Author Archive

WIPS complements MDM security by blocking personal smart devices

May 27th, 2011

With the explosive growth of smart devices in the enterprise, Mobile Device Management (MDM) is a hot topic among IT departments these days.  In order to secure the network and protect sensitive data on mobile endpoints, many organizations are deploying tools to secure, monitor, and manage smart devices accessing their networks.  Installing an MDM agent on mobile assets gives the IT department the ability to enforce VPNs, remotely wipe data off stolen/lost devices, and ensure that devices under management by the IT staff are running the most current and secure applications.

But is this really enough to protect you?

No.  In today’s “BYOD” (bring your own device) culture, the reality is that personal smart devices will continue to attach to your network. These devices may not have your favorite MDM agents running on them, thus exposing your network and data to security threats again.  Enterprises need a “gatekeeper” control to ensure that only approved devices with an installed MDM agent can attach to the corporate network. By adding a strong WIPS solution to your enterprise security portfolio, you will have the ability to enforce such control and complete your mobile security strategy.

A robust wireless IPS solution (WIPS) will detect, identify and locate unauthorized smart devices connecting to the network, generate a real time alert or even better – block those unmanaged devices from connecting in the first place.  Better yet, a good WIPS will allow you to define your security policy by device type, VLAN, and location.  For example, iPhones could be allowed to connect to the guest network for Internet access, but could still be blocked from accessing the internal network.

Watch this technical webinar for more information.

Wireless security , , , , , ,

AirTight demos PCI and WiFi cloud solutions at NACStech conference

May 12th, 2011

AirTight Networks will be demonstrating cloud-based PCI compliance and Wi-Fi access solutions at the NACStech conference in Las Vegas, May 16-18.

AirTight Cloud Services provides scanning for, detection of, and prevention against rogue access points (APs) and other wireless vulnerabilities to satisfy PCI compliance requirements, while laying the foundation for strategic wireless initiatives in the future.

With AirTight, convenience store operators can deploy secure Wi-Fi access, wireless PCI compliance scanning, and wireless IPS capabilities in a singe device managed from anywhere on the Internet.

AirTight’s combination wireless AP/security sensor provides an affordable, easy-to-deploy and use, scalable Wi-Fi access solutions that can meet their Wi-Fi  needs while maintaining PCI compliance and network security.  This seamless transition gives IT complete control and maximum flexibility to roll out WiFi with no additional equipment to purchase, no additional deployment costs, and without compromising security or PCI compliance.

Offered as a monthly service, costs are kept to a minimum.  Subscription fees include all equipment, support and maintenance, as well as device replacement and upgrades during the term of the contract.

For more information and a live demo of AirTight’s award winning products, please visit AirTight Networks at booth #324 at the NACStech Conference in Las Vegas, May 16-18.

WiFi Access

Are Smartphones the New Platform for “Mobile Hacktivism”

May 9th, 2011

There’s been a lot of news in recent weeks surrounding the Sony PlayStation Network breaches.  One of the questions that I have received multiple times since this started is whether or not this was a wireless breach or if wireless was  in any way part of the Sony vulnerability.

From what we understand, no.  It sounds like web servers were compromised.  But could these types of attacks happen over Wi-Fi?  You bet.

“Hacktivists” essentially volunteer to participate in these coordinated attacks. The tools used are often easy to use and freely available.  They just need people willing to join the cause to create the distributed denial of service.   Firewalls are supposed to keep the “bad guys” out, but there is nothing stopping anyone from putting these same tools on a smartphone and carrying out these same attacks from INSIDE an organization, not just remotely from the Internet.

These same techniques used against Sony, MasterCard, and Visa as well as the type of attack that breached TJX can now be launched from personal smart devices (Iphones, Ipads, Androids, etc.) inside your network.   In fact, Gopinath K.N., Director of Engineering at AirTight Networks has demonstrated just this type of scenario at various security conferences and on-line presentations.  See his demo here.

Additionally, smartphone malware can be distributed in the form of an application easily downloaded from the Internet (think of all the gaming and social media apps available for iPhones and Androids). Its really no different than how PCs become infected with worms, viruses and malware by visiting untrusted sites and downloading insecure applications.

Once the malware is installed, if that compromised smart device attaches to the corporate network, the malware can be used to launch a stealthy attack from inside the corporate network – with or without the knowledge or consent of the smart device owner .  Sensitive data could even be sent off-site via the device’s own Wi-Fi or 3G radio.

Considering that smart devices and tablets now outnumber PCs in new sales, this may not be so far fetched.  A major difference between PC security and smart devices is that the tools to detect and defend PCs from these vulnerabilities is significantly more mature and widely deployed then smartphone security in practice today.  Organizations need to determine whether or not unauthorized smartphones are allowed to attach to their Wi-Fi  networks (guest and corporate), and how they will enforce wireless security policies to keep themselves secure.

Wireless gadgets

SMBs, WEP still a target for War Drivers

May 9th, 2011

After the TJX breach, the PCI security council strengthened their wireless security standard in an attempt to prevent such catastrophic incidents from reoccurring.  While some of the largest retailers strengthened their wireless security, small and medium businesses need to take a look at their own security practices because they are just as susceptible, maybe more.  In its annual Data Breach Investigations Report earlier this week, Verizon said “criminals are increasingly hitting smaller businesses as it becomes harder to steal financial data from big companies.”

War-driving is still more common than most people probably think, but the number of incidents reported by small and medium businesses is very low.  In most cases, WEP encryption is still the target.  In a recent Network World article reported that Seattle police are investigating a group of criminals attacking local businesses via Wi-Fi access points encrypted with the flawed WEP protocol.  Does this appear to be an isolated incident? No.  According to the Seattle police, this group of criminals has been suspected of these types wireless attacks for as many as *5 years*.

What is troubling is the number of retailers that continue to opt for a “compensating control” to address their wireless security requirements.  Even PCI’s “approved” methods including quarterly wireless scans and visual inspections are insufficient to protect your business.   Wi-Fi is everywhere, its easy to find an unencrypted (or poorly encrypted) signal.

Until companies understand the risk of properly secured Wi-Fi, they will remain susceptible.    Just ask the guys in Seattle.



Wireless scanning

Are smartphones outsmarting your network security?

April 1st, 2011

If you are concerned about the proliferation of smart devices (Iphones, Droids, tablets) and the impact on  your network security, then this is a “can’t miss” webinar.   The inability to detect and block unauthorized personal devices from attaching to your network puts your business at risk.  AirTight CTO and Founder Pravin Bhawat discusses the challenges with mobile device management and the limitations of existing wireless network security measures.

Listen to the recorded webinar here.

Wireless scanning

Network World: Gartner slams Cisco’s single vendor network vision

January 31st, 2011

I meant to publish something when I first saw this article in Network World.   Apparently Gartner debunks the myth that a single vendor network solution is more cost effective and easier to manage.   Pretty strong statement by Gartner and there were some pretty strong reactions if you look at the comments on the Network World site.

In a Wi-Fi world, I think Gartner’s analysis is especially true. With the availability of controller-less and cloud based Wi-Fi solutions, Cisco’s pricing and complexity is more than some are willing to accept.  Branch offices don’t need the same expensive Cisco WiFi infrastructure to support hot spot or in store WiFi applications.  And in Cisco’s case, even the first generation (or two)  of the “single vendor” approach is often a sum of parts collected in an M&A spree. Because nothing was really designed to work together in the first place, adding additional capabilities to the WLAN such as security, compliance scanning,  performance and disagnostics often requires another “box”, additional licenses, and lets not forget the maintenance. 

Sounds like Gartner touched a nerve. Maybe customers are tired of paying a premuim for something that requires even more  IT  resources to manage day-to-day?  Show me hard savings NOW.  Not some fuzzy ROI over the next couple years.

Love to hear what others think.

WLAN networks

The Cloud Provides CFO Friendly Wi-Fi

January 31st, 2011


Controller based WiFi architectures have been the standard for some time, but the advantages of the cloud appear to be a perfect fit for deploying a scalable, and more importantly, manageable WiFi infrastructure. Cloud based solutions are intended to drastically reduce the cost and complexity of delivering an enterprise solution. And WiFi should be no exception.

By now, you have discovered CFO’s like cloud computing. IT solutions that can be purchase as a cloud solution eliminate up front capital expenditures, depreciation, and product obsolescence.

Cloud solutions improve cash management because there is no need to write a big check all up front. Paying only for the capabilities you need, lowers your organizations financial risk. And the recurring (often monthly) operational costs of cloud based solutions provide easy to forecast and budget IT expenditures. Lastly, because deployment time and on-going operational overhead can be recognzed in weeks not months, results are easier to measure.

If you are considering a new WiFi deployment or are ready for a refresh, take a look at this video to see how AirTight’s Cloud Services can help.

Cloud computing

AirTight satisfies PCI wireless scanning requirement in under 5 minutes

April 1st, 2010

Wireless PCI Compliance in just 5 Minutes

This new product video from AirTight Networks shows how easy it is to automate your wireless PCI vulnerability scanning. AirTight SpectraGuard Online can be configured and running in as little as 5 minutes and 3 easy steps. AirTight eliminates the need to send staff to remote locations with a mobile analyzer to conduct the routine PCI scan for rogue APs. IT professionals should find this refreshing.

Watch AirTight’s wireless PCI scanning video

PCI, Wireless security

Wi-Fi vulnerabilities exposed in Today Show video

October 29th, 2009

Interesting piece on Wi-Fi security on the Today Show this morning. The Today Show aired a piece called “Is your Wi-Fi connection safe?”
The story shows war driving through a residential neighborhood to show that many residential Wi-Fi users still deploy their wi-fi devices without passwords, leaving their connections vulnerable to eavesdropping.

One common Wi-Fi security threat highlighted in this report showed just  how easy it is for a hacker to intercept the connection of mobile users connecting to unsecured public Wi-Fi in places like a coffee shop, airport, etc. This is not the first time this subject has been covered. See simlar stories by CNN (August 11, 2009), Fox News (July 12, 2009).

The Today Show should have also included in their report the fact that many Windows based computers cache and probe for previously used wi-fi connections, making users even more vulerable because their computer may be connecting without the users knowledge to a hacker posing as an unsecured hotspot. See the story by Forbes (November 2008).

Visit for Breaking News, World News, and News about the Economy

Wireless security

AirTight on “Cloud Nine”

June 20th, 2009

Devin Akin wrote a short post about AirTight SpectraGuard Online on CWNP.  He likes our hosted wireless IPS service and seems to think we are on to something!   Now how can I argue with the man.

Wireless security , ,