How Does it Work Presented by StarSight Team
Agenda Why StarSight Overview of Wireless Technologies WLAN Components Throughput and Coverage Interference Access Point Placement Equipment considerations
What is StarSight? The StarSight concept consists in rooting world-class high technologies (most notably advanced Internet connectivity) to provide communities and local authorities with a modern environmentally friendly solution to support better, broader, safer and more affordable service StarSight = Solar power + street lighting + Wireless Internet connectivity
The solution was developed to Offer Government a visible way to reduce crime and reduce CO2 emission (Kyoto) Telecom companies a commercially viable last mile solution to: support VoIP and easy implementation of MPLS solution Broadband access (new definition of Universal Services as defined by the ITU) Prepaid access to energy and Internet access
Wireless Solutions In-Building Wireless LANs Wireless Bridges Public Access Hot Spots Home Networking
WLAN Components Wireless Access Point Plugs into the existing wired network Translates the hardwired electronic signals in the network to radio signals that are sent across the air Wireless Network Interface Card Plugs into the PC, Laptop, PDA, etc. (may also be built-in) Received the radio signals sent across the air and translated into network traffic 802.11 refers to a family of specifications developed by the IEEE for wireless LAN technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients.
Throughput & Coverage 18 Metres 802.11b 11 Mbps 802.11a - 54 Mbps 40 Metres 802.11b - 11 Mbps 802.11a - 18 Mbps 802.11a 40mW/6dBi 802.11b 100mW/2.2dBi 52 Metres 802.11b 5.5 Mbps 802.11a 6 Mbps 107 Metres 802.11b 1 Mbps
Wireless Interference Several issues affect the way the radio signal travels from one device to another Radio energy attenuates when it propagates Doubling the distance decreases the received power by 4 (1/r 2 ) Passing through objects increases attenuation further (maybe 8-16x) Antenna design affects how much RF energy is transmitted or received and where it is directed Scattering and multipath cause fading effects and echoes Other devices occupying the same or nearby channels cause interference 2.4GHz spectrum might be shared by Bluetooth devices, microwave ovens, and cordless telephones There may be significant interference experienced at the Power Stations!
Access Point Placement Ideally an Access Point should be located high above the floor and away from any immediate obstructions Based on a traditional office scenario Larger antennas and external wireless NICs will provide greater coverage and reception Most likely applicable to Power Station environment Remember, wherever you locate your access point, you will be provided with solar power and a wired LAN connection.
Equipment Considerations Equipment from different vendors exhibit significantly different performance due to architecture, design, manufacturing and software variations, as well as proprietary features and enhancements WLAN coverage can differ significantly in different environments It is critical to pilot equipment and measure WLAN throughput at a variety of locations Site survey
Security for Wireless LANs
Agenda Why the Concern? Levels of Wireless Security - Defense in Depth Solution Overview Solution Components Implementation
Why the Concern? With very little configuration, one is able to set up a wireless network providing access to corporate resources Access is indiscriminate anybody can gain access Physical security is no help Threats aren t as easily identifiable Potential attackers could be quite some distance away
Elements of Wireless Security (1) Physical Layer Encryption WEP (Wired Equivalent Privacy) 40 or 128 bit encryption Difficulties of tracking keys Susceptible to cracking 802.11i introduces stronger encryption WPA & WPA2 (Wi-Fi Protected Access) Advanced Encryption Standard (AES) - WPA2 Automatically cycling keys (TKIP) Requires 802.1x Uses Extensible Authentication Protocol (EAP)
Elements of Wireless Security (2) User Authentication Physical Layer Security has no authentication mechanism 802.1X provides user authentication Requires a user to provide credentials to a security server before getting access to the network If the user is authenticated and authorised to access the network, and the access point is verified as being part of the network, then the security server communicates directly with the access point to authorise the users access to the network The security server also creates a unique pair of encryption keys for this user session, which are sent to both the access point and the client to securely and uniquely encrypt the wireless communication between the two
Elements of Wireless Security (3) VPN Should not be used alone as does not provide protection against lower level attacks Session hijacking Man-in-the-middle attacks Rogue access points VPNs may be used to provide another layer of security over 802.1X based solutions Provides higher levels of encryption Facilitates 3DES May also introduce additional overhead Traffic Infrastructure Administration
Elements of Wireless Security (4) Other Best Practice Measures Restrict the wireless coverage area to that required Selection and direction of antennas Don t broadcast or use the default SSID Don t use for mission critical traffic no Denial Of Service protection Don t cache certificates Implement personal firewalls to protect other hosts on WLAN segments NICs in Infrastructure Mode Disable ad-hoc mode
StarSight in Action
Cityscape
Cityscape with standard street lighting
Cityscape with StarSight activated
StarSight Setup SSAP Multi reach Internet Cloud 802.11 a 18 Mb/s SSAP Multi reach 802.11 a 18 Mb/s 802.11 a 18 Mb/s Sky Reach NOC Centre Up to 1000 Mb/s DHCP Server Backup Server For conection to the internet the choice would be: Tetra Switch SSAP Multi reach 802.11 a 18 Mb/s Sky Reach Cache Proxy Blades Satellite Fiber Optic Firewall/ Antispam/ Antivirus Cable SSAP Multi reach SSAP Multi reach SS5000 KIT SS5800 AP KIT
The components
SS5000 KIT SSR1-Charge Controller/Radio SSBP1- Battery and enclosure SL1 LED HEAD SSSP Solar Panel SSAT Omni Antenna Cables Standard Installation cable set Installation Brackets for mounting on pylon
SS5800 AP KIT SSAP Access Point SSBP1 Battery and enclosure SLNX- Dual Radio AP/Backhaul SSSP Solar Panel SSAT Omni Antenna SSAX high gain 2.4Ghz 802.11 Omni Antenna SSAN 26db Parabolic Antenna 5.8Ghz Cables- Standard Installation cable set Installation Brackets for mounting on pylon
SSAP Supporting IEEE 802.11 a/b/g standards, and featuring a tri-band, software-selectable frequency design, the MonoReach is a carrier class, outdoor infrastructure product offering a flexible and secure solution for a variety of market applications. StarAP is optimized as an access point, but can also function as a client, and offers carrier class performance and reliability in either mode. StarAP also comes equipped with an auxiliary serial port for control of external devices, and features ease of installation, extensive remote management and upgradeability.
SLNX - StarMulti Reach Supporting IEEE 802.11 a/b/g standards, and featuring a dual radio design, along with software-selectable tri-band support, the MultiReach is a carrier class, outdoor infrastructure product offering a powerful and extremely flexible point-to-multipoint distribution solution for a variety of market applications. MultiReach is optimized as a dual radio access point, but can also function as a client or a combination of both. MultiReach features ease of installation, extensive remote management and upgradeability.
StarLong Reach Providing seamless, carrier class, point-to-point wireless connectivity, LongReach is the ideal bridging solution for building-to-building connectivity and backhaul, enabling extensive, scaleable wireless networks. The LongReach wireless backhaul solution is high capacity, quick and easy to deploy and provides secure connections that are scaleable and offer carrier class reliability and extensive coverage. StarLongReach comes packaged as a pair of units along with two 45cm, 25 dbi, 5.4-5.8 GHz parabolic dish antennas, and an option for a pair of 60cm, 28 dbi, 5.4-5.8 GHz parabolic antennas.
StarNOC The NOC is the main data control centre managing and storing all aspects of the StarSight network. StarSight Network Management System StarSight Utility Management System 1 x NOC Switch / Router 1 x NOC Blade Terrabyte Server set up
Implementation
Implementations Work with specialised Wireless Network planner to: Map and precisely define the best roll out strategy Identify frequency issues Define risk of thunder striking
Best Route Calculation To optimise roll out and plan future expansion, StarSight has partnered with leading Wireless Networking planners to support its clients
Frequency Security StarSight is being implemented in many countries around the world, to insure maximum security for rescue or police services, the frequency can be changed to cater special needs and requirements. Proprietary frequency and technology can be used to minimum interference.
Weather Proof All Product have been tested under extreme conditions of high humidity and extreme heat All product are weatherproof guaranteed To reduce thunder strike, points holding Paratonnerres will be put such as radio towers, backbone relay point.
Discussion
IEEE 802.11 Standard Activities 802.11a - 54 Mbps @ 5GHz 802.11b - 11 Mbps @ 2.4 GHz 802.11d - World Mode and Additional Regulatory Domains 802.11e - Quality of Service 802.11f - Inter-Access Point Protocol (IAPP) 802.11g - 54 Mbps @ 2.4GHz 802.11i - Authentication and Security 802.11k Measurement 802.11n 100Mbps throughput 802.11r Fast hand-off 802.11s Self healing/self configuring mesh networks
Comparing Throughput Frequency Channels Maximum Link Rate Maximum TCP Rate Maximum UDP Rate 802.11b 2.4Ghz 3 11 Mbps 5.9Mbps 7.1Mbps 802.11g (with 11b) 2.4Ghz 3 54 Mbps 14.4Mbps 19.5Mbps 802.11g (11g-only) 2.4Ghz 3 54 Mbps 24.4Mbps 30.5Mbps 802.11a 5Ghz 8 54 Mbps 24.4 Mbps 30.5Mbps User throughput is less than the maximum link rate for a number of reasons Additional data (preambles, headers and checksums) Every directed packet also results in a return acknowledgment packet There is a random delay between packets to allow others to transmit 802.11g provides an option to provide throughput rates of 802.11a or compatibility with 802.11b. You cannot have both at the same time.