BLOG
 
Blog: WiFi Experts

A Closer Look at RF Interference and Spectrum Analysis - Part 2
Author/Blog Contributor - Jesse Frankel, AirMagnet Product Marketing Manager at Fluke Networks
Date: April 28, 2011

Now that we've established the basics of RFI and spectrum analysis in an early post, let's take a look at the typical deployment models for spectrum analysis-enabled sensors, and what an enterprise should consider when choosing an SA monitoring system.

What are the various approaches for deployment?

Partial deployment/trouble area only: This mode comes into affect in cases where there are certain critical areas where WLAN problems occur most often, or users are most sensitive to even short network interruptions (i.e., executive boardrooms, auditoriums, IT operations, help desk and lab areas).

Full deployment: In this mode, SA-enabled WIPS sensors are deployed wall-to-wall in all key areas to provide complete RFI detection and analysis capability. Headquarters and remote sites are often prioritized highest for this deployment.

Permanent vs. temporary deployment: Sensors are most commonly deployed in a permanent installation mode. Other times, it can be effective to temporarily deploy SA-enabled sensors on an as-needed basis to areas that appear to have WLAN symptoms that point to RFI as a potential root cause. This can be a very efficient starting point for the use of SA-enabled sensor technology. Sensors can be temporarily deployed to a trouble area for days or weeks until the RFI source is confirmed (or some other root cause is determined).

Coupling with AP infrastructure deployment: There is a wide variation in this area, so there is no real typical case. Some sensor decisions are driven by AP upgrade or expansion projects, while others are completely decoupled and driven by support improvement or security monitoring projects.

Considering an SA monitoring system for your enterprise? When considering the suitability of SA monitoring systems and comparing different products, it’s important to know the various technical aspects that are key in the decision-making process:

Classification accuracy: Time domain analysis provides large improvements in RFI classification accuracy. Many interferers have pulse durations that are in 10s of milliseconds. These may be estimated from FFT data alone, however, there are a number of cases where the difference between pulse duration across interferer classes is only a few milliseconds. This makes proper classification by only the FFT data very difficult. Examples of this include computer mice, zigbee, game controllers and bluetooth interferers, all of which look extremely similar in the frequency domain, but are clearly differentiated based on pulse characteristics.

There are always new RFI sources being introduced into the enterprise environment. This means that the most capable processing approach will increase the likelihood of classification, and that the system architectures that can most quickly update and expand the classifier signature database will be the most effective. Classification performance includes how quickly and accurately an RFI is classified. Part of the accuracy is the ability to differentiate between signals with similar characteristics (such as a wideband jammer or a microwave oven). In these cases, the addition of time domain processing means being able to tell a malicious attack from unintentional interference from a kitchen appliance. This differentiation is vital to initiating the proper remediation approach.

Remote real-time analysis, forensic capture: Along with RFI classification, having the ability to easily view the real-time SA interference across the network to a remote site is valuable for the diagnostic and remediation steps. There may be multiple RFI sources to deal with, or sources that exhibit only periodic transmissions, where after being alerted by an automated mechanism to the problem, further investigation is needed. Also, systems that can capture forensic SA data at the time of the RFI classification, and store these informational elements for future analysis, add a further important capability (i.e., an RFI that only comes on at night when no staff is present could be fully diagnosed with stored capture information the next morning).

Specification comparisons: Unlike lab instrument grade analyzers, the vendors of the embedded SA processor modules utilized in IT equipment do not typically quote any standard set of specifications. Some provide little to no specifications, while others quote various items in nonstandard format or convention. This means it is generally difficult to evaluate the real capabilities of the various solutions by comparing specifications.

System deployment flexibility: Depending on plans for WLAN expansion and refresh cycles, the desire to add SA monitoring may or may not coincide with deployment plans for other infrastructures. In terms of cost efficiency, if all the timing lines up, it may be beneficial to deploy SA monitoring concurrent with other WLAN infrastructure. However, we find that often IT may want to start off with a small system which can be used in temporary or permanent deployment mode in order to understand its full benefits. An overlay sensor approach also adds significant advantages in many cases, including the ability to quickly and easily update and add classification signatures and perform the SA processing without impacting the performance of the AP itself.

Clearly, there are many factors that go into evaluating and selecting what type of spectrum analysis deployment is right for you and your enterprise. Stay tuned for the final post in this series, which will discuss the technical and deployment trends for enterprise spectrum analysis.

 
Comments:
 

Post a Comment:

Name:
*
 
Email:
*
Note: Your email will not be displayed.
 
Comments:
 *
 
Verification:
Enter in the characters from the image below:
 *
 
 
Blog Contributor

Jesse Frankel has extensive experience in delivering critical wireless security solutions for enterprise, clinical and government networks. During his 6+ years at AirMagnet he served as Director, System Engineering and as a member of AirMagnet's Wireless Intrusion Research Team.

Blog Archive
 
Other Social Media Sites We Recommend:
Home  |  Security Center  |  All Things Wi-Fi  |  Blog  |  Library  |  AirMagnet.com  |  FlukeNetworks.com
© 2006-2012 Fluke Corporation. All rights reserved.