market opportunity analysis of wireless lan-syed yacoob-0411

8/3/2019 Market Opportunity Analysis of Wireless LAN-Syed Yacoob-0411

1/64

MARKET OPPORTUNITY ANALYSIS OF

WIRELESS LAN

A DISSERTATON SUBMITTED IN PARTICAL FULFILMENT OFTHE REQUIREMENTS FOR THE AWARD OF MBA DEGREE OFBANGALORE UNIVERSITY

BY

Mr. Syed Yacoob

Under the guidance and supervision

Of

Mrs. NANDINI VAIDYANATHANM P Birla Institute of Management

Bangalore

M P BIRLA INSTITUTE OF MANAGEMENT(Associate Bharatiya Vidya Bhavan)

BANGALORE

2006


2/64

DECLARATION

I hereby declare that this dissertation entitled "Market Opportunity

Analysis of Wireless LAN, is the result of my own research work

carried out under the guidance and supervision of Mrs. Nandini

Vaidhyanathan, MPBIM Bangalore .

I also declare that this dissertation has not been submitted earlier to

any Institute/Organization for the award of any degree or diploma

Place: Bangalore

Date: (Mr. Syed Yacoob)


3/64

CERTIFICATE

I hereby certify that this dissertation entitled "Market

Opportunity Analysis of Wireless LAN, is the result of research

work carried out by Mr. Syed Yacoob under the guidance of

Prof. Nandini Vaidyanathan, M P Birla Institute of Management,

Bangalore.

Place: Bangalore

Date: (Dr N S Malavalli)

Principal


4/64

CERTIFICATE

I hereby certify that this dissertation entitled Market

Opportunity Analysis of Wireless LAN, is an offshoot of the

research work carried out by Mr. Syed Yacoob under my

guidance and supervision.

Place: Bangalore

Date: (Prof. Nandini Vaidyanathan)


5/64

ACKNOWLEDGMENT

I would like to express my sincere gratitude to my research guide

Prof. Nandini Vaidyanathan, M. P. Birla Institute of Management,

Bangalore for her constant encouragement and guidance in the course of the

research investigation.

Further, I would also like to Dr N S Malavalli for providing all the

necessary assistance in carrying out the project. I have gained a lot of

knowledge throughout the course of carrying out this project.

I would also like to thank Mr. Shiv Kumar, Transition System for their

cooperation and help they have provided for completion of the.

I would also like to sincerely thank the promoters of Vi TeleTechZone for

giving me an excellent opportunity to work for a new venture and who have

valued my findings and suggestions.

Syed Yacoob


6/64

CONTENTS

CHAPTER TITLE

CHAPTER 1 EXECUTIVE SUMMARY

CHAPTER 2 INTRODUCTION

BACKGROUND OF THE STUDY

About ViTeleTechZone

WLAN Overview, Standards and Organizations

Wireless Security (Overview)

MARKET RESEARCH: AN ESSENTIAL BUSINESSTOOL

PROBLEM STATEMENT

OBJECTIVES OF THE RESEARCH

NEED AND IMPORTANCE OF THE STUDY

CHAPTER 3 RESEARCH METHODOLOGY

RESEARCH DESIGN

SAMPLING TECHNIQUE

SAMPLING PROCEDURE

SAMPLE SIZE

SDAMPLE DISCRIPTION

RESEARCH INSTRUMENTS

ACTUAL COLLECTION OF DATA

CHAPTER 4 PRODUCT PROFILE

CHAPTER 5 DATA ANALYSIS AND INTERPRETATION

CHAPTER 6 FINDINGS AND RECOMMENDATIONS

CHAPTER 7 CONCLUSION

CHAPTER 8 ANNEXURE

BIBLIOGRAPHY

QUESTIONNAIRE

DIRESTIONS FOR FURTHER RESEARCH


7/64

Executive Summary

The Wireless LAN (WLAN) industry is the fastest growing networking market,

only overcome by limitations to secure it. There has been a widespread adoption of

wireless networks in the SOHO user market. Wireless LAN technology is recognized,

accepted and adopted by many organizations worldwide. Many companies and

government entities are realizing the competitive advantage of deploying wireless

technology in the workplace. Wireless technologies are continually evolving and

providing advancements in speed, bandwidth, and security. However, large enterprises

have been reluctant to deploy wireless networks due to perceived limitations in wireless

security and the risks it poses to the organization.

Simply, WLANs are a disruptive technology that has many challenges with

securing its networks. Today, the WLAN industry can be categorized as overheated,

where technology adoption is being driven by an impatient user base demanding more

features, and an all out effort by vendors to address known wireless security

vulnerabilities. There is a high priority in the industry, especially with the federal

government, to push the technology to a point where the risk of compromise is

minimized.

The intent of this project is to address the security issues surrounding wirelessnetworks in an enterprise environment and analyse the market opportunities. The

fundamental question plaguing the industry today is if wireless networks can be deployed

securely. There is a mindset prevailing that wireless networks are inherently insecure.

Can this be actually true, a fact or fabrication? What known security holes limit

enterprise deployments of a WLAN and can they be fixed? This project will shed light

on these questions and detail how wireless networks are secured and point out their

limitations. Additionally, this paper will explore current and future initiatives to secure

wireless networks in a large enterprise environment, and provide a roadmap where

wireless security is headed in the future.


8/64

Background of the Study

About ViTeleTechZone

ViTeleTechZone is a leading provider of VoIP solutions bringing in a sea-change in the

way customers-providers define the Next Generation Telecom Technology Deployment.

We provide VoIP Products, Services, Support, Software, Testing, Training and

Knowledge Engineering.

The main side of this ambitious venture will be sourcing and selling of Telecom

Products At Low-cost (PAL) to Low-price Affording Prospects (LAP) and provide

implementation / post implementation support. The Idea is to set up "ZONES" at all

locations where the need for these services arises and to use the same for dual advantage.

On the other side, the model is to create a "ZONE" where Small and Medium Business

Units can come in to hire the expertise for outsourcing and get their jobs in distant

"wonder lands" like India, China(Dalian) or any other cost-advantageous destination. It

is a shared resource deployment formula

Services

To emerge as one-stop zone for virtual convergence using VoIP Solutions, we bring in a

wide variety of customer-centric products and services like

IP PBX and its accessories like IP phones, WiFi phones, headsets, call-centre workflow

solutions, Software Voice Loggers.

WLAN Switch, Access Points, WiFi and WiMax equipment to enable the foray into

wireless security inclusive of roaming and high QoS.

Gateways to handle the movement of traffic from Analog to Digital and vice-versa across

simple and complex requirements.


9/64

Switches to enable large scale migration of TDM to IP in developing environments.

Low cost, small, more efficient BTS (Base Terminal Stations) to proliferate the use in

places far and away.

Advance Technology products in telecom and technology domain to increase the end-

user experience.

Customers

We are committed to meeting and exceeding the expectations of our esteemed customers

through our unremitting dedication to every aspect of service thru our range of Products

and Services in the VoIP Space.

Employees

We are committed to the growth, development and welfare of our employees upon whom

we rely to make this happen as we firmly believe in Employees are the main asset of our

organization.

Value for money

Together, we shall build Vi TeleTechZone as a Global VoIP Zone Telecom

Technologies Deployment organization, a one-stop virtual convergence company,

striving for unsurpassed excellence in high-potential locations across the globe

Shareholders

As a result, we will create extraordinary value for our stakeholders ensuring that as we

grow they grow to reach the highest heights to and help us in globalization of Vi

TeleTechZone as a great Virtual Convergence company.


10/64

Vision

We see an organization which aims at leadership in the Telecom Technologies

Deployment by understanding its customers and designing and delivering products and

services which enable it to exceed their expectations. We will always demonstrate care

for our customers through anticipation of their needs, attention to detail, distinctive

excellence, warmth and concern.

We see a lean, responsive organization where decision making is encouraged at each

level and which accepts change. It is committed and responsive to its guests and other

stakeholders.

We see a multi-skilled workforce, which consists of team players who have pride of

ownership, translating organizational vision into reality.

We see an organization where people are nurtured through permanent learning and skill

improvement, and are respected, heard and encouraged to do their best.

We see a more multinational workforce which has been exposed to different cultures,

problems and situations and can use its experiences to enrich the local employees across

the globe.

We see the world dotted with hotels of The Oberoi Group, in strategic commercial and

resort locations.

We see user-friendly technology enhancing value for our customers and helping our

personnel by making information more accessible.

We see an organization which is conscious of its role in the community, supporting socialneeds and ensuring employment from within the local community.

We see an organization which is committed to the environment, using natural products

and recycling items, thus ensuring proper use of diminishing natural resources.


11/64

Interoperability - Technology leadership - Reasonable solutions

Snom Technology AG was founded in 1996 and provides products in the area of Voice-

over-IP, primarily on the basis of the open standards SIP. They stand out due to their high

security standards and a multitude of functions that make everyday communication in the

business area considerably easier.

BroVis Wireless Networks was founded in 2003 with the vision of providing Broadband

Services for the masses globally using cost-effective, standards based wireless

technology. To fulfill its mission, BroVis Wireless Networks has developed technology

that substantially enhances the capabilities of current 802.11 standards based wireless

technology to enable mass adoption of complete wireless solutions for outdoor last mileaccess, MAN deployments, campus wireless distribution, specialized indoor wireless

networks and indoor-outdoor integration in challenging and rough terrains where Line of

Sight is not available. BroVis Wireless Networks has already started development efforts

on the 802.16 standard platform to address co-existence and convergence of 802.11 and

802.16 networks.

BroVis' breakthrough TrueEXOR (True Extended Outdoor Range) technology greatly

increases the range, speed, link reliability, security and ease-of-use. Using TrueEXOR

technology and a comprehensive infrastructure management platform- WIOS (Wireless

Infrastructure Operating System), BroVis has developed BroadCell and Radio-Zone

solutions to address the various market segments and application needs.


12/64

BroVis Wireless Networks provides:

P-MP and P-P Multi-sector Base-station Concentrators with integrated network

functionality

Multi-User and Single-User Subscriber Units (CPEs)

Extended Range Indoor Access products

Various Antenna Options

Infrastructure Management Software

BroVis' engineering and management team includes Broadband industry's successful and

pioneering technology entrepreneurs from Lucent, Ascend Communications, Qualcomm,

Cisco Systems, Corona Networks, HP, Sun Micro Systems, Intel and Centillium

Communications. The company's corporate offices are located in Cupertino, California,

USA, with its development headquarters in Chennai, India and regional offices in

Bangalore and Mumbai, India.

A fast growing enterprise wireless and security company

At the intersection of two of the hottest technology markets on the planet - wireless and

security - Aruba is a fast-growing, privately-held network infrastructure company

founded in February 2002. We pioneered the concept of centralized wireless LANs and

are credited with introducing the first modular WLAN switching system . We build high-

performance mobility and security systems for enterprises that allow them to seamlessly

introduce wireless, security and mobility services over their existing wired networks and

manage those services from a single point.


13/64

Build high performance wireless LAN and wired/wireless grid controller systems

Aruba is the only company that provides complete centralized security and policy

management for both wired and wireless users. We do this through a unique combination

of hardware and software. Aruba's systems integrate high performance processing

engines and couple this with state-of-the-art RF management and security software.

Combined, Aruba's WLAN switches and grid controllers provide corporations with the

ability to build scalable grids that deliver on-demand wireless, security and mobility

services.

Aruba markets and manufactures next generation enterprise-class systems that let

corporations deal effectively with new network management and security issues caused

by wireless technology and user mobility. Considered the highest performance and

feature-rich enterprise systems on the market, Aruba's WLAN switches and grid

controllers integrate a variety of functions, such as VPN termination, user-aware

firewalling, RF management, and intrusion prevention within a centralized system. This

system allows enterprises to define and enforce network policy for both wired and

wireless users from a single point. Aruba's products include modular and stackable

wireless LAN switching systems , 802.11a/b/g access points , grid controllers and

wired/wireless grid points .

AudioCodes Ltd. enables the new voice infrastructure by providing innovative, reliable

and cost-effective Voice over Packet technology and Voice Network products to OEMs,

network equipment providers and system integrators. AudioCodes provides its customersand partners with a diverse range of flexible, comprehensive media gateway, server and

processing technologies, based on VoIPerfect - AudioCodes' underlying, best-of-

breed, core media gateway architecture. The company is a market leader in voice

compression technology and is a key originator of the ITU G.723.1 standard for the

emerging Voice over IP market. AudioCodes voice network products feature media


14/64

gateway and media server platforms, which function as core gateways or CPE voice

gateways for packet-based applications in the wireline, wireless, broadband access, and

enhanced voice services markets. AudioCodes enabling technology products include

VoIP, CTI and call logging communication boards, VoIP media gateway processors and

modules.

Partnering with AudioCodes enables OEMs, Network Equipment Providers, Systems

Integrators and Enterprises to build cutting-edge solutions based on AudioCodes' reliable,

flexible, and comprehensive technology offerings - all under one roof.

The company's shares are traded on NASDAQ (symbol: AUDC ) and the Tel Aviv Stock

Exchange. AudioCodes' headquarters and R&D facilities are located in Lod, Israel, with

U.S. headquarters in San Jose, California. Additional offices are in Boston (MA),

Chicago (IL), Research Triangle Park (NC), Somerset (NJ) Beijing, Tokyo, Paris and

London.

Sloka makes broadband wireless networks simple- it combines both Wimax and 3G

UMTS FDD into the same network elements, thus enabling carriers and operators to rollout networks for both technologies at the same time, thus saving CapEx. Sloka manages

both the networks using the same network management systems thus saving OpEx.

These solutions allows a 3G operator to leverage existing infrastructure network

interfaces, towers, real estate, billing software, management software, databases,

subscriber information, etc, to roll out Wimax faster, cheaper and better!

Sloka Telecom Inc was formed in late 2004 as a provider of broadband wireless solutionsto address the new needs and requirements of 3G operators and network equipment

vendors. Migrating from older 2G/2.5G networks to newer 3G networks, coupled with

competition from Wimax poses new challenged and offers new opportunities.


15/64

Formed by experienced technocrats, it staffs engineers coming from GSM, TDMA,

WCDMA technologies of telecommunication industry.

Sloka is engaged in design, development, testing and sales (direct and in-direct) of its

products. Sloka also supports support and maintenance activities for all its products.

Sloka partners with reputed OEMs for its manufacturing.

Founded in 2002, ZyFLEX is a leading network company focusing on the last mile

access solutions and technologies. Our major products are multi-services broadbandaccess equipments that integrate the latest fiber optical broadband access technologies.

Market demands for broadband services have been rapidly increased with soaring

bandwidth demands for backbone networks, especially with the mass applications of

TCP/IP networks in enterprise intranet or business internet. Responding to such trends,

ZyFLEX has been devoting our continuous efforts in research and development to

integrate the state-of-the-art optical access technologies on our products. Furthermore, we

integrate our products with patented and most cost-effective solutions that help Telecom

service providers enable voice, data, video triple play services onto any optical access

technologies. Thus, this will drop service providers' significant costs for deployment and

equipments upgrade. It will also provide them with a smooth and seamless path to

provide new services in the future or migrate their services onto the new access

technology.

Our vision is to continue our achievements in optical broadband access industry and

become a leading company in the Global market. All our R&D members bring with them

most outstanding academic backgrounds and excellent field experiences. With the

capability to foresee the market needs and provide solutions in a timely manner, they are

our biggest assets to achieve our vision.


16/64


17/64

various fields including banking/finance, insurance, tele-marketing, telecommunications,

helpdesks, outsource call centers etc.

Everyone wants one vendor who is customer centric, can provide latest technology, offer

superior service, and all at a competitive price. If you are looking for a vendor who can

offer that kind of solution, you are at the right place. We are proud to say that it is our

business!

WLAN Overview, Standards and Organizations

WLAN technology first dates back to the mid-1980s when the Federal

Communications Commission (FCC) made the RF spectrum available to the industry. In

1990, the Institute of Electrical and Electronics Engineers (IEEE) formed a working

group (WG) to develop a wireless standard to provide wireless networking technology to

be similar to the wired Ethernet (802.3). This group focused on developing a general

standard for radio equipment and networks working at 2.4 GHz, with access time of 1

and 2 Mbps. In June 1997, the IEEE released the wireless standard describing the

operations for WLAN, known as 802.11. The 802.11 specifications is the fundamental

standard for WLAN. The new standard defined the following functions and technologies:WLAN architecture, MAC layer services such as association, re-association,

authentication and privacy, frame formats, signaling functions, and WEP algorithm.

In September 1999, the IEEE ratified 802.11b that provided the same basic

architecture, features and service as 802.11, but improved upon the standard by adding

higher data rates (5.5 and 11 Mbps) and more robust connectivity. The 802.11b standard

established operations in the unlicensed 2.4 2.5GHz frequency range using direct

sequence spread-spectrum (DSSS) technology.

In late 2001, 802.11a was ratified that improved the data rate to 54 Mbps,

operating at a licensed frequency range of 5 GHz, and using orthogonal frequency

division multiplexing (OFDM) technology to reduce interference. This was a dramatic

technology shift from 802.11b providing fast data transfers at a higher frequency range


18/64

that was not susceptible to interference from other devices. However, the 802.11a

standard sacrificed decreases in range comparable to 802.11b.

In 2003, the IEEE published 802.11g Amendment 4 that provided a higher data

rate extension in the 2.4 GHz unlicensed frequency band up to 54 Mbps (similar to

802.11a). It provided backward compatibility to 802.11b, a major advantage, by still

supporting the complimentary code key (CCK) modulation. The 802.11g provided the

best of both worlds (802.11a and 802.11b) with higher speeds, and employing OFDM

technologies (like 802.11a), but in the 2.4 GHz frequency bands where range was not

compromised (like 802.11b).

The above IEEE standards (802.11a, 802.11b, and 802.11g) serve as the major

players in the world of wireless networking. However, there are various other standard

tasks and WGs involved with promoting the overall functionality of the 802.11 protocol.

Two important standards that directly addressed security limitations in the 802.11

protocols were the IEEE 802.11i and 802.1x standards.

The IEEE 802.11i and 802.1x specifications addressed several separate initiatives

for improving WLAN security. The IEEE Task Group i (TGi) developed the 802.11i

standard, published in 2004, to provide short-term and long-term solutions for wireless

security to ensure message confidentiality and integrity. The TGi developed the Temporal

Key Integrity Protocol (TKIP) as a short-term solution, known as WiFi Protected Access

(WPA), to address problems with WEP and to support legacy systems. It is a cipher suite

that consists of three protocols: a cryptographic message integrity algorithm, a key

mixing algorithm, and an enhancement to the initialization vector (more on this later).

The long-term solution defined in 802.11i is the Counter Mode/CBC-MAC Protocol

(CCMP) based on the newly released Advanced Encryption Standard (AES). CCMP is a

highly robust algorithm solution that is not compatible with older WEP-oriented

hardware, as thus will require new hardware and protocol changes. The AES (CCMP)

protocol provides WLANs with a stronger encryption (confidentiality) capability, and

message integrity than TKIP. Also, it incorporates replay protection. The future of

WLAN deployments is moving towards CCMP as the accepted compliance standard.

The 802.1x technology was primary developed to support 802 LANs, and is

included in the 802.11i standard to provide MAC layer security enhancements. The


19/64


20/64

4. The AP passes request to the RADIUS server.

5. The AS and client exchange authentication messages for server to verify clients

identity (password). Mutual authentication also possible where client is verifying

the AS identity.

6. The AS instructs the AP via a RADIUS-ACCEPT message to let the client onto

the network if the client has satisfied the authentication criteria. If not, an

RADIUS-REJECT message is sent to the AP.

7. Upon receipt of the RADIUS-ACCEPT message, the AP transitions the client port

to an authorized state allowing the client onto the network.

Since the ratification of the initial 802.11 standard, the IEEE 802.11 WG has

made numerous revisions through various task groups to improve wireless

technologies and security.

Wireless Security (Overview)

Wireless communications offers many benefits to an organization including

portability, flexibility, increased productivity, and lower installation costs. However,

there is the security challenge with WLAN. Enterprise organizations must have the

assurance that a WLAN deployment offers minimum risk before the benefits can be fully

realized. In additional to the risks associated in wired networks, there are additional risks

inherent in wireless technology exacerbated by wireless connectivity, and some new risks

not associated with wired networks. Simply, security is the weak link to the wireless

revolution.

In the wired world, protection is provided to some extent by wires, and access is

available through a physical jack to communicate. In the wireless world, the airwaves are

open for all to listen, similar to an Ethernet port in the parking lot, creating more

challenges.

Security breaches can be very costly to an organization putting at risk their most

valuable assets, including intellectual property, proprietary business processes, customer

data, not to mention the dollar costs due to lost business and recovering from the event.

The security challenge is to incorporate basic security mechanics and mechanisms for

organizations deploying wireless networks.The goal to successfully implementing a


21/64

WLAN is to ensure all tools and techniques are used to minimize any security risks

associated from a passive or active attach.

The first step to address the complexity of securing wireless networks is by

discussing the basic security mechanics, and mechanisms available for wireless

deployments. Basic security mechanics, in the wireless world, entails the general

capabilities of confidentiality, integrity, availability, authentication, authorization, and

access control. Mechanisms provide the means through technologies, protocols, and

implementations to achieve the basic security mechanics. Some important key

mechanisms to deploy in a wireless network include encryption protocols, digital

signatures, and key management. Security, for all practical purposes, is the combination

of processes, procedures, and systems used to achieve the basic security mechanics.

Table IV describes the basic security mechanics and mechanisms for wireless

deployments.

Confidentiality

The goal of confidentiality is to protect information during its transmission from

unauthorized entities. Encryption is the key mechanism to achieve confidentiality.

Simply, encryption is the means to encode data using cryptography to achieve privacy of

in-transit data, and meaningless to unauthorized recipients. By converting data into a

form that cannot be easily understood, encryption attempts to prevent eavesdropping

from anyone who is not authorized to read it. In the wireless world, the goal is to prevent

eavesdroppers from capturing packets and analyzing them later. Therefore, the algorithm

must be able to achieve confidentiality for a certain length of time.

The process to encrypt data is through use of an algorithm, or key. There are two

key paradigms used to encrypt data: symmetric key and asymmetric key algorithms. In

the wireless world, the preferred method for data confidentiality is symmetric key

algorithms. It uses a common key and the same cryptographic algorithm to both encrypt

and decrypt data. Symmetric key algorithm uses one of two different methods to encrypt

and decrypt data: block ciphers and stream ciphers. Early WLAN deployments used the

block cipher method. Generally, block cipher methods are more suitable for software-

based encryption. The newer symmetric key algorithms employ a stream cipher method.


22/64

Stream ciphers are more efficient for hardware-based encryption. In addition, stream

ciphers are considered more inherently secure than block ciphers. Whereas, block ciphers

transform identical message blocks into identical cipher-text blocks when using a fixed

key, allowing for an unauthorized entities to delete, insert or replay of cipher-text, and

conduct cipher-text searching for matches. Stream ciphers employ a memory function

that encrypts a stream of data (usually a character or byte of data) under a time varying

function of the key that prevents deletion, insertion or replay of cipher-text, and cipher-

text searching.

Asymmetric encryption uses a pair of keys to encrypt and decrypt data: a public

key and a private key. It can use the same algorithm or a different but complimentary

algorithm to scramble or unscramble data. What one key encrypts, only the other key can

decrypt. Thus, if plain text is encrypted using the public key, than the private key must be

used to decrypt the cipher-text (and vice versa). Asymmetric encryption is rarely used

for data confidentiality. The algorithm is typically used in applications involving sender

authentication using digital signatures and key management, and the exchange of session

symmetric keys.

Integrity

Integrity provides the means to detect if data has been tampered with in any way.

Deploying strong integrity mechanisms are aimed at providing confidence that the data

coming into or exiting the network is trustworthy. A digital signature is the preferred

mechanism to achieve integrity. Simply, a digital signature is an encrypted message

digest or hash that is appended to a document. A digital signature uses a public key

encryption algorithm to confirm the identity of the sender and encrypt the hash of a

message, and a one-way secure hash function algorithm to ensure the integrity of the

document.

Authentication

Authentication is the capability to validate the identities of a user, service or

device based on predefined criteria. Due to the broadcast nature of WLANs, much

attention and focus has been given to authentication to prevent unauthorized access to

network resources by a user or device. Authentication is the process of determining


23/64

whether the authorized user, service or device that has tried to gain access to the network

is in fact the authorized entity. In the wireless world, the 802.11 specifications do not

consider the user, but only authenticates a wireless station or device. Authentication

systems can range from simple name-password matches to challenge-response protocols.

The 802.11 specifications define two basic authentication services: open authentication

and shared-key authentication methods. There are two other mechanisms that are

commonly used for authentication: the Service Set Identifier (SSID), and the Media

Access Control (MAC) address.

Open Authentication and Vulnerabilities

Open authentication method does not employ cryptographic validation. It is a nullauthentication algorithm, meaning the AP will grant any request for authentication by a

device. A wireless station can access the wireless network without any identity

verification. If a wireless client (station) can find and communicate with an Access Point

(AP), it will be allowed to join the wireless network. The only security mechanism

employed for open authentication is the SSID of the AP. If WEP encryption is not

employed, a device only needs to know the SSID of the AP to gain access to the network.

If WEP encryption is enabled on the AP, the device will not be able to transmit or receive

data from the AP without a correct WEP key. In 1997, 802.11 specified authentication to

be connectivity-oriented, and allow devices quick access to wireless networks. Open

authentication provides simplicity and ease with connecting to a wireless network, and is

recommended for a public WLAN.

There is no way an AP can determine whether a wireless client is valid or not by

employing open authentication. This can provide considerable security risk if open

authentication is deployed without WEP encryption implemented. However, WEP has

been compromised and is no longer a viable WLAN security solution. WEP

vulnerabilities will be discussed in more detail later.

Shared Key Authentication and Vulnerabilities

Shared key authentication use to be considered one of the more secure methods of

authentication in a WLAN environment. It uses a cryptographic technique for


24/64

authentication, and is based on a challenge-response protocol. The shared key

authentication requires a static WEP key to be configured by a wireless client. The AP

sends a random challenge in plaintext to a wireless client. If the wireless client has

knowledge of the shared key, it will encrypt the challenge and sent the result back to the

AP. The AP will allow access only if the decrypted value (the result computed by the

wireless client) is the same as the random challenge transmitted by the AP.

There are several fundamental problems with shared-key authentication. First, it

does not provide for mutual authentication, but merely establishes proof that both parties

(AP and wireless client) share the same secret. Secondly, the shared-key authentication

method depends on the WEP infrastructure that has been deemed insecure for a variety of

reasons. Third, the challenge-response process explained above is vulnerable to a man-

in-the-middle attack. An eavesdropper can capture both the plain-text challenge text and

the cipher-text response by just sniffing with a protocol analyzer, and determine the key

stream (Figure 2).

Figure 2Known Plaintext Attack


25/64

MAC Address Authentication and Vulnerabilities

The APs policy can also base its access on the clients MAC address, where the

authenticating MAC address is matched to the APs table of valid MAC addresses. MAC

address filtering is not specified in the 802.11 specifications. However, many vendors

support this method of authentication. MAC address filtering provide another layer of

security to limit unauthorized devices from accessing an network, and augments the open

and shared key authentications provided by 802.11 specifications.

Availability

It requires that a WLAN be available to authorized users when needed. It is the

capability to receive and send data without disruption of services. DoS attacks are a threat

to network availability. Organizations must deploy defense mechanisms to detect and

guard against various forms of DoS attacks to ensure availability is achieved.

Access Control

Access control is the capability to ensure users see only the information for which

they are authorized. Entities (usernames, MAC/IP addresses, etc.) use credentials such as

passwords, and shared keys to establish the identity, that is authenticated by AAA

systems (RADIUS, LDAP, etc). It uses 802.1x authentication protocols or similar (EAP,LEAP, PEAP, etc.) to exchange credentials and establish challenge/response handshakes.

Once authenticated, an AAA system provides the authorization and controls the

access to what network resources are allowed by a user. Access control security

mechanisms are based on authentication, and having knowledge of WEP keys before

access and privileges are granted.

Encryption/Decryption

Encryption is the mechanism to achieve confidentiality. It is the capability to transform

plaintext into meaningless bytes, known as Cipher text, based on three primary 802.11

algorithms: WEP, TKIP and AES (CCMP). Decryption is the reverse process. It is the capability

to transform meaningless bytes (Cipher text) back to meaningful data (or plain text). Simply,

encryption techniques provide three main goals in a WLAN: confidentiality, message integrity,

and supports authentication, authorization and access control process. See discussions


26/64

above for confidentiality, message integrity and access control. A detailed discussion of

WEP, TKIP, and AES (CCMP) encryption algorithm are found later in this paper.

Key Management

Key management is the process of distributing keys to support encryption,

decryption, and mutual authentication. It is the process of generating, storing,

distributing, and providing the overall protection of keys. A key is digital code. Primarily

used to encrypt, decrypt and sign information. Keys length and the strength of a key are

two important topics related to key management. Key strength is the capability to

withstand the digital code from being deciphered, and is usually measured by the time,

effort and resources required to break the key. Key length is the number of bits in the

key. The longer the key length, the more difficult it becomes to break a key with brute-force. However, there must be a balance between key cost and the worth of the

information that the key is protecting. Longer key lengths require more overhead and

bandwidth, and are more computationally expensive to encrypt and decrypt. There are

two types of keys: public keys, and shared or secret keys. With public keys, there known

by everyone. With shared (or secret keys), it is known only by the recipient of the

message. (See symmetric and asymmetric key operations above for a discussion on

keys). With WEP, keys were distributed manually, and unique only to the network. A

WEP key was vulnerable to unauthorized access. A compromised key provides the most

direct means of unauthorized access. With the IEEE 802.11i standard (WPA/WPA2

protocols), keys are distributed dynamically (automated), and are unique to a packet,

session and user.

Advantages WLAN

A wireless LAN has some specific advantages over wired LAN

Access to the network can be from anywhere within range of an access point,

giving users the freedom to use ICT where and when it is needed.

It is typically easier and quicker to add or move devices on the network (once in

place, a wired LAN can be difficult to move and expensive to change.) Increasing


27/64

the overall network coverage of the wireless LAN can often be achieved by

adding further access points.

Small dynamic ad hoc networks can be created very quickly and relatively

easily.

It is typically easier and quicker to provide connectivity to the network in areas

where it is difficult or undesirable to lay cable or drill through walls. Instances

might be:-

where a school is located on more than one site or is made up of

several buildings.

when implementation is anticipated to be temporary or semi-

permanent

when only one device is required at a remote part of a building or

site

in historic buildings where traditional cabling would be difficult

to install or inappropriate

Where wireless enabled laptop computers are used, any classroom in range of an

access point can become a computer suite, potentially increasing the use of ICT

across the curriculum.

While the initial investment required for wireless LAN hardware can be similar

to the cost of wired LAN hardware, installation expenses can be significantly

lower

Wireless provides increased flexibility. A user with a wireless enabled laptop

can access the wireless network and carryout his work, share resources, obtain

information from the internet from anywhere within range of an AP, without

being tied to a wired PC. This flexibility is further enhanced when combined with

a wireless projector.

Portability. They allow computer devices to move around the premise of the

facility.


28/64

Disadvantages of Wireless LAN

As the number of devices using the network increases, the data transfer rate to

each device will decrease accordingly.

The current data rates of wireless networks means that high bandwidth activities

are better done on wired networks

As wireless standards change, it may be necessary, or at least desirable, to

upgrade to higher specifications of wireless which could mean replacing wireless

equipment (wireless NICs, access points etc). Currently, wireless standards are

changing more quickly than wired standards.

Security is more difficult to guarantee.

Devices will only operate at a limited distance from an access point, with the

distance largely determined by the standard used. Obstacles between the access

point and the user, like walls, glass, water, trees and leaves can also determine the

distance of operation. Poor signal reception has been experienced around

reinforced concrete school buildings; these may require higher numbers of access

points which in turn increases overall cost.

In practice, a wireless LAN on its own is not a complete solution and wi ll still

require a wired LAN to be in place to provide a network backbone.

Data speeds drop as the user moves further away from the access point

It is easier to make a wired networkfuture proof for future requirements

As the number of people using wireless devices increases, there is the risk that

certain radio frequencies used for wireless will become congested and prone to

interference; particularly the 2.4GHz.frequency.


29/64

MARKET RESEARCH: AN ESSENTIAL BUSINESS TOOL

Market research is vital for businesses, whether they are looking to exploit a new

commercial opportunity or grow their existing customer base. From discovering a gap in

the market to ensuring customer satisfaction and planning effective marketing campaigns,research can provide the market intelligence needed to encourage success, enhance

competitiveness and maximize profits.

What is market research? Put simply, market research is the collection and analysis of

information about markets, organizations and people to support better business decisions.

In todays competitive business environment, the more knowledge a business has about

its customers, the more likely it is to succeed.

Market research works because, by talking to a relatively small number of people, it is

possible to find out about a far larger number. However, it only works if the people who

are interviewed (the sample) are a representative subgroup of the total group of interest

(the universe). The universe

might be, for example, the population as a whole, parents, car drivers, finance directors,

IT managers or supermarket buyers.

Provided a representative sample is identified and, critically, the right questions are

asked, market research can deliver significant profit from knowledge. When planning a

sales initiative or

programme, it can provide vital intelligence on specific targets, their attitudes and buying

patterns.

In addition, it can minimize potential risk and avoid wasting both time and money.

More specifically, businesses can use market research in the following ways:

A key benefit of market research is to help businesses better understand their

customers. Through usage and attitude studies, organizations are able to assess

a range of intangibles

Such as the level of contentment among customers or individual preferences

thereby helping to secure customer loyalty. As a result, businesses can more

effectively target resources at particular groups or better understand their

purchasing patterns.


30/64

In addition, market research can help in the development of new products and

services. Product development research is widespread and enables businesses to

identify the most lucrative areas for a new product or service. It can also help to

determine the most appropriate and profitable launch programme, as well as

ongoing activity to support the sales effort such as advertising, marketing,

promotions and PR.

Internally, market research can be used to learn about and monitor satisfaction

and morale amongst the team. It can help to improve internal communications,

identify areas of dissatisfaction and highlight internal activities and initiatives

which could help to boost individual and team performance.

Effective market research can also help businesses to gain an understanding of the

competition. By embarking on competitor analysis, usually based on desk

research, organizations are able to examine the strengths and weaknesses of their

main rivals and emerging, smaller competitors. As a result they can learn from

other mistakes - or successes- and target new markets or business opportunities.

As in most areas of business, the agencies which undertake market research vary in terms

of size, area of specialization and location

STATEMENT OF PROBLEM

Problem statement

Development of an effective business strategy demands information regarding customers,

their behavior, the dynamics of their purchase attitude towards the product etc. Therefore,

the area of study includes,

Understanding the product /technology,

Identifying and studying the domain of the product

Identifying the prospects

Analyzing their need for the product

Identifying key purchase drivers

Identifying the various target segments and opportunities


31/64

Research Objectives

1) To track customer dynamics at micro level.

2) To identify key purchase drivers.

3) To uncover target segments and opportunities

RESEARCH DESIGN:

Research design is partly explorative and descriptive. The data was collected from a

stratified sample of customers through structured questionnaire, which will be analyzed

with the appropriate tools and inferences, will be drawn accordingly.

Need and Importance of the Study

The company we are working for is a new venture and is promoted by three

colleagues who after working in various industries for more than two decades have come

together to fulfill their wish of becoming an Entrepreneur. This study will help them to

access the demand for the product called Aruba in the market so that they can frame

appropriate strategies to increase the sale and compete with the various products already

existing in the market.

This study has given us an opportunity to get in touch with the corporate world

and improve the soft skills and interact effectively.

Approach and Methodology

In order to achieve the goals of the project, my approach was to use several

methods and several sources of information and opinions. My research methodology has

been to first take a snap shot of the current market to see what companies are working on

practical applications of wireless technologies. After identifying these companies, I set up

interviews with representatives from mostly marketing, but sometimes the engineering

departments. I have also researched most written material in this field as well as attended

several trade shows and seminars.


32/64

In this section, we shall describe our secondary and primary research

methodology. In the end, we discuss the limitations of this study.

Sampling technique

Simple Random Sampling technique is used. This type of sampling avoids any

bias in choosing the sample.

Sample Size

The chosen sample size for research is 50. The sample is derived from

respondents within Bangalore city.

Sample Description

The sample is chosen at random from among a number of respondents.

Instrumentation Techniques

The questionnaire technique is used for the survey and the reasons for using this

approach are

It covers wide area (number of organizations)

It is not an expensive affair

Original data could be obtained

It is free from all bias

Easy to tabulate and understand

Primary research

In addition to relying on the already existing research, I also conducted our own

research at the grass-roots level:

Interviews

An interview can be quantitative, qualitative or a combination of them both. In a

quantitative interview are the questions predetermined and presented together with

multiple choice answers. Quantitative means that there must be measurable results, which

is why the approach and guiding of the interview must be the same for all interviews. A

qualitative interview is conducted in an investigating situation, which resembles an every

day situation and an ordinary conversation. The answers to the questions shall be

spontaneous and be a result of the interviewees own opinions.


33/64

Quantitative and qualitative are each other opposites. In a quantitative interview

the biggest work effort is put into the preparations, as opposed to the qualitative

interviews where the biggest effort is needed for the following analysis.

I have used qualitative interview methodology, where my main interview support

has been a few notes with the questions that I wanted the interview to revolve around. I

choose this approach in order to create a discussion around our topics and to get both the

opinions of the interviewee as well as the opinions of the company. I also wanted to be

able to elaborate around the topics and not just get standard answers. Since I had

questions about future scenarios its difficult to have predetermined answers.

I conducted 50 interviews with representatives from various companies, and

technology experts at universities. Most of the companies I talked to were most

forthcoming and helpful.

Secondary research

In the early phase of this project my work was focused on gathering secondary

research material in order to avoid re-inventing the wheel. Ive gathered this information

from literature, articles, industry reports and written material from the Internet. Theres a

limited amount of WLAN literature available. Therefore, the books Ive read have been

more focused on how to market and sell high-tech products in order to make them

adopted by the mass market and thus achieving a possibility to make a large profit.

Web Research

I used the World Wide Web extensively to find information about various fields

of interest.

I have continuously monitored the WebPages of IEEE and ETSI in order to stay

on top of the latest development. The Web helped us get up to speed with the differences

between various existing technologies such as IEEE 802.11b and 802.11a, Bluetooth,

HiperLAN/2 and others. I also researched the different players in the market to study

their business models.

I have gathered market research that has already been done in this field to avoid

re-writing work that has already been done.


34/64

Conclusion

After the secondary and primary research, we gathered sufficient background

knowledge and understanding of the WLAN market today to help us come up with my

own conclusions as to how the market will develop.

Limitations to this study

Since secondary research is a compilation of someone elses information there is

always a risk that the information contains insufficient knowledge or errors. This has led

us to always try to conduct a critical discussion regarding the information we have

gathered in this way. This critical outlook has also evolved along the course of the

project, as we have become more competent in this field.

Primary research can also include propaganda or actual errors. There can be

several reasons for this, e.g. the interviewee might not want to answer the question

correct for business reasons.

In order not undermine the credibility of this project it was crucial that I

interviewed the right persons. This is especially true when more than one company within

the same line of business are represented. Thats why Ive been careful to choose people

with equivalent positions at the different companies. It has not always been possible to

interview the equivalent position in every company, but Ive tried to interview the system

administrators or someone in a management position in business development. This

selection was done not only because people in these positions have extensive knowledge

about corporate strategies, but also because they have a technical knowledge of the

enabling technologies.

With this in mind, there are however a few other limitations to this study:

Narrow geographical focus (Bangalore). This is due to the fact that I had limited

time and resources.

Not highly focused on security. Security of WLANs remains a big issue that

needs to be solved. Though I have identified the problem, and suggested a few

possible solutions, I have not attempted to solve the practical security issues.

I have focused on viable and currently existing technologies for our research.

Replacing technologies such as IEEE 802.11a and HiperLAN/2 are not available

for mass deployment yet.

Since my main objective with this report is to investigate the market opportunities for

WLAN, these limitations do not a major affect my conclusions on how the market should


35/64

be segmented or which player is more suitable to seize the WLAN opportunity.

Nonetheless, the issues addressed above are still most important and I recommend them

to be further investigated in future research.


36/64

Product Overview

Network managers today are faced with three major IT trends that they must

address: mobility, security, and convergence. All three trends intersect at the edge of the

network the point where users connect to enterprise services. The edge of the

enterprise network today, built on the past decade of networking technology, is a fixed

edge. It was designed for a time when users and devices were not mobile.

Arubas Mobile Edge System enables a new type of edge for the enterprise

network the mobile edge. The mobile edge allows users and devices to connect over

the air and across any network, to securely gain access to enterprise resources.

The mobile edge is an evolutionary new architecture that delivers mobility, security

and convergence for todays networks and builds on a vision where the enterprise

network will ultimately have far fewer ports than today.

Arubas Mobile Edge System consists of three components:

1. Mobility controllers which are centralized service delivery platforms for the

Mobile Edge

2. Controlled access points (APs) which tunnel wired & wireless user traffic tomobility controllers over the LAN, WAN and the Internet

3. Aruba software provides all the intelligence for the Mobile Edge

The Challenge

The Challenge Network managers today are faced with three major IT trends that

they must address: mobility, security, and convergence.

Mobility is heavily driven by users through technologies such as Wireless LANs,

cellular phones and VPNs to conduct business in the office, on the road and at home.

Network security, protecting information assets against unauthorized disclosure,

alternation, or destruction, has become increasingly important in the age of Internet

worms, viruses, and spyware. Security has taken on increased importance in the United


37/64

States, the European Union, Asia Pacific, and other locations with the introduction of

new government regulations related to privacy, confidentiality, and integrity of financial

results.

Finally, converged networks that support both data and voice offer significant

financial benefits and support richer enterprise communications with multimedia

integration.

All three trends intersect at the edge of the network - the point where users

connect to enterprise services. The edge of the enterprise network today, built on the past

decade of networking technology, is a fixed edge. It was designed for a time when users

and devices were not mobile, and for a time when wireless was a point product used only

in the warehouse and factory. The edge of today's network is highly reliable and

extremely simple. When users connect to a port, the network is there to provide them

with instant high-speed access. But this simplicity does not lend itself to security - the

network does not differentiate between authorized and unauthorized users, and it cannot

make decisions about which people get which type of access. Today's network was built

for best-effort data delivery. It was built before Power over Ethernet existed to supply

power to desktop phones, and before application aware quality of service policies were

needed to ensure high voice quality. Today's network can be upgraded to address

mobility, security, and convergence. The upgrade is a massive one, involving every closet

switch, branch office router, core router, and even the physical cable plant. The challenge

for the network manager is to support all three trends in a manageable, reliable way -

without the disruption and expense that a massive network-wide upgrade would entail.


38/64

The Solution

The Solution Aruba's Mobile Edge System enables a new type of edge for the

enterprise network - the mobile edge. The mobile edge allows users and devices to

connect over the air and across any network, to securely gain access to enterprise

resources. It is a new layer in the network that logically sits on top of existing fixed

networks and fulfills the requirements of security, mobility and convergence without

requiring major upgrades to the existing network. The mobile edge is architected to

securely work over existing IP network facilities, and extends across both private

enterprise networks as well as the public Internet. The mobile edge by definition supports

true mobility where users can seamlessly and securely roam across multiple locations. In

addition, it delivers voice convergence through multimedia mobile devices and Voice

over Wireless LAN (VoWLAN) handsets with high quality and reliability. This

eliminates the significant expense of adding powered VoIP ports to the fixed edge.

Further, the mobile edge is built on the notion of identity-based security. Mobile users

and devices, by definition, do not connect to the network through a fixed port. For this

reason, the network must identify every user and device that joins the network. Once this

identity is known, custom security policies may be applied to the network so that only

access appropriate to the business needs of the user or device is provided. This drastically

improves network security by eliminating excess privilege on the network while

providing identity-based auditing. The mobile edge not only solves today's challenges

around mobility, security and convergence but provides a roadmap to reduce overall costs

of the network infrastructure. The natural long-term evolution of the enterprise network

edge is to become predominately mobile. When this happens, a radical transformation of

enterprise network economics will be realized when the costs of cabling infrastructure

and the operational expense of moves, adds and changes are eliminated. This introduces a

dilemma for incumbent networking vendors. The incumbent vendors, in order to continue

their growth, must entice customers to spend more on their networks. The mobile edge,

by drastically reducing networking costs, runs directly counter to the needs of the

incumbent vendors. The 'incumbent's dilemma' develops whenever major turning points

in technology develop - the incumbent cannot grow business by offering a solution that


39/64

allows customer to spend less. The mobile edge is not based on this incumbent's

dilemma. It is an evolutionary new architecture that delivers mobility, security and

convergence for today's networks and builds on a vision where the enterprise network

will ultimately have far fewer ports than today.

The Products Aruba's Mobile Edge System consists of three components:

1. ArubaOS system software which provides all the intelligence for the Mobile Edge

2. Mobility controllers which are centralized service delivery platforms for the Mobile

Edge

3. Controlled access points (APs) which tunnel wired & wireless user traffic to mobilitycontrollers over the LAN, WAN and the Internet ArubaOS System Software A robust and

sophisticated suite of system software that powers the mobile edge, ArubaOS coordinates

all mobile edge operations with advanced capabilities that include seamless mobility,

identity-based security, non-disruptive integration into existing networks, mobile VoIP

capabilities, adaptive radio management, enterprise-class resiliency, open APIs, end-to-

end QoS and centralized management.

The Products

Aruba OS is fully modular software that runs on all Aruba

mobility controllers and controlled access points, allowing them to work

seamlessly in delivering services to users on the mobile edge. The base

feature set of Aruba OS comes standard with every mobility controller and

includes sophisticated authentication and encryption, seamless mobility

with fast roaming, RF management and analysis tools, centralized

configuration, location tracking and more. Aruba OS gives administrators a single point

of control from which to locate and shut down rogue APs, identify and thwart malicious

attacks and impersonations, load-balance traffic, detect coverage holes and interference

and create stateful role-based security policies that follow individuals as they move

across the mobile edge. Since all Aruba mobility controllers utilize the same hardware


40/64

architecture, Aruba OS is fully portable across the entire range, offering identical features

but with differing price and performance points, depending on the underlying mobility

controller. Aruba OS is entirely modular, with particular emphasis on reliability features

such as automatic process restarts to minimize the impact of software failures and full

VRRP redundancy across processors and chassis to minimize the impact of hardware

failures.

Aruba OS includes the following optional software modules:

Wireless Intrusion Protection module provides patented

classification technology that identifies and protects against

malicious attacks such as denial of service, vulnerabilities such as

rogue APs and ad-hoc networks, client and AP impersonation, and

man-in-the-middle attacks.

Policy Enforcement Firewall module delivers user and group policy

enforcement through an integrated ICSA-certified stateful firewall. Security policies can

be centrally defined and enforced on a per-user or per-group basis, following users as

they move. Policies are enforced dynamically, taking into account a variety of metrics

such as user location, time-of-day, device type, authentication method and others.

VPN Server module provides integration support for a variety of virtual private

network implementations, eliminating the need for discrete, external VPN concentrators.

Hardware acceleration provides LAN-speed VPN connectivity. Supported VPN protocols

include L2TP/IPsec, IPsec/XAUTH and PPTP. Both client termination as well as site-to-

site VPNs are supported.

Client Integrity module provides wired and wireless network integration for

client integrity enforcement, protecting the network against infection from malware such

as viruses and worms that take advantage of mobile devices. The Client Integrity Module

integrates software from Sygate Technologies for host integrity, virtual desktop with

file and cache cleaner and safe guest access with protection against 'zero-day' threats.


41/64

Remote AP module lets network managers securely extend corporate wireless

functionality to any location with an Internet connection. Remote APs allow seamless

corporate-like WLAN connectivity at home, a remote office, or anywhere a mobile

worker chooses to work.

External Services Interface module enables any Aruba mobility controller to

communicate with external service devices. The ESI module selectively redirects

network traffic, based on policy, to devices providing inline network services such as

anti-virus, network intrusion detection, content filtering, content transformation and

usage auditing. Full load balancing and health checking are supported.

Advanced AAA module extends authentication and authorization features of

standard ArubaOS, including domain- and realm-based selection of authentication server,

dynamic authentication and authorization using RFC 3576 and an XML API for building

external portal and authentication systems.

xSec module provides termination of highly secure xSec client sessions, offering

link-layer 256-bit AES-CBC encryption with complete header obscuration for highly

sensitive environments. The xSec module also enables the encryption of trunk ports

between Aruba mobility controllers based on the same strong encryption standard.

Mobility Controllers

Mobility controllers are high-performance networking platforms built specifically

to run centralized ArubaOS functions such as controlled access point management,

802.11 station management, 802.11x authentication and encryption, site-to-site and client

VPNs using IPsec/3DES encryption, stateful policy enforcement firewalls, L1-L7

intrusion protection, endpoint integrity checking, and seamless user roaming between

access points and across mobility controllers. All mobility controllers share a common

hardware architecture which includes a dedicated control plane CPU, a high-performance

programmable data plane network processor unit, and a unique programmable encryption

engine for centralized L2 and L3 encryption. They aggregate traffic from the mobile


42/64

edge, inspect and police it and deliver it to the core enterprise network. Mobility

controllers are typically positioned in data centers, for a controlled environment and

access to the high-speed core network, since they handle traffic from hundreds of APs

and thousands of users. Aruba's line of mobility controllers includes multiple models,

sized and priced to support the varying requirements of different sized mobile networks.

The Aruba 6000 is the only modular mobility controller on the market. The four-

slot modular chassis supports up to 8 Gbps of cleartext (7.2 Gbps of encrypted)

throughput, up to 72 10/100 Mbps ports, 8000 simultaneous users and from 4 to 512

controlled APs. Hot-swappable line card slots support multiple connectivity options

including a 24 port Fast Ethernet + 2 port Gigabit

Ethernet line card as well as a 2 port Gigabit Ethernet

line card.

The Aruba 2400 is a stackable, 24-port mobility controller that supports 48 APs.

Designed for regional headquarters or dense building deployments, the Aruba 2400

supports up to 512 simultaneous users and delivers up to 400 Mbps of encrypted

throughput.

The Aruba 800 is a fixed configuration mobility controller designed for small

and branch office applications. The Aruba 800 provides eight 10/100 Mbps user ports and

one copper or fiber gigabit uplink. Programmable hardware-based encryption supports

200 Mbps of full-duplex encrypted traffic.


43/64

Controlled Access Points

Centrally controlled by ArubaOS software, Aruba's line of wired and wireless

APs serve as distributed traffic collectors tunneling wired and wireless traffic to mobility

controllers over IP networks. Wireless APs provide radio coverage and user connectivity

services while simultaneously serving as surveillance devices that constantly monitor the

air for radio-based security threats. They also perform intrusion protection functions

when wireless threats are detected. Wireless APs also run distributed ArubaOS functions

such as adaptive radio management, distributed encryption for local forwarding of

Wireless LAN traffic, wireless intrusion detection and protection, rogue AP detection and

containment among others. Wired APs simply serve as traffic collectors and tunnel wired

user traffic across a LAN or a WAN to an Aruba mobility controller. Aruba offers a wide

range of controlled APs including indoor and outdoor 802.11a/b/g single-radio access

points, 802.11a/b/g dual-radio access points, 802.3 wired access points and hybrid

wired/wireless access points. WLAN APs come equipped with integral antennas or

options for a wide variety of external antennas. All controlled APs work with all Aruba

mobility controllers to provide a high-performance, secure mobile edge. Controlled APs

can be connected to an existing IP network and will automatically discover an Aruba

mobility controller, configure themselves, and begin operation. The mobility controller is

responsible for downloading software images, configuring, and coordinating all

controlled APs. APs are powered through 802.3af Power over Ethernet (PoE),

eliminating extra wiring requirements. They also come equipped with DC power jacks

that work with AC power adapters if PoE is not available. All APs can simultaneously

provide wireless service as well as monitor the air. They continuously scan the RF

environment, locating and tracking all wireless clients to provide warning of intrusion or

interference. This dual functionality eliminates the need for a separate

overlay of RF sensors to troubleshoot and optimize the wireless

environment. Aruba's controlled APs are available in a wide variety of

form factors and capabilities.


44/64

The Aruba 41 is a low-cost single-radio AP designed for the

telecommuter or home office. With a single integral antenna and

802.3af Power over Ethernet, the Aruba 41 is an ideal AP for

deployment where antenna diversity and plenum installation are not

factors.

The Aruba 60 and 61 are single radio, 802.11a or b/g APs designed for dense

wireless deployments in the corporate office. Plenum rated and powered by 802.3af

Power over Ethernet or through an external AC adapter, the Aruba 60 and 61 deliver

superior capacity, performance, and coverage. The Aruba 61 features an integrated

802.11a/b/g omni directional antenna while the Aruba 60 features dual external antenna

connectors. The Aruba 60 and 61 are the perfect APs for highly dense "Wireless Grid"

deployments.

The Aruba 65 is a dual-radio 802.11a/b/g AP designed

for the mobile enterprise worker or road warrior. With integral

diversity antennas, 802.3af Power over Ethernet, an external

power adapter, and a compact design, the Aruba 65 fits easilyin a briefcase and connects wherever a mobile user travels.

The Aruba 70 is the industry's first dual-radio 'hybrid'

access point that provides concurrent operation of 802.11a and

802.11b/g services, as well as secure wired access through an additional Ethernet port.

The Aruba 70 is a multi-purpose device that can function both as an access point and as

an RF monitor - either independently or concurrently - across

the 2.4 GHz and 5 GHz bands. Ideally suited for plenum or

workspace deployment, the Aruba 70 can be securely wall-

mounted, ceiling-mounted, or desk-mounted.

The Aruba 80 is the industry's first controlled

outdoor access point. With support for 802.11a, 802.11b/g, and wireless bridging, the


45/64

Aruba 80 handles all outdoor wireless applications. The Aruba 80 is rated for extreme

outdoor environments, with an operating temperature range of -30 to 55 degrees Celsius

and an integral lightning arrestor and ground point.

The Applications

The mobile edge is an enabling technology for newapplications that can deliver increased productivity, costsavings, security improvements, and faster access toinformation that ultimately leads to better decision making. The mobile edge enablesseveral major applications in the areas of mobility, security, and convergence.

Mobility

Guest Access Provides controlled Internet access, both wired and wireless, toauthorized visitors while keeping the internal network secure.

Internal WLAN Hotspots Wireless LAN access for employee and visitorconvenience in strategic locations such as conference rooms, lobbies, cafeterias, andauditoriums.

Enterprise-wide WLAN Pervasive, highly-available, high-performance wireless

LAN access throughout an entire enterprise building, campus, or extended enterprise.

Remote/Branch Office Access Secure extensions of the mobile edge to remoteand branch offices using the Internet or enterprise WAN as transport.

Small Office, Home Office, and Road Warrior Access Extends the mobile edgeanywhere a user travels through portable, personal remote access points.

Secure Mobility for Legacy WLANs Extends the life of existing wireless LANdeployments through enhanced security, roaming, and management.

Location Tracking Uses an enterprise-wide WLAN deployment to provideprecise location tracking of any Wi-Fi device in the facility.

Security

Identity-based Security Enhances security by identifying the business role of theuser and then allowing only network access appropriate to that role.


46/64

WLAN Intrusion Prevention Prevents radio-based security breaches byidentifying threats to the network from attackers and uncontrolled wireless devices.

Endpoint Integrity Ensures a defined level of client security, such as anti-virus,anti-spyware, or personal firewall software is present before network access is granted.

External Security Services Integrates best-of-breed security appliances, such asanti-virus, content filtering, and IDS as interior network services that are client-independent.

L2 Security for Wired LANs Delivers mobile edge solutions such as encryption,mobility, and identity-based security to legacy wired LANs.

Convergence

Telephony Solutions Provides the cost advantages of Voice over IP with the

mobility benefits of cellular voice.

Voice Instant Messaging Enables hands-free voice communication through aninnovative new class of voice instant messaging devices, enhanced with proximitysensing.

Converged Mobile Devices Delivers quality of service and access control tounified communications messaging devices integrating multi-media services such asvoice, data, email, and fax.

Fixed-Mobile Convergence Unifies public and private voice networks by

providing seamless handoffs between networks for dual-mode cellular/Wi-Fi voicedevices.


47/64

CISCO

Keep Users Connected with Wireless LANs

Organizations worldwide are deploying wireless networks to increase

productivity, enhance collaboration, and improve processes. Instant interaction, text

paging, voice services, and network access while traveling are transforming the business

environment.

The following components work together to create a unified wireless network:

Client Devices: These connect desktop and mobile devices to the wireless LAN

in 802.11a-, 802.11b-, or 802.11g-compliant networks. Most of todays laptops

are wireless-enabled, and many specialized wireless client devices are now

available.

Access Points: These help connect wireless devices to networks, providing

ubiquitous network access for many wireless environments.

Network Unification: This is critical for network control, scalability, security,

and reliability. Integration into existing networks enables systemwide functions

including security policies, intrusion prevention, and RF management. Network Management: As wireless networks grow in scale and complexity,

management becomes more critical, requiring central design, control, and

monitoring.

Mobility Services: A comprehensive wireless network provides built-in support

for leading-edge applications such as wireless voice over IP, location services,

advanced security, and other emerging technologies.

Advanced Features with High Investment Return

As workers become more mobile and business applications become more

interactive, innovative services and applications are critical in helping companies

maintain agility and differentiation. Cisco wireless solutions allow organizations to


48/64

extend their networks where employees need them most, helping to improve productivity,

better respond to customers, and grow the business.

The Cisco Unified Wireless Network cost-effectively addresses the growing need

for wireless connectivity. The industrys most comprehensive wireless network portfolio,

this cost-effective platform allows organizations to meet their current needs, while

creating a smooth migration path for future enhancements and ensuring that their

equipment investments are protected.

The flexible design allows network managers to design infrastructures that meet

their specific needs, whether deploying a simple or highly integrated network.

Cisco extends sophisticated intelligent networking features to the wireless LAN,

including support for Wi-Fi Multimedia (WMM), QoS, virtual LANs, and fast, secure

layer 2 and layer 3 roaming for seamless mobility. Advanced features allow organizations

to:

Prioritize wireless traffic to help ensure information is safely delivered to the right

users

Segment wireless networks to accommodate different users and applications

Provide seamless connectivity across subnets (network segments) to allow

seamless roaming

The Cisco Unified Wireless Network includes the following:

Advanced Security: Network managers must provide connectivity and mobility

without allowing unwanted access to the wireless network or the information traveling

over it. Cisco provides advanced standards-based WLAN security and network protection

that gives network managers confidence that data will remain private and secure. Cisco

wireless security solutions are integrated with the Cisco Self-Defending Network, the

Cisco strategy to enable networks to self-protect against threats.


49/64

Multivendor Support: Cisco wireless solutions support established and

emerging Wi-Fi standards, simplifying integration with wired networks and third-party

client devices to provide reliable, secure wireless connectivity in standards-based

environments. Manufacturers in the Cisco Compatible Extensions Program provide

wireless devices with licensed Cisco infrastructure innovations; devices displaying the

Cisco Compatible logo have undergone extensive, independent compatibility testing.

Investment Protection: Cisco provides solid investment protection through an

extensive wireless product portfolio that simplifies migration to future enhancements,

including software and technology upgrades, scalability for growing networks, and

advanced security.


50/64

EXISTENCE OF WIRELESS LAN IN ORGANISATIONS

WIRELESS LAN IN ORGANISATIONS

020

406080

ORGANISATIONS THAT

HAVE WLAN

ORGANISATIONS THAT

DO NOT HAVE WLAN

WLAN

%

O

F

OR

G

ANISATIO

N

S

THAT

HAVE

W

LAN

Series1

ORGANISATIONS THAT HAVE WLAN 30 15

ORGANISATIONS THAT DO NOT HAVE WLAN 70 35


51/64


52/64

PROBLEMS FACE BY WIRELESS LAN AT ORGANISATIONS

Low Performance 25 20 50

Not Scalable 30 25

Security 45 55 45

Wireless Intrusion 55 60 35

Rouge AP detection, Classification and control 40 30 20Other 20 25 0

01020304050

6070

L

o

w

P

e

rfo

rm

a

n

c

e

S

e

c

u

rity

Ro

u

g

e

A

P

de

te

c

tio

n

,

ORGANISATION1

ORGANISATION2

ORGANISATION3


53/64

DIFFERENT PRODUCTS USED (DIFFERENT VENDORS)

USAGE OF DIFFERENT PRODUCTS

0

20

40

60

CISCO D-LINK MRO TEK HP

BRAND

M

ARKET

SHAR

E

Series1

Series2

CISCO 45

D-LINK 25

MRO TEK 15

HP 20


54/64

Guest 20 15

Partners 42 25

Contractor 17 10

Others 17 10

ACCESS PROVIDED TO OUTSIDERS

WITHIN THE PREMISES

0

204060

G

u

e

s

t

P

a

rtn

e

rs

C

o

n

tra

c

to

r

O

th

e

r

s

TYPE OF BUSINESS RELATION

P

E

R

S

E

N

T

A

G

E

O

F

A

C

C

E

S

S

G

IV

E

N

IN

Series1


55/64

TOOLS USED FOR CONTROL

TYPE OF TOOLS AVAILABLE

0

20406080

User

Authenti

Rogue

Access

TYPE OF CONTROLS

%

AVA

ILABILITY

OF

TO

O

LS

ORGANISATION1

ORGANISATION2

ORGANISATION3

User Authentication 65 55 50

Active Wireless intrusion Attack 25 40 30Rogue Access point being connected to your Network 35 25 35

Passive Wireless intrusion Attack 5 10 5


56/64

SEAMLESS ROAMING

SEAMLESS ROAMING FACILITY

020406080

HAVE

SEAMLESS

ROAMING

DO NOT

HAVE

SEAMLESS

ORGANISATIONS

%

O

F

O

R

G

A

N

market opportunity analysis of wireless lan-syed yacoob-0411

Documents