Archive for the ‘Wireless scanning’ Category

The WiSE Article Series on CWNP

May 8th, 2013


CWNP (Certified Wireless Networking Professional) is widely recognized as the IT industry standard for vendor neutral enterprise Wi-Fi certification and training.  CWNP publishes videos, white papers, blogs, and other materials that assist the networker in learning Wi-Fi technologies and preparing for CWNP certification exams. The WiSE article series is one of these CWNP thought leadership content initiatives.


About the WiSE Article Series:


CWNP (Certified Wireless Networking Professional)Wireless is inherently complex; its study spans at least two engineering disciplines: Electrical Engineering and Computer Science. Add to this the nuances of various standards, vendor implementations, RF environments, and protocol interactions, and it is not uncommon to feel a little lost in understanding the various aspects of Wi-Fi network operation. In this series of short articles, we explain various Wi-Fi subtleties, to work toward a better understanding of Wi-Fi network deployments.

The WiSE article series editor is Tom Carpenter and the first 5 WiSE articles feature AirTight Networks wireless subject matter experts as CWNP guest bloggers.


1) Wi-Fi Throughput Algebra – Simplified

Author: Bhaskaran Raman, PhD.     Read WiSE article 1

In this first article in a multi-part WiSE Article Series, Bhaskaran Raman explains the formulas you can use to estimate throughput on WLANs. This article simplifies Wi-Fi throughput algebra, to give a rule of thumb for what throughput to expect when taking into account at least the first order factors which affect all environments and tests.   Read WiSE article 1


2) Wi-Fi Subtleties Explained (Parameters that Matter)

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 2

This second article talks about parameters that impact Wi-Fi throughput. You may be surprised to learn that it’s not all about the lower layers (Physical and Data Link), but the TCP communications have a significant impact as well.   Read WiSE article 2


3)  Wi-Fi Subtleties Explained (Channel Bonding)

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 3

In this third installment of the WiSE article series from AirTight Networks, channel bonding is considered. Some surprising results will cause you to rethink your network design plans and possibly how you will implement newer 802.11 technologies.  Read WiSE article 3


4)  Wi-Fi Subtleties Explained (Quality of Service [QoS] Controls)

Author: Hemant Chaskar, Ph.D.     Read WiSE article 4

Quality of Service (QoS) is another aspect of the network performance that is relevant for applications such as VoIP over Wi-Fi. In this context, QoS is provided by prioritizing the packets belonging to specific applications such as VoIP over others so that they encounter minimal latency in transit. It takes three different sections of the data path to use three different techniques for the end-to-end handling of wireless QoS-sensitive packets, as discussed below. The idea of this article is not to provide overview of standard Wi-Fi QoS mechanisms such as WMM, but to point out some subtleties in using them in the network.   Read WiSE article 4


5)  Interference from Non-WiFi Sources, Part 1

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 5 – part I

RF interference is an important concern in Wi-Fi networks. Such interference can come from two types of sources: Wi-Fi or non-Wi-Fi. In this and the follow up article, the focus is on subtleties pertaining to non-Wi-Fi interference sources.  Read WiSE article 5 – part I


Full list of CWNP WiSE articles

Check back often as new articles are published on a regular basis.


About the AirTight WiSE authors:


Bhaskaran Raman is a scientist at AirTight Networks, working on high performance Wi-Fi architecture. Bhaskar received his M.S. and Ph.D. in Computer Science from the University of California, Berkeley, in 1999 and 2002 respectively, and his B.Tech in CSE from IIT Madras, India in May 1997. He was a faculty in the CSE department at IIT Kanpur from 2003-07. Since July 2007, he has been a professor at the CSE department at IIT Bombay. His research interests and expertise are in wireless and mobile communication networks. Bhaskar was a recipient of the IBM Faculty Award in the year 2008. He has published research papers in various IEEE and ACM conferences and journals, and is on the editorial board of ACM Computer Communication Review.

Hemant Chaskar is VP for Technology and Innovation at AirTight Networks. In this role, he looks after AirTight’s technology R&D and also performs roles in product design, business development, and various customer facing activities. At AirTight, Hemant has been working on Wi-Fi networking and security for the past 8 years; and has held positions at Nokia Research and Lucent Technologies prior to that. He holds Ph.D. in Electrical Engineering from the University of Illinois at Urbana-Champaign.


Additional Information


Follow CWNP on Twitter

Contact Tom Carpenter – WiSE Article Series Editor

More information on CWNP certifications

Follow Airtight on Twitter

Contact Bhaskaran Raman and Hemant Chaskar at AirTight Networks


802.11ac, 802.11n, Best practices, Wireless scanning, Wireless security, WLAN networks, WLAN planning , ,

Why Casinos Fear 802.11ac

April 14th, 2013


Why Casinos Fear 802.11ac : Real life Ocean’s Eleven


By Hemant Chaskar|

The expression “it’s too good to be true … then it probably is” is befitting of a recent Ocean’s Eleven type caper.  In March, the Crown Casino in Melbourne, Australia was the victim of a skimming scheme.  Mark Butler of the Herald Sun reported that “a gambler has been able to get into the security system remotely and, … advise the player about what other cards the other players are holding, and he’s cleaned up to the tune of 32 million.”  Amazing isn’t it, but anything is possible for that kind of “ROI”!


Crown Casino tweet


Did you know that Wi-Fi can also be used for skimming a casino?


casino player with hoodyLast year, we worked with a customer in Macau (the Las Vegas of the East) who described a casino skimming sequence over Wi-Fi, which is no less amazing than the Crown Casino story. In this sequence, the player has a Wi-Fi enabled camera or smartphone tucked on him. It takes videos of wheel of fortune being spun, roulette wheel being turned, or cards being shuffled. The video is sent to the cloud in real time over Wi-Fi. Neighborhood Wi-Fi APs around the casino floor, which for this customer were mainly in the shops and restaurants around the gaming zone which had all installed Wi-Fi for guests, are used to send the video to the cloud. Cloud computers crunch the video frames to arrive at high probability estimate of the winning bet. The estimate is communicated to the player who places the bets accordingly.


Higher speeds with 802.11ac means Wi-Fi skimming is all that more possible


With 802.11ac, Wi-Fi link speeds will go up several times. That would make sending video to the cloud even faster and with higher resolution, it makes the above skimming scenario even more successful. So, even though boon for enterprises and consumers, 802.11ac would be a thing for the casinos to worry about.


AirTight WIPS as antidote to skimming casinos over Wi-Fi


casino dealerWe offered AirTight WIPS to the Macau casino as an antidote to protect against skimming over Wi-Fi. With location based policy enforcement, AirTight WIPS identifies when clients are in sensitive gaming areas and then does not allow their Wi-Fi radios to connect to any neighborhood APs. When clients are outside of the sensitive gaming areas such as in the lobby, restaurants or stores, WIPS automatically releases them from the containment, so they can now connect to Wi-Fi. We call it geo-fencing!

Another way WIPS helps casinos, which we have seen in the US, is to enforce gaming regulation that online gambling provided by casino like raffles, bingos and such is not allowed outside of the casino facility. WIPS can detect when clients cross the boundary of the legal gambling facility and then prevent them from connecting to the casino APs thereby ensuring that online gambling can only be done from the casino floors.

These are some examples of application of the technology one cannot envisage while building it. But how much of a diverse value deep technology can provide is very satisfying to watch.

When we worked with the Macau casino few years ago, AirTight WIPS was overlaid on Cisco WLC infrastructure that the casino had deployed for its own wireless applications. Now, AirTight offers its own state of the art enterprise WLAN access product line with controller-less, cloud managed, smart edge APs, and AirTight WIPS built in at no extra cost. So whatever the threat scenario may be – rogue APs, honeypots, PCI compliance, BYOD, CIPA compliance, gaming regulation or exotic casino skimming - with AirTight Wi-Fi access solution, you never have to worry about Wi-Fi security.


Additional Information:

Crown casino hi-tech scam nets $32 million via Herald Sun


802.11ac, 802.11n, mobile device management, WiFi Access, Wireless scanning, Wireless security

Forbes – “stores are finally turning to WiFi” but is security lacking

December 14th, 2012

Really interesting article in Forbes by Verne Kopytoff on the reasons retailers have recognized the value of Wi-Fi for their customers and business processes. He notes that after years of resistance, stores have conceded that the shoppers have won the war. They want Wi-Fi and they will use their smartphones to check out deals.

There is no doubt that Wi-Fi has many positive effects on the shopping experience and, I would suggest, those effects outweigh the negatives of comparison shopping online in a store. There is also the obvious benefit of making sales associates more efficient and able to serve more customers faster.  Anyone who has ever gone into an Apple store near Christmas – and really who has not – has experienced just how fast one can get in and out even in a crowd.

However since retail stores have been late to this party, they need to think about the security implications of adding Wi-Fi and continuing to comply with the PCI DSS wireless scanning requirements.  Kopytoff points out that several large retailers added Wi-Fi capabilities just before the holiday season, which is unusual in and of itself since retailers rarely want to disrupt their systems too close to the holidays. In haste, they may have overlooked adding true Wi-Fi security processes to protect credit card data. It will be interesting to see if any problems arise during this season of manic shopping.

smartphones, WiFi Access, Wireless scanning, Wireless security , , , ,

Why retailers embrace cloud for Wi-Fi access, PCI and wireless security

June 26th, 2012

Retailers are increasingly looking to deploy Wi-Fi in their stores. They want to provide guest Wi-Fi to their patrons and also want to deploy in-store applications such as wireless POS and printers, wireless kiosks, wireless digital signage, and HQ network access over Wi-Fi. Coupled with these business drivers there is also a wireless PCI compliance requirement to protect credit card transactions. Retailers however face some unique challenges which were hitherto not met by traditional autonomous or controller Wi-Fi solutions. Now cloud managed Wi-Fi has made it quite feasible for them to achieve these goals.
Read more…

802.11n, Cloud computing, PCI, WiFi Access, Wireless scanning, Wireless security, WLAN networks

AirTight Rated “Strong Positive” by Leading Analyst Firm

July 14th, 2011


We are really excited here at AirTight.  AirTight achieved a rating of “Strong Positive” in Gartner’s 2011 Marketscope Report for Wireless LAN Intrusion Prevention Systems. published this week.  “Strong Positive” is the highest possible rating in a Gartner Marketscope. The July 2011 report was authored by John Girard, VP, Distinguished Analyst, John Pescatore, VP, Distinguished Analyst and Tim Zimmerman, Research Director at Gartner.

2011 Gartner Marketscope On Wireless LAN IPS matrix

2011 Gartner Marketscope On Wireless LAN IPS matrix

If you are concerned about wireless threats to your enterprise, including unapproved personal smart devices, this report outlines the key highlights and limitations of each solution as well as feedback from real customers of each vendor.

The 2011 MarketScope report evaluated vendors on five criteria – customer experience, offering (product) strategy, overall viability (business unit, financial strategy, organization), marketing execution, and product/service.

The report notes in part, “Wi-Fi support is a standard extension of corporate networks, and enterprises must ensure the vulnerability management and intrusion prevention processes be extended to cover wireless and wired networks. WLAN security monitoring in the form of wireless intrusion prevention systems (WIPS) is required to ensure that supported WLAN performance is not impeded by interference or denial-of- service attacks, WLAN traffic is kept private and secure, users are prevented from installing unauthorized WLANs, and unsupported/unauthorized WLAN technologies are barred from operation.”***

***MarketScope Disclaimer

The MarketScope is copyrighted 2011 by Gartner, Inc. and is reused with permission. The MarketScope is an evaluation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the MarketScope, and does not advise technology users to select only those vendors with the highest rating. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

PCI, smartphones, WiFi Access, Wireless scanning, Wireless security, WLAN networks

Aberdeen Wireless LAN Report Tracks Impact of Smart Devices

May 20th, 2011

A special Aberdeen Group report titled, “Wireless LAN 2011: Readying the Invisible Network for the Smart Revolution is the first industry study to track the impact of the rapid rise of smart devices on the WLAN.

The proliferation of embedded WiFi devices – smartphones, tablets, and Machine-to-Machine sensors (M2M) – and the explosion of wireless activity in and around the enterprise make maintaining a good security posture and meeting regulatory compliance requirements more challenging than ever.

According to Andrew Borg, senior research analyst, Wireless & Mobility for Aberdeen, and the report’s author, “A network is suboptimal unless network performance and security are both addressed. It isn’t enterprise class if it isn’t secure. As a consequence top-performing organizations are consistent in considering network security a high priority.”

This report is available immediately at no cost, courtesy of AirTight Networks.

Best practices, Compliance, mobile device management, smartphones, Wireless scanning, Wireless security, WLAN networks

SMBs, WEP still a target for War Drivers

May 9th, 2011

After the TJX breach, the PCI security council strengthened their wireless security standard in an attempt to prevent such catastrophic incidents from reoccurring.  While some of the largest retailers strengthened their wireless security, small and medium businesses need to take a look at their own security practices because they are just as susceptible, maybe more.  In its annual Data Breach Investigations Report earlier this week, Verizon said “criminals are increasingly hitting smaller businesses as it becomes harder to steal financial data from big companies.”

War-driving is still more common than most people probably think, but the number of incidents reported by small and medium businesses is very low.  In most cases, WEP encryption is still the target.  In a recent Network World article reported that Seattle police are investigating a group of criminals attacking local businesses via Wi-Fi access points encrypted with the flawed WEP protocol.  Does this appear to be an isolated incident? No.  According to the Seattle police, this group of criminals has been suspected of these types wireless attacks for as many as *5 years*.

What is troubling is the number of retailers that continue to opt for a “compensating control” to address their wireless security requirements.  Even PCI’s “approved” methods including quarterly wireless scans and visual inspections are insufficient to protect your business.   Wi-Fi is everywhere, its easy to find an unencrypted (or poorly encrypted) signal.

Until companies understand the risk of properly secured Wi-Fi, they will remain susceptible.    Just ask the guys in Seattle.



Best practices, Compliance, PCI, Wireless scanning, Wireless security

Are smartphones outsmarting your network security?

April 1st, 2011

If you are concerned about the proliferation of smart devices (Iphones, Droids, tablets) and the impact on  your network security, then this is a “can’t miss” webinar.   The inability to detect and block unauthorized personal devices from attaching to your network puts your business at risk.  AirTight CTO and Founder Pravin Bhawat discusses the challenges with mobile device management and the limitations of existing wireless network security measures.

Listen to the recorded webinar here.

802.11n, Best practices, Compliance, mobile device management, smartphones, Wireless scanning, Wireless security, WLAN networks

Wi-Fi Security in Quick Serve Restaurants

April 1st, 2011

Great webinar yesterday hosted by QSR Magazine featuring Yum Brands, Restaurants Unlimited and AirTight Networks.  Very insightful discussion with a couple forward thinking enterprises when it comes to deploying Wi-Fi in their restaurants, but the conversation is applicable to any retail environment really.  Clearly security and PCI compliance are still top of mind where wireless is concerned as expressed by the panelists as well as the research presented by AirTight Networks.  Over a period of 6 months, AirTight conducted a study of 725 retail networks and amazingly 24% of the still had at least one incidence of a rogue AP on the network, while 33% presented unsecure APs on the network.  68% of the networks studied has at least one wireless client vulnerability.


Best practices, Compliance, PCI, WiFi Access, Wireless scanning, Wireless security

Goodbye, WEP & TKIP

June 18th, 2010
Ban of WEP & TKIP

Ban of WEP & TKIP

Wi-Fi Alliance has (finally) decided to take some giant steps in improving the state of wireless security. Starting Jan 2011, TKIP will be disallowed on new APs and from 2012, it will be disallowed on all Wi-Fi devices. Come Jan 2013, WEP will not be allowed on new APs and from 2014, WEP will be disallowed on all Wi-Fi devices. This is the good news. But, let us also get to the “bad” news.


Read more…

PCI, Wireless scanning, Wireless security , , , , ,