Archive for 2011

AirTight SpectraGuard Products Achieve FIPS 140-2 and DISA UC APL Certification

December 16th, 2011

This month, AirTight Networks’ flagship product, SpectraGuard® Enterprise, achieved FIPS 140-2 validation from the National Institute of Standards and Technology (NIST) of the United States and the Communications Security Establishment of Canada (CSEC).

 These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and there are no acceptable industry standards or solutions. See background information for more details.

Simultaneously, AirTight’s SpectraGuard Server passed TIC tests for inclusion on the DISA UC APL. The DISA UC APL is the single consolidate list of products that have completed interoperability (IO) and information assurance (IA) certification. Use of the DoD UC APL allows DoD Components to purchase and operate UC systems over all DoD network infrastructures.

AirTight’s products are deployed worldwide in many of the most security sensitive United States government and defense organizations to assure security and compliance with requirements such as DoD 8420.01, FISMA and guidelines from the National Institute of Standards and Technology (NIST). Because AirTight products are always kept up-to-date with certifications such as FIPS 140-2, Common Criteria and DISA; government and defense agencies can take advantage of the powerful wireless security technology provided by AirTight.

802.11n, Compliance, DISA UC APL, Federal Government, FIPS 140-2, Wireless security, WLAN networks , , , , ,

NRF: See AirTight’s unique cloud-based Secure Wi-Fi and captive portal for distributed retail

December 13th, 2011


Join AirTight wireless and security experts to learn how deploying a cloud-based Wi-Fi solution can meet your  business objects with the fastest deployment, lowest cost and minimal management overhead, while maintaining the security of your network and meeting PCI wireless scanning requirements.

AirTight can show you how to be up and running with a Guest Wi-Fi network and captive portal in a matter of minutes.

Be sure to visit AirTight at booth 2227 at the NRF 101st Annual Convention & EXPO, January 15-18, 2012 at the Jacob K. Javits Convention Center in New York City. We will have experts and top executives on hand to answer your questions.

Monday, January 16, 2012: 9:00am – 6:30pm
Tuesday, January 17, 2012: 9:00am – 5:00pm 

Featured Product:

AirTight Cloud Services™ – AirTight Cloud Services for Wi-Fi Access and Security is the first and only VVi-Fi solution managed from the cloud that offers VVi-Fi access PLUS full time rogue detection and prevention for wireless security and PCI compliance in a single device.

If we have your interest, contact us at to set up a meeting with our wireless experts.

Cloud computing, PCI, WiFi Access, Wireless security, WLAN networks

Skyjacking attack – then Cisco, now Aruba?

July 18th, 2011

Skyjacking Cisco WLC Aruba Mobility Controller AirWave Wi-Fi WIPSRecall “Skyjacking” vulnerability discovered with Cisco LAPs couple of years ago? It allowed hacker to transfer control of enterprise Cisco LAPs from enterprise WLC to hacker controlled WLC in the Internet with over-the-air attack. Once control is transferred, the hacker could change configuration on those LAPs in any way by adding, deleting and modifying SSIDs. The hacker could also tamper with Cisco monitor mode APs and take away the security layer. Cisco Skyjacking exploited vulnerability in Cisco’s over-the-air controller discovery protocol. Know more about it here 

Now a similar vulnerability seems to have been discovered in Aruba OS and AirWave console. The advisory states: “[a]n attacker could plant an AP with maliciously crafted SSID in the general vicinity of the wireless LAN and might trigger a XSS vulnerability in reporting section of the ArubaOS and AirWave WebUIs. This vulnerability could potentially be used to execute commands on the controller with admin credentials.” Though modus operandi is different from Cisco, the end result is similar – transferring the control of Wi-Fi controller to hacker by launching over-the-air attack.

No system is free from vulnerabilities and such things will continue to be discovered. But, you don’t have to give away “hack one, get one free”. You don’t have to give hackers control of Wi-Fi coverage and Wi-Fi security in a single shot. This can be achieved by ensuring that the Wi-Fi security layer operates independent of Wi-Fi infrastrucutre.  Read more…

Best practices, Wireless security , , ,

AirTight Rated “Strong Positive” by Leading Analyst Firm

July 14th, 2011


We are really excited here at AirTight.  AirTight achieved a rating of “Strong Positive” in Gartner’s 2011 Marketscope Report for Wireless LAN Intrusion Prevention Systems. published this week.  “Strong Positive” is the highest possible rating in a Gartner Marketscope. The July 2011 report was authored by John Girard, VP, Distinguished Analyst, John Pescatore, VP, Distinguished Analyst and Tim Zimmerman, Research Director at Gartner.

2011 Gartner Marketscope On Wireless LAN IPS matrix

2011 Gartner Marketscope On Wireless LAN IPS matrix

If you are concerned about wireless threats to your enterprise, including unapproved personal smart devices, this report outlines the key highlights and limitations of each solution as well as feedback from real customers of each vendor.

The 2011 MarketScope report evaluated vendors on five criteria – customer experience, offering (product) strategy, overall viability (business unit, financial strategy, organization), marketing execution, and product/service.

The report notes in part, “Wi-Fi support is a standard extension of corporate networks, and enterprises must ensure the vulnerability management and intrusion prevention processes be extended to cover wireless and wired networks. WLAN security monitoring in the form of wireless intrusion prevention systems (WIPS) is required to ensure that supported WLAN performance is not impeded by interference or denial-of- service attacks, WLAN traffic is kept private and secure, users are prevented from installing unauthorized WLANs, and unsupported/unauthorized WLAN technologies are barred from operation.”***

***MarketScope Disclaimer

The MarketScope is copyrighted 2011 by Gartner, Inc. and is reused with permission. The MarketScope is an evaluation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the MarketScope, and does not advise technology users to select only those vendors with the highest rating. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

PCI, smartphones, WiFi Access, Wireless scanning, Wireless security, WLAN networks

Gartner Wireless IPS Marketscope rates AirTight “Strong Positive”!

July 13th, 2011

The latest Gartner research on wireless IPS has just been published and AirTight has received the highest rating of  “Strong Positive”.

Follow this blog…. More information coming soon!

802.11n, Air Magnet, PCI, smartphones, WiFi Access, Wireless security, WLAN networks

IMF, Citigroup, Sony Hacks – Security Lessons to be learned

June 13th, 2011

This article in Information Week  by Mathew J. Schwartz is well worth reading. It is time that security came first and compliance second IMHO. Click on the link below and I would love your feedback on the article and my comments.


What Do IMF, Citigroup, And Sony Hacks Share?
Mathew J. Schwartz,

“Many organizations have been focusing on complying with regulations, rather than taking a top-down look at what most needs to be secured, security experts say.”


I believe this article by Mathew  is right on the money.  Compliance does not equal security.  It is time for organizations to understand that security is not just some incessant fly they can swat away and then forget until the next time it comes back.  Many of these organizations are dealing with data so sensitive that release of it can bring down governments or ruin individual lives. 

Security is not a once and done.  It is an ongoing, layered process that must take into account all current and emerging threats, such as smartphones, iPhones, iPads and droids – all of which come Wi-Fi enabled – meaning they can create bridges into your network even if you have not rolled out wireless.

Information Week also has a great slide show of the ten largest breaches you might find useful:

10 Massive Security Breaches

Wireless security

WIPS complements MDM security by blocking personal smart devices

May 27th, 2011

With the explosive growth of smart devices in the enterprise, Mobile Device Management (MDM) is a hot topic among IT departments these days.  In order to secure the network and protect sensitive data on mobile endpoints, many organizations are deploying tools to secure, monitor, and manage smart devices accessing their networks.  Installing an MDM agent on mobile assets gives the IT department the ability to enforce VPNs, remotely wipe data off stolen/lost devices, and ensure that devices under management by the IT staff are running the most current and secure applications.

But is this really enough to protect you?

No.  In today’s “BYOD” (bring your own device) culture, the reality is that personal smart devices will continue to attach to your network. These devices may not have your favorite MDM agents running on them, thus exposing your network and data to security threats again.  Enterprises need a “gatekeeper” control to ensure that only approved devices with an installed MDM agent can attach to the corporate network. By adding a strong WIPS solution to your enterprise security portfolio, you will have the ability to enforce such control and complete your mobile security strategy.

A robust wireless IPS solution (WIPS) will detect, identify and locate unauthorized smart devices connecting to the network, generate a real time alert or even better – block those unmanaged devices from connecting in the first place.  Better yet, a good WIPS will allow you to define your security policy by device type, VLAN, and location.  For example, iPhones could be allowed to connect to the guest network for Internet access, but could still be blocked from accessing the internal network.

Watch this technical webinar for more information.

Best practices, mobile device management, smartphones, WiFi Access, Wireless security, WLAN networks , , , , , ,

Aberdeen Wireless LAN Report Tracks Impact of Smart Devices

May 20th, 2011

A special Aberdeen Group report titled, “Wireless LAN 2011: Readying the Invisible Network for the Smart Revolution is the first industry study to track the impact of the rapid rise of smart devices on the WLAN.

The proliferation of embedded WiFi devices – smartphones, tablets, and Machine-to-Machine sensors (M2M) – and the explosion of wireless activity in and around the enterprise make maintaining a good security posture and meeting regulatory compliance requirements more challenging than ever.

According to Andrew Borg, senior research analyst, Wireless & Mobility for Aberdeen, and the report’s author, “A network is suboptimal unless network performance and security are both addressed. It isn’t enterprise class if it isn’t secure. As a consequence top-performing organizations are consistent in considering network security a high priority.”

This report is available immediately at no cost, courtesy of AirTight Networks.

Best practices, Compliance, mobile device management, smartphones, Wireless scanning, Wireless security, WLAN networks

Android found vulnerable to sidejacking!

May 18th, 2011

Last Friday, a vulnerability in Google’s ClientLogin Protocol was disclosed that makes most Android users vulnerable to ”sidejacking.” All services (Calender, Contacts, Picasa, Stock Quotes, etc.) that use the Google’s ClientLogin API for “Auto Sync” are vulnerable. 

Sidejacking (aka session hijacking) is not new to Wi-Fi. Firesheep that caused a stir last October is a recent example of a tool demonstrating sidejacking attack against Twitter and Facebook. The latest vulnerability though holds significance given the huge userbase of Android smartphones commonly using their smartphones at Open Wi-Fi hotspots. Read more…

smartphones, Wireless security , , , , ,

AirTight demos PCI and WiFi cloud solutions at NACStech conference

May 12th, 2011

AirTight Networks will be demonstrating cloud-based PCI compliance and Wi-Fi access solutions at the NACStech conference in Las Vegas, May 16-18.

AirTight Cloud Services provides scanning for, detection of, and prevention against rogue access points (APs) and other wireless vulnerabilities to satisfy PCI compliance requirements, while laying the foundation for strategic wireless initiatives in the future.

With AirTight, convenience store operators can deploy secure Wi-Fi access, wireless PCI compliance scanning, and wireless IPS capabilities in a singe device managed from anywhere on the Internet.

AirTight’s combination wireless AP/security sensor provides an affordable, easy-to-deploy and use, scalable Wi-Fi access solutions that can meet their Wi-Fi  needs while maintaining PCI compliance and network security.  This seamless transition gives IT complete control and maximum flexibility to roll out WiFi with no additional equipment to purchase, no additional deployment costs, and without compromising security or PCI compliance.

Offered as a monthly service, costs are kept to a minimum.  Subscription fees include all equipment, support and maintenance, as well as device replacement and upgrades during the term of the contract.

For more information and a live demo of AirTight’s award winning products, please visit AirTight Networks at booth #324 at the NACStech Conference in Las Vegas, May 16-18.

802.11n, Cloud computing, PCI, WiFi Access