MOJO Wireless http://blog.airtightnetworks.com AirTight Networks Blog Mon, 29 Jun 2015 02:03:40 +0000 en-US hourly 1 Visit AirTight at ISTE 2015 – Booth 3161 http://blog.airtightnetworks.com/visit-airtight-at-iste-2015-booth-3161/ http://blog.airtightnetworks.com/visit-airtight-at-iste-2015-booth-3161/#respond Mon, 29 Jun 2015 01:30:05 +0000 http://blog.airtightnetworks.com/?p=9507 Elevate the classroom experience with AirTight Secure Cloud Wi-Fi. Visit AirTight at ISTE 2015 - Booth 3161.   Read more

The post Visit AirTight at ISTE 2015 – Booth 3161 appeared first on MOJO Wireless.

]]>
Elevate the classroom experience with AirTight Secure Cloud Wi-Fi

AirTight is excited to be at this year’s edition of ISTE (International Society for Technology in Education) conference that takes place June 28 through July 1 in Philadelphia, PA.

Visit AirTight Networks at booth 3161 to learn all about:

               – IT Simplicity: No controllers. Easy setup and provisioning.

               – Student Safety: Ensure protection with WIPS and content filtering.

               – District Savings: Wi-Fi for less than $0.40 per student per month.

 

See for yourself why AirTight’s network solutions are easy to deploy and intuitive to manage while enabling advanced Wi-Fi user analytics and social engagement. Especially relevant in the education space, get peace of mind with AirTight’s widely acknowledged industry-leading security capabilities.

Drop by our booth where our experts are on hand to provide a live demo. Contact Sean Blantron @blantr0n if you want to set a specific time for your personalized demonstration.


Join the conversation online at #ISTE2015 and visit our website for more information.

 

Additional Information:

The post Visit AirTight at ISTE 2015 – Booth 3161 appeared first on MOJO Wireless.

]]>
http://blog.airtightnetworks.com/visit-airtight-at-iste-2015-booth-3161/feed/ 0
A New AirTight Partner Portal http://blog.airtightnetworks.com/a-new-airtight-partner-portal/ http://blog.airtightnetworks.com/a-new-airtight-partner-portal/#respond Tue, 23 Jun 2015 18:43:09 +0000 http://blog.airtightnetworks.com/?p=9471 AirTight is committed to drive 100% of all its business through the channel! We know you need the tools and we are delivering them. We are excited to announce a brand new Partner Portal for our AirTight channel partners. This new site is now your primary source for Deal Registration, Sales Tools, Marketing Resources, Training, Certifications and Support Portal access. Here are some highlights of this great new resource.   Read more

The post A New AirTight Partner Portal appeared first on MOJO Wireless.

]]>
AirTight is committed to drive 100% of all its business through the channel! We know you need the tools and we are delivering them. We are excited to announce a brand new Partner Portal for our AirTight channel partners. This new site is now your primary source for Deal Registration, Sales Tools, Marketing Resources, Training, Certifications and Support Portal access. Here are some highlights of this great new resource.

Single Sign-On

We want to make things as easy as possible for our partners and customers and the Partner Portal is no exception. With Mojo Studio™ you simply login once and receive access to all of your AirTight cloud tools and services. This includes the Partner Portal and Support Portal as well as any subscriptions for WLAN management, security, analytics, and guest management tools you may have.

mojo-studio-dashboard-for-blog

View it everywhere—on any device

Like our award-winning WLAN and security software, the Partner Portal is fully mobile responsive so it works equally well on your computer, tablet, or smartphone without having to download or install any apps. And because it’s so portable, you can download content, register deals, and sign up for events no matter where you happen to be.

AirTight Partner Portal works on any device

 

Great content

We packed a lot of useful information into the partner portal and made things easier to find. Our database driven pages make it easy to search and decide what you want to view or download. You can also see how partners like yourself rated the content.

AirTight Partner Portal content

Take a quick video tour of the AirTight Partner Portal

How to access the new Partner Portal

The Partner Portal is available to all registered AirTight channel partners and their employees. All you need is a valid partner email address.

Do you already have a Mojo Studio Partner account?
If so, simply log into Mojo Studio and click on the Partner Portal tile. If you do not see the tile, you may need to register for Partner Portal access

login button Register for Partner Portal access
If you do not  have a personal Mojo Studio partner account you can easily sign up for one by filling in the Registration Form. You will receive an email with login information and a link to create a new password.

As long as you have a valid AirTight channel partner email address, you’ll be granted access. Personal email accounts such as Yahoo or Gmail, or email domains that not officially registered as AirTight partners will not work.

sign up button


Interested in the portal, but not a partner yet?

AirTight Networks is 100% channel driven and we are looking for great partners to join us. For immediate consideration, please submit an AirTight Partner Program Application. We look forward to hearing from you.


“One of the biggest assets of this company it the simplicity around its deployment model, its price list, its products. It’s simple to buy and easy to install, which makes it a perfect fit for the channel.”
Kester Kyrie, Vice President of Worldwide Sales

Additional Information:

 

The post A New AirTight Partner Portal appeared first on MOJO Wireless.

]]>
http://blog.airtightnetworks.com/a-new-airtight-partner-portal/feed/ 0
10 Lessons for Retailers from Recent Security Reports http://blog.airtightnetworks.com/security-reports-for-retailers/ http://blog.airtightnetworks.com/security-reports-for-retailers/#respond Tue, 16 Jun 2015 17:00:00 +0000 http://blog.airtightnetworks.com/?p=9394 Recents security reports from Verizon and new data from Mary Meeker of Kleiner Perkins Caufield Byers have important security lessons for retailers. Read on for 10 key things you can learn.   Read more

The post 10 Lessons for Retailers from Recent Security Reports appeared first on MOJO Wireless.

]]>
Recent security reports from Verizon and new data from Mary Meeker of Kleiner Perkins Caufield & Byers have important security lessons for retailers. This blog summarizes key findings from these two widely respected sources.

Verizon has a unique position in having both a data breach investigation practice and a PCI compliance practice and can see “both sides of the coin.” It recently released its two anticipated security reports:

Mary Meeker echoes many of the themes from the Verizon security reports in her annual 2015 Internet Trends Report presentation for the Code Conference.

We have organized the findings in a list that retailers can use as a reference point:

  1. Impact of a data breach quantified
  2. POS intrusions are the leading source of confirmed data breaches
  3. Social engineering is still the preferred vector of attack
  4. Mobile devices are increasingly used to harvest data
  5. PCI compliance is a process
  6. Susceptibility to a breach has strong correlation with lacking PCI compliance
  7. …But even Verizon notes drawbacks in the PCI process
  8. Complying with PCI DSS is hard
  9. Automating security and PCI compliance is key
  10. Payment security matters

Each of the 10 points is expanded on below:

1. Impact of a data breach quantified

Verizon Data Breach Report introduces a new model of estimating the cost of a data breach. The model in rather involved, but the key finding is as follows:

“Forecast average loss for a breach of 1,000 records is between $52K and $87K.”
Source: Verizon 2015 Data Breach Investigations Report

Verizon: cost of a data breach quantified (Click to enlarge)

Verizon: cost of a data breach quantified (get the Verizon report)

Verizon notes that larger organizations have higher losses per breach, but they typically lose more records and have higher overall cost. For a smaller organization, even though the overall dollar amount may be smaller, the results can be devastating, amounting to a much larger loss as percent of annual revenue.

2. POS intrusions are the leading source of confirmed data breaches

Even though POS (point-of-sale) intrusions represent only .7% of reported security incidents, they result in 29% of confirmed data breaches, according to Verizon. This is not at all surprising given the headlines in 2014.

Verizon notes that most affected industries are accommodation, entertainment and retail – wherever payment cards are accepted. (We’ll discuss the intersection of PCI compliance and data breach prevention in the subsequent sections).

“POS intrusion result in 29% of confirmed data breaches.”
Source: Verizon 2015 Data Breach Investigations Report

Small restaurants and retailers were the attackers’ ‘cash cows’ for years; we just did not hear about these breaches. POS intrusion attacks evolved from impacting mostly small businesses with low dollar amounts to affective large organizations, leading to massive data losses.

Still, Verizon notes that attackers employ different methods to breach organizations of different sizes:

  • POS devices of small organizations are directly attacked, normally by guessing or brute forcing the passwords.
  • Breaches of larger organizations tend to be multi-step attacks, with some secondary system being breached before attacking the POS system.

3. Social engineering is still the preferred vector of attack

Many incidents involved direct social engineering of store employees to trick them into providing credentials needed for remote access to the POS system.

“38% of POS hacking involved stolen credentials”
Source: Verizon 2015 Data Breach Investigations Report

Little insider misuse was through accounts with high level access. More data breaches exploited the accounts of cashiers and call center operators than app developers and system administrators. The reasons cited by Verizon include high turnover of staff, lower security awareness and poor policies, such as shared accounts.

The ‘social engineering’ in question was surprisingly low-tech, often involving placing a call to the cashiers or phone bank operators to request the credentials.

Mary Meeker highlights the lack of security skills at all levels in organizations:

At least 30% of organizations cite a ‘problematic shortage’ of each of following: 1) cloud computing and server virtualization security skills; 2) endpoint security skills; 3) network security skills; 4) data security skills; 5) security analytics / forensic skills.
Source: 2015 Internet Trends Presentation by Mary Meeker (slide 89)

4. Mobile devices increasingly used to harvest data

Adware can be a potential precursor to attacks, giving perpetrators access to personal information such as contacts, which can be subsequently used to launch phishing or social engineering attacks.

“22% of breaches reported by network security decision makers involved lost or stolen devices.”
Source: 2015 Internet Trends Presentation by Mary Meeker (slide 88)

If devices are not properly locked down and protected, they can be used to access the sensitive information on the network. Mobile device management becomes critical.

5. PCI compliance is a process

Verizon notes that less than 1/3 of companies were found to be fully compliant a year after successful validation, indicating a lack of procedures for managing and maintaining compliance.

“4 out of 5 organizations still fail an interim assessment, indicating that they failed to sustain the security controls that they put in place.”
Source: Verizon 2015 PCI Compliance Report

6. Susceptibility to a breach has strong correlation with lacking PCI compliance

PCI guidelines have been evolving over the years, putting more and more emphasis on security and compliance as an on-going process. The emphasis on business practices has been paying off, and the Verizon PCI compliance report notes strong correlation between PCI compliance and security:

“Out of all data breaches Verizon investigated in the past 10 years none of the companies were compliant at the time of the breach.”

“Unbreached group outperformed the breached group by 36%, suggesting a strong correlation between not being PCI DSS compliant and being more susceptible to a data breach involving payment card information.”
Source: Verizon 2015 PCI Compliance Report

7. But even Verizon notes drawbacks in the PCI process

“PCI DSS relies on prevention, and not enough attention to detection, mitigation and identification of residual risks.”
Source: Verizon 2015 PCI Compliance Report

8. Complying with PCI DSS is hard

Verizon notes that before embarking on the PCI compliance journey, many organizations may not realize its scope, resource requirements and impact on the organizations.

What makes PCI compliance hard?

  • Scale and complexity of requirements
  • Uncertainty about scope and impact
  • Lack of resources
  • Lack of insight into existing business processes

9. Automating security and PCI compliance is key

Verizon places a big emphasis on automating security practices, to make them sustainable and consistent. Here’s just one examples of Verizon’s recommendations:

“Automate threat and vulnerability mitigation.
“A Plan-Do-Check-Act approach to the vulnerability management process can improve quality and help streamline it, so that it functions in a consistent, repeatable and predictable manner.”
Source: Verizon 2015 PCI Compliance Report

10. Payment security matters

Well, this is one is obvious, but the impact goes far beyond the data loss and fines, affecting consumer confidence and willingness to do business with a brand after a breach.

“47 of the 50 US states have mandatory notification laws, forcing companies to publicly any loss of data.”
“69% of consumers would be less likely to do business with a breached organization.”
Source: Verizon 2015 PCI Compliance Report

In conclusion…

Payment card security remains a complex matter; we just scratched the surface on the findings contained in the security reports. The security and compliance game goes well beyond the 10 lessons referenced in this post, but it’s a good start – for retailers and any other organizations where payment cards are accepted.


10 Lessons for Retailers from Recent Security Reports /via @AirTight
Click To Tweet


AirTight automates your wireless PCI compliance

If you are looking to automate your wireless PCI compliance, AirTight’s Wi-Fi solution has just such protection built-in, in the form of its wireless intrusion prevention system (WIPS).

WIPS is included with any cloud Wi-Fi system at no cost. The system can be centrally managed from the cloud, just as with Wi-Fi access.

Our WIPS is behavior-based, which allows for fully-automated 24X7 protection, with zero false positive / false negative operation. It requires no IT involvement for mitigation of wireless threats or compliance reporting.

Retailers have a chance to experience AirTight’s Wi-Fi at RIS 2015 Retail Executive Summit:

RIS 2015 Retail Executive Summit

 

Resources:

The post 10 Lessons for Retailers from Recent Security Reports appeared first on MOJO Wireless.

]]>
http://blog.airtightnetworks.com/security-reports-for-retailers/feed/ 0
Zone-based Wi-Fi Analytics Made Easy http://blog.airtightnetworks.com/zone-based-wi-fi-analytics/ http://blog.airtightnetworks.com/zone-based-wi-fi-analytics/#respond Thu, 11 Jun 2015 21:02:00 +0000 http://blog.airtightnetworks.com/?p=9355 Introducing AirTight's Zoning feature – integrated zone-based Wi-Fi analytics

We are excited to announce that our Zoning feature is now available as part of the AirTight Guest Manager cloud update as of June 2015. Zone-based Wi-Fi analytics has been one of the most requested features!   Read more

The post Zone-based Wi-Fi Analytics Made Easy appeared first on MOJO Wireless.

]]>
Introducing AirTight’s Zoning feature integrated zone-based Wi-Fi analytics

We are excited to announce that our Zoning feature is now available as part of the AirTight Guest Manager cloud update as of June 2015. Zone-based Wi-Fi analytics has been one of the most requested features!

Dwell time and footfall Wi-Fi analytics per zone

Zone-based Wi-Fi analytics allows customers to define zones / regions (used interchangeably) within their location, and gather dwell time and footfall analytics on a per zone basis.

Zone-based Wi-Fi analytics for retailers

A fashion goods retailer can create different zones like men’s clothing, women’s clothing, kid’s clothing, home and décor, shoes, home appliances etc. and gather analytics specific to each of these sections.

This provides insights into customer’s in-store behavior which can be used to understand which sections inside the store are most visited, where customers spend most of their time inside the store, if a promotion in a specific section helps attract customers and so on.

This can also dramatically help store managers in staffing and designing the store layout for the optimum.

Zone-based Wi-Fi analytics for public venues

Another useful application of this feature is in public venues like airports. Using zoning, airports can gather insights into how busy different sections are at different times of day. This allows them to adopt a dynamic pricing model for ad real estate.

These insights can also help airports improve operations by suggesting the optimal number of security lines at each terminal across various times during the day.

Wi-Fi zone-based analytics

Zone-based Wi-Fi analytics – dwell time (click to enlarge)

Customers can go back up to 1 year of zone analytics data that is stored in the distributed cloud database. Total footfall for the selected period for each zone can be viewed by selecting the particular access point.

Switching between the dwell time and footfall is an easy selection from a drop down menu.

Zone-based wi-fi analytics - footfall

Zone-based Wi-Fi analytics – footfall (click to enlarge)

Simplifying Zone-based Wi-Fi Analytics

One of the core design principles that we follow at AirTight is to make any feature remarkably easy for our customers to use.

We have lived up to that tradition here, by making it very simple to define a zone. A zone can be defined by dragging ‘in or out’ the zone circle for a particular access point.

Zone-based Wi-Fi analytics - define a zone

Defining a zone is super easy! (Click to enlarge)

Customers can add a floor plan through the WLAN management console and place access points. The Zoning feature automatically pulls this floor plan, from where customers can define zones and quickly start gathering analytical insights.

To improve accuracy, customers can also import the floor plan designed using the AirTight Planner tool.

This is configuration as easy as it can get!

Zone-based Wi-Fi Analytics – It’s All Included & Available Now

Unlike other competitive solutions, the Zoning feature is included as part of the latest upgrade delivered to all our cloud customers.

  • Existing cloud customers do not have to purchase extra license to enable zone-based Wi-Fi analytics.
  • For new customers, Zoning is included as part of the cloud subscription license.

Since we built this feature ourselves, there are no licensing or OEM fees that we have pay for third-party solutions. We are able to keep our costs down and to pass on those cost savings to our customers.

Zoning Feature Summary

  • Zoning allows customers to define a zone within a location and gather ‘dwell time’ and ‘footfall’ analytics on a per zone basis
  • Customer can go back up to 1 year worth of analytics data
  • It allows selection of specific time within a day to view the analytics data
  • Defining a zone is as easy as a simple drag of a circle
  • Customers can easily add a floor plan, define zones and quickly start gathering analytical insights
  • It’s all included and available now – does not require purchase of any extra licenses

Not a customer?

Not a problem! Request a personalized demo to see if the AirTight cloud Wi-Fi is the right solution for you.

Request a demo of AirTight cloud Wi-Fi

Resources:

The post Zone-based Wi-Fi Analytics Made Easy appeared first on MOJO Wireless.

]]>
http://blog.airtightnetworks.com/zone-based-wi-fi-analytics/feed/ 0
PCI Compliance and Wi-Fi: Friends or Foes? http://blog.airtightnetworks.com/pci-compliance-wi-fi-friends-or-foes/ http://blog.airtightnetworks.com/pci-compliance-wi-fi-friends-or-foes/#respond Thu, 28 May 2015 14:42:27 +0000 http://blog.airtightnetworks.com/?p=9321 In part 3 of the wireless PCI blog series, we focus on deployment best practices and common misconceptions when it comes to PCI compliance and Wi-Fi.   Read more

The post PCI Compliance and Wi-Fi: Friends or Foes? appeared first on MOJO Wireless.

]]>
This is part three of our blog series dedicated to wireless PCI compliance; in this installment we focus on deployment best practices and common misconceptions. Read part 1: New PCI 3.1 Guidelines Address SSL Vulnerability and part 2: 3 Trends Impacting Wireless PCI Compliance

Following our webinar on wireless PCI compliance, I sat down with Kevin McCauley bio on AirTight blog, director of retail business development at AirTight, and Sean Blanton bio on AirTight blog, systems engineering manager at AirTight, to follow up on the questions we got during the webinar.

We began by discussing how businesses can open up their Wi-Fi networks for guest engagement, while maintaining security and PCI compliance.

 

How can you balance the seemingly contradictory demands of having an ‘open’ network that welcomes visitors, but is also secure?

Kevin McCauley: A different way to look at this question is to ask – how can operators leverage the existing investment they have already made in network connectivity while maintaining PCI compliance and providing guest engagement? The biggest Wi-Fi question for me during my IT career at Yum! Brands was, “Why is guest Wi-Fi not free for me?”

I am a big believer in looking for ways to double- and triple-dip in my infrastructure investments. Guest Wi-Fi is just one of the uses you can put your wireless network to – the others being connectivity for staff productivity, wireless PCI compliance scanning and rogue detection. But keep in mind that while guest Wi-Fi and employee Wi-Fi are great to have, wireless intrusion prevention (WIPS) technology is a must-have when it comes to full PCI DSS compliance.

What are some misconceptions that IT managers and compliance officers still have when it comes to PCI compliance and Wi-Fi?

Sean Blanton: The biggest misconception out there is that creating a Wi-Fi network – either private or public – that runs off the same circuit as your CDE (cardholder data environment | via PCI Security Standards) will compromise PCI compliance. In other words, the concerns is that having both Wi-Fi and CDE traffic on the same network is a security and compliance detriment.

Quite the opposite – as long as you have proper controls in place to segment the various virtual networks, you can indeed be PCI compliant. The option we recommend is segmenting your traffic using VLAN technology and implementing proper firewall rules to make sure that your CDE network cannot talk to your non-CDE network.

The first question I ask anyone who has these concerns is whether they have managed, or smart, switches | via Wikipedia that have VLAN capabilities. VLAN is the optimal way to segment traffic and ensure security.

Is VLAN the only option?

SB: If your organization has not implemented managed switches, then definitely plan on it during your next upgrade cycle! Barring that, the NAT’ed network | via Wikipedia plus proper firewall rules at the AP level will allow you to segment your traffic. The firewall will prevent any ‘untrusted’ (guest) clients from accessing your trusted network.

 

What are some key attributes of Wi-Fi solutions hospitality operators should be looking for?

KM: Address PCI compliance and security first. No point in opening your network for customer engagement if you cannot protect your brand from breaches or data loss. Consider your customers’ experience as well – enable content filtering on your wireless system for family-friendly web browsing.

SB: To add to what Kevin said, I see some misconceptions with regards to Wi-Fi ‘abuse.’ I often have to address concerns that visitors will start streaming videos or downloading massive files from the web. IT managers worry that Wi-Fi that is drawing customers in will start having a negative impact on the business. In my experience, this has not been the case. The vast majority of users do not aim to abuse your network – it’s a great convenience, and that’s it.

There are also ways to prevent Wi-Fi ‘abuse’ in the AirTight system, such as setting time limits roughly equivalent to your typical dwell times and/or creating time-out periods, which would prevent a guest from reconnecting to the network for a specified window of time.


PCI Compliance and Wi-Fi: Friends or Foes? #PCI #WiFi Series: Part 3 of 3 via @AirTight
Click To Tweet


 

How should IT leaders work with the line of business managers to drive Wi-Fi projects forward?

KM: Don’t be afraid to experiment – run a pilot and see what kind of analytics you can gather from your airspace. Also keep in mind that Wi-Fi projects often start with a single use case in mind, but other departments – store operations, marketing and HR – soon want to jump on board.

We are seeing broad deployment of tablet-based applications, such as computer-based training, line busting or mobile POS. AirTight customers leverage our WIPS technology to lock those trusted devices to authorized Wi-Fi networks and prevent them from joining neighboring networks in the airspace.

So, can PCI compliance and  Wi-Fi be friends?

KM: Without a doubt!

This post concludes our three-part blog series dedicated to wireless PCI compliance. Read part 1New PCI 3.1 Guidelines Address SSL Vulnerability and part 2: 3 Trends Impacting Wireless PCI Compliance.

 

Additional information:

 

The post PCI Compliance and Wi-Fi: Friends or Foes? appeared first on MOJO Wireless.

]]>
http://blog.airtightnetworks.com/pci-compliance-wi-fi-friends-or-foes/feed/ 0
3 Trends Impacting Wireless PCI Compliance http://blog.airtightnetworks.com/wireless-pci-compliance-trends/ http://blog.airtightnetworks.com/wireless-pci-compliance-trends/#respond Thu, 21 May 2015 19:29:17 +0000 http://blog.airtightnetworks.com/?p=9284 This is part two of the three-part blog series dedicated to wireless PCI, which is a hot topic for retailers and other enterprises that accept payment cards. We look at 802.11ac, IoT and new network requirements, all of which create challenges for compliance and security officers. But the impact is not limited to just security personnel. IT and marketing, while focused on efficiencies and customer engagement, should also learn about wireless threats and trends. Brand protection is a team effort!

Read on for the in-depth look into the trends that impact wireless PCI compliance.
  Read more

The post 3 Trends Impacting Wireless PCI Compliance appeared first on MOJO Wireless.

]]>
This is part two of the three-part blog series dedicated to wireless PCI compliance, which is a hot topic for retailers and other enterprises that accept payment cards. Read part 1 of the series: New PCI 3.1 Guidelines Address SSL Vulnerability; part 3: PCI Compliance and Wi-Fi: Friends or Foes?

Kevin McCauley recently addressed PCI DSS 3.1 requirements and the changing technology landscape in the webinar “Do My Security Controls Achieve Wireless PCI DSS?”

Wireless-PCI-Compliance-Webinar-Kevin-McCauley

Missed the webinar? View it on demand.

Wireless technologies are evolving rapidly, presenting challenges to compliance and security officers. But the impact is not limited to just security personnel. IT and marketing, while focused on efficiencies and customer engagement, should also learn about wireless threats and trends. Brand protection is a team effort!

Read on for the in-depth look into the trends that impact wireless PCI compliance.

New 802.11ac standard & the impact on wireless PCI compliance

First off, consider the adoption of the 802.11ac Wi-Fi standard and take an informed approach to securing against vulnerabilities in that spectrum. According to IDC’s 2015 Wi-Fi shipment data,

“the 802.11ac standard continues to see adoption at a breakneck pace in the enterprise segment. The 802.11ac standard already accounts for 30% of access point shipments, representing a noticeably faster adoption rate than the 802.11a/b/g to 802.11n transition several years ago.”

802.11ac standard is also coming to consumer devices, creating a large pool of potential rogue access points.

So if you have an aging 802.11 infrastructure, don’t delay an upgrade to 802.11ac technology. Best of all, this upgrade does not come at a premium as 802.11ac and 802.11n infrastructure are generally available at comparable prices.

But make sure that your new 802.11ac infrastructure indeed offers 802.11ac wireless scanning. For example, consider a leading manufacturer’s 802.11ac AP, which offers two 802.11ac radios for client access and a third radio for wireless scanning. However, this third radio is an 802.11n radio! Therefore it cannot decode 802.11ac conversation and prevent 802.11ac threats.

Internet of Things is fast becoming a reality

IDC predicts that 29 billion connected devices will exist by 2020 – how will network and security professionals cope?

“Awareness around IoT continues to grow rapidly, even though full IoT reality is expected to come to fruition over the next several years. Still, with new network infrastructure getting deployed today, having an expected lifespan of five to seven years, it is reasonable to expect it will be able to handle the increased demands of IoT-related apps and traditional network access concurrently.”

Nolan Greene, Research Analyst, IDC’s Network Infrastructure group (quoting from AirTight Launches 802.11ac AP with ‘IoT-ready’ Wireless Intrusion Prevention System)

AirTight is helping merchants prepare by scaling up network monitoring capabilities on its 802.11ac platform. It has the ability to monitor 2000 active wireless devices per AP, which is critical as industries of all kinds move into digital connectivity.

Equally important is the capacity of AirTight’s cloud management system to scale to hundreds of thousands of devices being monitored across multiple geographies and customers. This scalability is coupled with AirTight’s patented 802.11ac WIPS technology, which allows for automated 24X7 protection and reporting.

Mobile POS & guest expectations create new requirements for Wi-Fi networks

Point of sale systems are the lifeblood of any merchant’s business. This is a well-established market and upgrade cycles can be long. However, adding mobile POS and prepping for EMV is pushing 47% of restaurants to look at POS upgrades, according to Hospitality Technology’s POS Software Trend Report 2015. This will lead to more and more tablets and other mobile devices being deployed in restaurants, for example. All of them need to be secured and the sensitive traffic protected.

At the same time, the availability of complimentary Wi-Fi access is becoming an increasingly significant factor in consumers’ choice of restaurants, according to the food industry research and consulting firm Technomic. About 40% of participants in a recent study conducted by the company deemed free Wi-Fi an “important” or “very important” consideration in restaurant selection—second only to whether an establishment includes such information as menus on its website, reports Hospitality Technology.

Retailers and restaurant operators especially face the double whammy of being asked to open up their Wi-Fi networks for customer engagement, while locking it down for security. Wireless PCI compliance will be a major factor in the decision-making process for any merchant deploying or upgrading their Wi-Fi networks.

Download the whitepaper [PDF]: “PCI Compliance In The World Of New Threats: Do My Security Controls Achieve Wireless PCI DSS?” - April 2015.

Don’t forget the human factors in wireless PCI compliance

Compliance officers are rightly concerned about human factors which can often be the soft underbelly of any security policy.

To future-proof themselves against both inadvertent security lapses and malicious internal or external actions, merchants should consider solutions that offer “behavior-based” security, which includes:

  • Strong device behavioral analysis logic, since traditional signatures and threshold based security solutions can’t catch up with the evolving monitoring scenarios.
  • Fast response time to threats, to tackle the new and optimized attack and policy violation triggers.

What is behavior-based security? Learn how AirTight implements it on its WIPS system from Hemant Chaskar’s blog post: Will Target Breach Prompt Retailers to Raise the Security Bar?


3 Trends Impacting Wireless PCI Compliance via @AirTight blog
Click To Tweet


Additional Information:

The third, final installment of the series will include a Q&A with Kevin McCauley that cover the questions received during the live webinar.

Read part 1 of the series: New PCI 3.1 Guidelines Address SSL Vulnerability

The post 3 Trends Impacting Wireless PCI Compliance appeared first on MOJO Wireless.

]]>
http://blog.airtightnetworks.com/wireless-pci-compliance-trends/feed/ 0
Google Project Fi – New Era for Mobile Technology? http://blog.airtightnetworks.com/google-project-fi-new-era-for-mobile-technology/ http://blog.airtightnetworks.com/google-project-fi-new-era-for-mobile-technology/#comments Tue, 19 May 2015 17:00:15 +0000 http://blog.airtightnetworks.com/?p=9233 I view Google Project Fi as a disruptor, from both technology and business model standpoint, for three reasons:
1) For the first time, we are witnessing a MVNO (Mobile Virtual Network Operator) piggybacking on multiple major national mobile carrier networks, in this case Sprint and T-Mobile.
2) And for the first time again, an operator is successfully marrying the cellular and Wi-Fi network in a fashion that has not been done before on this scale, at the same time being completely transparent and seamless to the end user
3) If Google Project Fi manages to seamlessly transfer (roam) both voice and data sessions from one carrier to another, that’s again another industry first.   Read more

The post Google Project Fi – New Era for Mobile Technology? appeared first on MOJO Wireless.

]]>
Google Project Fi is a new program launched by Google that claims to deliver fast, easy mobile service in partnership with leading carriers to create a unique experience for its subscribers. Below is a summary of its key features as advertised:

  • Google Project Fi uses LTE (from Sprint and T-Mobile) and Wi-Fi for both data and voice.
  • At any time, it uses the network that provides the best quality. Automatically switches if the quality on the currently associated network degrades and a better alternate network is available.
  • Seamless voice session roaming from Wi-Fi to LTE – if you are on a voice call inside your home over Wi-Fi and walk outside, the ongoing voice call automatically moves over to LTE
  • The selection of the network is completely transparent to the end user.
  • Currently Nexus 6 is the only phone that supports Project Fi.

‘Network as a Service’ Disrupting Carrier and Wi-Fi Industry

I view Google Project Fi as a disruptor, from both technology and business model standpoint, for three reasons:

    1. For the first time, we are witnessing a MVNO (Mobile Virtual Network Operator) piggybacking on multiple major national mobile carrier networks, in this case Sprint and T-Mobile.
    2. And for the first time again, an operator is successfully marrying the cellular and Wi-Fi network in a fashion that has not been done before on this scale, at the same time being completely transparent and seamless to the end user
    3. If Google Project Fi manages to seamlessly transfer (roam) both voice and data sessions from one carrier to another, that’s again another industry first.

Google has created a model where a subscriber can tap into a pool of available network resources –Wi-Fi and cellular networks offered by Sprint & T-Mobile. By combining different wireless technologies (cellular and Wi-Fi) and by aggregating multiple operators’ cellular networks, the value of Google Project Fi to the consumer is suddenly magnified. It is much larger than the sum of each network’s value by itself.

Google Project Fi - Whole is greater

Click-to-Tweet >> Google Project Fi – Whole is greater than the sum of its parts?

Technical Underpinnings of Google Project Fi

Multi cellular network support

Google likely signed roaming agreements with Sprint and T-Mobile, and the SIM selects the best network to connect based on the quality of the networks available. This model is quite scalable, as adding new cellular networks to the Google MVNO network pool is just a question of signing business agreement with different operators.

Single mobile number

Irrespective of which network the phone is connected to, there would be one number assigned to a user through Google Voice. The phone would use Google Calling App as the default application to place and receive voice calls.

Network selection

The phone requires some intelligence in its software to measure the quality of each network (multi cellular networks & Wi-Fi), and use the better one for data and voice. It also needs to continuously monitor the quality of current connection, so when it degrades, the phone’s software automatically switches to an alternate network. The client software could also potentially choose to use different networks for voice and data.

Data roaming between networks

Data roaming between the cellular networks, or from cellular to Wi-Fi is not a problem. Most streaming applications like YouTube, Netflix have intelligence in the client side (buffering and HTTP based streaming) to seamlessly stream data even if they roam between networks and the IP address changes. Users would hardly notice any impact on non-streaming applications like web browsing because of roaming.

Voice roaming between networks

For seamless roaming to work across multiple networks, there needs to be one aggregation point for all the voice traffic. In this case, the Google Voice infrastructure could be that single aggregation point. The phone creates a secure Layer-2 tunnel to the Google Voice Infrastructure, over any existing network connection be it cellular or Wi-Fi. The secure Layer-2 tunnel is always on, and since the tunnel terminates at a single aggregation point, the phone can retain a single IP address through the tunnel. The layer-2 nature of the tunnel also ensures the carrier has visibility to the device’s MAC address. As the phone roams from one network to another, the Layer-2 secure tunnel gets re-established through the new network connection and the phone retains same tunnel IP. The voice is always routed through the tunnel to the Google Voice infrastructure and this way has a single point of exit and entry.

My Wish List for Project Fi

Below is a wish list, but something Google can definitely pull off once the number of Project Fi subscribers reaches an inflection point

  • Google can make a case to get Verizon and AT&T into its pool, however I doubt that it would happen easily.
  • Initiate roaming agreements with international mobile operators for international roaming.
    Partner with mobile phone makers to support Google Fi natively. This could be publicly available through some version of Android in future.
  • Launch a business program where any cable operators and Wi-Fi MVNOs like Comcast, Time Warner, Cox, Boingo, etc. can sign up as providers to the Google’s network pool.

Google Project Fi is a giant leap towards making mobile connectivity ubiquitous, and Wi-Fi has a critical role to play. This will only accelerate the adoption of newer wireless standards like Hotspot 2.0 that improves the user’s experience.

The future of Wi-Fi has never been so exciting, so buckle up!

Related information

The post Google Project Fi – New Era for Mobile Technology? appeared first on MOJO Wireless.

]]>
http://blog.airtightnetworks.com/google-project-fi-new-era-for-mobile-technology/feed/ 1
How to Hit a Home Run with iBeacon http://blog.airtightnetworks.com/how-to-hit-a-home-run-with-ibeacon/ http://blog.airtightnetworks.com/how-to-hit-a-home-run-with-ibeacon/#respond Thu, 23 Apr 2015 21:30:08 +0000 http://blog.airtightnetworks.com/?p=9178 iBeacon has been getting a lot of attention lately mainly because of claims of how it can transform the retail industry. After having talked to many retail customers, iBeacon technology providers, and others closely associated to this eco system, it occurred to me that iBeacon and baseball have a lot in common.

Just like in baseball, where a player has to advance through all the bases to score a run, there are some essential solution components to be built up before a retailer can extract value out of iBeacon. Continue reading to find out how to make your iBeacon deployment be a home run.   Read more

The post How to Hit a Home Run with iBeacon appeared first on MOJO Wireless.

]]>
iBeacon has been getting a lot of attention lately mainly because of claims of how it can transform the retail industry. After having talked to many retail customers, iBeacon technology providers, and others closely associated to this eco system, it occurred to me that iBeacon and baseball have a lot in common.

Just like in baseball, where a player has to advance through all the bases to score a run, there are some essential solution components to be built up before a retailer can extract value out of iBeacon. Read on to find out how to make your iBeacon deployment be a home run.

iBeacon 101

First things first – a quick overview of iBeacon. iBeacon is a standard for beacon advertisement over BLE developed by Apple.  It accomplishes 2 main tasks:

  1. defines how the beacon advertisement packet should look like, and
  2. allows mobile applications to listen for those advertisements.

iBeacon advertisement format has three main fields –

  1. UUID,
  2. Major version, and
  3. Minor version.

The purpose of having these three fields is to uniquely identify a beacon. Typically in retail, the UUID field is used to identify a brand, Major version is used to identify a store and the Minor version is used to identify a specific section within the store. By combining these three fields, the proximity of the user can be found when the phone detects the beacon.

Diagram: iBeacon Advertisement Format Fields are UUID, Major version, and Minor version.

iBeacon Advertisement Format Fields are UUID, Major version, and Minor version.

Customer Journey through the iBeacon Solution

Let’s trace the journey of a customer through the iBeacon solution stack. iBeacon tags, deployed in the store, advertise beacons. A phone that is in proximity of the tag hears the beacon, and wakes up the retailer’s mobile application that is listening for the specific UUID. The mobile app sends the beacon information to the retailer’s campaign management system in the backend. The campaign management system now tries to create an intelligent context around the person’s location, likes, profile, shopping behavior, some of which are obtained by interacting with backend systems and other sources and could push a context aware notification (coupon, message, etc.) to mobile app on the customer’s phone.

 

Diagram: Journey of a user through the iBeacon solution

Use case scenarios using iBeacon are plenty and is really left to one’s imagination.

iBeacon Solution Components

Let’s now break down the iBeacon solution into various components. Broadly there are three main components:

  1. Beacon Tags

Beacon tags are small BLE devices and all they do is transmit advertisement packets. The tags are usually sprayed across the retail store, and they come in various shapes and forms. Most of them are battery powered, although some can be powered over USB and some of them are integrated into the wireless access point. The tags usually operate at very low power (0 dBm), making the coverage area of one beacon very small (4 ft radius) for micro locationing. Since most of them are battery powered, operating at lower power extends the battery life on the tags.

The tags by themselves add very minimal value to the iBeacon solution. The iBeacon tags have become a commodity in the industry and retailers gain minimal value by deploying just iBeacon tags across the stores. However, the tags are an essential component towards building the iBeacon solution.

  1. Mobile Application

The next component is the mobile application (mobile app) residing on the consumer’s phone. The mobile application is the one that detects the presence of tags, creates a proximity context of the user and sends triggers to the retailer’s back end system (like the campaign management system). The mobile app is also the interface through which the retailer can interact with the user to send contextual notification, messages, coupons, etc.

To be able to detect the beacons, retailers need to build beacon ready apps. They would have to download the BLE SDK platform from one of the vendors and integrate the app with their API’s & SDKs to be beacon ready. Through the SDK, the mobile app can be configured to listen to specific UUID from the beacons. This ensures that when the phone sees a beacon inside a ‘xyz’ store, the ‘xyz’ retailer’s app is woken up and not the app belonging to another retailer. Most iBeacon hardware vendors also provide the necessary toolkit for integrating the BLE SDK into the mobile application.

The mobile app also requires a well-defined interface to integrate seamlessly with the backend campaign management system.

  1. Campaign Management

This is probably where most of the intelligence resides in the entire solution stack and the component that adds the most value. Campaign management system is responsible for designing how the retailer’s mobile app reacts to a beacon over a configured period of time. Depending on how long the user was seen, time of the day, day of the week, visit frequency, last visit period, etc., the campaign management system can send contextual notifications, messages, coupons through the mobile app to the end user. As an example, if a phone is detected in front of the TV section for more than 10 minutes (as detected by the beacon located in front of the TV shelf) this is a trigger to send a discount coupon for the TV or a message asking if the user needs any help. The use cases are plenty, but all these engagement rules combined with the tags and the mobile app is what collectively adds value.

Diagram:  iBeacon Campaign Management

 

Follow Sriram Venkiteswaran on Twitter

 

Home Run with iBeacon Solution

To score a run in baseball, the player needs to advance around all the three bases and safely return to the home plate. If a player gets out at any base before reaching the home plate, he does not score any run. Similarly, if the retailers misses any of the component laid out above, they get out before extracting any value from the iBeacon solution. So retailers considering deploying iBeacon solution should take a holistic view in building all the components to score a home run with their iBeacon deployment.

Diagram:  Home run with iBeacon solution

Summary

Following are the key considerations for retailers to hit run with their iBeacon deployment:

  • Retailers have to build their mobile application to be beacon ready by integrating with BLE SDK platform
  • They need to have a strategy to get the mobile app on the as many user’s phones
  • A well designed backend campaign management system
  • Intelligence in the backend to build user context by interacting with various systems
  • In-store Wi-Fi for engaging with the user by delivering media-rich content

 

Additional Information:

Join us for an informative webinar regarding the usage and deployment of an iBeacon solution. In this 30 minute webinar we will work through what to consider when deciding to engage in an iBeacon deployment.

On-demand webinar regarding the usage and deployment of an iBeacon solution.

iBeacon Reality Check _ Essential Considerations for an iBeacon Deployment via SlideShare

On-Demand Webinar: iBeacon Reality Check: Essential Considerations for an iBeacon Deployment

In this 30 minute webinar Sriram Venkiteswaran walks through what to consider when deciding to engage in an iBeacon deployment.

  • What is iBeacon?
  • iBeacon Reality Check
  • Components to Build an iBeacon Solution
  • iBeacon Challenges

 

 

The post How to Hit a Home Run with iBeacon appeared first on MOJO Wireless.

]]>
http://blog.airtightnetworks.com/how-to-hit-a-home-run-with-ibeacon/feed/ 0
New PCI 3.1 Guidelines Address SSL Vulnerability http://blog.airtightnetworks.com/pci-3-1-guidelines-ssl-vulnerability/ http://blog.airtightnetworks.com/pci-3-1-guidelines-ssl-vulnerability/#respond Thu, 23 Apr 2015 11:55:52 +0000 http://blog.airtightnetworks.com/?p=9136 In April 2015, the PCI Security Standards Council (PCI SSC) published PCI Data Security Standard (PCI DSS) Version 3.1 and supporting guidance. The revision addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk. This blog explains what this change represents to you and your business. Includes 2 whitepapers and 1 infographic.   Read more

The post New PCI 3.1 Guidelines Address SSL Vulnerability appeared first on MOJO Wireless.

]]>
On April 15, the PCI Security Standards Council (PCI SSC) published PCI Data Security Standard (PCI DSS) Version 3.1 and supporting guidance. The revision addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk.

Available now on the PCI SSC website, PCI 3.1 is effective immediately.

 

>>>  PCI DSS 3.0 will be retired on 30 June 2015.  <<<


PCI SSC explains:

Download the PCI Data Security Standard 3.1 [PDF], April 2015 via PCI Data Security Council document library.

Download the PCI Data Security Standard 3.1 [PDF], April 2015 via PCI Data Security Council document library.

“The National Institute of Standards and Technology (NIST) identified SSL (a cryptographic protocol designed to provide secure communications over a computer network) as not being acceptable for the protection of data due to inherent weaknesses within the protocol. Upgrading to a current, secure version of Transport Layer Security (TLS), the successor protocol to SSL, is the only known way to remediate these vulnerabilities, which have been exploited by browser attacks such as POODLE and BEAST.”                                         Source: PCI Council Publishes Revision to PCI Data Security Standard — PCI DSS 3.1 and supporting guidance helps organizations address vulnerabilities within SSL protocol that put payment data at risk; PA-DSS revision to follow — PCI Security Council, April 2015.

PCI 3.1 and supporting resources are available on the PCI SSC website.  This blog explains what this change represents to you and your business.

 

New PCI 3.1 White Papers Released

Just in time for the PCI SSC’s news, AirTight released two new white papers:

1) “Do My Security Controls Achieve Wireless PCI DSS? PCI Compliance in the New World of Threats”, and

2) “PCI DSS 3.1 and the Impact on Wi-Fi Security”

 

1) Do My Security Controls Achieve Wireless PCI DSS? PCI Compliance in the New World of Threats

This white paper covers wireless trends that may impact PCI compliance, such as Internet of Things, 802.11ac transition and mobile POS adoption.

The paper highlights why 802.11ac adoption may create security blind spots. According to IDC’s 2015 Wi-Fi shipment data:

“the 802.11ac standard continues to see adoption at a breakneck pace in the enterprise segment. The 802.11ac standard already accounts for 30% of access point shipments, representing a noticeably faster adoption rate than the 802.11a/b/g to 802.11n transition several years ago.”

802.11ac standard is also coming to consumer devices and anyone can buy an 802.11ac access point at a local Best Buy, creating a pool of potential rogue access points.

Many merchants may be reluctant to invest in 802.11ac technology for their Wi-Fi networks due to limited capacities of their backhaul. However, the risk of not being able to detect and mitigate 802.11ac threats is real.

From the standpoint of wireless intrusion prevention, you need 802.11ac sensors to perform your wireless PCI compliance scanning – 802.11n radios can only detect a subset of security threats in the 802.11ac spectrum.

So if you have an aging 802.11n or earlier infrastructure, this is a strong reason to upgrade to 802.11ac technology.

Download the whitepaper for additional trends and to learn how to leverage technology to lower the barriers to wireless PCI compliance.

Do my security controls achieve the spirit of wireless PCI DSS?  

Register for the webinar: May 5th 8am PDT [on-demand]

2) PCI 3.1 and the Impact on Wi-Fi Security

The paper discusses PCI DSS 3.1 requirements from the wireless perspective and provides best practices for compliance, security and IT managers.

Let’s have a look at some of the best practices highlighted in the paper:

  • Limit the scope of your PCI audit through network segmentation
    The “golden rule” is to limit the scope of your PCI audit to the card holder environment (CDE). This ensures that any network or device that does not interact with card holder data is firewalled from the systems that transmit, store or process cardholder data. Doing this will really limit the effort required to demonstrate PCI compliance.
  • Use strong wireless encryption and authentication
    This holds true for any wireless that touches the CDE, especially mobile POS which would include WPA2 encryption and strong authentication and encryption on the wireless network. Make sure that the client devices are hardened and secure so they can’t be stolen and sensitive data cannot be taken off those devices.
  • Implement an incident response plan
    Document the plan you will go through when an incident is found. Having your process documented and ready to go will help you minimize ad hoc reactions to specific incidents.
  • Establish and maintain a strong relationship with your auditor
    Maintain the same audit company and team year over year if possible, as this reduces time and effort to familiarize the auditor with your environment which will ultimately reduce the audit expense and ease the process for your internal staff. Organizations can then focus on remediating gaps and assessing new systems and environment that changes from year to year rather than bringing a new auditor up to speed on their environment.

Download the whitepaper for a comprehensive overview of wireless PCI compliance and security, including additional best practices.

 

The world of wireless PCI compliance is changing. Are you ready? 

 

Additional Information:

 

This post is part 1 of the 3-part series on wireless PCI compliance. Read part 2: 3 Trends Impacting Wireless PCI Compliance and part 3: PCI Compliance and Wi-Fi: Friends or Foes?

 

Do my security controls achieve the spirit of wireless PCI DSS?  

Register for the webinar: May 5th 8am PDT [on-demand]

.

The post New PCI 3.1 Guidelines Address SSL Vulnerability appeared first on MOJO Wireless.

]]>
http://blog.airtightnetworks.com/pci-3-1-guidelines-ssl-vulnerability/feed/ 0
More on the Inner Workings of LTE-U for the Wi-Fi Professional http://blog.airtightnetworks.com/more-on-the-inner-workings-of-lte-u-for-the-wi-fi-professional/ http://blog.airtightnetworks.com/more-on-the-inner-workings-of-lte-u-for-the-wi-fi-professional/#respond Thu, 09 Apr 2015 12:55:09 +0000 http://blog.airtightnetworks.com/?p=9109 Part II of 2 part LTE-U blog series. In this LTE-U blog installment, I expand on 3 additional concepts: OFDMA – Yes With an “A” in the End, Wi-Fi Co-existence and LBT, and Common Backend Network between LTE and LTE-U.   Read more

The post More on the Inner Workings of LTE-U for the Wi-Fi Professional appeared first on MOJO Wireless.

]]>

The first part of this 2-part blog covered the following topics:

  1. LTE-U Channel Plan, and
  2. Carrier Aggregation (CA) – What Makes LTE-U Happen
    • LTE-U as Supplemental Downlink (SDL) to LTE
    • Small Cells and Client Side Support

Read it here:  Inner Workings of LTE-U for a Wi-Fi Professional

This second part of the blog covers the following additional topics:

  1. OFDMA – Yes With an “A” in the End
  2. Wi-Fi Co-existence and LBT, and
  3. Common Backend Network between LTE and LTE-U

1) OFDMA – Yes With an “A” in the End

Orthogonal Frequency Division Multiple Access (OFDMA) is the LTE-U’s way of doing simultaneous multiuser (MU) transmissions, which is inherited directly from LTE. The base station (called eNodeB in the LTE terminology) dynamically allocates different subsets of OFDM sub-carriers in the LTE channel to different users in the cell. Schedules for supplemental channels (in case of carrier aggregation) can be communicated over them or over the primary channel, which is ideal for LTE-U. The minimum time duration for which a block of sub-carriers (called “resource block”) can be allocated to a user is 1 ms, called as a “sub-frame” in LTE terminology. Schedules can be changed by the base station potentially as fast as every 1 ms. Both the uplink and the downlink allocations are controlled by the eNB.

This is different from Wi-Fi where all OFDM sub-carriers in the channel are assigned to a single user during the frame transmission, while simultaneous MU transmissions (in Wave-2 of 802.11ac) are done via spatial stream separation.

Below are some techniques where LTE-U air interface differs from Wi-Fi in interesting ways:

  • Scheduling: Base station controls transmission schedules in LTE-U as opposed to the contention based access in Wi-Fi. Wi-Fi suffers from collision problem, which gets worse as the number of devices that are contending for the channel increases. LTE-U does not face collision problem on downlink or uplink. The current focus of LTE-U is on the downlink (SDL – Supplemental DownLink), but it won’t be long before LTE-U is also available for uplink (SUL).
  • CQI (Channel Quality Indicator): There is constant feedback in LTE-U from the client to the eNB so that appropriate MCS (Modulation Coding Scheme) can be used for transmission. In contrast, Wi-Fi uses lack of ACK followed by rate fall back (called “rate adaptation”) to guess the suitable MCS for transmission. There are 16 MCS’s spanning QPSK, 16-QAM and 64-QAM in LTE-U.
  • MIMO Feedback (called PMI and RI): There is constant channel feedback in LTE-U from the client to the eNB to optimize MIMO parameters for transmission. In Wi-Fi, there isn’t equivalent of this for spatial multiplexing, but there is explicit feedback for transmit beam forming in 802.11ac which requires sounding packets.
  • HARQ (Hybrid ARQ): There is additional layer of quick feedback loop below ARQ in LTE-U which also uses soft combining, meaning signals from bad transmission and re-transmission are constructively combined to increase success rate of re-transmission. In contrast, Wi-Fi has only one loop of ARQ and also throws away bad frames.
  • Protocol overheads: Wi-Fi incurs MAC and PHY overhead for every frame. Also, frames such as probes, null data, sounding, RTS/CTS eat away bandwidth in Wi-Fi. In contrast, overheads within LTE-U come from pilot symbols, control channels, transmission scheduling etc.

2) Wi-Fi Co-existence and LBT

When LTE-U eNB transmits a frame which is 10 ms long (consisting of 10 sub-frames of 1 ms each), Wi-Fi devices will detect this as noise and back off (recall -62 dBm energy detection rule in Wi-Fi). LTE-U needs to provide a breather for Wi-Fi by keeping quiet for some frames. As a reference, a 10 ms time duration is about the time required to transmit an aggregated frame of 8 TCP packets in Wi-Fi at a 10 Mbps data rate. As per one proposal described by Qualcomm, the LTE-U radio will keep measuring occupancy on a channel and based on that determine how many frames to transmit and how many to stay quiet (called duty cycle). They have called it CSAT (Carrier-Sensing Adaptive Transmission).

Conversely, does LTE-U delay its frame when Wi-Fi transmission is ongoing? LTE-U does not currently specify standardized listen before talk (LBT) mechanism. So, if the Wi-Fi transmission is ongoing when LTE-U radio turns on to transmit the frame, the two will collide during the period of overlap. LTE-U will continue bursting from that point until the end of its frame or sequence of frames as determined by the duty cycle pattern. Wi-Fi will back off during this time. LTE-U will recover the part of the frame that is lost in collision via HARQ.

Since LBT isn’t standardized now, LTE-U is currently seen as applicable in regions like U.S., S. Korea, India, China etc. where LBT is not a regulatory requirement to operate in the unlicensed spectrum. That does not however mean that there will not be any LBT by the time LTE-U products hit the market. There could be proprietary LBT techniques in those products. We have to wait and watch. The 3GPP is working to standardize LTE-U, under the name LAA (Licensed Assisted Access) in Release 13. One aspect of this standardization also covers LBT, which can then make it applicable to markets like Europe and Japan where LBT is regulatory requirement.

If LTE-U deployments use CSAT as currently described, I would really like LAA to put some standardized restrictions on duty cycle as a function of channel occupancy measurements. Without such restrictions, some LTE-U devices could use large duty cycles thereby adversely affecting Wi-Fi. Fingers crossed!

3) Common Backend Network between LTE and LTE-U

It is a given that freebie spectrum in the unlicensed band is phenomenally attractive to operators in the face of a multi-billion dollar licensed spectrum auction market. This is clearly one driver behind LTE-U.

There is also another benefit to operators from LTE-U from the network deployment standpoint. Early efforts on augmenting the licensed spectrum with the unlicensed spectrum have focused on Wi-Fi offload. However, there is significant network infrastructure required behind the Wi-Fi access point for what is called Mobile Core Integration (MCI) to perform authentication, security, traffic tunneling, roaming, service authorization etc. (Hotspot 2.0 is a small part of the big MCI puzzle). If you compare that to LTE-U, there will be no such heterogeneous network requirement on the back end, because LTE-U directly works with the LTE network all the way up! LTE-U is none other than LTE itself from the network standpoint.

This also provides some insights into why some carriers are pushing LTE-U more than others. Carriers who have invested heavily into MCI aren’t in a hurry to adopt LTE-U, while those who have not want it as soon as possible.

AT&T in no hurry to test and deploy LTE-Unlicensed

LTE, Wi-Fi camps need to cooperate, not collide, on LTE-U/LAA

Source: FierceWireless

Co-opetition?

I am hoping that this 2-part LTE-U blog provided some useful technical insights into the workings of LTE-U. I fully expect the LTE and LTE-U landscape to evolve rapidly over the next two years, since big players in the wireless industry are pushing it. Wi-Fi will also continue to grow alongside it. There will be times of co-ordination and also times of friction between the two. It is going to be an interesting ride.

Read part I of this 2-part blog here:  Inner Workings of LTE-U for a Wi-Fi Professional

By the way, you don’t want to miss the Qualcomm webinar on LTE-U (April 13th 2015 and on-demand). There is Wi-Fi Alliance representation on this webinar. Would be good to find out what the two sides have to say.

 

The post More on the Inner Workings of LTE-U for the Wi-Fi Professional appeared first on MOJO Wireless.

]]>
http://blog.airtightnetworks.com/more-on-the-inner-workings-of-lte-u-for-the-wi-fi-professional/feed/ 0