CWNP (CWAP, CWSP, & CWDP) Certifications worth it

Is it worth undertaking the time and effort to achieve any of the CWNP Professional certification such’s as CWAP, CWSP and CWDP?

YES it is, without a doubt worth it.

After I complete my CWNA, I was wondering what certification track to embark on next, I was looking into CCNP wireless as I already hold a CCNA Wireless, and the company I work for is a Cisco shop.

However I decided to embark on the CWDP certification, as I was currently doing a great deal of wireless site surveys and designs, I also was very luck to have the opportunity to work on a project with a 2x CCIE and CWNE, which motivated me to not only study for my CWDP but also achieve the other 2 certifications and go for my CWNE, as he offered to endorse me, ( part of the application process to become a CWNE requires 3x endorsement one of which is highly recommend to be current CWNE) after 7 months of study I pass all 3 CWNP exams first time with 85% pass on all of them.

The order I completed the exams was CWDP , CWAP and CWSP this is not the most recommend way to complete the exams but suited my strengths and interests which is what I suggest.

The study time line is as follows

  • CWDP: just under 2 months
  • CWAP: just over 3 months
  • CWSP: just over 2 months

I spent on average 2-3hrs a day studying for these exams, while juggling university studies, family and work life.

my average Mon-Friday day consisted of the following while studying

  • 3:50am wake Up (caffeine lots of it)
  • 4:00am study  CWNP study
  • 5:00am  Exercise
  • 5:45am family/work routing
  • 7:00am study CWNP on train 50mins
  • 12:00pm lunch study CWNP 15mins
  • 4:30pm study on strain 50mins
  • 7:30pm study on CWNP and uni
  • 9:30pm Bed

Weekends

  • 5:00am wake Up (caffeine lots of it)
  • 5:15am study CWNP study
  • 8am-6:30pm family time/ go to the gym for 1hr
  • 7pm Uni study
  • 9:30pm Bed

when I had university assignments and exams coming up my daily routine was different as well life, work and kids always make things interesting but the above is the average.

The CWNP study guides are excellent and some of the best I have read. Exams as straight forward and if you know the material the question wont trick you up like some exams.

I actually found the CWSP exam the hardest out of all them, most say they find the CWAP the hardest, but for me it was not the case.

I can honestly say I really enjoyed studying for the CWNP certifications, as there is nothing worse  than having to read something you couldn’t give a rats ass about.

The knowledge and skills I learnt from this have greatly assisted me with in ever aspect of my job as a Wireless network engineer and I recommend the certifications to anyone.

Now that I have completed the CWNP track I will be applying for my CWNE which deserve a blog post on its own.

Advertisements

Mgig interface and Wave 2 AP’s

I was asked in a work team meeting by one of the network engineers part of the network refresh project about the Mgig interface on the new Wave 2 AP’s and if we should upgrade the switch interface to benefit from the information provided by the vendor data sheets

The below paragraphs is my attempt to explain to him and anyone else that would listen in the meeting that yes upgrading the switch and APs is a great idea, however based on good enterprise wireless design requirements and the nature of 802.11, we would not be able to achieve the theoretical wireless throughput rate of up to 5.2Gbp as per vendors data sheet.

To even come close to achieve this theoretical wireless data rate the AP requires to be configured with dual 5GHz radios (2.6Gbps per radio), both using 160MHz wide channels, and ideal RF conditions (RSSI greater the -48dBm and a Signal to noise ratio of above 40dB).

The major problem with this theoretical data rate is the channel width. In the 5GHz band we only have 25 20MHz wide non overlapping channels to play with (when using DFS Channels), If we where to utilise 160Mhz wide it only leaves us with 2.

Wireless is half duplex and given the mechanisms that an 802.11 device use to determine if the medium is free before sending traffic, having only 2 channels makes avoiding interference issue impossible. Client devices operating in a noise environment reduces the aggregate wireless throughput, due to the excess amount management traffic caused by corrupted frames being retransmitted ( more management traffic equals less data traffic).

When we design Enterprise wireless networks, a major design consideration is how to best design based on the RF spectrum available, frequency reuse, amount/type of client devices and data SLA, with these requirements identified we can determine the number of APs, placement and channel plan in order to avoid or reduce wireless issues such’s as co-channel, adjacent channel and overlapping basic service set interference.

Below are   some other reason why 160MHz wide via it not viable and won’t get the benefits of that Mgig interface in Enterprise Wireless deployment.

–           Currently no client devices support 160MHz wide channels

–           No normal wireless client device requires that amount of data throughput

–             Wireless Management and control traffic is sent a legacy data rates

–             Wireless is half duplex

–             TCP/IP overhead

–            Dual 5GHz AP deployments won’t work due to continued support for 2.4GHz clients.

–             When using the other radio as a 2.4GHz radio with a max 20MHz wide channel it has a  data rate of 288.9Mbps

–           Recommendations by a vendor for a dual 5GHz AP is 100Mhz spacing between channels, cannot use dual    160MHz wide channels are not able to be deployed.

–          Unrealistic RSSI and SNR values to achieve the MCS9 VHT Data rates

–         Multi-user multiple in multiple out (mu-mimo) but device need to capable and its only on the downlink.

Three types of data encryption standards for WiMAX networks

When data is transmitted and received over WiMAX Wireless infrastructure they can use many types of encryption methods below I will quickly highly 3 types of encryption standards that can be used with WiMAX.

 

  • Advanced Encryption Standard (AES) with 128-bit key
  • Rivest, Shamir and Adleman (RSA) with 1024-bit key
  • Triple Digital Encryption Standard (3-DES)

 

Both Advanced Encryption Standard (AES) and Triple Digital Encryption Standard (3-DES) are symmetric encryption algorithms using a block-cipher method.

Screen Shot 2017-09-29 at 8.03.46 am.png

Figure 1: Symmetric-Key Encryption

Where Rivest, Shamir and Adleman (RSA) is an asymmetrical algorithm. The main difference between symmetric and asymmetric encryption algorithms is that with symmetric encryption both keys are the same for encryption and decryption an unlike asymmetric encryption which uses two different keys.

Screen Shot 2017-09-29 at 8.01.14 am.png

Figure 2: Asymmetric-Key Encryption

 AES with 128-bit key was developed by the National Institute of Standards and Technology (NIST) in 2001 it used the Rijndael algorithm, it was designed to replace Digital Encryption Standard (DES) AES is the one of the most secure encryption standards in used today.

Screen Shot 2017-09-29 at 8.00.55 am.png

Figure 3: Advanced Encryption Standard

Triple Digital Encryption Standard (3-DES) encrypts its data three times with a 56-bit key. It is not as secure as AES, as such AES meant and designed to replace 3-DES.

Screen Shot 2017-09-29 at 8.01.06 am.png

Figure 4: Triple Digital Encryption Standard

RSA developed in 1977 is an asymmetrical algorithm that uses a public and a private key, one key is used to encrypt the traffic and the other key is used to decrypted. RSA is mainly used today for authentication, it can have key lengths of up to 2048 of which 1028 is the average size. Asymmetrical algorithms such’s as RSA require more CPU overhead to generate and maintain compared to Symmetrical algorithms like the ones mention.

Screen Shot 2017-09-29 at 8.00.47 am.png

Figure 4: RSA Encryption

All of the encryption standards mentioned provide confidentiality by turning clear text into cipher text.

Screen Shot 2017-09-29 at 8.05.18 am.png

Critical reflection on the topic of Energy Harvest for wireless Communication systems

 In following paragraphs, I will provide my critical reflection on the topic of ‘Energy Harvest’ after reading the following white papers.

Shaikh, Faisal Karim, and Sherali Zeadally. “Energy harvesting in wireless sensor networks: A comprehensive review.” Renewable and Sustainable Energy Reviews 55 (2016): 1041-1054.

Ulukus, Sennur, et al. “Energy harvesting wireless communications: A review of recent advances.” IEEE Journal on Selected Areas in Communications 33.3 (2015): 360-381

Both authors have addressed the different techniques of energy harvesting, hardware design requirements as well the efficiency and advances in technology required to be able to make this a viable option for wireless sensor networks (WSN).

While the concept of energy harvesting is an excellent idea and a possible solution to many of the issue that plague remote wireless senor networks, both authors admit it is still in its infancy, due to technology constraints and manufacturing cost.

The issue I see still being a problem in the future is the dependency on a battery backup in the event that its main energy source is not available as well as the requirement to perform on-going maintenance work on the energy harvesting equipment.

I have experience when it comes to the deployment, installation and maintenance of wireless sensor networks, coming from the mining section, we use WSN to relay information form Programmable Logic Controllers (PLC) that are connected to remote monitoring equipment or machines. While the idea of being able to deploy these in a small form factor devices in a set and forget mind-set dependant on the life span of the equipment is great, what I have found given my experience is that the main issue is actually the energy harvesting device whether it be solar panels or wind turbine that supplies the power as well as tickle charges the battery in the event that the sun or wind is not available, requires more on-going maintenance then the actually battery or WSN.

The ongoing maintenance involves cleaning due to excess dust build and animal excrement on the solar panels, the wind turbines require lubrication and at times both energy harvesting devices required replacement due to the extremes of weather or damage cause by animals or birds.

In some case the actually WSN and external battery out lives the energy harvesting equipment, the main reason for this is because it is shelter from the extremes of weather and animals.

While I hold a common interest in being able to power WSN by means as described in the research papers as well as reduce maintenance requirements where possible, I believe we are some time off before this is a reliable and cost-effective solution for most consumers to purchase and even then, given the certain environments that WSN are could be reduced in, it will still require on-going servicing of the energy harvesting equipment to ensure a long-life span.

Security challenges for Bluetooth and ZigBee WPAN technologies

One would think given the short range, low power and low data rates offered by WPAN technologies such’s as Bluetooth and ZigBee devices that it would not present much of a security concern, yet they are still prone to attacks as they can allow hackers a backdoor into certain networks.

ZigBee has the ability to use symmetric encryption algorithm meaning they use the same key to encrypt and decrypt. Bluetooth devices also have encryption options available however due power saving features, slow on-board CPU’s as well as the extra overhead generated by the encryption process. Encryptions ends up being rarely used, so when devices are joining and establishing connectivity all data is sent in clear text and is readable on the air waves for anyone in close proximity with the right tools to capture and decode.

ZigBee uses two types of symmetric keys for encryption: the network and link key.

When a device requests a link key to setup a secure connection between device in the piconet. A link key which is based on the network key is generated and encrypted with the network key, this must occur before the trust centre (PNC) distributes it to other devices on the piconet. This method allows vulnerability to the lower layers as it only applies to layer 7 (Application layer).

Bluetooth devices use a mechanism called pairing, which is a two-step process that enables the discover and connection of nearby devices. The Pairing process allows hackers with opportunity to discover and transmit unsolicited message to devices in close proximity this type of attack is known as bluejacking.

Another attack known as Bluesnarfing also leverages of the pairing process, enabling hackers access to information contained within personal smart devices, this type off attack can occur without the knowledge of the owner, if the user has enable certain settings on the device.

Bluetooth devices are prone to a very common security threat across all communication technology platforms called Denial-of-service (DoS) this attack renders the device useless as it not able to process all the malicious information that is being sent to it.

Bluetooth devices present many security concerns, not only from their own security vulnerabilities but it also allows hackers to user Bluetooth device for their own gain. Given their small form factor, low cost of manufacture, a hacker could easily plug a USB Bluetooth device into the back of a desktop without a user being aware, and given small form factor, low power and use of FHSS it makes them hard to discover or located, even with a spectrum analyser one would still have to in closer proximity of the device and be able to identity the signal pattern.

Another security concern is jamming of the RF spectrum, given both technology operate in the 2.4GHz band a hacker may not want to steal information but render the devices un-reusable but deploying a wireless jammer, commonly known as an ‘Air horn’.

A hobbyist company called Hak5 www.hak5.org makes devices that have the potential to be used for malicious reason if in the wrong hands, in particular it has Bluetooth packet sniffer https://hakshop.com/products/ubertooth-one this could be used to capture and decode frames for malicious reason.

L. Olenewa (2014). Guide to Wireless Communication (Third Edition). Boston: CENGAGE Learning

Cisco Load Balance configuration

 

 

Cisco Load Balance configuration

More detail explanations can be found a http://www.Cisco.com

 

Sometime referred to as advanced Load Balancing (Load balancing +). Is an enhancement to Aggressive load balancing, it allows you to configure load balancing per WLAN. Feature is disabled by default

 

Feature load balances wireless clients across Access point. Clients are only able to be load balanced across access points on the same WLC. Load balancing does not occur between access points on different controllers.

 

Load balancing only works at the association phase.

 

when a client tries to associate to a Cisco Lightweight Access point, association response packet is sent to the client with an 802.11 response packet including status code 17. The code 17 indicates that the AP is busy, so the client has to look for another AP to associate with.

 

The AP responds with association response bearing “success” if the AP threshold is not et, and with code 17(AP busy) I the AP utilization threshold is reached or exceed and another less busy AP heard the client request.

 

Problem can arise, if AP discarded or sends a status code 17 to client then client have to decide to ignore it or still use the same AP. Some client driver uses the same AP for connection once again but most of the other type of clients tries to find other AP for connection. So it depends on vendor drivers, as you cannot force them to accept the status code 17.

 

It is recommend not to enable this feature for the voice WLAN as it can cause roaming issues. For other WLANs, it should be enabled only after testing.

 

      • Client Window size: the client size window and client n least loaded AP determine the load balance threshold value.

Before configuring the load balance intelligence, remember the formula. An AP is considered busy once it has a number of associated clients equal to the client windows size plus the number of clients on the least loaded AP in the area

Load-balancing threshold= client window size + number of clients on the least loaded AP

 

Example: 3 AP

AP1: 9 clients

AP2: 7 clients

AP3: 4 clients

 

As per last default settings on last screen shoot client window size is 5

As per formula, load balance threshold is =5+4=9

Means if any new client wants to join AP1 then client will get the status 17(busy) message or in other words this AP(AP1) is considered to be busy.

      • Maximum Denial count: the maximum denial count parameter allows the user to configure the number of times the client associations will be rejected for a particular AP. The maximum denial count can have a value between 0 and 10

 

Network configuration

Form GUI:

Screen Shot 2017-09-02 at 7.37.41 pm.png

Figure 1. Client Load balancing global configuration windows

Screen Shot 2017-09-02 at 7.37.50 pm.png

Figure 2. Client Load balancing configuration per WLAN

Form cli:

Screen Shot 2017-09-02 at 7.37.58 pm.png

Figure 3 Client Load balancing configuration options

Screen Shot 2017-09-02 at 7.38.06 pm.png

Figure 4. Client Load balancing window

 

Screen Shot 2017-09-02 at 7.38.12 pm.png

Figure 5. Client Load balancing denial count

Screen Shot 2017-09-02 at 7.38.18 pm.png

Figure 6. enabling Client Load balancing configuration

Screen Shot 2017-09-02 at 7.38.24 pm.png

Figure 7. Disabling WLAN inference

then enable Client Load balancing by # Config plan load-balance allow 1

Screen Shot 2017-09-02 at 7.38.30 pm.png

Figure 8. enable WLAN inference
Screen Shot 2017-09-02 at 7.38.36 pm.png

Figure 9. Displaying Load balancing information

 

Screen Shot 2017-09-02 at 7.38.43 pm.pngScreen Shot 2017-09-02 at 7.44.54 pm.png

 Figure 10. Displaying WLAN configuration information

Kali Linux, putting WiFi Card into monitor mode

This is guide is about how to put your wireless adapter into monitor mode, using Kali Linux and then use Wireshark to inspect the frames (Wireshark comes standard with Kali)

*Not all wireless cards(chipsets)support monitor mode if unsure do a google search.    For this I will be using a Alfa Networks card:AWUS036NH.

Step1: check that the NIC is attached type

Screen Shot 2017-09-01 at 4.52.57 pm.png

Or

Screen Shot 2017-09-01 at 4.53.05 pm.png

Step2: Place wireless interface in monitor mode Airmon-ng start <interface name>  Screen Shot 2017-09-01 at 4.53.09 pm.png

Step 3: kill an process that are currently running.  Screen Shot 2017-09-01 at 4.53.17 pm.png

then check that processes have been stopped

Screen Shot 2017-09-01 at 4.53.23 pm.png

Step 4: Put interface  in sniffing mode this command will scan over all channels  depending on  wireless device chipset

Screen Shot 2017-09-01 at 4.53.28 pm.png

Can just sniff on a specific channel with the following command

Screen Shot 2017-09-01 at 4.53.39 pm.png

Screen Shot 2017-09-01 at 4.53.33 pm.png

Once sniffing channels load Wireshark, in in root access you will be presented with the below error message press ok and the select the wlan0mon interface to load the 802.11 frames.

Screen Shot 2017-09-01 at 4.53.51 pm.png

Done.

Kali Linux VMware tools install

Installation VMware tools allows better performance of the Virtual Machine in this case Kali Linux.

Depending on VMware you are running i.e Workstation,Vsphere client or Fusion  location the VMware tools install location will be different. The below location is for VMware Fusion.

CLICK install VMware tools (has Reistall VMware Tools as it is already installed).

Screen Shot 2017-08-30 at 7.26.53 pm.png

 

Once Vmtools appears on dektop open folderScreen Shot 2017-08-30 at 7.22.41 pm.png

Drag Vmware tools.tar.gz file to desktop.

Screen Shot 2017-08-30 at 7.23.12 pm.png

Than  disconnect Vmware tools by hit eject bottom left corner of  folder.

Screen Shot 2017-08-30 at 7.23.27 pm.png

Enter:

  • cd Desktop/
  • ls (to locate VMware specific file)
  • tar -cf vmwareTools-10.1.6-521329.tar.gz
  • ls (to locate VMware specific file)
  • cd vmware-tools-distrib/
  • ls
  • perl vmware-install.pl -d

Screen Shot 2017-08-30 at 7.23.33 pm.pngScreen Shot 2017-08-30 at 7.23.44 pm.png

once installation is complete reload Kali Linux

enter

  • reboot

 

Screen Shot 2017-08-30 at 7.23.56 pm.png

 

 

 

 

Done

Cisco Channel bonding

 

The following channel width options are recommendations for use in  Enterprise wireless networks.

Frequency Channel width
2.4GHz 20MHz
5GHz 20MHz & 40MHz*

 

* If 40MHz wide channels are required, the following tests listed below should be performed before moving to or deploying 40MHz wide channels*.

  •  RF spectrum analyse will be required to ensure available spectrum and issue such as co-channel and adjacent channel interference are correctly managed.
  •  If changing channel widths, a passive and active wireless site survey will be required to be perform to ensure coverage or capacity is not affected.
  •  Aggregate data throughput testing will be required for justification of utilising 40MHz wide channels.

Channel width cans be adjusted in the following methods list below.

To configure channel width globally, perform the following steps:

  1. Wireless> 802.11an/n/ac> RRM>DCA
  2. Channel width> selected suitable width 20MHz or 40MHz
  • If selecting 40MHz wide channels ensure that at least two adjacent channels(primary and secondary) are selected form the DCA channel list
  1. Apply settings and save configuration

Screen Shot 2017-08-26 at 8.27.11 am.png

Figure 1 Global channel width configuration

RF profiles can also be applied to groups of APs that share a common coverage zone i.e. floor Depending on you wireless requirement you can customers or use default profile settings.

To change the Channel width

  1. Wireless>RF Profiles
  2. Create or used default profile
  3. RRM> click on channel and click Apply

Screen Shot 2017-08-26 at 8.27.24 am.png

Figure 2 RF profile

RF profile can be applied to an AP group with the required channel width and custom or default profile.

Antenna Types overview

Antenna types fall into 3 main categories

  • Omnidirectional
  • Semi-directional
  • Highly directional

 

Which will be discussed below.

Omnidirectional Antennas

Omnidirectional antennas radiate RF signal in all directions, a typical omnidirectional antenna is dipole antenna, that has a radiation pattern similar to figure 1.

Screen Shot 2017-08-13 at 12.50.22 pm.png

Figure 1: Omnidirectional Antenna propagation pattern

 

Omnidirectional antenna  are designed to provide coverage in all directions, the horizontal beamwidth of  360 degrees and the vertical beamwidth can range from 7 to 80 degrees, depending on antenna used.

Omnidirectional antennas are often used in following deployments

  • Point to multipoint: A omnidirectional antenna is connected to a transceiver device that propagates it RF signal similar to  figure 1. to multiple transceivers
  • Wireless mesh deployment: provides a wireless network that allows network ingress locations where wired infrastructure is not available or possible. Wireless meshed networks provide multiple backhaul links, providing redundancy in the even one of the wireless nodes fails
  • Indoor 802.11 wireless networks: wireless 802.11 access points can have internal or external omnidirectional antennas depending on the environment that they are to be used in. for example a corporate office  would use access points with internal antennas for cosmetic reasons where a warehouse would have access points with external high gain antennas mounted at height to provide more coverage

 

Semi directional Antennas

Semi directional antennas are often used to direct signals in certain direction. i.e. down walk ways or warehouse aisles.  where the signal requires a specific coverage as well they can be used  in short-to-medium distance links i.e. between two buildings.

Semi directional antennas are unlike omnidirectional that propagates in all directions.

Screen Shot 2017-08-13 at 12.50.34 pm.png

Figure 2: Semi directional  Antenna propagation pattern

Common types of semi directional antennas are

  • Yagi
  • Patch
  • Panel
  • Sector

Highly directional antennas

Are to used for point-to-point communications which required a much narrower beamwidth to cover larger distances.

Screen Shot 2017-08-13 at 12.50.43 pm.png

Figure 3. Highly directional Antenna propagation pattern

Two types of highly directional antennas

  • Parabolic dish antenna
  • Grid antenna

 

J.L. Olenewa (2014). Guide to Wireless Communication (Third Edition). Boston:CENGAGE Learning

D.A Westcoot, D.D Coleman (2014). Certified Wireless Network Administrator (Fourth Edition).Indianapolis: John Wiley & Sons, Inc.