SILICA – Mapping access points (looking for Rogue APs)
We are happy to
announce a new and exciting feature of SILICA that will be available
with the 7.24 release (shortly!).
If you are in charge
of protecting the wireless networks of a business, you often worry
about rogue access points - that is an AP that has been installed on
your secure network without authorization.
SILICA's new AP Mapping is a
feature that allows you to quickly and easily make a map of where the APs near you are placed. This
feature not only is useful for finding rogue APs, but can also aid in
detecting holes in wireless coverage, and also detect possible
fake access points (access points external to the network that want
to attack your wireless stations).
The user interface
for the data entry part of this feature is simple. It consists of a
map (or optionally you can just eyeball it on the blank canvas, which is what I always do) and buttons to control the beacon's capture and to determine the
current location.
The user can record paths as he moves around the office, control the current wireless channel, view intermediate results, undo paths (useful after a miss-click on the map), and save the results to file. It takes about 30 seconds to figure out - after which you are merrily wandering your office with your SILICA laptop in hand mapping out every AP you can see.
The user can record paths as he moves around the office, control the current wireless channel, view intermediate results, undo paths (useful after a miss-click on the map), and save the results to file. It takes about 30 seconds to figure out - after which you are merrily wandering your office with your SILICA laptop in hand mapping out every AP you can see.
You can make your maps in MS Paint or use Google Maps for high quality renditions. Or just start with a blank area (this still works). |
The results section
of this feature is rich in features. There are three basic map types
that are produced, using the magic of math:
1) The Heatmap. This
map is based on the estimated signal power of the access point that
is most powerful in each location.
2) The AP Zones map. This map is based on what are the zones of influence of the more powerful access points. The zone of influence is the zone where one access point is the most powerful one.
3)
The captured data map. This map show the signal power of access
points in each location according to the beacon captures without
interpolation or estimation. The user interface allows you to view this
map for each access point, both for the average signal power and for
the maximum signal power.
For the first two of the map types, the algorithm that SILICA uses to estimate the access points location and power are critical. There are various factors that influence the strength of the signal when received by the SILICA card: distance from the access point, obstacles that cause reflection or diffraction, relative angle of the AP's and SILICA's antennas, and interference from other sources. This means that the algorithm has to handle a very noisy signal, so we use a relatively simple algorithm to estimate the access point parameters - and also why it is best if you have more than just three or four points in your walk-path.
The first step is
estimating the access point position, for this a number (at least 10)
of the most powerful signals are averaged and the position and power
are taken as the center of the signal.
To calculate the
rate of power loss with the distance from the center, a linear
approximation is used, using the least square regression method.
Finding out the zone
of influence of each access point is more involved. A naive algorithm
would be to calculate the estimated power for each access point and
for each pixel of the map, and selecting the most powerful signal for
each location, but this doesn't scale. What SIILCA uses is a
divide-and-conquer method to find out the zones of each access point.
This way, the graphs are quickly generated, even for high-resolution
maps with many access points.
Example graph of how
the map is divided in zones by the divide-and-conquer algorithm:
We hope everyone likes the new feature! More interesting updates are on the way, and if you want to ask questions about getting a SILICA, just email sales@immunityinc.com!
No comments:
Post a Comment