether it be solar panels or wind turbine that supplies the power as well as tickle charges the battery in the event that the sun or wind is not available, requires more on-going maintenance then the actually battery or WSN.

The ongoing maintenance involves cleaning due to excess dust build and animal excrement on the solar panels, the wind turbines require lubrication and at times both energy harvesting devices required replacement due to the extremes of weather or damage cause by animals or birds.

In some case the actually WSN and external battery out lives the energy harvesting equipment, the main reason for this is because it is shelter from the extremes of weather and animals.

While I hold a common interest in being able to power WSN by means as described in the research papers as well as reduce maintenance requirements where possible, I believe we are some time off before this is a reliable and cost-effective solution for most consumers to purchase and even then, given the certain environments that WSN are could be reduced in, it will still require on-going servicing of the energy harvesting equipment to ensure a long-life span.

Security challenges for Bluetooth and ZigBee WPAN technologies

One would think given the short range, low power and low data rates offered by WPAN technologies such’s as Bluetooth and ZigBee devices that it would not present much of a security concern, yet they are still prone to attacks as they can allow hackers a backdoor into certain networks.

ZigBee has the ability to use symmetric encryption algorithm meaning they use the same key to encrypt and decrypt. Bluetooth devices also have encryption options available however due power saving features, slow on-board CPU’s as well as the extra overhead generated by the encryption process. Encryptions ends up being rarely used, so when devices are joining and establishing connectivity all data is sent in clear text and is readable on the air waves for anyone in close proximity with the right tools to capture and decode.

ZigBee uses two types of symmetric keys for encryption: the network and link key.

When a device requests a link key to setup a secure connection between device in the piconet. A link key which is based on the network key is generated and encrypted with the network key, this must occur before the trust centre (PNC) distributes it to other devices on the piconet. This method allows vulnerability to the lower layers as it only applies to layer 7 (Application layer).

Bluetooth devices use a mechanism called pairing, which is a two-step process that enables the discover and connection of nearby devices. The Pairing process allows hackers with opportunity to discover and transmit unsolicited message to devices in close proximity this type of attack is known as bluejacking.

Another attack known as Bluesnarfing also leverages of the pairing process, enabling hackers access to information contained within personal smart devices, this type off attack can occur without the knowledge of the owner, if the user has enable certain settings on the device.

Bluetooth devices are prone to a very common security threat across all communication technology platforms called Denial-of-service (DoS) this attack renders the device useless as it not able to process all the malicious information that is being sent to it.

Bluetooth devices present many security concerns, not only from their own security vulnerabilities but it also allows hackers to user Bluetooth device for their own gain. Given their small form factor, low cost of manufacture, a hacker could easily plug a USB Bluetooth device into the back of a desktop without a user being aware, and given small form factor, low power and use of FHSS it makes them hard to discover or located, even with a spectrum analyser one would still have to in closer proximity of the device and be able to identity the signal pattern.

Another security concern is jamming of the RF spectrum, given both technology operate in the 2.4GHz band a hacker may not want to steal information but render the devices un-reusable but deploying a wireless jammer, commonly known as an ‘Air horn’.

A hobbyist company called Hak5 www.hak5.org makes devices that have the potential to be used for malicious reason if in the wrong hands, in particular it has Bluetooth packet sniffer https://hakshop.com/products/ubertooth-one this could be used to capture and decode frames for malicious reason.

L. Olenewa (2014). Guide to Wireless Communication (Third Edition). Boston: CENGAGE Learning

Cisco Load Balance configuration

 

 

Cisco Load Balance configuration

More detail explanations can be found a http://www.Cisco.com

 

Sometime referred to as advanced Load Balancing (Load balancing +). Is an enhancement to Aggressive load balancing, it allows you to configure load balancing per WLAN. Feature is disabled by default

 

Feature load balances wireless clients across Access point. Clients are only able to be load balanced across access points on the same WLC. Load balancing does not occur between access points on different controllers.

 

Load balancing only works at the association phase.

 

when a client tries to associate to a Cisco Lightweight Access point, association response packet is sent to the client with an 802.11 response packet including status code 17. The code 17 indicates that the AP is busy, so the client has to look for another AP to associate with.

 

The AP responds with association response bearing “success” if the AP threshold is not et, and with code 17(AP busy) I the AP utilization threshold is reached or exceed and another less busy AP heard the client request.

 

Problem can arise, if AP discarded or sends a status code 17 to client then client have to decide to ignore it or still use the same AP. Some client driver uses the same AP for connection once again but most of the other type of clients tries to find other AP for connection. So it depends on vendor drivers, as you cannot force them to accept the status code 17.

 

It is recommend not to enable this feature for the voice WLAN as it can cause roaming issues. For other WLANs, it should be enabled only after testing.

 

      • Client Window size: the client size window and client n least loaded AP determine the load balance threshold value.

Before configuring the load balance intelligence, remember the formula. An AP is considered busy once it has a number of associated clients equal to the client windows size plus the number of clients on the least loaded AP in the area

Load-balancing threshold= client window size + number of clients on the least loaded AP

 

Example: 3 AP

AP1: 9 clients

AP2: 7 clients

AP3: 4 clients

 

As per last default settings on last screen shoot client window size is 5

As per formula, load balance threshold is =5+4=9

Means if any new client wants to join AP1 then client will get the status 17(busy) message or in other words this AP(AP1) is considered to be busy.

      • Maximum Denial count: the maximum denial count parameter allows the user to configure the number of times the client associations will be rejected for a particular AP. The maximum denial count can have a value between 0 and 10

 

Network configuration

Form GUI:

Screen Shot 2017-09-02 at 7.37.41 pm.png

Figure 1. Client Load balancing global configuration windows

Screen Shot 2017-09-02 at 7.37.50 pm.png

Figure 2. Client Load balancing configuration per WLAN

Form cli:

Screen Shot 2017-09-02 at 7.37.58 pm.png

Figure 3 Client Load balancing configuration options

Screen Shot 2017-09-02 at 7.38.06 pm.png

Figure 4. Client Load balancing window

 

Screen Shot 2017-09-02 at 7.38.12 pm.png

Figure 5. Client Load balancing denial count

Screen Shot 2017-09-02 at 7.38.18 pm.png

Figure 6. enabling Client Load balancing configuration

Screen Shot 2017-09-02 at 7.38.24 pm.png

Figure 7. Disabling WLAN inference

then enable Client Load balancing by # Config plan load-balance allow 1

Screen Shot 2017-09-02 at 7.38.30 pm.png

Figure 8. enable WLAN inference
Screen Shot 2017-09-02 at 7.38.36 pm.png

Figure 9. Displaying Load balancing information

 

Screen Shot 2017-09-02 at 7.38.43 pm.pngScreen Shot 2017-09-02 at 7.44.54 pm.png

 Figure 10. Displaying WLAN configuration information

Kali Linux, putting WiFi Card into monitor mode

This is guide is about how to put your wireless adapter into monitor mode, using Kali Linux and then use Wireshark to inspect the frames (Wireshark comes standard with Kali)

*Not all wireless cards(chipsets)support monitor mode if unsure do a google search.    For this I will be using a Alfa Networks card:AWUS036NH.

Step1: check that the NIC is attached type

Screen Shot 2017-09-01 at 4.52.57 pm.png

Or

Screen Shot 2017-09-01 at 4.53.05 pm.png

Step2: Place wireless interface in monitor mode Airmon-ng start <interface name>  Screen Shot 2017-09-01 at 4.53.09 pm.png

Step 3: kill an process that are currently running.  Screen Shot 2017-09-01 at 4.53.17 pm.png

then check that processes have been stopped

Screen Shot 2017-09-01 at 4.53.23 pm.png

Step 4: Put interface  in sniffing mode this command will scan over all channels  depending on  wireless device chipset

Screen Shot 2017-09-01 at 4.53.28 pm.png

Can just sniff on a specific channel with the following command

Screen Shot 2017-09-01 at 4.53.39 pm.png

Screen Shot 2017-09-01 at 4.53.33 pm.png

Once sniffing channels load Wireshark, in in root access you will be presented with the below error message press ok and the select the wlan0mon interface to load the 802.11 frames.

Screen Shot 2017-09-01 at 4.53.51 pm.png

Done.

Kali Linux VMware tools install

Installation VMware tools allows better performance of the Virtual Machine in this case Kali Linux.

Depending on VMware you are running i.e Workstation,Vsphere client or Fusion  location the VMware tools install location will be different. The below location is for VMware Fusion.

CLICK install VMware tools (has Reistall VMware Tools as it is already installed).

Screen Shot 2017-08-30 at 7.26.53 pm.png

 

Once Vmtools appears on dektop open folderScreen Shot 2017-08-30 at 7.22.41 pm.png

Drag Vmware tools.tar.gz file to desktop.

Screen Shot 2017-08-30 at 7.23.12 pm.png

Than  disconnect Vmware tools by hit eject bottom left corner of  folder.

Screen Shot 2017-08-30 at 7.23.27 pm.png

Enter:

  • cd Desktop/
  • ls (to locate VMware specific file)
  • tar -cf vmwareTools-10.1.6-521329.tar.gz
  • ls (to locate VMware specific file)
  • cd vmware-tools-distrib/
  • ls
  • perl vmware-install.pl -d

Screen Shot 2017-08-30 at 7.23.33 pm.pngScreen Shot 2017-08-30 at 7.23.44 pm.png

once installation is complete reload Kali Linux

enter

  • reboot

 

Screen Shot 2017-08-30 at 7.23.56 pm.png

 

 

 

 

Done