Archive

Archive for the ‘Best practices’ Category

Going Beyond the Checkmark: All Things PCI

June 27th, 2013

Airtight automated PCI compliance reporting

|

AirTight’s compliance with the PCI Data Security Standards (DSS) continues to be at the heart of our initiatives to secure the retail environment. We remain focused on enhancing and going beyond the standards, which has been our mission since day one.

Lately we’ve been upping our PCI activities. Check out our latest thinking and developments now and upcoming :

 

Resources:

|

8 Steps to Secure Retail Wi-Fi | AirTight INFOGRAPHIC
8 Steps to Secure Retail Wi-Fi | AirTight INFOGRAPHIC

AirTightPCI Infographic

|

Get a quick snapshot of the 8 critical factors that must be addressed to secure, scale and manage your retail Wi-Fi locations.  View the AirTightPCI Infographic.

|

AirTightPCI Audio ebook

Listen to AirTightPCI ebook

Listen to AirTightPCI ebook

|

Satisfying your PCI compliance and data security requirements is complex enough, but adding wireless vulnerability scanning and remediation shouldn’t add any more effort or expense. Here are 8 considerations for choosing your wireless PCI compliance solution.

|

Listen to the AirTightPCI audio ebook - the companion piece to the  infogrpahic.

|

AirTight PCI Customer Success Stories

|

Read PCI customer success stories:  Pinkberry, Garden Fresh and Noodles & Company

|

July 2nd 2013: PCI London

|

PCILondon mapAirTight is proud to be a Networking Sponsor at this year’s PCI London event on July 2, 2013.  The agenda is to provide strategic and technical advice regarding PCI implementation and examples of best practices and practical case studies. Attendees will include key stakeholders and decision makers who are responsible for securing payments systems, protecting cardholder data and meeting PCI DSS compliance requirements within merchants, acquiring banks and payments service providers.

|

Simon Hollister ( @SimonLHollister ) will be on hand at the show with our UK partner Selcoms. You can set up time to meet with Simon beforehand: Simon.Hollister@airtightnetworks.com

 

Follow us on Twitter  @AirTight  #PCILondon

|

September 24-26, 2013:  PCI North American Community Meeting

|

PCI Security Standards Council September 24-26, 2013

Mandalay Bay Convention Center

Las Vegas, Nevada

 

2013 is a release year

2013 is a release year

|

The PCI Council, formed in September, 2006 to manage the evolution of the PCI Data Security Standard, will be holding its Annual Community Meeting in Las Vegas from 24-26, September. The meeting will focus on updates to the core PCI Standards, PCI DSS and PTS – DSS.

More than 1200 participants are expected to attend.  The Keynote Address, The Struggle for Control of the Internet, by Misha Glenny, Journalist and Author, will include unique footage and recordings from inside the world of cybercrime as well as exclusive material from governments and intelligence agencies as to the real nature of the threats.

Jack Torgow, AirTight VP of Sales, and Anthony Paladino, AirTight VP of Product Management, will both be on hand to meet with customers and prospects. To set up time with either of them beforehand, you can reach them at:  Jack.Torgow@airtightnetworks.com  and anthony.paladino@airtightnetworks.com

 

|

Is Your Wireless Safe?  by AirTight CTO Pravin Bhagwat,  via QSRmagazine

|

AirTight Appoints Kevin S. McCauley Director, Retail Market Development

 

AirTight is thrilled to announce the hiring of Kevin S. McCauley as Director, Retail Market Development. McCauley joins AirTight from Yum! Brands, Inc. the world’s largest fast-food restaurant company, licensing and operating well-known global brands such as KFC™, Taco Bell®, and Pizza Hut®. As Manager of IT Infrastructure for restaurant network engineering and data center services and facilities, McCauley was responsible for more than 17,000 domestic store locations and led their Future Store Network Architecture and Platform initiative for eliminating network outages, increasing security, and adding new capabilities, such as guest Wi-Fi services at retail operations.

AirTight PCI = sleep assurance

AirTight PCI = sleep assurance

McCauley will use his deep knowledge of retail IT operations to help AirTight develop richer and broader relationships with its growing roster of retail market clients and the channel partners and network providers who serve them.

Along with his market development duties, McCauley will be helping AirTight scale its global operations as it prepares for growth. “I have often been asked, ‘how do you sleep at night knowing you have 17,000 locations to take care of,” reflected McCauley. “I figure if I can do a hundred, I can do a thousand. If I can do a thousand, I can do five thousand, and so on. It’s all about building repeatable processes and managing things to core accountabilities. So, from an ops standpoint, I guess you could say I have some experience in this area.”

McCauley reports to David King, Chairman and CEO of AirTight Networks.

|

 

Go beyond a “checkmark”

|

AirTight WIPS goes beyond the PCI compliance “checkmark” to ensure that your sensitive payment card data is secure from wireless secure breaches. AirTight automates PCI wireless compliance scanning and reporting of rogue APs and other wireless threats that can put your data at risk. Automated threat containment ensures your network and data are secure at all times.

AirTight’s PCI scanning and remediation services offer a radically less expensive alternative to any competitive solution available today. Walking around with a wireless analyzer for conducting scans is a time-consuming process, limited in scope, cannot scale for large premises and is costly if multiple sites have to be scanned.

AirTight Cloud Services is a convenient, comprehensive, and effective solution for protecting sensitive payment card data and maintaining a strong PCI compliance posture.

  • Automated 24×7 intrusion detection and rogue AP scanning
  • Ability to maintain an up-to-date wireless device inventory (recommended by the PCI SSC)
  • Automatic blocking of Rogue APs and other wireless threats or hack attacks
  • Wireless threat and compliance violation alerts via email
  • Location tracking capability to physically hunt down Rogue and other threat posing wireless devices
  • Scheduled and on-demand PCI report generation and delivery to your inbox

 

|

802.11n, Best practices, Compliance, PCI, WiFi Access

802.11ac (Wave-1): MORE Network Engineering Insights

June 24th, 2013

802.11ac more engineering insightsIn my previous blog on the 11ac series, I explored 80 MHz channel operation in 802.11ac in the context of data rate, OBSS (Overlapping BSS), network throughput, and auto-channel assignment.

802.11ac (Wave-1): Network Engineering Insights

In the present post, I explore the other speed factor of 1.33X that shows up in the Wave-1 data rate equation: (2.16 x 1 x 1.33) x 450 Mbps of 802.11n rate = 1.3 Gbps. This 1.33X factor is attributed to the new modulation technique called 256-QAM introduced in 802.11ac (802.11n had only upto 64-QAM). Consistent with the theme of this blog series that the data rate equation does not bring out critical network engineering aspects, this post explores 256-QAM from the enterprise network design perspective.

 

256-QAM causes step function change in data rate near the AP

 

There are two newly added MCS’s (Modulation & Coding Scheme) in 802.11ac.  They result in respective data rate increase factors of 1.21 and 1.33, over the highest possible data rate in 802.11n for a given channel bandwidth and number of spatial streams.

These two newly added MCS’s use the 256-QAM scheme, which requires about 5 to 7 dB higher SNR (which is a lot given that dB is logarithmic scale) compared to the least SNR at which the best MCS in 802.11n (64-QAM, R 5/6) can work with.

As a result, the 256-QAM can only be used close to the AP. From the network engineering standpoint, the key point to note is that 256-QAM to 64-QAM is step function change, that is, as you move away from the AP, the data rate drops in step function from 256-QAM rate to legacy 64-QAM rate.

This observation is important to quantify cell-wide benefit of 256-QAM.

|

256-QAM is a step function change in data rate

|

What is the cell-wide impact of 256-QAM?

|

In enterprise deployments, clients are distributed throughout the cell. In a sense, this is different from the home networking environment where many clients can be close to the AP. A well-known principle in 802.11 is airtime un-fairness, which means clients away from the AP consume more airtime due to their lower speed compared to those closer to it. By now, you probably can guess what I am getting at.

For illustrative purposes, consider four clients (let us call them C1, C2, C3, C4) at four distances from the AP, respectively, and having data rates (assuming 40 MHz channels and 2 antennas on clients) as follows:

  • C1 @ 360 Mbps (256-QAM rate with 1.33X data rate increase),
  • C2 @ 270 Mbps (maximum 64-QAM rate),
  • C3 @ 216 Mbps (another 64-QAM rate), and
  • C4 @ 108 Mbps (16-QAM rate).

I will compare this situation with the corresponding 802.11n data rates (no 256-QAM) at the same distances for the same clients:

  • C1 @ 270 Mbps (maximum 64-QAM rate),
  • C2 @ 270 Mbps (maximum 64-QAM rate),
  • C3@ 216 Mbps (another 64-QAM rate), and
  • C4 @ 108 Mbps (16-QAM rate).

Below is the diagram depicting total airtime saved due to the use of 256-QAM for clients close to the AP in the above example. Here, I have avoided using lower rates like 54 Mbps and 27 Mbps (which are for the QPSK and BPSK modulation schemes) for clients further away from the AP to favor 256-QAM. The saving in airtime will be distributed to the clients in proportions of their data rates.

 

256-QAM airtime distribution _ with_wihtout

|

The above example shows about 4% saving in total airtime for the cell when the client close to the AP can use 256-QAM.. Also a point to note here is that actual numbers of data rates and clients are not important and that relative proportions are important. You get the same saving number for the same relative proportions of the data rates.

|

More clients away than close (Area = Pi * Square of radius effect)

|

The area of coverage of the cell is proportional to square of distance from the AP (middle-school formula for the area of the circle).

So in reality, there are usually more clients away from the AP than as many close to the AP. This type of client distribution requires computation of weighted proportions of airtime consumption rather than simple proportions as I did above. With weighted proportions, the savings in total airtime due to the use of 256-QAM close to the AP are below 5%.

For example, with one C1-type client, two C2-type clients, three C3-type clients and four C4-type clients, the total airtime saving because of C1 being able to use 256-QAM comes out to be 1.5%.

|

Airtime fairness feature on AP

|

APs support airtime fairness feature which tries to prevent higher airtime usage by clients operating at lower data rates. Suppose the fairness feature is configured to equalize the airtime consumption across clients. Then, in the computation above (with simple proportions), without 256-QAM, airtime would have been equalized as 25% each for each of the four clients. When 256-QAM is used, only one of the 25% slices (representing client closest to the AP) see airtime reduction of about 25% (due to 1.33X data rate).

So when normalized over the entire cell, with equal airtime fairness implemented on the AP, the total airtime saving due to the use of 256-QAM near the AP, comes to about 6.25%.  As discussed earlier, in general there will be more clients away from the AP than those close to the AP. With weighted proportions computation as above, the total airtime savings is about 2.5%.

|

New radio implementations

|

As we can see from the previous examples, raising data rates of only those client that are close to the AP (like what 256-QAM does), results in relatively small total airtime savings (this reminds me of an analogy from popular rhetoric: “what does it mean to the society if the rich become richer”).From the network engineering perspective, the clients that are away from the AP need more help. One hope is that 802.11ac clients may have better radio implementation than the 802.11n clients. This may enable the 802.11ac client at a given distance to achieve better SNR than the 802.11n client at the same distance. Introduction of low density parity check (LDPC) codes introduced in 802.11ac could also help a bit there, but that alone does not seem to be adequate. However, whether the net SNR boost will be adequate enough to raise the client at least one level up in the data rate (i.e., one layer up in MCS), remains to be seen until real life test results are out.

Overall, we see that 256-QAM shows juicy 1.33X gain factor in the Wave-1 data rate equation. However, from the perspective of cell-wide impact, the airtime savings can be much lower. There needs to be a way to raise data rates of all the clients, particularly of those away from the AP, in order to achieve attractive airtime saving (and hence capacity and throughput gain for the cell). In that regards, 256-QAM seems to be better geared towards home networking than enterprise networking.

weigh your 11ac options via engineering insightsFor enterprise networking, we may have to rely on radio implementation improvements due to hardware and processing techniques enhancements over time, to be able to obtain blanket data rate increase over the cell. Alternatively, one can plan coverage of .11ac cells to raise the minimum data rate at the edge of the cell, but it has cost and co-channel interference considerations.

These network engineering insights are appreciated only if you think outside of the isolated data rate equation!

|

 

Addition Information:

|

802.11ac, 802.11n, Best practices, mobile device management, WiFi Access, WLAN networks, WLAN planning

How to implement BYOD with Wi-Fi / WIPS assist

June 18th, 2013

BYOD Bring Your Own Device

|

Wi-Fi has become the de facto access medium for smart mobile devices in enterprise networks. Sitting at the edge of the network, Wi-Fi can assist greatly in implementing secure and disciplined BYOD in these networks.

There is no one-size-fits-all when it comes to BYOD management in the enterprise. However, from my experiences working with Wi-Fi and WIPS deployments, I have seen certain features that are particularly useful for organizations in implementing BYOD. This blog post explores some of these in greater detail. |

 

1)      Monitor new devices entering Wi-Fi

 

Monitoring for new smart devices entering the network is a first and important step in the implementation of disciplined BYOD. Wireless clients connecting to Wi-Fi are fingerprinted using packet level and protocol level characteristics to identify smart mobile devices.

|

WPA2 alone is not sufficient to stop personal devices from entering the protected Wi-Fi network.

|Monitor new devices entering Wi-Fi

|

2)      Enforce pre-configured policies on new devices entering Wi-Fi

 

Once a new smart mobile device is detected in the Wi-Fi network, different types of pre-configured policies can be automatically implemented. For example, one policy would be to block or limit access to new smart devices pending authorization. The Wi-Fi/WIPS solution can facilitate such policy enforcement by blocking new devices from accessing the secure network or provide them only limited access (e.g., access to only Guest SSID) until they are approved by IT administrator. |

Devices pending review |

3)      Automated approval/onboarding of new devices on secure Wi-Fi

 

Using mobile apps provided by Wi-Fi/WIPS vendor:  With the rising volume of new devices entering the network, manual approval and inventory may prove to be cumbersome. Using onboarding apps provided by the Wi-Fi/WIPS vendor, this process can be automated. New smart mobile devices are redirected to a portal and upon installation of the onboarding app, devices are allowed to enter the protected Wi-Fi. The onboarding app facilitates automated inventory and tracking for smart devices after they are admitted into the secure network. This app can also automatically configure secure WPA2 settings on the device without administrator intervention.

| Onboarding with AirTight Mobile app

|

Using third party MDM agents: Many organizations deploy specialized MDM (Mobile Device Management) systems to manage smart mobile devices accessing corporate assets. Several MDM systems choices are available in the market. So, BYOD onboarding workflow in a Wi-Fi solution that facilitates device onboarding with third party MDM agents is useful. With this workflow, new devices attempting to connect the network without hosting the MDM agent prescribed by IT are detected and redirected to install the MDM agent. Upon installing the MDM agent, they are allowed to enter the protected Wi-Fi. A point to note here is that MDM alone does not complete the BYOD story, combination of MDM and Wi-Fi gatekeeping is what is required. This is because MDM can control only managed devices, but Wi-Fi/WIPS gatekeeping detects unmanaged devices and helps bring them under MDM control. Airtight Wi-Fi provides API to implement this workflow using third party MDM agents.

|

4)      Wireless security for the admitted devices

 

Once admitted into the network, the mobile devices need to be afforded strong protection from vulnerable wireless connections and wireless attacks including rogue APs, tethering, personal hotspots, Wi-Phishing, client connections to neighborhood APs, ad hoc connections, etc.  With BYOD, the sheer volume of wireless endpoints seen in the wireless environment is expected to triple or quadruple over next 2-3 years. As a result, fully automated strong WIPS, free from false alarms and not requiring excessive configuration and signature maintenance is needed to be the part of the Wi-Fi solution in order to implement truly secure BYOD. |

As we can see, enterprises can take advantage of many Wi-Fi and WIPS features to implement secure and disciplined BYOD in their networks. These features range from identifying new smart devices entering the network to assist in smooth onboarding of the new devices to securing the new devices once they are admitted into the secure Wi-Fi networks. So don’t get stressed by BYOD, there are Wi-Fi and WIPS to assist you.

|

Additional Information:

|

802.11ac, 802.11n, Best practices, BYOD, mobile device management, smartphones, WiFi Access, WLAN networks, WLAN planning

Don’t deploy 802.11ac without thorough RF planning

May 29th, 2013

Wi-Fi RF Planning has never been trivial

 |

AirTight Planner : the solution to all your RF planning questionsTraditionally, anyone contemplating Wi-Fi deployment has always faced questions like:

  • How many access points?
  • Where do I install them?
  • What channels should they operate on?
  • Will the deployment meet my coverage and capacity objectives?
  • What will be my security exposure?  and so on.

Due to the myriad of issues that need to be addressed while making these determinations, manual processes and rules of thumb have always been cumbersome and/or imprecise, particularly for Wi-Fi deployments with large footprints.

 

802.11ac will only exacerbate RF planning challenges

 

802.11ac adds more elaborate channeling structure and new techniques to raise wireless data rates. 802.11ac is slated to arrive in two Waves – Wave-1 this year and Wave-2 next year. While the decibel level in the market is raised to prematurely hasten the 802.11ac upgrade cycle, the reality is that this is just the beginning of Wave-1. Many people may not see justification to jump on Wave-1 due to a myriad of practical, network engineering, and interoperability issues that Wave-1 faces. Also important is the fact that Wave-1 lacks the complete feature set of  802.11ac and new radios will be required when Wave-2 hits with those features. All this points to Wave-2 next year to be realistic timeline for large scale network upgrade to 802.11ac.

In any case, increased complexity of channelization and MAC in 802.11ac will result in increased complexity of RF planning over and above 802.11n. Improperly planned networks can result in undesirable side effects such as co-channel interference and slow talkers, which can take away the advantages that the new 802.11ac features have to offer. Also, the 802.11ac network will be expected to deliver higher capacity and increased reliability than the incumbent.  As a result, it is only natural that concrete benchmarking with what-if analyses will have to be done prior to investing in the network upgrade. The cost of 802.11ac APs will also be higher - at least in the beginning.  Accordingly, overprovisioning is undesirable.

 

Past experience has proven the value of scientific RF planning software

 

In order to answer difficult questions during Wi-Fi deployments in a quick, cost-effective, and accurate manner; and to facilitate easy what-if analysis, scientific RF planning software such as AirTight Planner have always proven to be useful. AirTight Planner imports CAD drawings of the facility with embedded material characteristics in them or can also  import floor images which can be annotated with building characteristics.

|

AirTight Wi-Fi Planner

|

View Airtight Planner data sheet

|

AirTight Planner allows you to drag and drop devices and quickly visualize your RF coverage

AirTight Planner allows you to drag and drop devices and quickly visualize your RF coverage

It then formulates RF propagation models for the facility using “ray tracing algorithms” (it does not draw primitive geometric circles like I have seen with some non-scientific planning tools). The software also takes coverage, capacity, and redundancy requirements as input. It then automatically computes BOM, AP placement and channel allocation to meet the desired criteria. AirTight Planner is great for planning AirTight secure Wi-Fi – to meet both Wi-Fi access and WIPS security objectives. In particular, when combined with band unlocked, software defined APs, it attains additional BOM efficiency and design flexibility. AirTight Networks also provides an RF planning service whereby customers simply hand over their floor plans (CAD or images) to our RF experts.  They will in turn design the network for the customer using AirTight Planner.

|

Due to its ease of use and accuracy, many Wi-Fi system integrators and VARs use AirTight Planner to plan networks based on even the third party APs. My best memory here is when we worked with a university in the past wanting to upgrade to 802.11n which was quoted 600 Cisco APs (not sure if it was thumb rule or stuffing rule that was used to arrive at that number), but they were not told where to deploy them. They sought AirTight planning service and our RF experts told them that 450 APs were more than adequate to meet their objectives. Startled by this affirmation, they challenged: “If after deployment, it is found that more than 450 are required, AirTight will pick up the cost of the additional 150 APs“. We took the bet. Needless to say, their network is now rolling with 450 APs at significantly lower cost than originally quoted.

Having delivered great value to customers over the past several years in symplifying their 802.11n Wi-Fi network planning, I expect AirTight Planner to deliver even more value when the real  802.11ac network upgrades begin with Wave-2!

 

How you can benefit from AirTight Planner:

|

If you are responsible for planning and deployment of Wi-Fi  in your organization,  you can :

    • Do it yourself with this easy to use software, or
    • Use AirTight Planning Service where our RF experts work with you to plan Wi-Fi deployments

If you are a distributor of Wi-Fi equipment, use our software to provide value added service to your customers.

|

Addition Information:

AirTight Planner

AirTight Planning Services

Airtight Planner data sheet

View a sample AirTight Planner report

BOM Math for Secure Wi-Fi Deployments

Wi-Fi networks in 5 GHz:  a few observations

 

802.11ac, 802.11n, Best practices, mobile device management, WiFi Access, Wireless security, WLAN planning

Attention Retail Marketers: In-Store Shoppers are Changing. Are You?

May 16th, 2013

Brick and Mortar Standout|

To say that mobile technology is impacting brick-and-mortar retail is akin to proclaiming at the turn of the last century that the motorcar just might change the horse-drawn carriage business. Shoppers today are empowered by technology to gain the advantage at every turn, whether it’s using a smartphone to find the best price for the same product online, locate out-of-stock sizes or colors in the store next door, or learn what their friends or other customers had to say about a product before they buy.

|

Retailers have two choices.

|

They can pretend this isn’t happening and actively try to discourage these new consumer behaviors, like not offering in-store Wi-Fi for fear of increased showrooming (see Free Wi-Fi is a Win-Win for Retail Marketers and Customers ). Or, they can listen to their customers and do everything in their power to meet their changing needs and expectations.

 

IBM Retail Study: From Transactions to RelationshipsSo what do these empowered consumers want?

|

According to the recent IBM study, From Transactions to Relationships: connecting with a transitioning shopper, what they want is a personalized in-store experience that not only mirrors the experience they get with online shopping, but is seamlessly integrated with their on- and offline shopping habits, preferences and history.

 

“Consumers are increasingly gravitating toward shopping experiences that allow them to be served according to their individual preferences,” states the report written by Kali Klena and Kill Puleri.

 

They then go on to outline the three key factors that retailers must address in order to capitalize on the changing behavior of the transitional consumer:

|

1.   Store dominance decreases in an omnichannel world

|

“The long-standing center of retail commerce, the brick and mortar store, is rapidly losing its appeal as customers turn to convenient online channels for their purchases.” This is not to say that the physical store will soon be going the way of the horse and buggy. While e-commerce is a legitimate threat to physical retail, it still represents only a tiny fraction of the overall retail market — 5.4% of total revenue to be exact.

No, the real threat to brick and mortar is decreasing customer loyalty in a world rich with choices, literally at the consumers’ fingertips. According to the IBM study, while 84 percent of respondents made their most recent non-grocery purchase in-store, only 56 percent said they were sure to return to the store for their next purchase.

 

2.   The impact of showrooming

|

Showroomers—those who use mobile devices in-store to research and often purchase lower-priced items online—may be a small (but growing) segment of the consumer population, according to the IBM study, but they have a grievous impact on in-store revenue. Showroomers made nearly half of all online purchases in the retail categories covered by the IBM study. Most chilling: twenty-five percent said they initially planned to buy in-store, and 65 percent plan to buy online for their next purchase.

showrooming figure 4 from IBM Retail Report

 

3.   Consumers desire more meaningful retail connection points

|

In this burgeoning world of location tracking, web, retail and social Wi-Fi analytics, one might think that consumers would be overly sensitive to a loss of privacy. On the contrary, they want retailers to know even more about them and their buying preferences. In fact, the IBM study states that

“the majority of shoppers were willing to contribute 20 minutes on average to help a retailer better understand their desires in order to provide them with more meaningful offers based on their past purchases.”

The key is to make sure you are using the data you collect to treat customers like individuals, not as a market segment, by providing personalized offers, tips and information.

 

What to do about it

|

The IBM study provides many more insights and next steps for retailers, and we highly recommend you read it. One tip that we at Airtight Networks agree with wholeheartedly:

 

AirTight Networks on-demand webinar“Technology will play a key role in helping retailers use this trend to boost loyalty and sales. As retailers start to offer customers free Wi-Fi access in their stores, they will have the opportunity to engage with customers while they are browsing the displays, by branding their Wi-Fi to drive shoppers to their own websites and services. And if customers give permission for their location to be tracked via their smartphone as they sign on to the Wi-Fi network, retailers can use analytics to make sense of this data and provide shoppers with personalized deals to drive conversion.”

|

Parting Thought

|

horse-drawn buggies riding into the sunsetIf you’re still worried about embracing the very technology that is threatening your business, I leave you with the story of William Durant, co-founder of General Motors and Chevrolet. Initially, he was highly skeptical of the gas-powered “horseless carriage,” thinking them so dangerous he wouldn’t allow his daughter to ride in one. He wasn’t alone. By 1900, there was an enormous public outcry for safety regulations. Rather than wait for the government to intercede, Durant embarked on a mission to build the safer machines consumers were demanding. He succeeded by listening to transitioning consumer expectations and embraced technical innovation head on. (For the record, prior to the revolution he helped bring about, his Durant-Dort Carriage company was the leading producer of horse-drawn buggies in the world.)

 

Additional Information

|

 |

 |

|

|

 

 

Best practices, smartphones, WiFi Access, Wireless security ,

Free Wi-Fi is a Win-Win for Retail Marketers and Customers

May 9th, 2013

|

ShowroomingRetailers have long battled the dual pressures of online shopping and congested marketing channels just to get people to walk through their door. Now showrooming has moved the war inside the store, as a fragile economy combined with the ubiquity of mobile devices has created a savvy new breed of consumers who use their smartphones and tablets to research products and prices while they browse the aisles. It’s like having scores of invisible competitors whispering in the ears of your hard won customers.

Fortunately, there’s a way to fight back, gain control of the conversation, and provide a deeper, more meaningful relationship with your customers, all while providing them with a service they’ve been asking for: free in-store Wi-Fi.

|

Your customers want free Wi-Fi

 Free Wi-Fi inside|

Recent research from Yankee Group finds that ninety-six percent of customers prefer locations that offer free Wi-Fi and return to stores that offer it. Seventy-eight percent of shoppers would access Wi-Fi if it were offered in-store. That alone should be reason enough to consider installing in-store Wi-Fi. However, while most retailers have put in the blood, sweat and tears necessary to make sure their online presence is as good, if not better, than their ecommerce-only competitors, many have neglected the potential digital footprint of their brick-and-mortar stores:

 

        • 26% of retailers do not have any wireless network
        • 26% only have wireless available for receiving and other inventory-related tasks
        • 29% have wireless connectivity throughout the store, but only for performance, POS, and other product-related operations
        • Only 19% provide wireless connectivity for customers

 

According to Retail Systems Research, “the lack of a wireless infrastructure on the selling floor…is the single biggest inhibitor to improving the in-store experience.”

 |

Free Wi-Fi is more than access. It’s Permission to Engage

 |

While it is true that customers with mobile devices can access the Internet through their mobile carrier data connection, thirty-seven percent of respondents of a recent Deloitte study reported problems accessing the Internet while in a store. In this “always on” world of instant connectivity to information and people, no access or spotty connectivity could actually be driving people out of your establishment. Offering free high-speed access not only provides a richer mobile experience – and goodwill toward your brand – it enables a valuable means by which you can further engage your shoppers. According to an OnDeviceResearch survey, 74% of respondents would be happy for a retailer to send a text or email with promotions while they’re using in-store Wi-Fi.

By being the digital intermediary between your customers and their in-store search behavior, you’re now in a position (and have their permission via your Wi-Fi service opt-in agreement) to engage in the conversation, offer price matching, access to expanded product offerings or personalized shopping lists. These personalized services not only help provide a seamless and customized brand experience that encourage consumers to stay longer or purchase more, but provide invaluable information about their in-store and digital shopping habits.

|

Wi-Fi Brings Online-style Analytics to Brick-and-Mortar

|

According to Deloitte 80% of consumers step in and out of the average retail establishment without making a purchase.

Retail Motion Infographic

Retail Motion Infographic

Since consumer-behavior data is typically collected at the point of sale (POS), you are basically blind to the interests, influencers and behaviors of an overwhelming majority of your in-store foot traffic.

Wi-Fi changes the equation by providing brick-and-mortar retailers with the type of deep analytics we’re accustomed to with our web and social media presence, including traffic flows, dwell time, mobile platform usage, web destinations and products researched. Access to real-time metrics enables retailers to better understand a large swath of their customers’ behavior – whether they’re buying or not.  Data collected can be used for anything from changing signage, product displays or traffic patterns, to providing personalized promotions or offers to individual shoppers.

|

Reasons Why Retail Leaders Use In-Store Wi-Fi

|

Reasons Why Retail Leaders Use In-Store Wi-Fi | RSR Research

|

The Bottom Line

|

|Wi-Fi is a Win-Win

Your customers are going to use their mobile devices to comparison shop in your store. Providing free Wi-Fi enables you to insert yourself into the conversation they’re having with your competitors. Analytics can give you unprecedented visibility into in-store behavior – both physically and digitally – which you can then use to create more value for your customers and brand loyalty for yourself. Consumers benefit by getting what they asked for – free, high quality Internet access – along with customized offers and an integrated, personalized experience across all of your channels. That’s a win-win if I ever heard one.   

|

802.11n, Best practices, PCI, WiFi Access, Wireless security , , , ,

The WiSE Article Series on CWNP

May 8th, 2013

|

CWNP (Certified Wireless Networking Professional) is widely recognized as the IT industry standard for vendor neutral enterprise Wi-Fi certification and training.  CWNP publishes videos, white papers, blogs, and other materials that assist the networker in learning Wi-Fi technologies and preparing for CWNP certification exams. The WiSE article series is one of these CWNP thought leadership content initiatives.

|

About the WiSE Article Series:

|

CWNP (Certified Wireless Networking Professional)Wireless is inherently complex; its study spans at least two engineering disciplines: Electrical Engineering and Computer Science. Add to this the nuances of various standards, vendor implementations, RF environments, and protocol interactions, and it is not uncommon to feel a little lost in understanding the various aspects of Wi-Fi network operation. In this series of short articles, we explain various Wi-Fi subtleties, to work toward a better understanding of Wi-Fi network deployments.

The WiSE article series editor is Tom Carpenter and the first 5 WiSE articles feature AirTight Networks wireless subject matter experts as CWNP guest bloggers.

|

1) Wi-Fi Throughput Algebra – Simplified

Author: Bhaskaran Raman, PhD.     Read WiSE article 1

In this first article in a multi-part WiSE Article Series, Bhaskaran Raman explains the formulas you can use to estimate throughput on WLANs. This article simplifies Wi-Fi throughput algebra, to give a rule of thumb for what throughput to expect when taking into account at least the first order factors which affect all environments and tests.   Read WiSE article 1

|

2) Wi-Fi Subtleties Explained (Parameters that Matter)

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 2

This second article talks about parameters that impact Wi-Fi throughput. You may be surprised to learn that it’s not all about the lower layers (Physical and Data Link), but the TCP communications have a significant impact as well.   Read WiSE article 2

 

3)  Wi-Fi Subtleties Explained (Channel Bonding)

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 3

In this third installment of the WiSE article series from AirTight Networks, channel bonding is considered. Some surprising results will cause you to rethink your network design plans and possibly how you will implement newer 802.11 technologies.  Read WiSE article 3

|

4)  Wi-Fi Subtleties Explained (Quality of Service [QoS] Controls)

Author: Hemant Chaskar, Ph.D.     Read WiSE article 4

Quality of Service (QoS) is another aspect of the network performance that is relevant for applications such as VoIP over Wi-Fi. In this context, QoS is provided by prioritizing the packets belonging to specific applications such as VoIP over others so that they encounter minimal latency in transit. It takes three different sections of the data path to use three different techniques for the end-to-end handling of wireless QoS-sensitive packets, as discussed below. The idea of this article is not to provide overview of standard Wi-Fi QoS mechanisms such as WMM, but to point out some subtleties in using them in the network.   Read WiSE article 4

 

5)  Interference from Non-WiFi Sources, Part 1

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 5 – part I

RF interference is an important concern in Wi-Fi networks. Such interference can come from two types of sources: Wi-Fi or non-Wi-Fi. In this and the follow up article, the focus is on subtleties pertaining to non-Wi-Fi interference sources.  Read WiSE article 5 – part I

 

Full list of CWNP WiSE articles

Check back often as new articles are published on a regular basis.

|

About the AirTight WiSE authors:

|

Bhaskaran Raman is a scientist at AirTight Networks, working on high performance Wi-Fi architecture. Bhaskar received his M.S. and Ph.D. in Computer Science from the University of California, Berkeley, in 1999 and 2002 respectively, and his B.Tech in CSE from IIT Madras, India in May 1997. He was a faculty in the CSE department at IIT Kanpur from 2003-07. Since July 2007, he has been a professor at the CSE department at IIT Bombay. His research interests and expertise are in wireless and mobile communication networks. Bhaskar was a recipient of the IBM Faculty Award in the year 2008. He has published research papers in various IEEE and ACM conferences and journals, and is on the editorial board of ACM Computer Communication Review.

Hemant Chaskar is VP for Technology and Innovation at AirTight Networks. In this role, he looks after AirTight’s technology R&D and also performs roles in product design, business development, and various customer facing activities. At AirTight, Hemant has been working on Wi-Fi networking and security for the past 8 years; and has held positions at Nokia Research and Lucent Technologies prior to that. He holds Ph.D. in Electrical Engineering from the University of Illinois at Urbana-Champaign.

 

Additional Information

 

Follow CWNP on Twitter

Contact Tom Carpenter – WiSE Article Series Editor

More information on CWNP certifications

Follow Airtight on Twitter

Contact Bhaskaran Raman and Hemant Chaskar at AirTight Networks

 

802.11ac, 802.11n, Best practices, Wireless scanning, Wireless security, WLAN networks, WLAN planning , ,

BOM Math for Secure Wi-Fi Deployments

May 1st, 2013

Dense or Distributed DeploymentsBy Hemant Chaskar

The building of the bill of materials (BOM) is an important factor in the Wi-Fi project plan. The cost of APs and the cost of other components in the Wi-Fi architecture contribute to the overall BOM. There are two types of large Wi-Fi deployments that we often see: distributed and dense. Examples of the distributed deployment are clinics, insurance offices, bank branches, retail stores, hospitality providers, etc. The number of sites in the distributed Wi-Fi can run into 100’s, 1000’s, or as in case of some of our retatil customers even 10,000’s. Dense deployments are typical of campus environments in which there are few campuses – each with large number of APs. There could be 100’s, or 1000’s of APs that may be required to cover a few campuses.

To compare and contrast BOM for different types of AP platforms for large distributed or dense deployments, we can think of these deployments in units of sections. For the distributed deployment with a number of sites and a few APs per site, the section can be a site such as insurance office, bank branch, retail store, etc. For the dense AP deployment, the section can be a floor of a multi-storied facility, part of the floor (e.g., East, West, North, South sections of floor plan), etc. For each such section, one can compute the number of APs which can be deployed in each section to stay within the overall Wi-Fi budget (the budget also has to account for the cost of Ethernet drops required for APs). For apples to apples comparison, let us say that the customer can negotiate the same street price for different types of APs. The tables below show how much functionality can be achieved with a given number of APs, in each section, and for different types of APs. Conversely, one can also think of it as how many APs per section are required to achieve certain functionality within each section.|

 

1) Dual radio APs without support for dedicated scanning radios (where only background scanning is supported)

 

Dual Radio
APs per Section
Traffic Radios WIPS Radios for Dual-band Scanning Limitations
1 2 0 Minimal security with background scanning only. Unable to detect and contain many types of vulnerabilities and attacks. VoIP radios cannot use background scanning so if you operate VoIP in say 5 GHz, even the minimal security protection is not obtained in the 5 GHz band.
2 4 0 Same limitations as above.
3 6 0 Same limitations as above.

|

2) Band-locked dual radio APs which can be either AP on both radios or WIPS sensor on both radios

|

Dual Radio
APs per Section
Traffic
Radios
WIPS Radios for Dual-band Scanning Limitations
1 2 0 Insecure
2 2 2 Full 2-radio device dedicated to WIPS is BOM inefficient.
3 4 2 Full 2-radio device dedicated to WIPS is BOM inefficient.

3) Band-unlocked dual radio APs with per-radio AP or per-radio dual band WIPS sensor configuration option

|

Dual Radio
APs per Section
Traffic Radios WIPS Radios for Dual-band Scanning Functionality Benefits over 2) Functionality Benefits over 1)
1 1 1 Secure VoIP + Full WIPS security
2 3 1 50% more traffic capacity + full WIPS VoIP + Full WIPS security
3 5 1 25% more traffic capacity + full WIPS VoIP + Full WIPS security

|AirTight-Stamp-best-value

Clearly, for secure Wi-Fi deployments, the dual radio AP platform with each radio independently software configurable as AP or as dual-band WIPS sensor gives maximum value for the given BOM in terms of both traffic capacity and security. This mode of operation is only possible with specialized AP platforms with band-unlocked radios. Let me elaborate below on what it means for the radios to be band-locked versus band-unlocked.

 

Dual radio APs with band-locked radios: Most dual radio enterprise APs are dual band, dual concurrent, but have band-locked radios. What it means is that one radio is configured for 2.4 GHz operation and the other for 5 GHz operation at boot time. So, once one of the radios is configured as AP in one band (say 2.4 GHz band), the other radio cannot scan channels in the 2.4 GHz band for WIPS functionality. The other radio can only scan 5 GHz channels as it is band locked to 5 GHz. As a result, these AP platforms cannot support the most efficient option 3) described above and it is then required to dedicate one full dual radio device for WIPS with one radio scanning 2.4 GHz channels and the other scanning 5 GHz channels for security monitoring (i.e., degrade to BOM inefficient option 2) described above).

Dual radio APs with band-unlocked radios: Some differentiated dual radio AP platforms such as AirTight APs allow each radio to be independently software configurable as AP or as dual-band WIPS sensor.  So when one radio is configured in one band as AP (say 2.4 GHz band), the other radio can still scan both 2.4 GHz and 5 GHz bands. It takes RF expertise to design such APs. Such APs can support all of the above three deployment options, and in particular, uniquely support the most efficient option 3) described above.

|

|Follow AirTight Networks on Twitter

|

In addition to AP platform consideration, there are additional Wi-Fi architectural factors which also affect total cost of solution:

|

a) Controller vs controller-less architecture: This is particularly important in distributed deployments. Controller architectures, originally designed for campus deployments, require per-site controllers  to achieve full functionality of AP. Deploying centralized controllers at headquarters talking to APs over WAN links does not offer robust functionality in distributed environments. See my earlier blog post: Is your cloud Wi-Fi genuine, or is it controller over WAN imitation? Per-site controller requirement increases the total BOM, particularly when the number of APs per site is small (can you imagine 100 controllers for 100 site deployment with 3 APs per site!). On the other hand, controller-less Wi-Fi with smart edge APs does not incur this additional cost.

Benefits of AirTight Networks cloud MANAGED WiFib) Centralized control as add-on versus built into solution: Large deployments require centralized console for configuration, management and reporting. Wi-Fi architectures with controllers embedded in APs, originally designed for small localized deployments, are not adequate for large deployments. These AP-embedded controller solutions require additional on-site management server assets for centralized control and may even require appliance controllers to fill the functionality gap between AP-embedded controllers and appliance controllers. These additional on-site server components add to overall cost. On the other hand, cloud managed Wi-Fi does not incur additional cost for centralized management. I have discussed differences between true cloud managed Wi-Fi and Wi-Fi solution with mere word cloud in it in one of the earlier posts: Different shades of cloud Wi-Fi: Rebranded, Activated, Managed.

c) Security as add on versus integrated into architecture: Some AP vendors offer WIPS as add-on to Wi-Fi infrastructure. These architectures require additional WIPS appliances and licenses to enable WIPS which can cause BOM to go up. On the other hand, if WIPS is built into solution it does not require additional appliances and licenses.

|AirTight Wi-Fi infrastructure

|As we saw, there are several factors such as AP capabilities and overall Wi-Fi architecture which can cause BOM for large Wi-Fi deployments to vary over a range as much as 2X. By making the right choices on each of the above fronts, the BOM can be significantly reduced, while obtaining the maximum value from the deployed Wi-Fi infrastructure. AirTight secure Wi-Fi can help to meet these goals – with band-unlocked dual radio APs, smart edge controller-less Wi-Fi architecture, HTML5 based central management console in the cloud, and the only top rated WIPS built into the solution.|

 

802.11ac, 802.11n, Best practices, mobile device management, WLAN networks, WLAN planning

Don’t let BYOD turn into “BYOR” in your network

February 27th, 2012

BYOD (Bring Your Own Device) seems to be the dominant theme for 2012 in the Wi-Fi infrastructure and security space. As people increasingly bring in personal smartphone devices on the enterprise premises, the network/security administrators are grappling with the security implications. Given how engaging the new smartphone and tablet apps are, conflict arises between the users’ desire and the network/security administrators’ intentions. You need to ensure that this conflict does not turn BYOD into BYOR (Bring Your Own Rogue AP)! Read more…

802.11n, Best practices, Compliance, smartphones, Wireless gadgets, Wireless security , , , ,

Skyjacking attack – then Cisco, now Aruba?

July 18th, 2011

Skyjacking Cisco WLC Aruba Mobility Controller AirWave Wi-Fi WIPSRecall “Skyjacking” vulnerability discovered with Cisco LAPs couple of years ago? It allowed hacker to transfer control of enterprise Cisco LAPs from enterprise WLC to hacker controlled WLC in the Internet with over-the-air attack. Once control is transferred, the hacker could change configuration on those LAPs in any way by adding, deleting and modifying SSIDs. The hacker could also tamper with Cisco monitor mode APs and take away the security layer. Cisco Skyjacking exploited vulnerability in Cisco’s over-the-air controller discovery protocol. Know more about it here 

Now a similar vulnerability seems to have been discovered in Aruba OS and AirWave console. The advisory states: “[a]n attacker could plant an AP with maliciously crafted SSID in the general vicinity of the wireless LAN and might trigger a XSS vulnerability in reporting section of the ArubaOS and AirWave WebUIs. This vulnerability could potentially be used to execute commands on the controller with admin credentials.” Though modus operandi is different from Cisco, the end result is similar – transferring the control of Wi-Fi controller to hacker by launching over-the-air attack.

No system is free from vulnerabilities and such things will continue to be discovered. But, you don’t have to give away “hack one, get one free”. You don’t have to give hackers control of Wi-Fi coverage and Wi-Fi security in a single shot. This can be achieved by ensuring that the Wi-Fi security layer operates independent of Wi-Fi infrastrucutre.  Read more…

Best practices, Wireless security , , ,