CWNA Guide to Wireless LANs, Second Edition - PowerPoint PPT Presentation


PPT – CWNA Guide to Wireless LANs, Second Edition PowerPoint presentation | free to download - id: 1e9e55-ZDc1Z


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

CWNA Guide to Wireless LANs, Second Edition


CWNA Guide to Wireless LANs, Second Edition. Chapter Nine. Implementing ... SNMP management station communicates with software agents on network devices ... – PowerPoint PPT presentation

Number of Views:146
Avg rating:3.0/5.0
Slides: 103
Provided by: wild9
Learn more at:


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: CWNA Guide to Wireless LANs, Second Edition

CWNA Guide to Wireless LANs, Second Edition
  • Chapter Nine
  • Implementing Wireless LAN Security

  • List wireless security solutions
  • Tell the components of the transitional security
  • Describe the personal security model
  • List the components that make up the enterprise
    security model

Wireless Security Solutions
  • IEEE 802.11a and 802.11b standards included WEP
  • Vulnerabilities quickly realized
  • Organizations implemented quick fixes
  • Did not adequately address encryption and
  • IEEE and Wi-Fi Alliance started working on
    comprehensive solutions
  • IEEE 802.11i and Wi-Fi Protected Access (WPA)
  • Foundations of todays wireless security

  • Attempted to overcome WEP limitations
  • adding two new security enhancements
  • WEP key increased to 128 bits
  • Kerberos authentication
  • User issued ticket by Kerberos server
  • Presents ticket to network for a service
  • Used to authenticate user
  • No more secure than WEP
  • Collisions still occur
  • Dictionary-based attacks available

Dynamic WEP
  • Solves weak IV problem by rotating keys
  • More difficult to crack encrypted packet
  • Uses different keys for unicast and broadcast
  • Unicast WEP key unique to each users session
  • Dynamically generated and changed frequently
  • Broadcast WEP key must be same for all users on a
    particular subnet and AP

Dynamic WEP (continued)
Figure 9-1 Dynamic WEP
Dynamic WEP (continued)
  • Can be implemented without upgrading device
    drivers or AP firmware
  • No-cost and minimal effort to deploy
  • Does not protect against man-in-the-middle
  • Susceptible to DoS attacks

IEEE 802.11i
  • Provides good wireless security model
  • Robust security network (RSN)
  • Addresses both encryption and authentication
  • Encryption accomplished by replacing RC4 with a
    block cipher
  • Manipulates entire block of plaintext at one time
  • Block cipher used is Advanced Encryption Standard
  • Three step process
  • Second step consists of multiple rounds of

IEEE 802.11i (continued)
Table 9-1 Time needed to break AES
IEEE 802.11i (continued)
  • IEEE 802.11i authentication and key management is
    accomplished by IEEE 802.1x standard
  • Implements port security
  • Blocks all traffic on port-by-port basis until
    client authenticated using credentials stored on
    authentication server
  • Key-caching Stores information from a device on
    the network, for faster re-authentication
  • Pre-authentication Allows a device to become
    authenticated to an AP before moving to it

IEEE 802.11i (continued)
Figure 9-2 IEEE 802.1x
Wi-Fi Protected Access (WPA)
  • Subset of 802.11i that addresses encryption and
  • Temporal Key Integrity Protocol (TKIP) Replaces
    WEPs encryption key with 128-bit per-packet key
  • Dynamically generates new key for each packet
  • Prevents collisions
  • Authentication server can use 802.1x to produce
    unique master key for user sessions
  • Creates automated key hierarchy and management

Wi-Fi Protected Access (continued)
  • Message Integrity Check (MIC) Designed to
    prevent attackers from capturing, altering, and
    resending data packets
  • Replaces CRC from WEP
  • CRC does not adequately protect data integrity
  • Authentication accomplished via IEEE 802.1x or
    pre-shared key (PSK) technology
  • PSK passphase serves as seed for generating keys

Wi-Fi Protected Access (continued)
Figure 9-3 Message Integrity Check (MIC)
Wi-Fi Protected Access 2 (WPA2)
  • Second generation of WPA security
  • Based on final IEEE 802.11i standard
  • Uses AES for data encryption
  • Supports IEEE 802.1x authentication or PSK
  • Allows both AES and TKIP clients to operate in
    same WLAN

Summary of Wireless Security Solutions
  • Wi-Fi Alliance categorizes WPA and WPA2 by modes
    that apply to personal use and to larger

Figure 9-4 Security timeline
Summary of Wireless Security Solutions (continued)
Table 9-2 Wi-Fi modes
Table 9-3 Wireless security solutions
Transitional Security Model
  • Transitional wireless implementation
  • Should be temporary
  • Until migration to stronger wireless security
  • Should implement basic level of security for a
  • Including authentication and encryption

Authentication Shared Key Authentication
  • First and perhaps most important step
  • Uses WEP keys
  • Networks that support multiple devices should use
    all four keys
  • Same key should not be designated as default on
    each device

Authentication SSID Beaconing
  • Turn off SSID beaconing by configuring APs to not
    include it
  • Beaconing the SSID is default mode for all APs
  • Good practice to use cryptic SSID
  • Should not provide any information to attackers

Authentication MAC Address Filtering
Figure 9-6 MAC address filter
WEP Encryption
  • Although vulnerabilities exist, should be turned
    on if no other options for encryption are
  • Use longest WEP key available
  • May prevent script kiddies or casual
    eavesdroppers from attacking

Table 9-4 Transitional security model
Personal Security Model
  • Designed for single users or small office home
    office (SOHO) settings
  • Generally 10 or fewer wireless devices
  • Two sections
  • WPA Older equipment
  • WPA2 Newer equipment

WPA Personal Security PSK Authentication
  • Uses passphrase (PSK) that is manually entered to
    generate the encryption key
  • PSK used a seed for creating encryption keys
  • Key must be created and entered in AP and also on
    any wireless device (shared) prior to (pre)
    the devices communicating with AP

WPA Personal Security TKIP Encryption
  • TKIP is a substitute for WEP encryption
  • Fits into WEP procedure with minimal change
  • Device starts with two keys
  • 128-bit temporal key
  • 64-bit MIC
  • Three major components to address
  • MIC
  • IV sequence
  • TKIP key mixing
  • TKIP required in WPA

WPA Personal Security TKIP Encryption (continued)
Figure 9-7 TKIP/MIC process
WPA2 Personal Security PSK Authentication
  • PSK intended for personal and SOHO users without
    enterprise authentication server
  • Provides strong degree of authentication
  • PSK keys automatically changed (rekeyed) and
    authenticated between devices after specified
    period of time or after set number of packets
    transmitted (rekey interval)
  • Employs consistent method for creating keys
  • Uses shared secret entered at AP and devices
  • Random sequence of at least 20 characters or 24
    hexadecimal digits

WPA2 Personal Security AES-CCMP Encryption
  • WPA2 personal security model encryption
    accomplished via AES
  • AES-CCMP Encryption protocol in 802.11i
  • CCMP based on Counter Mode with CBC-MAC (CCM) of
    AES encryption algorithm
  • CCM provides data privacy
  • CBC-MAC provides data integrity and
  • AES processes blocks of 128 bits
  • Cipher key length can be 128, 192 and 256 bits
  • Number of rounds can be 10, 12, and 14

WPA2 Personal Security AES-CCMP Encryption
  • AES encryption/decryption computationally
  • Better to perform in hardware

Table 9-5 Personal security model
Enterprise Security Model
  • Most secure level of security that can be
    achieved today for wireless LANs
  • Designed for medium to large-size organizations
  • Intended for setting with authentication server
  • Like personal security model, divided into
    sections for WPA and WPA2
  • Additional security tools available to increase
    network protection

WPA Enterprise Security IEEE 802.1x
  • Uses port-based authentication mechanisms
  • Network supporting 802.1x standard should consist
    of three elements
  • Supplicant Wireless device which requires secure
    network access
  • Authenticator Intermediary device accepting
    requests from supplicant
  • Can be an AP or a switch
  • Authentication Server Accepts requests from
    authenticator, grants or denies access

WPA Enterprise Security IEEE 802.1x
Authentication (continued)
Figure 9-8 802.1x protocol
WPA Enterprise Security IEEE 802.1x
Authentication (continued)
  • Supplicant is software on a client implementing
    802.1x framework
  • Authentication server stores list of names and
    credentials of authorized users
  • Remote Authentication Dial-In User Service
    (RADIUS) typically used
  • Allows user profiles to be maintained in central
    database that all remote servers can share

WPA Enterprise Security IEEE 802.1x
  • 802.1x based on Extensible Authentication
    Protocol (EAP)
  • Several variations
  • EAP-Transport Layer Security (EAP-TLS)
  • Lightweight EAP (LEAP)
  • EAP-Tunneled TLS (EAP-TTLS)
  • Protected EAP (PEAP)
  • Flexible Authentication via Secure Tunneling
  • Each maps to different types of user logons,
    credentials, and databases used in authentication

WPA Enterprise Security TKIP Encryption
  • TKIP is a wrapper around WEP
  • Provides adequate encryption mechanism for WPA
    enterprise security
  • Dovetails into existing WEP mechanism
  • Vulnerabilities may be exposed in the future

WPA2 Enterprise Security IEEE 802.1x
  • Enterprise security model using WPA2 provides
    most secure level of authentication and
    encryption available on a WLAN
  • IEEE 802.1x is strongest type of wireless
    authentication currently available
  • Wi-Fi Alliance certifies WPA and WPA2 enterprise
    products using EAP-TLS
  • Other EAP types not tested, but should run a WAP
    or WAP2 environment

WPA2 Enterprise Security AES-CCMP Encryption
  • AES Block cipher that uses same key for
    encryption and decryption
  • Bits encrypted in blocks of plaintext
  • Calculated independently
  • block size of 128 bits
  • Three possible key lengths 128, 192, and 256
  • WPA2/802.11i uses128-bit key length
  • Includes four stages that make up one round
  • Each round is iterated 10 times

WPA2 Enterprise Security AES-CCMP Encryption
Table 9-6 Enterprise security model
Other Enterprise Security Tools Virtual Private
Network (VPN)
  • Virtual private network (VPN) Uses a public,
    unsecured network as if it were private, secured
  • Two common types
  • Remote-access VPN User-to-LAN connection used by
    remote users
  • Site-to-site VPN Multiple sites can connect to
    other sites over Internet
  • VPN transmissions are achieved through
    communicating with endpoints

Other Enterprise Security Tools Virtual Private
  • Endpoint End of tunnel between VPN devices
  • Can local software, dedicated hardware device, or
    even a firewall
  • VPNs can be used in WLAN setting
  • Tunnel though WLAN for added security
  • Enterprise trusted gateway Extension of VPN
  • Pairs of devices create trusted VPN connection
    between themselves
  • Can protect unencrypted packets better than a VPN

Other Enterprise Security Tools Wireless Gateway
  • AP equipped with additional functionality
  • Most APs are wireless gateways
  • Combine functionality of AP, router, network
    address translator, firewall, and switch
  • On enterprise level, wireless gateway may combine
    functionality of a VPN and an authentication
  • Can provide increased security for connected APs

Other Enterprise Security Tools Wireless
Intrusion Detection System (WIDS)
  • Intrusion-detection system (IDS) Monitors
    activity on network and what the packets are
  • May perform specific function when attack
  • May only report information, and not take action
  • Wireless IDS (WIDS) Constantly monitors RF
    frequency for attacks
  • Based on database of attack signatures or on
    abnormal behavior
  • Wireless sensors lie at heart of WIDS
  • Hardware-based have limited coverage,
    software-based have extended coverage

Other Enterprise Security Tools Captive Portal
  • Web page that wireless users are forced to visit
    before they are granted access to Internet
  • Used in one of the following ways
  • Notify users of wireless policies and rules
  • Advertise to users specific services or products
  • Authenticate users against a RADIUS server
  • Often used in public hotspots

  • IEEE 802.11i and Wi-Fi Protected Access (WPA),
    have become the foundations of todays wireless
  • Dynamic WEP attempts to solve the weak
    initialization vector (IV) problem by rotating
    the keys frequently, making it much more
    difficult to crack the encrypted packet
  • The IEEE 802.11i standard provided a more solid
    wireless security model, such as the block cipher
    Advanced Encryption Standard (AES) and IEEE
    802.1x port security

Summary (continued)
  • WPA is a subset of 802.11i and addresses both
    encryption and authentication
  • The transitional security model uses shared key
    authentication, turning off SSID beaconing, and
    implementing MAC address filtering
  • The personal security model is designed for
    single users or small office home office (SOHO)
    settings of generally 10 or fewer wireless
    devices and does not include an authentication

Summary (continued)
  • The enterprise security model is intended for
    settings in which an authentication server is
    available if an authentication server is not
    available the highest level of the personal
    security model should be used instead
  • Additional security tools that can supplement the
    enterprise security model to provide even a
    higher degree of security include virtual private
    networks, wireless gateways, wireless intrusion
    detection systems (WIDS), and captive portals

CWNA Guide to Wireless LANs, Second Edition
  • Chapter Ten
  • Managing a Wireless LAN

  • List and describe the tools that are used to
    monitor a WLAN
  • Explain the procedures for maintaining a wireless
  • Describe the components of a wireless security

Monitoring the Wireless Network
  • Network monitoring provides valuable data
    regarding current state of a network
  • Generate network baseline
  • Detect emerging problems
  • Monitoring a wireless network can be performed
    with two sets of tools
  • Utilities designed specifically for WLANs
  • Standard networking tools

WLAN Monitoring Tools
  • Two classifications of tools
  • Operate on wireless device itself
  • Function on AP
  • Device and Operating System Utilities
  • Most OSs provide basic utilities for monitoring
    the WLAN
  • Some vendors provide more detailed utilities

WLAN Monitoring Tools
Figure 10-1 Windows Wireless Network Connection
WLAN Monitoring Tools
Figure 10-2 Transmit and receive statistics
WLAN Monitoring Tools
Figure 10-3 Testing the link
WLAN Monitoring Tools
  • Access Point Utilities
  • All APs have WLAN reporting utilities
  • Status information sometimes just a summary of
    current AP configuration
  • No useful monitoring information
  • Many enterprise-level APs provide utilities that
    offer three types of information
  • Event logs
  • Statistics on wireless transmissions
  • Information regarding connection to wired
    Ethernet network

WLAN Monitoring Tools
Figure 10-5 Access point event log
WLAN Monitoring Tools
Figure 10-6 Access point wireless transmissions
Standard Network Monitoring Tools
  • Drawbacks to relying solely on info from AP and
    wireless devices
  • Lack of Retention of data
  • Laborious and time-intensive data collection
  • Data generally not collected in time manner
  • Standard network monitoring tools
  • Used on wired networks
  • Proven to be reliable
  • Simple Network Management Protocol (SNMP)
  • Remote Monitoring (RMON)

Simple Network Management Protocol (SNMP)
  • Protocol allowing computers and network equipment
    to gather data about network performance
  • Part of TCP/IP protocol suite
  • Software agent loaded onto each network device
    that will be managed using SNMP
  • Monitors network traffic and stores info in
    management information base (MIB)
  • SNMP management station Computer with the SNMP
    management software

Simple Network Management Protocol (continued)
Figure 10-8 Simple Network Management Protocol
Simple Network Management Protocol (continued)
  • SNMP management station communicates with
    software agents on network devices
  • Collects data stored in MIBs
  • Combines and produces statistics about network
  • Whenever network exceeds predefined limit,
    triggers an SNMP trap
  • Sent to management station
  • Implementing SNMP provides means to acquire
    wireless data for establishing baseline and
    generating alerts

Simple Network Management Protocol (continued)
Figure 10-10 Cisco SNMP traps
Remote Monitoring (RMON)
  • SNMP-based tool used to monitor LANs connected
    via a wide area network (WAN)
  • WANs provide communication over larger
    geographical area than LANs
  • Allows remote network node to gather network data
    at almost any point on a LAN or WAN
  • Uses SNMP and incorporates special database for
    remote monitoring
  • WLAN AP can be monitored using RMON
  • Gathers data regarding wireless and wired

Maintaining the Wireless Network
  • Wireless networks are not static
  • Must continually be modified, adjusted, and
  • Modifications often made in response to data
    gathered during network monitoring
  • Two of most common functions
  • Updating AP firmware
  • Adjusting antennas to enhance transmissions

Upgrading Firmware
  • Firmware Software embedded into hardware to
    control the device
  • Electronic heart of a hardware device
  • Resides on EEPROM
  • Nonvolatile storage chip
  • Most APs use a browser-based management system
  • Keep APs current with latest changes by
    downloading the changes to the APs

Upgrading Firmware (continued)
  • General steps to update AP firmware
  • Download firmware from vendors Web site
  • Select Upgrade Firmware or similar option from
  • Enter location of firmware file
  • Click Upgrade button
  • Enterprise-level APs often have enhanced firmware
    update capabilities
  • e.g., may be able to update System firmware, Web
    Page firmware, and Radio firmware separately

Upgrading Firmware (continued)
Figure 10-11 Internet firmware update page
Upgrading Firmware (continued)
Figure 10-12 AP firmware update page
Upgrading Firmware (continued)
Figure 10-13 Separate firmware updates
Upgrading Firmware (continued)
  • With many enterprise-level APs, once a single AP
    has been upgraded to the latest firmware, can
    distribute to all other APs on the WLAN
  • Receiving AP must be able to hear IP multicast
    issued by Distribution AP
  • Receiving AP must be set to allow access through
    a Web browser
  • If Receiving AP has specific security
    capabilities enabled, must contain in its
    approved user lists a user with the same user
    name, password, and capabilities as user logged
    into Distribution AP

Upgrading Firmware (continued)
  • RF site tuning After firmware updates applied,
    adjusting APs setting
  • Adjust radio power levels on all access points
  • Firmware upgrades may increase RF coverage areas
  • Adjust channel settings
  • Validate coverage area
  • Modify integrity and throughput
  • Document changes

Adjusting Antennas RF Transmissions
  • May need to adjust antennas in response to
    firmware upgrades or changes in environment
  • May require reorientation or repositioning
  • May require new type of antenna
  • Radio frequency link between sender and receiver
    consists of three basic elements
  • Effective transmitting power
  • Propagation loss
  • Effective receiving sensibility

Adjusting Antennas RF Transmissions (continued)
Figure 10-14 Radio frequency link
Adjusting Antennas RF Transmissions (continued)
  • Link budget Calculation to determine if signal
    will have proper strength when it reaches links
  • Required information
  • Antenna gain
  • Free space path loss
  • Frequency of the link
  • Loss of each connector at the specified frequency
  • Number of connectors used
  • Path length
  • Power of the transmitter

Adjusting Antennas RF Transmissions (continued)
  • Link budget (continued)
  • Required information (continued)
  • Total length of transmission cable and loss per
    unit length at specified frequency
  • For proper WLAN performance, link budget must be
    greater than zero
  • System operating margin (SOM)
  • Good WLAN link has link budget over 6 dB
  • Fade margin Difference between strongest RF
    signal in an area and weakest signal that a
    receiver can process

Adjusting Antennas RF Transmissions (continued)
  • Attenuation (loss) Negative difference in
    amplitude between RF signals
  • Absorption
  • Reflection
  • Scattering
  • Refraction
  • Diffraction
  • Voltage Standing Wave Ratio

Adjusting Antennas Antenna Types
  • Rod antenna Antenna typically used on a WLAN
  • Omnidirectional
  • 360 degree radiation pattern
  • Transmission pattern focused along horizontal
  • Increasing length creates tighter 360-degree
  • Sectorized antenna Cuts standard 360-degree
    pattern into four quarters
  • Each quarter has own transmitter and antenna
  • Can adjust power to each sector independently

Adjusting Antennas Antenna Types (continued)
  • Panel antenna Typically used in outdoor areas
  • Tight beamwidth
  • Phase shifter Allows wireless device to use a
    beam steering antenna to improve receiver
  • Direct transmit antenna pattern to target
  • Phased array antenna Incorporates network of
    phase shifters, allowing antenna to be pointed
    electronically in microseconds,
  • Without physical realignment or movement

Adjusting Antennas Antenna Types (continued)
  • Radiation pattern emitting from antennas travels
    in three-dimensional donut form
  • Azimuth and elevation planes
  • Antenna Accessories
  • Transmission problem can be resolved by adding
    accessories to antenna system
  • Provide additional power to the antenna, decrease
    power when necessary, or provide additional

Adjusting Antennas Antenna Types (continued)
Figure 10-17 Azimuth and elevation pattern
Adjusting Antennas RF Amplifier
  • Increases amplitude of an RF signal
  • Signal gain
  • Unidirectional amplifier Increases RF signal
    level before injected into transmitting antenna
  • Bidirectional amplifier Boosts RF signal before
    injected into device containing the antenna
  • Most amplifiers for APs are bidirectional

Adjusting Antennas RF Attenuators
  • Decrease RF signal
  • May be used when gain of an antenna did not match
    power output of an AP
  • Fixed-loss attenuators Limit RF power by set
  • Variable-loss attenuators Allow user to set
    amount of loss
  • Fixed-loss attenuators are the only type
    permitted by the FCC for WLAN systems

Adjusting Antennas Cables and Connectors
  • Basic rules for selecting cables and connectors
  • Ensure connector matches electrical capacity of
    cable and device, along with type and gender of
  • Use high-quality connectors and cables
  • Make cable lengths as short as possible
  • Make sure cables match electrical capacity of
  • Try to purchase pre-manufactured cables
  • Use splitters sparingly

Adjusting Antennas Lightning Arrestor
  • Antennas can inadvertently pick up high
    electrical discharges
  • From nearby lightning strike or contact with
    high-voltage electrical source
  • Lightning Arrestor Limits amplitude and
    disturbing interference voltages by channeling
    them to ground
  • Designed to be installed between antenna cable
    and wireless device
  • One end (3) connects to antenna
  • Other end (2) connects to wireless device
  • Ground lug (1) connects to grounded cable

Establishing a Wireless Security Policy
  • One of most important acts in managing a WLAN
  • Should be backbone of any wireless network
  • Without it, no effective wireless security

General Security Policy Elements
  • Security policy Document or series of documents
    clearly defining the defense mechanisms an
    organization will employ to keep information
  • Outlines how to respond to attacks and
    information security duties/responsibilities of
  • Three key elements
  • Risk assessment
  • Security auditing
  • Impact analysis

Risk Assessment
  • Determine nature of risks to organizations
  • First step in creating security policy
  • Asset Any item with positive economic value
  • Physical assets
  • Data
  • Software
  • Hardware
  • Personnel
  • Assets should be assigned numeric values
    indicating relative value to organization

Risk Assessment (continued)
  • Factors to consider in determining relative
  • How critical is this asset to the goals of the
  • How much profit does it generate?
  • How much revenue does it generate?
  • What is the cost to replace it?
  • How much does it cost to protect it?
  • How difficult would it be to replace it?
  • How quickly can it be replaced?
  • What is the security impact if this asset is

Risk Assessment (continued)
Table 10-1 Threats to information security
Security Auditing
  • Determining what current security weaknesses may
    expose assets to threats
  • Takes current snapshot of wireless security of
  • Each threat may reveal multiple vulnerabilities
  • Vulnerability scanners Tools that can compare an
    asset against database of known vulnerabilities
  • Produce discovery report that exposes the
    vulnerability and assesses its severity

Impact Analysis
  • Involves determining likelihood that
    vulnerability is a risk to organization
  • Each vulnerability can be ranked
  • No impact
  • Small impact
  • Significant
  • Major
  • Catastrophic
  • Next, estimate probability that vulnerability
    will actually occur
  • Rank on scale of 1 to 10

Impact Analysis (continued)
  • Final step is to determine what to do about risks
  • Accept the risk
  • Diminish the risk
  • Transfer the risk
  • Desirable to diminish all risks to some degree
  • If not possible, risks for most important assets
    should be reduced first

Functional Security Policy Elements
  • Baseline practices Establish benchmark for
    actions using wireless network
  • Can be used for creating design and
    implementation practices
  • Foundation of what conduct is acceptable on the
  • Security policy must specifically identify
    physical security
  • Prevent unauthorized users from reaching
    equipment in order to use, steal, or vandalize it

Functional Security Policy Elements (continued)
  • Social engineering Relies on tricking or
    deceiving someone to access a system
  • Best defeated in two ways
  • Develop strong procedures/policies regarding when
    passwords are given out, who can enter premises,
    and what to do when asked questions by another
    employee that may reveal protected information
  • Educating all employees about policies and
    ensuring they are followed

  • Monitoring a wireless network can be performed
    with two different tools
  • Specific WLAN utilities for the access point or
    wireless device
  • Standard networking tools such as Simple Network
    Management Protocol (SNMP) and Remote Monitoring
  • One function of maintaining a wireless LAN is to
    upgrade the firmware on the access point
  • Once an APs firmware has been upgraded several
    settings may need to be adjusted as part of
    routine maintenance (RF site tuning)

Summary (continued)
  • Antenna adjustment may require different types of
    antennas, such as a basic rod antenna, a
    sectorized antenna, or a panel antenna
  • Often a transmission problem can be resolved by
    adding accessories to the antenna system
  • A security policy is a document that defines the
    defense mechanisms an organization will employ to
    keep information secure

Summary (continued)
  • Elements of a general wireless security policy
  • Risk assessment
  • Security auditing
  • Impact analysis

Pringles Lab
  • Thursday, 27 Jul 06

Parts List
All-thread, 5 5/8? long, 1/8? OD
(2) nylon lock nuts
(5) 1? washers, 1/8? ID
aluminum tubing, 1/4? ID axp 8 long
connector to match your radio pigtail
1 1/2? piece of 12 gauge solid copper wire
A tall Pringles can any flavor (Ridges are optional.)
Scrap plastic disc, 3? across(like another Pringles can lid)
Tools List
  • Ruler/Tape measure
  • Scissors
  • Pipe cutter (or hacksaw or dremel tool, in a
  • Heavy duty cutters (or dremel again, to cut the
  • Something sharp to pierce the plastic (like an
    awl or a drill bit)
  • Hot glue gun
  • Soldering Iron

Close-Up of the Collector
The Pringles Lab
  • I have enough parts for two complete cantennas
  • And enough panel connectors, all thread and
    aluminum for 3-4 more
  • Would need additional pringles cans, washers,
    lock nuts and plastic to build any additional