|
|
December 29, 2006 In regards to: CWNE Application for: Randall S. Mundee CWNP Program PO Box 20063 Atlanta, GA 30325 Dear Sir or Madam, This letter serves as additional documentation of a subset of the wireless networking project experience I have acquired and how I applied the knowledge gained from the CWNA, CWSP and CWAP certification examinations. Wireless Project #1 : Two-story Business Wireless Network and Security Upgrade I provided wireless consulting services for an e-commerce business residing in a two-story building. The production wireless LAN was based on old and outdated Linksys 802.11b model WAP11 WAPs and model WPC11 network interface pc cards using the outdated WEP encryption. The goal was to replace the aging and reportedly slow equipment and to additionally enhance network security due to the proximity of other businesses. Additionally, the client desired an increase in bandwidth along with better facility coverage. The solution was proposed and implemented with two new 802.11a/b/g WAPs based upon the interim WPA-PSK security based standards. Two Netgear brand model WGT624 WAPs were chosen along with their complementary WG511T pc cards. The 802.11a radio feature was desired due to the surrounding congestion in the 2.4ghz range. More than eight adjacent WLANs were found competing for the 2.4ghz RF spectrum surrounding the physical location of the business. A survey was conducted using Netstumbler and a WG511T 802.11a/b/g pc card showed that there were no surrounding 802.11a 5ghz WLANs to compete with. The new solution will operate using two radios in each WAP / PC card to enable redundancy and enhanced throughput. The 5ghz 802.11a radio’s were to be reserved for the benefit of power users and the company president to ensure maximum throughput and availability for these users. The vendor’s dual network capable solution works very well as I have tested it personally and found the pairing of two radios operating in the 2.4ghz and 5ghz range to be very beneficial, especially when utilized in congested 2.4ghz areas. The Netstumbler survey results showed that most of the eight competing 2.4ghz WLANs were hovering around Channel 6. I used my knowledge gained in the CWSP course to conduct the Netstumbler site survey. The survey enabled me to correctly configure the downstairs WAP for channel 1 with the upstairs WAP configured for channel 11. This configuration was purposely chosen in order to minimize 2.4ghz interference from competing WLANs. The WAPs were centrally located and installed out of sight above ceiling tiles. A follow up site survey / signal coverage baseline was generated using Netstumbler. Real-world throughput / coverage tests were conducted using FTP and client card utilities. Client notebook computers were each tested and good signal strength and network connectivity was verified. The security configuration included the following features enabled: WPA-PSK Encryption; Restrict access based on MAC addresses; Turn off the broadcast of the Wireless Network Name SSID. Equipment staging procedures were to download and install the latest version of the manufacturer’s firmware. Additionally the client was informed about ongoing security preventive maintenance procedures. Specifically there will be an ongoing need to occasionally repeat the site survey to look for rogue access points and to scrutinize any changes to the baseline. The customer was given a basic WIFI network / internet policy usage document and coached on how to further customize the document to the clients needs. Wireless Project #2 : CWNA Student Wireless Laboratory Instruction and Mentoring In my duties as Lead IT Instructor / Mentor / IT Manager I provide guidance and assistance to all students enrolled in our CompTIA Network+ and Planet3 Wireless CWNA courses. Due to the advanced technical nature of wireless networking most students require additional assistance in attempting and completing the hands-on technical lab exercises which accompany each course. TechSkills employs the facilitated learning model, which basically means that each course has many components and a trained, experienced and certified instructor is available to mentor and assist the student with their program. Each TechSkills course is composed of the following components: Lecture, Required textbook reading, Hands-on laboratory exercises and exam simulation preparation software. The Network+ course has one hands-on lab requiring the student to setup a wireless WAP and client. The CWNA course is approximately four-weeks long and has nine hands-on labs requiring the student to perform a combination of written and hands-on exercises dealing with the following topics: 1. Wireless LAN RF and Spread Spectrum 2. Wireless LAN Devices 3. Using APs in a Wireless LAN 4. Roaming 5. Repeating 6. Security and Filtering 7. Configuring Radius 8. RF Site Survey Due to the nature of the material I mainly employ the knowledge I gained from the CWNA course and exam. I do not try to espouse advanced wireless concepts that would be found in the CWSP or CWAP courses so as to not confuse the CWNA students. Currently my school only offers the CWNA course. The problems most likely to be encountered by a new wireless student have to do with the loading of device drivers, connecting the cables properly, and navigating and logging into the WAP’s administrative GUI interface. Equipment used in the wireless hands-on labs are: Linksys WAP54G and WUSB54G wireless network adapter. My instructional method is to perform a high-level planning session with the student using a whiteboard and after the planning I supervise the student as they work on the lab offering advice and assistance only if they ask. My instructions are for the student to try to work through the problem first before asking for help, but not to spend more than five minutes before asking for help. In practice I have found that I need to give students specific instructions so that they will be able to complete the lab successfully in the shortest amount of time. Each formal techlab instructional document contains structured activities and steps for the student to follow in order to arrive at successful lab completion. I believe that by letting the student attempt to troubleshoot their own problems, they will learn better by actually doing the work. At TechSkills we not only educate students, but we help them achieve professional certification. Once hired, they are much more likely to succeed due to our hands-on laboratory exercises. Wireless Project #3 : Firewall / VPN / Wireless Security Troubleshooting I was initially called in to provide expert consulting services for an older SonicWall brand firewall. The customer found me through conducting a web search for a Certified SonicWall Security Administrator (CSSA). The customer was a professional services firm specializing in Information Technology with offices located on the eleventh floor of a fifteen-story building in Dallas, Texas. The customer’s offices occupied approximately half of the eleventh floor. My initial mission and focus was in creating a new configuration for the SonicWall firewall/vpn/appliance so that the president of the company could securely bring up a VPN to the corporate office LAN. Most of my time was spent in configuring and troubleshooting the VPN component of the appliance. However, while troubleshooting from the boardroom I connected to the internet using the built-in centrino 802.11g wireless network interface card in my own VAIO VGN-S260 notebook computer. This configuration enabled me to make the change on the directly connected wired LAN and then disable the wired LAN port and utilize the WLAN to test my changes. The SonicWALL VPN software was used to bring up the client connection instead of the built-in Microsoft VPN software. While troubleshooting and working with the president of the company a possible security problem arose. We were troubleshooting the VPN while using a publicly accessible internet portal (which so happened to be accessible from within their offices.) The client VPN adapter was disabled and we still had access to the company Wired LAN through this unknown public internet WAP. The president called in the IT Manager for consultation about the possibility that there may in fact be a rogue WAP located in the company offices. The IT Manager confirmed that the WAP was not part of the official corporate network. I verified my own notebook computer network and adapter settings and proceeded to download NetStumbler. I then began a survey of the facility by walking around measuring signal strength of the 2.4ghz WLANs in the vicinity. The whole time I was measuring the signal strength of the possible rogue WAP with the intention to locate the WAP within the company offices. My survey lead me to an employee’s notebook computer. I inquired as to whether he had a WAP device and/or his wireless NIC enabled and he said Yes. It turned out that this innocent employee had accidentally enabled the Ad/Hoc mode on an additional wireless network interface card built into his notebook/docking station. The company president and I disabled the rogue WAP and shored up the breach. I used the knowledge gained from the CWSP course to locate the offending equipment. My wireless knowledge also was employed to educate the company president about the potential security implications to using wireless technology. Further I explained to the president about the need to charge an employee or contractor with the duty to periodically survey the offices and to create a baseline which could be used to spot any further security and wireless performance vulnerabilities going forward. Sincerely, Randall S. Mundee Lead IT Instructor / IT Manager TechSkills, LLC
|
Send mail to shane@networksystemsengineer.com with questions or comments about this web site. |