Using AirCheck G2 to Maintain Great Wi-Fi

Without doubt, one of the best tools on the market for maintaining great Wi-Fi is the NetAlly AirCheck G2 Wireless Tester. Its ease of use, portability, reliability, depth of visibility and cetralised reporting capability have made it a worldwide success and staple part of the engineer’s toolkit. The purpose of this post was to highlight a few examples of how to use the tool to address some of the most common considerations, and of course issues, presented by Wi-Fi. Firstly, lets take a look at the tool itself:

netscout aircheck g2 hardware

On the AirCheck G2 we have a large clear and responsive touch screen, a mounting point for an external uni-directional antenna, a 1Gbps Ethernet port for testing backhaul connectivity and PoE and a couple of USB slots for attaching devices, memory sticks etc.

For the purpose of completeness of visibility we will assume use of the NetAlly AirCheck G2 TA Kit which includes a few additional handy extras including the external antenna and holster but a clue in the ‘TA’ part of the name, the Test Accessory. This is a small footprint device, which is used to remotely connect to the AirCheck and provide iPerf testing – to get network throughput performance statistics. Here is what is in this ‘TA Kit’:

 

Verify The Network Deployment

Using the AirCheck G2 we can check the ability to establish a connection to the network and access core services such as DHCP and DNS, can it resolve a web address, and how long did this all take. From this simple workflow, you can ensure that everything from a connectivity perspective is as expected:

aircheck connection test

Verify Network Performance

Using the AirCheck G2 paired with the Test Accessory, we can now validate performance to a remote device. Here’s how:

  1. Connect to a network
  2. Select iPerf Test
  3.  Select iPerf Server or Test Accessory to test against
  4.  Click ‘Start’ to begin your test

This now gives us an indication that the network is available, we can connect and gives an indication of its performance.

Auto-Test Feature

Auto Test is a really handy, user configurable set of tests that can be run with a single touch to validate network health with a ‘Pass or Fail’ indication. Using this feature, the AirCheck G2 is testing the following 5 elements:

  • 802.11 Utilisation : Reports top 3 channels in each band (2.4/5ghz) with highest Wifi traffic utilisation.
  • Non-802.11 Utilisation : Reports top 3 channels in each band (2.4/5ghz) with highest non 802.11 airtime utilisation. This indicates the presence of interference sources and high noise.
  • Co-Channel Interference : Reports the top 3 channels in each band (2.4/5ghz) with the most AP’s on the same channel that exceed the minimum signal level threshold.
  • Adjacent Channel Interference : Reports the top 3 channels in 2.4ghz band in which AP’s might experience adjacent channel interference. For each channel of which at least one AP is found, the feature counts how many access points are operating on other channels that are overlapping with that channel.
  • Network Quality : Verifies coverage, interference, security and ability to connect to specified networks, along with the availability of critical services such as DHCP and specified network targets.

 

aircheck G2 autotest

Non-802.11 Interference

Using the onboard Wi-Fi radio of the AirCheck G2, we can sense and classify (when possible) sources of interference that are having a detrimental impact to network performance. Sources which are identified are as follows:

  • AirHORN
  • Baby Monitor
  • BlueTooth
  • Canopy
  • Cordless Phone
  • Game Controller
  • Microwave
  • Motion Detector
  • Narrowband Jammer
  • Radar
  • Video Monitor
  • Wireless Bridge (non-802.11)
  • Wireless Mouse
  • Wireless Video Camera
  • ZigBee
  • + Possible Interferer and Unclassified Interferer

 

 By getting close to the area in question and running this test you can quickly see if there is anything that could be causing a problem, how strong the interference source is, on what band, what channels are impacted, how often and for how long. From here you can even locate the source and either isolate it, or in some cases engineer the network around around it so that it no longer poses a problem.

Optimising the Network Using the AirCheck G2

The ‘Channels’ screen on the AirCheck G2 gives an excellent insight in to channel configuration, channel utilisation and also non-wifi channel utilisation across 2.4 & 5ghz bands. Using this screen, we can see the entire Wi-Fi spectrum at a glance and also view how the channels are overlapping

aircheck channels screen
Aircheck channel overlap screen

When optimising the channel domain, some considerations are:

  • Are there too many APs on a channel?
  • Are there AP’s on overlapping channels in the 2.4ghz band (2, 3, 4, 5, 7, 8, 9, 10)
  • Is 802.11 airtime utilisation too high?
  • Is Non-802.11 airtime utilisation too high?
Take a look at the clients on the channel, are there too many? If so, think about removing unauthorised devices or employing techniques such as band steering or client load balancing.

View the Iris Networks NetAlly AirCheck G2 product page HERE

View NetAlly’s AirCheck G2 product page HERE

Download the datasheet HERE

How to Optimise your SIEM Syslog Environment

How do you create a secure, resilient, effective, compliant and cost efficient syslog event management infrastructure?

If you are asking yourself this question, its likely that by this stage you have invested in a market leading SIEM platform such as Splunk, QRadar, LogRhythm, Elastic or any other of the market leaders – maybe you have adopted a multi-tier approach and have more than one of the listed.

It’s not uncommon to have hundreds of thousands of events per second flowing across enterprise networks and given that the majority are sent via UDP and hence connectionless, it’s possible that in times of peak network capacity that some events are simply lost. Other considerations to bear in mind are things such as security, compliance and volume base license costs. We will highlight some use cases in this post to show ways in which you can address these considerations, creating an efficient, secure, GDPR compliant and cost effective syslog environment.

Challenge#1: Platform Agnostic Log Management

Challenges:

Variety of sources & schema, multiple destinations, delivery guarantee, fault tolerance

End Goals:

Unified collection, real-time transformation, secure transit, buffering/caching

 

 

 

Here, Syslog-ng relays and PE have been deployed to deliver syslog messages using RLTS protocol which guarantees log delivery at different locations, should a log be dropped it is resent until it is acknowledged and forwarded. PE also uses TLS to secure the delivery, meaning that sensitive information cannot be accessed by third parties. Syslog-ng also caches and buffers on the local disk should the network or device connection become unavailable. Now multiple teams can retrieve logs for their specific use cases in a standardised, efficient and secure manner.

Challenge #2: Long-Term Storage & Search

Challenges:

Usage based licensing costs, storage costs, varying retention requirements

End Goals:

Implement long-term storage layer, automated retention policies, automated archiving, indexed and compressed

syslog ng long term storage

In this case, relays have been used in conjunction with the Syslog Store Box (SSB). Policies have been created to index the events at the SSB and send to SAN for lower cost storage. Also, content such as human readable content has been stripped and the logs re-written to further drive efficiency and reduce SIEM license costs along with de-duplication. Logs are indexed and compresses resulting in faster searching in archives. Policies created to create differing retention policies as required.

Challenge #3: Advanced Routing / Filtering

Challenges:

Varying events-per-second EPS, usage based licensing, usage based planning, cost implications

End Goals:

Filter out irrelevant data, asset based planning, cost effective retention

syslog ng product filtering

Here, relays and PE have been used in conjunction with advanced filtering techniques and directional forwarding that have drastically reduced the volume of messages hitting the SIEM and compliance platforms. Syslog-ng can be deployed as an agent on a wide number of hosts and flexibly route content to multiple destinations without the need to deploy multiple agents on devices. Duplicates and unnecessary content has been stripped and discarded.

Challenge #4: Compliance, Even Without a SIEM

Challenges:

unsorted, mixed content, too noisy for correlation, mixed compliance models, unfiltered data exposed

End Goals:

Logically separate content, data can be filtered further, different archiving policies, repository access controls, user specific log ‘views’

syslog ng store box routing

Using the SSB, log data is stored in encypted, compressed and time stamped binary files with access restricted to authorized personnel only. Authentication, authorisation and accounting settings provide granular control based on user privileges. Can also be integrated with LDAP and Radius database. Ability to store up to 10TB of uncompressed data in the largest SSB. PE also ensures that messages cannot be accessed by third parties by using TLS to encrypt the communication between agents and syslog-ng store box. Filtering and routing rules send data to correct platforms.

Challenge #5: Reliable Log Infrastructure

Challenges:

Critical event, logs never sent, connection saturation, single point of failure, data open to inspection

Solution:

Relays as a local staging post, consolidate cache & buffer, alternate destinations, RLTP: received and understood, encryption & timestamping

syslog ng encrpted syslog architecture

A combination of Syslog-ng Agents, relays and SSB have been used to create TLS encrypted messages sent through the network securely. RLTP has been used to guarantee log delivery using received and understood methodology. Logs stored in encrypted state on the SSB, indexed and timestamped and sent to SAN and SIEM for processing.

Thanks & credit to the team @ BALABIT & OneIdentity for assistance with content.

If you would like to discuss how these solutions can transform your syslog architecture, help you to meet GDPR compliance regulations and save you substantially on your license costs please get in touch.

Do NOT follow this link or you will be banned from the site!