Cisco Cisco Aironet 3500e Access Point 백서
Copyright 2010 CWNP Inc.
Page 5
mode. All non-Wi-Fi transmissions are collected and processed by the CleanAir engine. On the other
hand, if the radio detects a Wi-Fi transmission (modulated 802.11 signals), signal reception is passed
from the spectrum analysis module to the Wi-Fi module for processing. This selection/filtering process
allows for detection and classification of signal sources so that the appropriate chip logic can be used to
process transmissions. This functionality enables simultaneous support of spectrum analysis (L1 security
and performance) and Wi-Fi frame processing (L1 and L2 security and performance), which is a great use
of the integration. There’s one hiccup with this method that I should note. Specifically, some RF DoS
attacks (a spectrum analysis issue) can be performed with Wi-Fi devices using spread spectrum
modulation techniques. Nuts about Nets’ AirHorn and the Queensland DoS attack with Intersil’s Prism
NIC are two examples of this type of attack. These modulated Wi-Fi signals would be passed to the Wi-
Fi chip module for processing, thus they may not get proper treatment as RF DoS attacks. On the Wi-Fi
side, this occurrence should be classified as a security and performance threat if it persistently triggers
the CCA ED threshold or cranks up the noise floor beyond useful levels. This issue is a nitpick in the
grand scheme of things, especially considering that the spectrum analysis module still picked up my
AirHorn DoS attack as an invalid WLAN channel (see graphic). This trigger would allow administrators to
investigate further, possibly by launching SE-Connect mode and performing manual analysis.
hand, if the radio detects a Wi-Fi transmission (modulated 802.11 signals), signal reception is passed
from the spectrum analysis module to the Wi-Fi module for processing. This selection/filtering process
allows for detection and classification of signal sources so that the appropriate chip logic can be used to
process transmissions. This functionality enables simultaneous support of spectrum analysis (L1 security
and performance) and Wi-Fi frame processing (L1 and L2 security and performance), which is a great use
of the integration. There’s one hiccup with this method that I should note. Specifically, some RF DoS
attacks (a spectrum analysis issue) can be performed with Wi-Fi devices using spread spectrum
modulation techniques. Nuts about Nets’ AirHorn and the Queensland DoS attack with Intersil’s Prism
NIC are two examples of this type of attack. These modulated Wi-Fi signals would be passed to the Wi-
Fi chip module for processing, thus they may not get proper treatment as RF DoS attacks. On the Wi-Fi
side, this occurrence should be classified as a security and performance threat if it persistently triggers
the CCA ED threshold or cranks up the noise floor beyond useful levels. This issue is a nitpick in the
grand scheme of things, especially considering that the spectrum analysis module still picked up my
AirHorn DoS attack as an invalid WLAN channel (see graphic). This trigger would allow administrators to
investigate further, possibly by launching SE-Connect mode and performing manual analysis.
This type of scenario highlights an important security aspect addressed by CleanAir. For any standard
Wi-Fi radio to properly receive Wi-Fi transmissions, the receiving radio must be configured to receive on
a specific frequency. However, with special modifications, rogue Wi-Fi devices could be configured to
transmit on invalid Wi-Fi channels where Wi-Fi radios won’t normally listen. A traditional Wi-Fi only
WIPS without spectrum analysis capabilities would miss these transmissions if the receive radio is not
centered on the same frequency as the transmitter, thus highlighting the fact that with spectrum
analysis functionality (which processes all RF energy within the monitored frequency range), CleanAir
addresses security issues as well as performance issues.
As I think about CleanAir’s usefulness for network administrators, I have to come back to some of Cisco’s
developments in WCS. Specifically, the Home (that’s the little house on the top left) menu adds a
CleanAir tab that provides a useful launch point and data collection area. As you can see from the
screenshot, this screen provides a list of Interferers, as well as Air Quality metrics over time. This Air
Quality (AQ) metric is an interesting concept and reflects a granular look at the RF medium. I’ll leave it
to Cisco to explain this.
developments in WCS. Specifically, the Home (that’s the little house on the top left) menu adds a
CleanAir tab that provides a useful launch point and data collection area. As you can see from the
screenshot, this screen provides a list of Interferers, as well as Air Quality metrics over time. This Air
Quality (AQ) metric is an interesting concept and reflects a granular look at the RF medium. I’ll leave it
to Cisco to explain this.