Study Flashcards
(148 cards)
1
Q
what are the 7 steps in WLAN RF planning?
A
"Validating the physical environment Select correct AP and Antenna Visual RF Plan Physcial Site Survey Finalise Visual RF plan Install APs Configure APs "
2
Q
Max speed on 802.11g
A
54Mbps (2.4Ghz)
3
Q
Max speed on 802.11n
A
600Mbps (2.4Ghz and 5Ghz)
4
Q
Max speed on 802.11ac
A
8Gbps (5Ghz)
5
Q
What is MU-MIMO?
A
Where an AP, by using different spatial stream, can transmit to multiple clients at the same time.
6
Q
AP315 4 x 4 : 4 : 4 : 3 - What do these figures mean?
A
1 Transmit Chains 2 Receive Chains 3 Total Spatial Streams 4 Total MU Spatial Streams 5 Total Supported MU Stations"
7
Q
What does the number of MU spatial streams dictate?
A
The minimum number of simultaneous MU-MIMO clients supported.
8
Q
what are the key determinants of the physical later (PHY) data rate for 802.11ac clients?
A
“Channel Width
Modulation and coding (MCScheme)
Guard Interval”
9
Q
what happens to the PHY data rate when the channel width increases?
A
It increases
10
Q
What are the design models for providing adequate RF signal?
A
“Coverage based (Low Bandwidth -e .g limited guest access)
Capacity Based (High Bandwidth - e.g. Office)
High Density
Outdoor deployment “
11
Q
What is the AP spacing for a coverage based solution?
A
70ft - 200ft
12
Q
What is the AP spacing for a capacity based solution?
A
45 - 60ft
13
Q
What are beneifts to using 5Ghz?
A
“Less noise (fewer devices use 5Ghz)
More available bandwidth
More available channels
Minimal adjacent channel interference”
14
Q
What are the survey methods?
A
Theoretical (virtual and passive) and Realistic (Active and Spectrum - post)
15
Q
5 Steps to perform a virtual survey?
A
“Complete environmental assessment
Obtain current facility electronic floor plan
Facility Walk through or obtain images of site to compare to floor plan. Note abnormalities
Gather info about building age, materials used and shielded areas
Place APs in Visual RF to complete predictive plan”
16
Q
4 steps for an onsite survey?
A
“Obtain current electronic floor plan
Walk through coverage area sampling the RF plan every few feet
Produce the heat maps and look for external interference
Use survey data to validate choice of AP locations”
17
Q
Name 5 building materials in an office that could affect RF signal propagation?
A
"Cubicles Reinforced concrete walls Metal Firewalls Stairwells Lift Shafts"
18
Q
What is spectrum clearing?
A
Spectrum clearing is when you use a portabal spectrum analyzer to discover interference sources (cordless phones, bluetooth devices, neighbouring APs etc.) before the network is deployed. You should then try to remove these devices if possible.
19
Q
Why should you not mount APs above false ceilings?
A
Ceiling tiles contain materials that can block signal and the space above the ceiling is full of cabling, pipes, conduit that cause signal issues.
20
Q
How should you deploy APs in an office environment? Hallways or Rooms?
A
You should deploy ion the rooms staggered - one in every other room
21
Q
What is the minimum RSSI value for a coverage area?
A
(-65dBm)
22
Q
What should the SNR (Signal to Noise Ratio) be greater than?
A
25dB
23
Q
How should you plan AP placement?
A
You should place APs in a Honeycomb pattern and plan for 5Ghz radio
24
Q
Which AP forwarding mode is preferred?
A
Tunnel Mode
25
In Greenfields sites how should you select your channel width?
Deploy 80Mhz channels including use of DFS channels if no signal interence is detected, if you detect interference deploy 40Mhz Channels
26
In Brownfields sites how should you select your channel width?
Deploy 80Mhz channels including use of DFS channels if no signal interence is detected, if you detect interference deploy 40Mhz Channels - also make sure your legacy clients are not causing any issues.
27
Formula for calculating number of APs required for coverage based design?
Total square footage divided by 5000
28
Formula for calculating number of APs required for capacity based design?
Total square footage divided by 2500
29
How many clients should be on an AP where they are deployed every 50ft?
40-60 clients
30
Directional antennas come in what patterns?
Low gain (wide beam), medium gain (medium beam) and high gain (narrow long beam)
31
What is the antenna size related to?
The wavelength for each discrete frequency.
32
Do antennas come with mounting kits?
Internal kits do but external do not.
33
what considerations are there in choosing an Antenna?
"Is it indoor or outdoor?
What coverage pattern do you need?
What number of spatial streams are supported on your AP
The antenna must also be for the correct frequency band (although Aruba offers dual band)"
34
What is decrypt tunnel mode in APs?
In decrypt tunnel mode the APs create GRE tunnels to the controller. The AP will decrypt the packet prior to sending it down the GRE tunnel. The controller will decapsulate the packet from the GRE headers , firewall the packets and then switches or routes the packets onto the network (if the firewall permits).
35
What is tunnel mode in APs?
In tunnel mode the APs create GRE tunnels to the controller, one per WLAN. All user traffic the APs receives normally arrives encrypted. The AP sends the encrypted traffic, via the GRE tunnel, directly to the controller.
36
How many APs, Devices and FW Throughput can 7005 handle?
16APs/1K Users/2Gbps FW (4 ports)
37
How many APs, Devices and FW Throughput can 7008 handle?
16APs/1K Users/2Gbps FW (8 PoE+ ports)
38
How many APs, Devices and FW Throughput can 7010 handle?
32 APs/2K Users/ 4Gbps FW (16 x PoE+, 2 x SFP)
39
How many APs, Devices and FW Throughput can 7024 handle?
32 APs/2K Users/ 4Gbps FW (24 x PoE+, 2 x SFP+)
40
How many APs, Devices and FW Throughput can 7030 handle?
64 APs/4K Users/ 8Gbps FW (8 ports or 8 GBICs)
41
How many APs, Devices and FW Throughput can 7205 handle?
256 APs/8K Users/ 12Gbps FW (2 x 10G)
42
How many APs, Devices and FW Throughput can 7210 handle?
512 APs/16K Users/ 20Gbps FW (4 x 10G)
43
How many APs, Devices and FW Throughput can 7220 handle?
1024 APs/24K Users/ 40Gbps FW (4 x 10G)
44
How many APs, Devices and FW Throughput can 7240XM handle?
2048 APs/32K Users/ 40Gbps FW (4 x 10G)
45
How many APs, Devices and FW Throughput can 7280 handle?
2049 APs/32K Users/ 100Gbps FW (8 x 10G, 2 x 40G)
46
How many APs and Users can the VMC 50 support?
50 APs and 4K Users
47
How many APs and Users can the VMC 250 support?
250 APs and 8K Users
48
How many APs and Users can the VMC 1K support?
1000 APs and 24K Users
49
How many MCs, Devicxes and Clients does the MM5K support?
```
"MCs = 500
Devices = 5K
Clients = 50,000 "
```
50
What happens when an AP GRE tunnel reaches the controller?
The MCs will decypt, firewall and switch or rouote the traffic.
51
Benefits of clustering controllers?
```
"Live cluster upgardes
Client state sync
Stateful firewall
AP active load balancing
Client load balancing
Seamless roaming for clients"
```
52
What is a WebCC license for?
It’s a subscription based license. It’s a threat intelligence service that tracks IP reputation, IP Geolocations, WEB URL Classification and WEB URL reputations.
53
What is LIC-PEF licenses for?
Policy Enforcement Firewall (PEF) features, such as intelligent application identification, policy-based traffic management and controls, or stateful user firewalls.
54
What is LIC-RFProtect licenses for?
An RFProtect (RFP) license is required for each operational AP using one or more RF Protect features, such as spectrum analysis and Wireless Intrusion Protection (WIP).
55
What radio features do IAPs have in common with controllers based?
ARM (Adaptive Radio Management), Client Match and Spectrum Analysis
56
What Firewall features do IAPs have in common with controllers based?
Stateful Firewall, User based Roles, WLAN based Rules, Rogue AP detection
57
What auth features do IAPs have in common with controllers based?
802.1x, MAC auth, Captive portal
58
Why is a controller based solution prefferable to an Instant?
Clustering allows for improved roaming, better suited to a centralised solution, better for locations with RF challenges
59
Benefits of 2 tier LAN?
Greater simplicity, less latency and lower cost
60
What are the design considerations of VSF stacking a 5400R switch?
You can only use one management module; enabling VSF deactivates the second. You can only use v3 or v2 modules at one time in a VSF stack.
61
What are 3 similarities of VSF and Backplane Stacking?
"One management and control plane
Distibuted forwarding
Redundant due to link aggreagation across the stack"
62
Key differences between VSF and Backplane stacking?
"Front plane uses normal ports to stack, backplane uses modules/cables
Front plane stacking requires bandwidth planning on links, backplane is dedicated and high bandwidth
Front plane supports long distances as can use SFP, stacking cables only support 3m
FP supports deep-level queuing and forwarding at a member level, BP supports deep-level queing at a stack level"
63
3 Benefits of VSF and Backplane stacking?
Simplify management - Increase Resilience - Simplify design and eliminate spanning tree
64
What are the CAT5e cables run lenghts?
1/2.5GbE up to 100m, 5G up to 55m (on UTP) or 100m on STP
65
What are the CAT6 UTP cables run lenghts?
1/5GbE up to 100m, 10GbE up to 55m
66
What are the CAT6 STP, Cat6a or Cat7 cables run lenghts?
1/5/10GbE up to 100m
67
How many fibre strands are required for 1 and 10GbE transceivers?
2 Strands
68
On MM OM1 @ 1GbE what trasnceiver is required up to 275 and which is required after 275?
1000Base-SX is required up to 275 and 1000Base-LX is required from 275-550m
69
On MM OM2,OM3 and OM4 @1GbE what transceiver is required up to 550m?
1000Base-SX or 1000Base-LX
70
On SM @1GbE what transceiver type is required up to 10km and what is required after 10Km
1000Base-LX for up to 10k and 1000Base-LH70 for up to 70K
71
On MM OM1 @10GbE what transceiver do I need up to 33m and then up to 220m?
10GBase-SR for 33m and 10GBase-LRM for 33-220m
72
On MM OM2 @10GbE what transceiver do I need up to 82m and then up to 220m?
10GBase-SR for 82m and 10GBase-LRM for 82-220m
73
On MM OM3 @10GbE what trasnceiver do I need for distances up to 300m?
10GBase-SR for 300m
74
On MM OM4 @10GbE what trasnceiver do I need for distances up to 300m?
10GBase-SR for 300m
75
On SM @10GbE what transceriver do I need for up to 10k and which for up to 30k?
10GBase-LR for up to 10k and 10GBase-ER for up to 30K
76
What is a key difference between the 320 AP when copmpared to a 330 or 340?
A 320 has dual 1GbE ports whereas the 330 and 340 have 1 x 1GbE and 1 Smart Rate port
77
Advantages/Disadvantages to connecting AP with 1 x 1GbE?
Pro: Less expensive and less complex - Con: No scaling past 1G and no AP link-level redundancy
78
Advantages/Disadvantages to connecting AP with 2 x 1GbE?
Pro: 1G per radio, redundancy for AP link - Con: More expense. More complex, link aggregation works whereby each connection is used for one radio and load balanced
79
Advantages/Disadvantages to connecting AP with 1 x SmartRate?
Pro: Less expensive and less complex, sacalable to 5Gbps - Con: No AP link-level redundancy
80
What is the highest over-subscription you should plan for on wired network?
(24:1)
81
What is peak utilization for a switch port?
80%
82
What should sustained utlisation be under for a switch port?
60%
83
At what perecentage of error rate is utlisation probably occuring?
Anything over 1%
84
Calculation to determine switch PoE budget?
Sum of device max - lowest device requirement + 17 or 33 (PoE or PoE+)
85
For MM OM3 @40G what SFP and how many strands are required for up to 100M and up to 300M?
100m = QSFP+ MPO SR4 (12 strands) 300m = QSFP+ LC BiDi (2 strands)
86
For MM OM4 @ 40G what SFP and how many strands are required for up to 150M and up to 400M?
150m = QSFP+ MPO SR4 (12 strands) 150m = QSFP+ LC BiDi (2 strands)
87
For SM @40G what SFP and how many strands are required for up to 10K?
400m = QSFP+ MPO SR4 (12 strands)
88
For MM OM3 @100G what SFP and how many strands are required for up to 70m?
70m = QSFP+ MPO SR4 (12 strands)
89
For MM OM4 @100G what SFP and how many strands are required for up to 100M?
100m = QSFP+ MPO SR4 (12 strands)
90
For SM @100G what SFP and how many strands are required for up to 10K?
10k = QSFP28 LC LR4 (2 strands)
91
What are two important considerations (table wise) when choosing a core switch?
The switch must support all of the VLANs and its MAC forwarding tables and ARP tables must be large enough to store the MAC addresses of every device on the campus.
92
How many MAC addresses and ARP entries can the 3810M support?
64,000 MAC and 25,000 ARP
93
How many MAC addresses and ARP entries can the 5400R support?
64,000 MAC and 25,000 ARP
94
How many MAC addresses and ARP entries can the 8320 support?
14,000 MAC and 14,000 ARP
95
How many MAC addresses and ARP entries can the 8400 support?
128,000 MAC and 128,000 ARP
96
What is VIA?
VIA is a SW app for your laptop or smartphone that is integrated into the Aruba solution. VIA clients will be firewalled, in the MC, and display as clients in the Mobility Master.
97
What happens if VIA senses an untrusted network?
If VIA senses an untrusted network, it will automatically attempt to establish a VPN connection to the MC VPN server.
98
What is SecurID?
RSA SecurID is a hardware and software-based authentication mechanism that generates unique authentication codes at a specified interval using an RSA SecurID token and supports Duo application authentication.
99
What can VIA be installed on?
You can install VIA on laptops with Windows 10, 7 , XP, Vista and on MAC OS. You can also install VIA on IOS and Android smartphones. VIA is easily deployed by supplying the users with a simple URL where they can download the pre-configured VIA application. The organization will need a VIA user license for each user for this function.
100
How should you setup the SSID for a RAP?
A user associating to an SSID in the corporate network would find the same SSID, encryption type and access rights on a RAP as they would on a CAP. Therefore, associating to the RAP is the same experience as associating to a CAP. Since all user association, authentication and access rights are the same, troubleshooting a user is the same process for a RAP as it is for a CAP.
101
How do RAPs reach the MC over the internet?
The RAP will use L2TP/Ipsec, The RAP will contact the Activate server and get directed to the MC.
102
What is Aruba Activate?
Aruba Activate is a cloud-based, zero-touch provisioning system. Aruba Activate provides plug-and-play capability to an Aruba Instant cluster, which allows rapid deployment of Aruba Instant clusters with minimal or no IT expertise.
103
How does a 7000 branch controller find the centralised MM?
First, connect the 7000 series to an internet connection and let it download its configuration from a centralized controller. The 7000 series will use DHCP or will communicate with Activate to find the corporate centralized controller. This is a simple zero touch deployment method.
104
When is IAP a good solution?
The IAP is a good solution if most of the traffic is local and some traffic is required to go to corporate via a VPN.
105
When is a branch controller a good solution?
A branch controller is used when you have a mid to large branch office. The branch MC is like any other MC and it managed by an MM. All traffic is locally encrypted decrypted and firewalled. Local traffic remain local and corporate traffic is sent down the VPN tunnel.
106
What are the three ways to use radio coverage for LPVs?
Overhead, Side Coverage and Floor
107
Give an overview of overhead coverage
In Overhead Coverage, you can place APs on a ceiling, catwalk, roof or other mounting surface directly above the users you’re serving. You should always use the integrated antenna APs for ceilings of 10m (33 feet) or less. In most indoor spaces, overhead mounting of APs is preferable because it provides overhead coverage. You should only employ an alternate coverage strategy in special cases with high ceiling heights, aesthetics, or very high density(VHD) environment.
108
Give an overview of side coverage
With Side Coverage you can mount APs to walls, beams, columns or other structural supports that exist in the space you want to cover. You’ll typically side mount of APs in indoor environments with high ceiling height or when it is not possible to mount APs on the ceiling.
109
Give an overview of floor coverage
In a Floor Coverage you can create design pico cells using APs mounted in, under or just above the floor of the coverage area. You can use floor mounted APs for APs with integrated antennas in any VHD area under 5,000 seats.
110
What are two main examples of where APs are mounted in a stadium?
In Outdoor Stadium environments APs are most commonly mounted under the stadium seats or possible in an overhead location if possible.
111
What are the number of APs per seat for overhead and under seat AP deployments?
The latest best practices for under-seat and overhead mounted APs are 1 AP per 75 seated guests under-seat or 1 AP per 125 seated guests from over-head.
112
What stadium APs suit the suites or common areas in a high density bowl?
AP-344/345 or AP 228/318
113
What stadium APs suit the outdoor areas in a high density bowl (overhead)?
374, 375 and 377
114
Key characteristics of a 375 AP?
5dBi omni antennas, integrated omnis and dual radio 11ac 4x4 MU-MIMO. The AP resembles a camera or light fixture and can be mounted with a long bracket AP-MNT-270-V1
115
Key characteristics of a 374 AP?
The AP-374 is a connectorized dual radio 11ac 4x4 MU-MIMO AP. The AP 274 is a compact size and lightweight AP. The 6x under mounted connectors reduces/removes the need for weatherproofing and the aesthetic cover reduces the visual impact of connectors/cables. The AP 274 also has multiple bracket options. | Here is an example with the long bracket AP-270-MNT-V1.
116
Key characteristics of a 377 AP?
The AP-377 is compact size with an integrated 6.3 dBi directional antenna dual radio 11ac 4x4 MU-MIMO. The size is similar to an outdoor directional antenna and therefore minimizes visual impact. You can use multiple bracket options for mounting, and the installation time is minimal.
117
Key characteristics of a 318 AP?
The AP318 has a 6 x RPSMA antenna dual radio 11ac 3x3:3SS AP. The industrial design is for harsh, weather protected environments and sealed connector interfaces to lock out dust and moisture. Most large public venues require APs to be in an enclosure to eliminate vandalism and offer physical security for the AP.
118
what is the RF design strategy for LPVs?
Divide the bowl into three or four coverage tiers and use AP-377 or indoor APs and antennas. -Avoid indoor, AP228 is industrialized for these environments where smoke, heat and powerwashing are commonplace.
119
How do you provide up and out coverage for an LPV bowl?
You should align the APs to seating sections to provide coverage up and out of the bowl. Suites and concourses generally use indoor APs due to the environment. Omni’s are “OK” if shadowed to bowl 1AP/Suite with concrete walls, 1AP/2 Suites if drywall. Other plaza or perimeter locations can use outdoor APs
120
How do you provide out and up coverage for an LPV bowl?
To provide out and up RF coverage out of the bowl, you can utilize underseat mounts to create a picocell serving the users in the seating area of the bowl. Underseat AP mounts need to be weatherproof and out of sight to make as aesthetically pleasing as possible. More of a construction issue. . Installation of this kind is more a construction concern.
121
how do you provide coverage to users at ceoncessions or offices?
You may need to mount concourse APs overhead to provide coverage to users at the concessions or offices of the stadium.
122
What controller would you use for a large stadium with over 40,000 devices?
Large stadiums with over 40,000 users, need to utilize a 7280 controller. Medium size LPVs require either a 7210, 7220 or 7240XM controller to handle the AP traffic. While a 7205 controller can serve small arenas with less than 10,000 users.
123
What core switch would you use for small arenas and medium-small venues, with about 20,000 devices?
For small arenas and medium-small venues, with about 20,000 devices, you can deploy Aruba 3810M or Aruba 5400R switches. Either switch series is suitable for the access layer. Both support Smart Rate Multi-Gig ports, which can deliver up to 1/2.5/5GbE on CAT5e or better cables. These switches also provide PoE+ for the APs. They run ArubaOS software and integrate with the same AirWave and ClearPass solutions as the wireless devices.
124
what are the key things to considering when designing a core for a large stadium deployment?
Since device density characterizes stadiums and other such venues, the key criteria to consider for the core switches are the sizes of their MAC address and ARP tables. The 3810M and 5400R switches support up to 25,000 entries in their ARP tables, which acts as a limiting factor on the venue size.
125
Why is important for core switch tables to be large enough to to provide an entry for every device’s MAC address and IP address?
The core switches act as default gateways for all of the wireless devices
126
What is a good core switch for a medium size network?
The 5400R scales to a greater number of 10GbE and 40GbE links, as well as higher throughput, which can make it the better choice for the core of a medium size network.
127
What is a good core switch for a medium to large size network?
Aruba recommends the Aruba 8400 Series as the core switches for medium-large to very large venues. The 8400 MAC address table and ARP table each support up to 128,000 entries. The Aruba 8400 provides carrier class reliability and a high density of high-speed connections from 10GbE to 25GbE, 40GbE, and 100 GbE.
128
Explain the key differentiator of OS-CX?
run ArubaOS-CX, an open, Linux-based software platform that is programmable through RESTful APIs. Companies can use these APIs to support cloud management and automation. The software’s Network Analysis Engine enables customers to tightly integrate the switches with their policy management tools. They can load python scripts that monitor and analyze current traffic conditions and even take steps to deal with issues.
129
What prioritization requirements should be taken into account in a hospital design?
You must give priority to critical apps in the network. For example, traffic from wireless patient care monitors can get priority treatment over guest Wi-Fi traffic.
130
What could limit bandwidth in a hospital?
Legacy devices make hospitals unique as older Wi-Fi clients must coexist with the latest 802.11ac devices. The slower devices have slower transmit rates and limit the bandwidth for all users.
131
Why is roaming important for a hospital?
Doctors and nurses are constantly on the move with their mobile devices, going to patient rooms, nurse stations, and between floors. Roaming and not losing connectivity is of paramount necessity.
132
Why is WiFi so vunerable to interference?
Wi-Fi uses the unlicensed radio spectrum, making it vulnerable to interference from Bluetooth devices, microwave ovens and other 2.4- and 5-GHz devices. Hospitals have X-ray rooms, accelerator rooms and MRI rooms which are very well shielded but do emit strong signals. Even certain building materials within a hospital or clinic can interfere with RF signals.
133
What is a critical aspect of a hospital from a operational stand point?
Hospitals never shut down, they are operational 24/7. The staff depend 100% on a high availability of the network. Hospitals also deal in personal information and by law they must protect this information
134
Where must you place dedicated APs in a hospital?
Hospitals present challenges for the RF design because they have unique obstructions. Several types of rooms have shielding through which Wi-Fi signals cannot penetrate, so you must deploy a dedicated AP within the room. These rooms include X-ray rooms and MRI control rooms. APs cannot be deployed in MRI rooms themselves or accelerator rooms. These rooms will generally require wired connectivity instead.
135
Where might you have to deploy mesh in a hospital environment?
Many hospitals have infection-control rooms that are physically sealed. Or they might have older construction with asbestos, which cannot be disturbed. In cases such as these, creating any opening to run new cables requires strict change control procedures. Therefore, if the current cabling does not meet your requirements, you might need to deploy Mesh APs in these rooms.
136
What should you watch out for when conducting a hospital site survey?
When you conduct the site survey, look out for equipment that outputs electromagnetic (EM) radiation. Avoid mounting APs next to this equipment. Even when the radiation is outside the AP’s frequency, the very high strength of the radiation can cause the AP issues in interpreting incoming signals.
137
Should a hospital be concerned that Aruba wireless signals may interfere with medical devices?
Aruba’s entire equipment range is certified by Declaration of Conformity (DoC). These certifications attest that Aruba products operate in a medical environment in an electromagnetically-compatible manner.
138
What hospital devices may require high bandwidth?
Hospitals also feature equipment that require very high bandwidth connections such as ultrasound, MRI, X-ray and other medical imaging devices. The devices on which medical personnel receive these images are typically wired due to the very high bandwidth demands. The typical ultrasound is about 500 MB, but the typical MRI is between 20 to 50 GB, which would take nearly three minutes (160 seconds) to transmit over a 1Gbps link. If the devices transmitting the MRIs are capable of 10GbE, 10GbE to the edge would be appropriate. But often they are not, in which case, you must look at the number of devices that connect to the same switch and send MRIs concurrently and make sure to minimize the oversubscription on the switch’s uplinks to prevent further delays.
139
What issue do hospitals have with legacy clients?
Legacy devices also make hospitals unique. The typical enterprise refreshes their endpoints every couple of years, but a hospital has many specialized and very expensive devices, leading to a much slower refresh rate. Some of these devices are wired while others are wireless. You should be aware of both types of devices, but the legacy wireless devices pose more issues for the design. Older Wi-Fi clients must coexist with the latest 802.11ac devices. The older devices have slower transmit rates and limit the bandwidth for all users.
140
what are common use cases for IoT in hospitals?
Common use cases for IoT for healthcare organizations include asset management and tracking, IP-enabled medical devices, patient monitoring systems, and smart building controls such as for lighting and HVAC.
141
what considerations need to be made for IoT?
"Some wireless IoT devices, such as sensors, create their own network to an IoT gateway (sometimes called a bridge or controller). That gateway then connects to the IP network, either on a wired or wireless connection. In other cases, wireless IoT devices connect directly to an enterprise AP with 802.11. It is important that you understand which approach the customer’s IoT devices use. If the former, you only need to consider the gateway when planning connections, not every device. However, you also need to consider the network established by the IoT devices. Often they use the 2.4GHz frequency, so, even if they operate at low power, they add to the noise floor on the 2.4GHz channels.
Another important consideration is whether mobile IoT devices need to be tracked by location. An AP design for location tracking can differ from a design for providing connectivity. The tracked devices must have a signal from at least three APs in order to triangulate the devices’ locations.
"
142
What information do you need to gather for IoT devices?
"Gather information about the devices’ security capabilities. Ideally they are WPA2-Enterprise capable and able to comply with the company’s security policies. If not, you will need to plan extra measures to close vulnerabilities. Also make sure that you understand what functions each IoT device fulfills and what the implications are if the device loses connectivity. Are the device’s functions mission or life critical? If the device loses connection, can the device continue to function without connectivity? What if the solution loses some data? Will the device fail entirely? The more critical the device and the greater the impact of the device losing connectivity, the more layers of availability you need to design.
__
For example, you should make sure that each IoT device is in range of multiple APs. Connect the APs on multiple links to different switches, and provide the switches with redundant power supplies.
"
143
What special security challenges does IoT introduce?
IoT devices also pose special challenges for security and may not comply with a company’s Infosec security policies (Infosec is a framework for defining policies to ensure the confidentiality, integrity, and availability of IT systems and data). Often IoT device designers have little experience with network security, so the devices have easy-to-guess default credentials or expose too much information. They may be vulnerable to infiltration and exploit. Extra measures that customers can take to close IoT device vulnerabilities include passing all IoT device traffic through an MC firewall using tunneled node and installing Aruba IntroSpect.
144
What are the different personal data acts in the US, Canada, EU and Japan regions?
US: Privacy Act and in Healthcare its the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
EU: General Data Protection Regulation (GDPR)
Japan: Act of the Protection of Personal Information (APPI)
145
What is the ISO/IEC 27002 ?
ISO/IEC 27002 is an international standard with best practices for information security management, including healthcare institutions. The standard provides guidelines, but is not legally binding. However, many countries and regions have enacted regulations that impose certain legal requirements on organizations. While the regulations differ from region to region, they generally define users’ personal information and require organizations that collect and store this information to protect that data from misuse and exposure.
146
What does GDPR define as personal information?
GDPR defines personal information as “anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.“
147
what can you do in an Aruba installation to protect data?
You should recommend physical security for switches with locked closets or enclosures, as well as physical security for APs as much as possible. The Aruba solution should use CPSec to encrypt management traffic between the MCs. You should make sure that Telnet and HTTP are disabled, and that you only use SSH or HTTPS, which offer encryption, to access devices’ management interfaces. Many Aruba devices allow local manager accounts, but it is best practice to have the managers authenticate to a RADIUS or TACACS+ server such as ClearPass and a backend LDAP server. Doing so helps keep manager credentials secure. Every manager has his or her own credentials, which you can rotate and revoke, if necessary.
148
How should you encrypt wireless data?
Data transmitted on the network should be protected from eavesdropping. Due to the open nature of wireless networks, the data must be encrypted. Aruba recommends AES, supported by WPA2-Enterprise, for your encryption standard. WPA2-Enterprise also enforces authentication to ensure that unauthorized users cannot access the network. Your customers might be aware of and concerned about the KRACK vulnerability for WPA2. As of the publication of this course, WPA2-Enterprise is still the strongest form of native encryption for wireless networks and it is still recommended for compliance with HIPAA, PCI, and other such regulations. The best protections against KRACK are patches to the wireless clients to prevent the clients from accepting replayed keys. Many vendors have issued such patches, so customers should make sure that their devices patches are up-to-date.
