Wireless Explosion

New threats are envolving

Operations getting more challenging
Reiner Hofmann
EMEA Director Wireless BU
Fluke Networks
 Agenda

About Fluke Networks

Some statistics/trends
Wireless is changing excisting paradigm - New threats are evolving
Why dedicated system to monitor and protect wireless?
Wireless Security Basics
Remote security monitoring & troubleshooting

2
Some trends/statistics
Real
 The Wireless Jungle Gets Wilder
MOBILE DEVICES ARE EXPLODING

96% of mobile employees carry >2 devices; almost 50 percent carry more
than 3
iPads and eReaders entering the enterprise
Most smart phones now mixed-use

From: Lisa Phifer / Core Competence, Interop/Sep-2010

 Wifi Data is increasing
WI-FI DATA > ETHERNET DATA BY 2015
Acceleration of Wi-Fi as
primary edge connection
for all info based
(Source: Cisco) workers = higher
support requirements

Data intensity of Wi-Fi

apps (voice, video) will
increase, stressing
networks revealing
optimization and
configuration problems
 Explosion of Wifi Clients

Todays average worker carries between 2-4 devices

to work
Sales of smart devices are skyrocketing
Apple sold 3M new iPADs over the launch weekend
earlier this year; corresponding number for iphone5 was
5M
By 2013, mobile phones will overtake PCs as the most
common web access device worldwide and by 2015
media tablet shipments will be more than laptop
shipments (Gartner 2012)
By 2014, many organizations will start delivering
employee apps through private app stores (Gartner
2012)
Growing user expectations
Expect to use any device or application
Pervasive use of social media
 High Expectations : Mobility & Security

OFFICE HEALTH CARE

CLASSROOMS
Critical Wi-Fi Users Expections
No hassle connection
Good Performance
Ubiquitous coverage
Quick resolution to any problems
Not At the Cost of SECURITY
 Wireless Security Trends for 2013
IT WILL BE MORE AND MORE CHALLENGING

Protecting and securing the air will become more important

Protecting the device and AP is not sufficient

Mobile devices as the new target

With the explosion of BYOD in the marketplace, employees are bringing their
mobile devices into work. With company data on these mobile devices,
hackers have a much larger target.

Cellular impersonation and Jamming/DoS attacks

Small cells are gaining traction and can offer a way into the corporate network

Mobile devices as the attackers

Lately there has been a proliferation of wireless hacking tools for the Android
platform. Gone are the days when you needed a laptop to perform the
attacks. Hackers can now do this from their pockets.
 Wireless Security Trends for 2013 (concluded)
IT WILL BE MORE AND MORE CHALLENGING

Impersonation attacks are always on the rise

Whether its impersonating a valid client or impersonating a corporate Access Point the threat
is always loss of sensitive company data

WPA-PSK brute force attacks will increase

Just because you are using WPA-PSK doesnt mean you are safe. You need have a policy for
using complex Pre Shared Keys. There are plenty of Online Services that a small fee will crack
your network handshake in minutes.

Malware will increase

With increasing proliferation of mobile devices, mobile adware will increase.
 customer survey on BYOD
More than 500 responses from multiple vertical
segments worldwide. Key Findings:
82% of organizations allow personal mobile
device usage (BYOD) on the corporate WLAN
51% of organizations are concerned with how
BYOD effects bandwidth consumption
52% or organizations get several complaints a
day from employees having trouble connecting
to the corporate WLAN with a personal device
71% of the complaints are around Wi-Fi
network connectivity and performance
Almost 50% of organizations are planning a
network redesign to accommodate for the
growth of BYOD
*According to an internal survey of Fluke Networks customers/prospects
Wireless is changing excisting paradigm
- New threats are evolving
Are you connecting to the real Hotspot?

Starbucks
McDonal
ds
Borders
Airports
Sports
venues
Hospitals
Hotels
more
Or to this???
 Wireless introduces new vulnerabilities

WLANs lack physical barriers that insulate Ethernet

Everyone can hear and capture traffic
WLANs operate in unlicensed ISM and UNII bands
Anyone can transmit (Wi-Fi and non-Wi-Fi)
WLANs introduce new devices
New configuration mistakes & bugs
WLANs introduce new protocols
New flaws to find & exploit
 Vulnerabilities lead to misuse, attack

Rogue APs Unauthorized AP = potential network back door

Misconfigured APs.. Defaults, weak settings, ports, missing patches

Unauthorized clients.. Guests, personal phones / tablets or attackers?

Endpoint attacks. Probes & exploits against (hotspot) clients

OTA data & identity thefts... From broadcast, unicast, auto-sync, notifications

Man in the middle attacks. Attacker intercepts & relays email, ftp, SSL, etc.

Denial of Service attacks.. Interferes with or prevents legitimate WLAN use

For many IT admins, these are the biggest WLAN threats

Some WLAN Security basics
 Wireless is just layer 1 & 2
OSI MODELL
Traditional IPS / FW does NOT
Application
cover layer1/2
Perimeter/Application

Presentation Encryption is just DATA-Frame

Whole connection MUST be
Security

Session transparent

Transport

Logical Link Control

Network
LLC

Wireless LAN
Media Access Control
Data Link
MAC
Physical Physical

OSI IEEE 802

 Fact #1 of Life 802.11
MAC IS IN THE CLEAR

802.11 basic protocol design leaves little to the imagination:

Most of the management traffic flows in the clear, for all to see
Even a single particle of 802.11 DNA- one beacon frame is enough to
learn lots of interesting things
802.11w could improve this, but adoption was very slow, so finally
failed
 Beacon and Probe Frame
TELLS YOU EVERYTHING
IEEE 802.11
Type/Subtype: Data (32)
Frame Control: 0x4108 (Normal)
Version: 0
Type: Data frame (2)
Subtype: 0
Flags: 0x41
DS status: Frame is entering DS (To DS: 1 From DS: 0) (0x01)
.... .0.. = More Fragments: This is the last fragment Can I use default key even strong
.... 0... = Retry: Frame is not being retransmitted encryption
...0 .... = PWR MGT: STA will stay up
..0. .... = More Data: No data buffered
.1.. .... = WEP flag: WEP is enabled
0... .... = Order flag: Not strictly ordered
Duration: 25820
BSS Id: 00:02:2d:1b:3e:58 (Agere_1b:3e:58)
Source address: 00:02:2d:40:64:86 (Agere_40:64:86)
Destination address: 00:06:25:ff:95:8e (LinksysG_ff:95:8e)
Fragment number: 0
Sequence number: 67
WEP parameters Which OS? Is it a threat available?
Initialization Vector: 0x0b0931
Key: 0
WEP ICV: 0x975415b1 (not verified)
Data (72 bytes)

0000 08 41 02 01 00 02 2d 1b 3e 58 00 02 2d 40 64 86 .A....-.>X..-@d.
0010 00 06 25 ff 95 8e 30 04 0b 09 31 00 a3 a4 fd 36 ..%...0...1....6
0020 67 fb bd aa 88 cf bf de 92 ec d7 3a 3f 74 26 83 g..........:?t&.
0030 bc cf 65 40 2d e7 41 f1 77 b6 7d a7 0f 7e 01 1e ..e@-.A.w.}..~..
0040 d9 ef f6 92 11 28 f4 57 d6 ee 8f 99 5e bf a2 ab .....(.W....^...
0050 e4 e1 86 84 41 5f 69 0b 0f 9f 4e e4 81 b4 2a 3e ....A_i...N...*>
0060 26 36 ac 02 97 54 15 b1 &6...T..
 The Rogue Access Point
PHYSICAL DEPLOYMENT OF AN UNAUTHORIZED AP INSIDE THE NETWORK

Malicious or accidental
Opens paths around wired
security measures
Allows external
access to the
wired network
Rogues are the
most well-known
vulnerability Rogue AP NAT IDS Firewall
Symptomatic of
the greater
security challenge
of wireless
 Soft / Virtual AP Threat - Just use your phone
AND TURN INTO (SOFT)AP MODE

Soft AP Software run on a traditional end-user device (laptop

or other mobile device) that lets the device act like an AP

+ =
End-user Soft AP
Laptop Software
 Rogue Femto Cell
FANCY, CLEVER AND MOST PROBABLY ALWAYS SUCESSFUL

The femtocell is a small, low-power cellular base station,

typically designed for use in a home or small business. It
connects to the service providers network via
broadband (such as DSL or cable); current designs
typically support two to four active mobile phones.
The femtocell, similar to a Wi-Fi router, is based on
proven wireless infrastructure standards (UMTS, CDMA).
Compatible with emerging standards, it provides an
efficient, robust wireless link using operator-owned
spectrum
 Internal Traffic
ALL INTERNAL CLIENT TRAFFIC CAN BE DIRECTLY MONITORED FROM THE OUTSIDE

Outsiders can see anything in

Hacker listening
the clear (email, web, etc) to the airwaves
Users and devices can be
seen and targeted directly
(circumvents NAT) Capture and break weak keys
Ad-hoc Clients Capture traffic in the clear
Clients can connect
directly via Ad-hoc
Every device and
all traffic must NAT IDS Firewall
be secured
Creates massive Approved AP
new management
challenges to
ensure encryption
and configuration
for all devices
 WLAN can be learned from much farther away

AP Coverage
(11b @ 1.0 Mbps
edge)

I see your
AP Coverage Beacon!
(11b @ 5.5
Mbps
service)
 Outbound Connections
LOSS OF VISIBILITY INTO OUTBOUND CONNECTIONS

Clients can make connections

without ever touching the Hacker listening
corporate infrastructure to the airwaves
Accidental associations
are very common Hacker captures
Many wireless traffic in the clear
hacks target
clients in order
to retrieve
login information Neighbor
hotspot

NAT IDS Firewall

 Karmasploit
LEARNS ALL NETWORKS THAT ALL CLIENTS ARE PROBING FOR IN THE AREA

Beacons back to all those

networks as well as common
default networks (FreeWiFi, I am Network A
Vendor Defaults, etc) Network A, I am Network B
are you I am FreeWiFi
there?
Clients will respond
to beacons it
recognizes, even
if the client did not
probe for that
network
Network B, are
you there?
 Example
KARMETASPLOIT EVIL TWIN MITM

1. Create Evil Twin AP

Legitimate (e.g., airbase-ng)
Beacon X AP
2. Create tunnel between
Wi-Fi and Internet
Evil Twin 3. Use DHCP, DNS
to misdirect app traffic
4. Run app MitM attacks
Beacon X
(e.g., using metasploit)

Fake DHCP
Wi-Fi Data Application
Sent / Rcvd Fake DNS Req / Rsp
Fake App
Svrs
MitM
Attacks
 Wireless Client Attacks
IEEE 802.11 MANAGEMENT FRAMES ARE NOT AUTHENTICATED

Denial of Service RF or MAC based

Easy to spoof disassociation and deauthentication frames
Easy to inject broadcast and multicast traffic

DoS a Station with WLAN-Jack

Target
(User) 1 AP
MAC: 00 02 2D 50 D1 4E
1. User enjoying good connection
3
2. Impersonate AP
3. Send Disassoc & Deauth frames 2
NEW MAC: 00 02 2D 50 D1 4E
ORIGINAL MAC: 00 12 2D 50 43 1E
Attacker
Exploiting driver vulnerabilities to run
remote code, inject malware, etc.
 At a glance
AUTHORIZING AUTHENTICATED USE

WPA2-Personal group password vulnerabilities

APs cannot identify individuals using WLAN
Clients cannot tell whether AP is an imposter (Evil Twin)
Shared, lost, or stolen PSK compromises everyone
Short, easily guessed PSKs vulnerable to dictionary attack

WPA2-Enterprise limits LAN access with 802.1X

Stops denied users from sending data through AP
Gives authorized users granular access (e.g., VLAN)
Vulnerabilities vary by EAP type Lightweight EAP dictionary
attack, Protected EAP identity exposure, downgrade attack
 Dont think authentication solves the problem
AUTHENTICATION EXPLOITS

Type of Attack Methods and Example Tools

WPA/WPA2 PSK Crackers Aircrack-ng, Cloud Cracking Suite, coWPAtty,

wpa_crack, WPA Cracker service
VPN Password Crackers ike-crack, THC-pptp-bruter

802.1X LEAP Crackers Anwrap, Asleap, THC-LEAPcracker

802.1X Pen Testers EAPeak, MDK3 x, WiFishFinder
(find vulnerable EAPs)

Deter these by using WPA2-Enterprise with strong EAP

 Example
PSK CRACKING WITH AIRCRACK-NG

Associate
Req / Rsp

1. Capture WPA key handshake EAPOL Key

between Wi-Fi user and AP Handshake
(e.g., using airodump-ng)
2. Capture AP beacon
carrying SSID & MAC
3. Run dictionary attack against
captured packet file
(e.g., using aircrack-ng)
4. Optional: Force handshake
5. by sending Deauthenticate Dictionary attack tries to
generate matching hash
using SSID + wordlist
 Example

Airodump traffic on channel 1

until we capture WPA handshake
by any PoS client (all use same PSK)

Aircrack Suite: http://www.aircrack-ng.org/

 Example

Small wordlist file of

common passwords

Aircrack-ng generates keys for words in list, compares

to handshake hash, until password found or EOL
 DoS attacks are easy to run
AND HARD TO STOP
Type of Attack Methods and Example Tools

2.4 / 5 GHz RF Jamming AirHORN, Veriwave, WiFi Jammer

Queensland DoS Prism Test Tool (continuous Tx mode)

Beacon Flood FakeAP, gvoid11, MDK3 b

Deauthenticate Attack Airdrop-ng, dinject-deauth, MDK3 d

(unicast or broadcast)
TKIP MIC DoS MDK3 m
802.11n Block-Ack Attack Frame Injection tool

Deter these by using 802.11w, Spectrum Analysis, WIPS

 Boosting availability - some more DoS
EASY TO RUN

Many RF interferers can cause accidental DoS

Neighbor APs, ovens, cordless phones, cameras
Especially in over-crowded 2.4 GHz ISM band
Attackers can also exploit 802.11 protocol vulnerabilities
Forged Control frames keep channel busy
Forged Deauthenticate frames disconnect clients
Forged Associate frames consume AP resources
Forged 802.11n Block-Ack frames impede data flow
RF interference avoidance & 802.11w protection help
But DoS Floods can still consume available bandwidth
 Android as a Hacking Platform
IS A TREND
 WiFi Pineapple
NOT MANY PEOPLE ARE USING IT FOR PEN-TESTING PURPOSE

38
Pwn Pad
Mini-pwner

40
 WPA Cracking
IN A MORE LAZY WAY
 Fact of Life #2 of 802.11 :
HACKER MUST BE IN WLAN RF FIELD

Good news: Bad guys need to get pretty close to

your building (or your laptop).
Bad news: Almost impossible to prevent in dense
urban or industrial areas.
Mitigation Actions:
Physical security.
Minimize RF signal leakage.
Employ Enterprise 24x7x365 Overlay WIDS/WIPS
Use standards-based strong authentication / crypto.
Why do we need a dedicated
system to monitor and protect
wireless?
 The need for New Types of Oversight
WIRED NETWORKS ARE DESIGNED FOR A
LINEAR ASSAULT
Traditional networks delivered security and control
through centralization
Heavily secured entry and exit points
Multiple layers of security
Frequent Zero-day threat update are routine
Security Policy enforcement with active blocking
Threat correlation and mitigation
Internal devices benefit from umbrella coverage
FOCUS OF THE NETWORK IS SHIFTING TO
THE EDGE
Mobility breaks the centralized model by opening the
door to outbound connections
Now internal-only traffic is also exposed
Network traffic has moved to the suburbs
All traffic in shared medium
Direct access to outside world
Internal traffic exposed
 Loss of Security
WIRELESS AP WITH RUDIMENTAL BUILD-IN SEC FEATURES
Just one layer of security on the wireless side

Layer 4-7 Firewall

(layer2)
No threat /signature update
No Security Policy enforcement with active
blocking
No Threat correlation and mitigation
WLC
If not in full monitor mode APs
Layer 2 traffic
are busy with more and services
Layer 2 traffic
can only do Part-time scanning
AP build in Sec need to decide between scanning and
Rudimental Line of Defense
signal provisioning

Static security cannot keep pace with new

Layer 2 traffic
devices, new technologies, new protocols,
new threats...
 Do you know, what you dont know?
Cany ou see what you cant see?
You can only see when you are looking!
Many attacks are counter-based or threaded patterns
Mobil clients are most vulnerable
Number of threats / vulnerabilities is increasing dramatically
802.11 is getting even more complex (e.g. 802.11 ac)
802.11 is layer 1 & 2 no visibilty for trad. Security solutions
AP solution are not build for pro-active indepth analysis
No update against layer1 & 2 threats/vulnerabilities
.
 AME adds another line of defense
WIRELESS AP WITH RUDIMENTAL BUILD-IN SEC FEATURES +AME

Layer 4-7 Firewall

+ Heavily secured entry and exit points
Layer 2 traffic + Multiple layers of security
+ Frequent Zero-day threat update
+ Security Policy enforcement with active blocking
+ Threat correlation and mitigation
Layer 2 traffic + Real time monitoring
+ NMS, SIEM integration
+ Forensic analysis (file capturing)
AP build in Sec
Rudimental Line of Defense
+ Full Rogue RF + wire trace and blocking
+ Security system resilience
+
AME
+ Internal devices benefit from umbrella coverage
Layer 2 traffic
Sensor

1st Line of Defense

Layer 2- WIPS ArMagnet Enterprise is closing
Real time
monitoring
Server downloads
the major GAPs
Zero-Day Thread
protection
new signature
module - 1st line of defense
Blocking
Policy - Frequent Threat update
enforcement
Attack IDS
Flukenetworks.com
- Active blocking
Forensic
 Airmagnet enterprise is complementary
AirMagnet Enterprise (AME):
Is a WLAN assuance system - a network of sensors and management software that implements
assurance functions:
Is provideing dedicated remote 24/7 real time monitoring for security and root cause analysis &
troubleshooting.
Is workflow based with integration capability into existing NMS/SIEM solutions to support
enterprise operations & processes
Provides a broad range of services that complements and completes WLAN system
functionality and enhances:

o Security & Integrity:

additional layer for security (1st line of defense)
Zero-day Threat/Signature update capability
Security Policy enforcement with active blocking
Forensic analysis
Comprehensive reporting
Security system resilience

o Performance & Operations :

Pro-active root cause analysis and real time remote troubleshooting
Large OPEX cost reduction
Strong SLA improvement
Business continuity (services/applications through wireless)
Better customer satisfaction
Principle Architecture
HOW DOES AME DEPLOYMENT LOOKS
LIKE?

System-to-system
San Francisco notifications

Amsterdam
SSL/TLS SSL/TLS

London

Sydney London AP as
Sensor

Tokyo

remote drill-down
Scan, analyze Display,
all traffic manage
Store, correlate,
alert
 AirMagnet Enterprise System Architecture
FLEXIBLE AND SCALABLE

Servers
Runs on virtual or
dedicated Windows
Server environments
Hot standby server can
be in separate
datacenter
Supports up to 1000
sensors per server
Sensors
Sensors can be located
anywhere in global
network, uses secure
SSL-based link
Hardware and Software
Sensor Agents can be
combined for optimal
monitoring
51
 Dynamic Threat Update - DTU

QUICKLY UPDATE TO PROTECT AGAINST A NEW THREAT

0 days
1 day to 2 weeks

End-user Timeline
Analyze & Create and Publish Automated DTU
Vulnerability release new DTU download & alarm
` assess severity `
Published - Post response alarm file is active

1 day 2 weeks 1 day 2 weeks Instant Every hour

AirMagnet Wireless Intrusion Research team can rapidly customize or create new
signatures / rules for newly discovered vulnerabilities
Users have immediate protection from new threats
No disruption of WIPS protection or wireless service to update signature module
Automated updates require no IT staff cycles
Users , AirWise Community contribute to creation of new signatures

New threat signatures are automatically delivered to sensors across the organization
for instant protection with no down time and no IT staff
 Blocking/remediation
Blocking can be categorized as wireless or wired

Sensors use proven AirMagnet techniques to remediate Rogue devices via wired or
wireless
Very low channel utilization when blocking

Wireless blocking Wired Port blocking

Rogue AP

X Rogue AP

snmp port shutdown

X
53
 Example how does AME work?
AUTOMATED PROTECTION
Wireless Termination

Terminates target device only minimal

AirMagnet Server AirMagnet disruption to rest of network
Sensor Automated or on-command disconnect
Neighboring Authorization required, audit trail
AP maintained
Compliant with applicable laws & FCC
regulations
Switch

Laptop

Wired-side Port Shutdown

Port look-up and suppression
ALERT!
PORT SUPPRESSED! ALERT!
TERMINATED!
On-command shutdown

Rogue
Rogue AP
AP on
on Network
Network Accidental
AccidentalAssociation
Association

54
 Automated Perimeter Detection
COUNTERMEASURES

Specific Event Alarm

Triggers when Rogue
AP is found INSIDE
Premise Boundary
 Rogue detection
5 DIFFERENT METHODS FOR TRACING ROGUE ACCESS POINTS

Wireless tracing
The sensor when it detects an open Rogue or Unknown AP,
will attempt to connect to it. Once connected, it will forward Wired
itself a frame to determine if its on the wire. Listener
Wired listener
The sensor puts its wired interface into promiscuous mode and Wireless eROW
listens for broadcast frames trying to match against the Rogue Tracing
and Unknown AP's that are seen. +2/-2 of the wireless MAC
address

DHCP fingerprinting
Sensor on the wired interface is listening for DHCP request Passive Switch
packets to determine if the Unknown or Rogue device is on the Rogue tracing
wire.
Detection via SNMP
eROW
ARP sweep the subnet, compare the list of MAC addresses
with the Unknown or Rogue list, +2/-2 of the wireless MAC
address.

Switch tracing
Using SNMP, crawl switches looking for wireless MAC address
from Rogue and Unknown AP's. +2/-2 of the wireless MAC
address, if cant find via this method, we can also trace based
on connected stations MAC address.
56
Rogue Location Methods
 COMPLETE SECURITY VISIBILITY
SCANNING ON ALL 200 EXTENDED CHANNELS FOR 5 GHZ
 Forensic Capture
BETTER THAN BEING THERE

The Challenge
Security and performance event
triggers often require post inspection
to determine remediation

Solution with Forensics

Automatically capture Wi-Fi and
Spectrum forensic data in the
background
Review packet level capture at exact
moment of trigger for deep forensic of
threat source

59
3G/4G/LTE spectrum analysis
 Introducing AME Cellular Spectrum Security

Provides a 24x7 spectrum security solution

Empowers government agencies to enforce no wireless zones
Offers detecting, monitoring and remediating of spectrum activity in
a broad frequency range that includes 3G, 4G LTE, and CDMA
Activity by cellular devices like cell phones and jammers is tracked

61
 Value Proposition and Key Features

Allows proactive IT pinpointing of the cellular spectrum security issues before they
happen
Value Prop

Enforce no wireless zones

Detect cellular jammers and remediate

Offers deployment flexibility

AME system can handle a mixed deployment of Wi-Fi only sensors and cellular
spectrum sensors

Spectrum visibility scans the entire cellular spectrum for security events such as
unauthorized calls and signal jamming
Unique Features

Detects, alarms verifies and reports on cellular events

Remediates wireless security threats

Enables cellular spectrum security and Wi-Fi troubleshooting

Enables forensic analysis for in-depth investigation

62
Root cause analysis and
troubleshooting
 Real-time Remote Wi-Fi Analysis
DIRECT CONNECT IN REAL-TIME

Local Site Direct connect to

Sensor for Live Remote
Analysis- Essential for AME Servers in Data Center
Problem Investigation

HOT STANDBY
PRIMARY

Investigate WLAN
behavior in Real-time

Remote Site Console running in NOC /

SOC or remotely

64
 Real-Time Remote Spectrum Analysis
FULL DEDICATED SPECTRUM RADIO
for analysis and classification
Remote Spectrum interface for live troubleshooting
Covers 2.4GHz, 5GHz and 4.9GHz
19 classification alarms

65
 Byod classification
VIEWING THE SMART DEVICES
Wireless Assurance
 Automatic Health Check Benefits
IDEA SIMULATE A WIRELESS CLIENT

Perform pre-defined tasks

Collect metrics
Automate
Find out and react to the wireless problem before your users start calling
Generate alarms when thresholds arent met
Know exactly what the problem is before your users complain
Get detailed statistics for every step of the test
 Automated health check
TRENDING CHARTS

Trending Data for the following

Connection Time
Authentication Time
DHCP Time
Ping Time
FTP Speed
HTTPS Download speed
HTTP Download speed
Reporting
Multiple Reports

71
 Reporting
EVERYTHING IS AUTOMATED

72
3rd Party Integration
 3rd Party Integration
MULTIPLE MECHANISMS TO PASS EVENT DATA TO EXISTING MONITORING PLATFORMS

SNMP out (v1, v2 and v3) to popular NMS

platforms.
RDEP support for Cisco tools
Integration with SIM products (Arcsight, etc.)

Enterprises want wireless alerts integrated

into existing NOC / SOC processes and tools
AME Servers in Data Center

HOT
PRIMARY
STANDBY
SNMP
Syslog
Email
Custom

Issues if missing: No way to support

74 existing NM operating procedures
 AME RTK A5510
PRE-PACKAGED FOR SMALLER DEPLOYMENTS
The AirMagnet Enterprise Remote WLAN Troubleshooting bundle provides all the functionality to ensure organizations remote sites or
large campuses are operating at optimal performance.

AME Server + 11n + 3 X NG5 Sensors*1 (11n

Spectrum License + AHC + spectrum)
License Bundle 3 X PoE injector

Server

+
Spectrum With this new solution, organizations can
Solve WLAN problems anywhere with central IT
staff; no remote staff involvement or truck
rolls required
SENSOR4-R2S1-I A5032 Enable complete 24x7 Wi-Fi and spectrum
802.11N analysis across enterprise or campus network to
remote areas or sites
A maximum of 10 sensors
may be ordered with this SKU.
Expand the reach and effectiveness of
overburdened IT staff
Upgrade to unlimited sensor
support (AM/A5508G-Ugd is Reduce tech support calls by resolving WLAN
AHC
available for future expansion problems before users are impacted
Reduce costs by reducing the need to send staff
or consultants onsite to resolve issues.
*1 choice between external and internal antennas
FLEXIBILE AND SCALABLE

OptiView XG + AME RTK

= Local + Remote Site WLAN Analysis
XG AME Console Integration
Enables XG to access full AME interface for AirWise and real-time views of
remote siteCommon UI with embedded Wi-Fi Analyzer and Spectrum XT
XG + RTK bundle
Best mobile WLAN analysis
Best remote WLAN analysis

AM/5510 + AM/A5508G-Ugd
= unlimited AME

RTK
 Conclusion

WIFI is exploding
WIFI data is increasing
Wireless becomes critical (essential part of IT infrastructure)
Mobile devices as the new target
Protecting and securing the air will become more important
Real time monitoring with pro-active root cause analysis / troubleshooting will
be key
AME is a REAL 1st line of defense with pure focus on OSI layer 1&2
Automated security threat update will be critical for security defense &
detection
Fluke Networks has full cycle of products to support Wireless LAN
 FLUKE NETWORKS

ONE-STOP SHOP FOR ALL NEEDS AND PAINS

WLAN
Infrastructure
vendors

Planning

WLAN
Infrastructure 24x7 Performance Deployment
vendors
& Security & Verification

Troubleshooting
& Interference
 Thank you

Reiner Hofmann

EMEA Director Wireless/Airmagnet BU

Fluke Networks
Office: +49 7152 929 622
Mobil: +49 1520 9087448
Reiner.Hofmann@flukenetworks.com