CWNE Certification – A personal goal

I thought I’d share this goal of mine that I’ve been thinking about, talking about and worrying about for some years now: to become a CWNE, a Certified Wireless Network Expert.  To a wireless network professional, one who specialises in Wi-Fi, this qualification is a big thing, the top of the certification path in wireless networking.

CWNE is the highest certification awarded by CWNP (, the vendor-neutral organisation that administers the CWNP exams and, in a few days time, I’ll formally submit my application.

So I’m close. Last week, I passed the last exam I needed to pass in order to complete the ‘exam requirements‘ part of the formal application process.  I already had the basic exams, CWTS and CWNA, which I took in 2012.  But to apply for CWNE status, you need to pass:

  • CWDP – Certified Wireless Design Professional
  • CWAP – Certified Wireless Analysis Professional
  • CWSP – Certified Wireless Security Professional

With good reason, the most common advice is to take CWAP first, which gives you an excellent base to understanding 802.11 and its inner workings.

My particular exam path was quite the opposite.  In 2013, security was a weakness for me and I needed to turn it into a strength.  So CWSP was my first exam and I studied pretty hard for it.  Passed it first go in March 2014.

Due to some work projects I knew were coming up and would interrupt my plans for studying at the same pace as CWSP, I decided to halve the amount of time I felt I needed for CWDP and sat the exam just a few months later.  CWDP is not an easy exam (well none of them are) but I was particularly surprised by this one.  Anyway, I failed the exam by a question or two.  Twice.  Got it the third time.

That left CWAP and the thought of CWAP quite frankly scared me (which is why I did CWDP second). I was that worried about my ability to remember complex protocol field mappings and modulations; recognise patterns in Spectrum Analysis and memorize 802.11 headers, sequences and operational processes; that early on I decided to do an authorised CWAP course. In Bangkok. I signed up to Globeron’s CWAP course (taught by Ronald van Kluenen) and it was superb.  From that course, apart from the knowledge learned at the course I obtained two key takeaways: first, an official  CWAP course notebook which is chock-full of impressive tips and notes, and second: self-confidence.  During that course I realised that I was not as far off being prepared for CWAP as I thought I was. It was a massive confidence boost.

Due to work commitments, it took a year for me to prepare and finally sit the exam and happy to say it was last week that I took it and passed.

I would like to mention that all of the CWNP books (published by Sybex) have been superbly written. They really, really have and my hat goes off to the authors of each book.  The books explain technical concepts extremely well. You still need more material though. Luckily there are blogs by CWNEs and whitepapers by universities that are a wealth of information.

Colleagues often ask me why not go for a vendor certification?  Xirrus, Aerohive, Cisco, Aruba, Ruckus, HP all offer their own wireless certification tracks. While these are all valuable in their own right, for what I wanted to achieve, I decided early on for a globally recognised, independent certification.  It suited me for two reasons:

  1. I wanted to focus on learning the IEEE 802.11 standard and how it is applied in the real world in different environments.
  2. I required a flexible, adaptable skillset that could be applied to any situation to troubleshoot issues and audit complex scenarios on any customer implementation, regardless of their chosen brand.

Some curious colleagues (and the odd customer) have also asked me about the Wi-Fi tools I use.  Well, below is what I use but there are lot of awesome tools out there and I would have them all if I could! Principally I use:

  • Tamosoft Tamograph Site Survey (Site Survey software)
  • Tamosoft CommView for Wi-Fi (WiFi Layer-2 Analysis software)
  • Metageek Chanalyzer Pro and a 2.4/5GHz Metageek WiSpy dBx adaptor (Spectrum Analysis)
  • A custom Toshiba Portege laptop that is very thin and extremely light – when walking around sites for hours, you need something that isn’t heavy!

Plus a bunch of other networking tools I’ve used since CCNP and CCIE R&S days.

In summary, from Day One I have wanted – and I truly desire to be, an independent expert.  To be able to offer my customers the best solution for their needs.  While this may be one vendor for one environment, as a consultant I would (and do) recommend another vendor for a different environment which I feel best matches my customer’s current and future requirements.

Getting to this point has been a worthwhile journey.  I have learned an incredible amount of VALUABLE information that helps me every single day of my job.  My networking background has been routing and switching and although it is a job I enjoyed, it was always ‘a job’.  However, wireless and radio frequency operation fascinates me and its not just a job. I’m passionate about it.

To date, it has been an exceptionally rewarding experience.

A Guide to Wi-Fi Requirements.

Do you know what you want, what you really, really want?

Sometimes we need to flesh out real requirements for a Wi-Fi service.  A common request from customers is simply, “Install Wi-Fi at xyz location”.  Actual requirements start with understanding the desired outcome or performance expectations and working backwards from there.

There are relevant questions.  Such as what type of user experience is required and what density of users will be simultaneously using the Wi-Fi service. Or what existing systems does the service need to integrate with?

Business questions first.  If we don’t understand the business reasons for wireless in the first place, we won’t be able to design a solution that meets expectations.  Why is the business investing in a wireless service, what are the required business outcomes and timelines and how will the business measure the success of the installation?  What applications will they run and what type of activities do the business expect users to perform over the wireless medium?

Technical questions that address wireless functionality naturally follow. The customer may have standards that must be followed to integrate a wireless service:  user authentication, encryption, device management, reporting, logging, wireless intrusion detection (and desired responses), application performance, density of users, or different user groups.

From answers to these business and technical questions, we are able to begin noting the Wi-Fi requirements.  The discovery phase will assist here:  identifying supporting infrastructure, is there adequate bandwidth for the solution, is Quality of Service (QoS) required for application performance and which 802.11 standards need to be supported.

During the process of discovery, in some situations we may find that a Wi-Fi solution will not actually be fit for purpose!

The physical environment where wireless service will be installed prompts its own questions.  If site access for an inspection is difficult: a picture tells a thousand words.  A few well-chosen photos of the wireless environment will tell us a lot about what needs further analysis.  The environment will mandate if internal or external (weatherproof) Wi-Fi equipment is necessary, if internal or external antennas will be required, where there may be coverage challenges and so forth.  Physical security of equipment inside the environment should also be taken into consideration.

Site surveys are crucial.  We will want to know if the proposed environment is subject to wireless interference or,  if it has to contend with 50 foreign Wi-Fi networks fighting for the same channel space.  Site surveys can discover useful information that then become technical requirements that feed into the design.  For example, if a site survey uncovers heavy amounts of interference on a commonly used channel by Wi-Fi, then the design can avoid using this channel.

Most importantly: with Wi-Fi it is all about the client.  If the technology the client is using to connect to the wireless infrastructure is poor, then the experience will be poor.  No matter how good the wireless system.  If you have a mixed bag of client devices, old and new, fast and slow; all of this will affect the design.

So tell us what you want.  What you really, really want.



Inequality between friends

Wi-Fi can be thought of as two-way traffic down a one-lane street.  The two-way communication is your device on one side and the local Wi-Fi network the other.

Your device is only one-half of the story. Almost always, both sides of the Wi-Fi link have different capabilities.  The local Wi-Fi system usually has serious grunt behind it and can push signals quite far.  Your smartphone on the other hand…Not so much.

A good analogy is a concert.  You can be quite some distance from the stage where powerful speakers push the sound quite far.  Even if there were no other people at the concert, if you were a fair way back, the stage would hardly hear your voice and maybe not at all.

Say there are a couple of walls between your smartphone and the Wi-Fi network.  Your phone says it sees a clear, strong signal, right?  But the performance is not as you’d expect it to be.  Why is that?

Your phone cannot push signals as far, or through walls as well, as our friend on the other side of the link.  For an Access Point trying to receive your phone’s weaker data transmissions, it can be a challenge for it to receive everything being sent.  There can be data loss or corruption and time-consuming retries.  Essentially, there are unequal capabilities between the Wi-Fi network device and your personal device and this impacts efficient throughput of data.

There are simple ways to balance this relationship.  One way is to tune the power of your network Wi-Fi to match that of smartphones or tablets – which can be done with enterprise-grade equipment.

To sum up, similar qualities are needed for both parties to communicate well.  A one-sided relationship doesn’t last long.

Analogies galore spring to mind with that one.

A simple BYOD definition

We all know what it stands for but what is it really?

BYOD is a company defined set of policies, applied to the network infrastructure.

Together these policies or framework, control access to different areas of your company network depending on the who/what/where scenario: who’s asking, what device they’re using and the location they’re using the device at.

For example, a corporate-issued laptop accessing the network from within the office.  Usually, full access to company resources.  Personal smartphone over a public Wi-Fi hotspot?  This may have some restrictions.

For organisations, their decision to introduce a BYOD framework comes down to a balance of improved productivity vs cost of implementation/integration and the higher risk of loss of sensitive data.


Coverage, Capacity, Density.

Last year at a seminar, wireless coverage inside the convention centre was excellent.  The numbers of people (density) jumping on the service however, affected the capacity of the centre’s network. While accessibility was excellent, the use of the application on the service was really slow.

Enterprise wireless coverage is more than just reach. It usually has to support x numbers of users seamlessly roaming between business areas without dropping connectivity and support a connection quality to complete business activities in an expedient manner.

Wi-Fi should invisibly and reliably, work in the background.  A slow network or a blackspot area quickly becomes noticed – internal social media is often the place where problems are ‘discussed’. Plugging these gaps usually has a cost involved but the value gained from increased productivity and job satisfaction, often outweighs this.

In the wired world, coverage means both ends of the link are connected.  With wireless, the strongest device has the better coverage. The power and ability of antennas (and therefore the reach and signal quality) on a tablet or smartphone will not match that of a laptop or the wireless infrastructure.  Both ends of a Wi-Fi link should therefore be aligned in order that the quality of coverage expectations are consistent.

So what are the factors that determine our Wi-Fi service experience? Fundamentally, it is a combination of coverage, capacity, type of business activity (e.g multimedia), numbers of users and the types of devices being used. Client device selection has a measurable impact in a wireless environment; since Wi-Fi is a shared resource, too many ‘slow’ devices will lower performance for everyone.

To sum up, coverage and capacity define the infrastructure needed to deliver a certain level of service, to an expected density of user devices.  Get it right and you won’t notice the network at all.

Cease and desist

A rogue, according to the Oxford dictionary, is a person who is dishonest and unprincipled.

In the wireless industry Rogue Access Points (APs) are unauthorised wireless devices that are either connected to your internal network infrastructure (this is the part where you turn white) or are performing some malicious activity against your network.

Since a rogue is a security threat to the business, how do we find them?  And if we find them, how do we stop them?

Enter the Wireless Intrusion Detection System (WIDS) or Intrusion Prevention System (WIPS).  A WIDS/WIPS takes time to setup and burn in but done right it can be a valuable asset to minimise the threat of Rogue APs.

WIDS and WIPS are easy to explain.  WIDS is a monitor, detect-only system; basically it will discover a problem and alert you to it.  WIPS will go a step further and depending on how it is configured, either begin an automated or a manual action to contain the threat.

Most enterprise wireless security offerings these days provide a combined WIDS/WIPS solution.  These commercial solutions provide reporting and an audit trail than can be useful for management and if required, legal purposes.

It is worth considering installing dedicated sensors in your network. Sensor Access Points are normal APs, but configured as ‘listen-only’ or ‘monitor-mode’.  This way they can spend 100% of their time scanning for threats (or mitigating them) and they do not interfere with the production wireless network.

Sensor APs provide a great service to the production WiFi system in two areas: they offload the task of scanning and they offload the task of containment/mitigation.  Relieving your primary, production wireless system of these tasks means it can be left alone to fulfil its primary purpose in life: service the user community.

One other useful advantage to sensor APs is that if they are of the same model as the production APs; they can be rapidly converted to production use should a production Access Point fail.

To finish up, which would you believe to be the most common Rogue AP threat to businesses out of:
a) Hackers
b) Internal staff
c) Contractors

The answer is, overwhelmingly, internal staff.  Who have no malicious intent and are probably trying to be more productive when they connect a personal AP to the internal network.

But when this happens, out the window goes the company security policies and you are left with another entry/exit point to your internal network. One that for potentially months at a time, no-one will be any the wiser.

802.11ac – Is it worth the investment? Part 2 of 2.

A brief recap:  in Part 1, I talked about what 802.11ac can provide and left it asking whether we should invest in 11ac.

If you are in a greenfield (new) situation, I would recommend 802.11ac.  Even if you do not need the technology at this stage, newer devices will have support for it and will be able to take advantage of it if it is there.  The population of client devices in your organisation supporting 11ac will only increase.  This is a natural progression, as newer standards become the norm.

If at present there are only a few laptops that support 11ac, for a small percentage of the user base, a costly redesign and upgrade exercise may not make an adequate return on investment.

I touched on caveats in Part 1.  One of these is that in order to reach the highest speeds, your environment may require that you deploy larger numbers of Wireless Access Points than what you have now.  The reason for this is that the particular speed increases that look so attractive require no obstructions (e.g. walls) between client and Access Point.  More Access Points may be required to service the same number of users today.

As each business environment is unique and by that I mean not the organisation as a whole but each location or operations within that business may have different technology in use and operate in different environments.  For example a warehouse vs an office vs on-board a train or a ship, etc.  Should a particular environment not lend itself to the performance enhancements that 11ac offers, then it may be a difficult sell to push for an upgrade.

One option is to wait for Wave 2 before any significant investment is to be made.  Wave 2 promises something Wi-Fi has not yet been able to do: deliver data to more than one client simultaneously.  It may seem that it does that already, with a group of you sharing the Wi-Fi in your office.  But what the wireless service is actually doing is slicing up the airtime at a very fast rate (in microseconds) and sharing it between you, so that it appears as if you are downloading at the same time.  With 11ac Wave 2, you actually will be.