Author Archive

The Future of Enterprise WLAN in 2013 and Beyond

April 9th, 2013

By Kaustubh Phanse  – AirTight Chief Evangelist


If predictions from leading technology analyst firms are to be believed, the worldwide Wi-Fi market will continue to grow.

Dell’Oro estimates the Wi-Fi market to grow to $9.9 billion by 2016 of which the enterprise WLAN segment alone is estimated to be over $5 billion in revenues.

Gartner anticipates an even faster growth for the enterprise WLAN segment, with spending expected to reach $7.9 billion in 2016.

Here are a few trends (some of which are already happening!), which will go hand-in-hand with this next wave of massive growth in the enterprise WLAN market.


Distributed Wi-Fi, Centrally Managed


A growing number of enterprises will want to extend their Wi-Fi rollout across remote locations, e.g., branch offices, retail stores, distribution centers, restaurants, and the list could go on. The key challenge then would be to have centralized visibility and management of the entire deployment—ideally from a single console.

Controlled in the cloudThis trend will make the traditional controller-based architecture outdated sooner than later because it was not designed to manage Wi-Fi networks across geographically distributed sites. It’s too complex, costly, and does not scale. The change of guards is evidenced in the number of recent announcements by controller-based WLAN vendors. Some are hiding the controller in the cloud, some are hiding them in arrays, some are saying that they are giving customers a “choice” to turn it off (without telling them what functions will stop working without it!), while some are simply giving their marketing a “controller-less” spin. Unfortunately, you can’t turn a fork into a spoon overnight to eat soup instead of spaghetti! Or maybe you can! ;-)


Naturally, an increasing number of enterprises are looking for an alternative that:

Linearly scales to tens, hundreds or thousands of distributed locations, but can be managed centrally from a single console;

Enables literally plug-and-play installation and true zero-touch configuration of access points (APs) at remote sites without IT staff;

Is fault-tolerant by design so the full wireless network and security functionality continues to work without depending on access to a central management server;

Supports a new paradigm of network and security management and role-based administration of distributed locations in the context of locations and not in the context of “SSIDs” alone.


WLAN as a Managed Service


cloud managed via tabletThat brings me to my next trend, which will redefine how enterprise Wi-Fi networks are managed: Cloud! Enterprises have adopted cloud technologies in recent years to replace software applications that they once ran on their own network. But in 2013 and beyond, an increasing number of companies will look up to the cloud to manage their distributed Wi-Fi networks and related services such as wireless security and compliance. And in many cases, they will outsource their network and security management to managed service providers (MSPs). In fact, we have seen a significant growth in our partnerships with MSPs wanting to host cloud-managed WLAN services. But, not all clouds are made equal. So providers looking for cloud partnerships should carefully assess how cloudy is the cloud before making the leap. Only a true multi-tenant cloud solution will allow them to manage hundreds of customers in a cost-effective way, i.e., without having to host a server (appliance or VM instance) for every customer!


Follow AirTight Networks on Twitter


Bring Your Own Device (BYOD)


The BYOD trend, with employees using personal smartphones and tablets at work, has significantly driven Wi-Fi adoption and evolution over the last couple of years. It has also led to a growing trend of other unauthorized Wi-Fi devices, e.g., Rogue APs, Soft Rogue APs and mobile Wi-Fi byod word cloudhotspots, on enterprise networks. While mobile device management (MDM) and NAC vendors have tried to market themselves as the silver bullet for managing BYOD, neither of them have complete visibility into the Wi-Fi activity of these personal devices and hence cannot provide comprehensive access control for BYOD. Naturally, questions are being raised on whether MDM is really needed or is it dead?

A growing number of enterprises are opting for a reliable wireless intrusion prevention system (WIPS) – either as an overlay on top of existing WLAN solutions or as a built-in feature with their WLAN solution – to provide them with 24/7 wireless monitoring and policy enforcement, including BYOD. Automatic and accurate classification of Wi-Fi devices detected in the enterprise airspace, automatic fingerprinting and onboarding of smartphones and tablets onto the enterprise network, and the ability to reliably block any unauthorized devices or those violating security policies will be crucial to minimize security exposure and ensure compliance with regulatory requirements, while avoiding excessive burden on the IT security staff.


A New Standard, Higher Speeds!


Last, but not the least, 2013 is also expected to see the ratification of a new Wi-Fi standard in the form of IEEE 802.11ac, nicknamed as Gigabit Wi-Fi! 802.11ac uses wider channels (80 MHz and 160 MHz) as compared to 802.11n (20 MHz and 40 MHz) in the relatively clean 5 GHz frequency band and enables data rates up to 1.3 Gbps. Some pre-standard 802.11ac products are already in the market, with the approval of the standard expected in late 2013. Like it was the case with 802.11n, the early 802.11ac rollouts will be mainly access points. This year has already seen some rumors and some announcements of 802.11ac support in mobile devices. However, widespread adoption of 802.11ac is expected only by 2014-2015 when majority of Wi-Fi clients will support the standard. Till then, enterprises are likely to postpone the investment in an 802.11ac upgrade of their WLAN infrastructure to maximize the ROI.


Listen to the ebook

Listen to the ebook

Additional Information:

802.11n, BYOD, mobile device management, WiFi Access, Wireless security, WLAN networks

Android found vulnerable to sidejacking!

May 18th, 2011

Last Friday, a vulnerability in Google’s ClientLogin Protocol was disclosed that makes most Android users vulnerable to ”sidejacking.” All services (Calender, Contacts, Picasa, Stock Quotes, etc.) that use the Google’s ClientLogin API for “Auto Sync” are vulnerable. 

Sidejacking (aka session hijacking) is not new to Wi-Fi. Firesheep that caused a stir last October is a recent example of a tool demonstrating sidejacking attack against Twitter and Facebook. The latest vulnerability though holds significance given the huge userbase of Android smartphones commonly using their smartphones at Open Wi-Fi hotspots. Read more…

smartphones, Wireless security , , , , ,

WPA2 Hole196 Webinar Q&A

August 21st, 2010

Due to the overwhelming attendance and response we got to the recent WPA2 Hole196 webinar, we did not have time to answer all the questions asked during the webinar. In this post, we are keeping our promise and answering those webinar questions.

By the way, the webinar slides and recording from this webinar as well as answers to the frequently asked questions on Hole196 and a white paper are available here.

So here we go!

Read more…

Wireless security , , , , ,

WPA2 finds itself in a “hole”! Vulnerable to insider attacks!

July 23rd, 2010

WPA2_Hole196Wi-Fi security has experienced a lot of churn over the last decade. As protocols like WEP and TKIP fell by the wayside, WPA2 emerged as the “Last Wi-Fi Security Protocol Standing.” Wi-Fi Alliance recently announced its plan to phase out WEP and TKIP, promoting WPA2 as the go-to security standard.

With solid protection in the form of AES encryption and 802.1x based authentication, there was no reason to look beyond. WPA2 did its job well keeping the bad guys outside, out of the network. And traditionally that has always been the focus of Wi-Fi security.

But…! Read more…

Wireless security , ,

Has your data been “Woogled”?!

June 3rd, 2010

Google Street View car gets a ticketThe WiFi snooping row  Google has gotten itself into seems to be far from over. In April, Google revealed that its Street View cars had been collecting basic data such as the MAC addresses and SSIDs of WiFi networks in the vicinity. But after German authorities asked Google to audit the data, it admitted to have been “mistakenly” snooping payload data from Open WiFi networks. Apparently, a piece of WiFi data analysis code, written by Google engineers back in 2006, was part of the software used by the Street View cars, in turn leading to the WiFi snooping (of about 600 GB of data across 30 countries!). Read more…

Best practices, Wireless scanning, Wireless security , , ,

Wireless Forensics: A Review from RSA Conference 2010

April 30th, 2010

With more enterprises deploying wireless LANs and employee-owned WiFi devices flooding enterprises, wireless LAN forensics is becoming a key component of any network forensic audit — whether to prove compliance with a regulation such as PCI DSS or in response to a security incidence. But wireless presents unique challenges to forensic audits.

Last month, at RSA 2010 conference in San Francisco, I had the oppourtunity to discuss this issue with experienced auditor and certified PCI QSA Jim Cowing. Here you can view the video recording of an abridged version of our RSA 2010 talk “Anatomy of a Forensic Audit: How Wireless Changes the Game.”



Let me summarize the highlights from the talk: Read more…

Best practices, Compliance, PCI, Wireless scanning, Wireless security , , , ,

Humpty Dumpty sat on a wall…

March 16th, 2010

False sense of security

Every now and then we run into network administrators and CSOs that brag about how their organization is not vulnerable to wireless security threats, only to see their rash confidence fizzle out once the results from a wireless vulnerability assessment or penetration test are out.

Today, most are aware that Open WiFi on enterprise network is foolish and using WEP encryption is a bad idea and that WPA2/802.1x is the way to go.  Then where do they go wrong?

Read more…

Best practices, Wireless scanning, Wireless security

WPA-PSK Passwords Now on Sale…Starting $17!

December 14th, 2009

A cloud-based service called WPA Cracker launched last week promises to crack WPA-PSK (WiFi Protected Access with Pre-Shared Keying) for you starting $17 .

Like any other password-based authentication system, WPA-PSK (and WPA2-PSK) is vulnerable to a “dictionary attack.” This is a brute force technique in which a hacker uses a dictionary or database of commonly used passwords to guess the WPA encryption key. The problem with this approach is that it might take days or weeks to crack even a moderately strong password with a typical PC.

What makes the WPA Cracker service interesting is that it provides you access to huge amount of computing power using a 400-node cluster. The service promises to parse a dictionary of 135 million passwords and email you the results in 20 minutes for $34. If that price tag sounds steep or if you are ready to wait longer, then you can pay $17 to use half the cluster and receive the results by email in 40 minutes.

The service is targeted to ethical hackers that do wireless vulnerability assessment and wireless network penetration testing for a living. But I wonder…what would keep the “unethical” hackers from misusing a cloud-based service like this.

Not every cloud has a silver lining. What do you think?

Wireless security , ,

802.11n ratified as IEEE standard

September 14th, 2009

Finally the news that everybody in the WiFi world has been waiting for! Exactly six years after the 802.11n task group was formed, 802.11n got the final ratification as IEEE standard last Friday.

It has also been reported that 802.11w (protection for 802.11 management frames) was also approved as a standard in the IEEE Standards Board meeting.

If you are now looking forward to rolling out a fresh 802.11n deployment or migrating parts of your WLAN to 802.11n, you may want to look at this informative white paper 802.11n The Good The Bad The Ugly: Will You Be Ready? and watch the archived webinar 802.11n deployment checklist — what you need to know before you start by Sri Sundaralingam and Lisa Phifer.

802.11n ,

PCI Security Council Clarifies Wireless Security Requirements for PCI DSS Compliance

July 23rd, 2009

Any organization handling payment card data should pay immediate attention to the PCI DSS Wireless Guideline published by the PCI Security Standards Council Wireless Special Interest Group last week.

PCI Cardholder Data Environment Wireless Threats

Wireless Threats That Can Compromise PCI DSS Compliance

 The key highlights are:

Read more…

Compliance, PCI, Wireless security , , , , ,