WIPS Locationing?

By Lisa Phifer, Core Competence on February 25, 2010 2:57 PM 3 Comments

Please describe your product's approach to determining and mapping the location of potential rogues and attackers, including historical vs. real-time tracking, minimum sensor/AP requirements to enable locationing, and typical accuracy.

3 Comments

Amit Sinha, Motorola | March 3, 2010 2:28 AM

Motorola AirDefense uses Receive Signal Strength Indicator (RSSI) based triangulation algorithms to determine the physical location of a device such as a rogue AP or any other Wi-Fi device of interest. Some of the salient features of the location tracking application include:

1. The ability to leverage not just WIPS sensors but also Access Points (APs) for RSSI information. This allows more reference points in the location tracking algorithm, enhancing accuracy. It also reduces the minimum number of sensors needed for location tracking.

2. The median accuracy of location tracking is about 10m. This can be improved by calibration and increased sensor/AP density.

3. AirDefense maintains minute-by-minute forensic data. The system stores
over 300 statistics per device per minute. One of the statistics is RSSI. This allows rich historical location tacking. The user can see how a device has moved over the last few days/weeks/months, and also generate historical location heatmaps. The forensic location trail can be used to determine the whereabouts of a hacker, the typical locus of a VoWLAN client, areas of client concentration, coverage v client density, etc.

4. Real-time location tracking is also available, allowing users to “lock” on a device and track it through a facility. The system automatically determines the best sensors/APs to leverage to compute the current location of the device.

Wade Williamson, AirMagnet | March 3, 2010 4:49 PM

The AirMagnet Enterprise system offers location mapping for any wireless device or threat. The location functionality is performed using signal strength (RSSI) to triangulate the placement of a transmitting device - typically within a 3 meter radius. For our customers we recommend using 3 sensors for proper device location as this ensures that RSSI is being measured by 3 identical radios. Given the variance in how different radios may perceive a given signal, using mixed devices to provide location typically introduces unnecessary error into the locationing results.

AirMagnet allows users to simultaneously view as many devices as they want in a single view. This allows users to not only map the location of threats or rogues, but also to visually correlate problems on a map. For example, the network manager may want to see the location of all devices that have triggered slow speed or fragmentation alarms. If these devices are all clustered in the same area, you can quickly identify an environmental cause for the problem.

Additionally, AirMagnet leverages the location functionality to identify rogues based on their location. Users can define the perimeter of their building or any secure area, and if unknown devices are present inside that perimeter they can be automatically classified as rogue.

Gopinath KN, AirTight Networks | March 7, 2010 9:14 AM

Hey Lisa,

An important question, given the dynamic nature of RF waves.

Considering the varying nature of RF in a real deployment, AirTight implements a location tracking algorithm that calculates the probability distribution for the location of a device over any region. In our experience, this model provides a more realistic representation of the estimated location of a device. It also provides fairly accurate estimates (within a cubicle or two) in a typical enterprise office environment.

AirTight provides 2 options for the end-user to view the location of a device: simple "Thermometer view" and a sophisticated "RF Map" view. The Thermometer view can be used with just 1 sensor seeing a device and is useful in getting a quick idea of how far/close a device is wrt the sensor. The RF Map view works best when multiple (e.g., 3) sensors are seeing a device.

Salient points include

- AirTight is WLAN vendor agnostic and can integrate with popular wireless LAN controllers (e.g., Cisco WLC) to minimize the number of sensors (and overall BOM) required for supporting accurate location tracking
- AirTight is the first in the industry to provide location tracking of a Denial of Service attacker (and not just, devices such as Rogue APs and clients).
- AirTight maintains historic location information of a device.
- Location tracking works with 802.11n devices available in the market today
- RF maps used for location tracking are also used to provide "Live RF views" that are valuable in visualizing coverage holes and overall WLAN performance management

Thanks,
Gopi

Return to this summit's main page

Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information. Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site. Please encourage colleagues to download their own copy after registering at http://www.webtorials.com/reg/. Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2007, Distributed Networking Associates, Inc.

Sign In

WIPS Locationing?

3 Comments