Archive

Posts Tagged ‘WiFi’

…And The Meshin’ is Easy

July 29th, 2014

As someone who has walked more than a few miles in a network administrator’s shoes, I’m all too familiar with the challenges of configuring and troubleshooting mesh environments. In my last position, as an administrator responsible for 300+ mesh nodes, I know the stress and frustration of dealing with dropped connections along with the other problems associated with mesh environments.

Our approach here at AirTight has always focused on making IT managers’ lives easier, and our Wi-Fi mesh implementation follows in the same footsteps.

Mesh profiles in management console

Mesh profiles in management console

As you may have already noticed, a new feature is now available in the AirTight Networks cloud console under configuring the SSID for your templates.

Since its release to the Wi-Fi product line, this enhancement has received lots of positive feedback regarding its innovative visual capabilities of managing mesh links, as well as the new options that offer both indoor and outdoor flexibility.

Ease of Configuration and Administration

Mesh configuration and administration

Mesh configuration and administration

Configuring your mesh network is now as easy as making decisions on what requirements need to be met, with the flexibility of controlling hops in mesh with Max Hop Count and number of child links for any node with Max Downlinks parameters.

Once this template is applied to a group of APs that are to be part of mesh, the formation of mesh links is fully automated. The configuration is also self-healing; if a node in the mesh were to go down, the APs automatically recalculate the mesh connections around the failure point.

Visual Display of Mesh Links

Visual Display of Mesh Links

Visual display of mesh links

The benefits of visually seeing your mesh topology with a simple click on your location brings troubleshooting to a new level. It’s hard enough when you have to manage multiple mesh links, but if your only means of troubleshooting is relying on descriptions to determine associations, or relying on CLI access to recall MAC addresses to Root & Non-Root Bridges, it can create huge challenges.

As professionals, we know to document everything efficiently. How often do we need to revisit that one site to see the mesh topology or remind us of the physical placement of each mesh operating mode in an environment? A comprehensive visual display of the mesh topology would have saved me an extraordinary amount of time!

Supported Mesh Environments

Wireless Backhaul and Access Service

Wireless Backhaul and Access Service

Wireless backhaul and access service

In the above configuration, mesh includes two access points to provide a simple wireless backhaul solution.

Point-to-Point Wireless Bridging

Point-to-Point Wireless Bridging

Point-to-point wireless bridging

In this application, two mesh access points connect a Layer 2 network through a wireless bridge.

Point-to-Multipoint Wireless Bridging

Point-to-Multipoint Wireless Bridging

Point-to-multipoint wireless bridging

More complex topologies involve multiple mesh access points to extend the edge of the network to wireless clients such as mobile devices, PoS (point of sale) tablets, and computers alike.

Multipoint-to-point Wireless Bridging

Multipoint-to-point wireless bridging

Multipoint-to-point wireless bridging

Occasionally, mesh can also be used to connect roaming mobile platforms to the wired network. In the AirTight mesh configuration this is achieved by leveraging the Min RSSI threshold.

Mesh Designed with IT Admins in Mind

Network administrators are always on the lookout for tools that deliver ease of deployment and monitoring of their networks. The way we designed our wireless mesh is just one such example. With visual tools that allow you to remotely see how your mesh topology is connected, and by eliminating the expense and maintenance of the controller, not to mention costly licenses, the reduction of time and money (and stress) is game-changing.

/To put you in a good frame of mind, here’s “Summertime” from Erik Sumo

Wireless mesh , , , , , , ,

Forbes – “stores are finally turning to WiFi” but is security lacking

December 14th, 2012

Really interesting article in Forbes by Verne Kopytoff on the reasons retailers have recognized the value of Wi-Fi for their customers and business processes. He notes that after years of resistance, stores have conceded that the shoppers have won the war. They want Wi-Fi and they will use their smartphones to check out deals.

There is no doubt that Wi-Fi has many positive effects on the shopping experience and, I would suggest, those effects outweigh the negatives of comparison shopping online in a store. There is also the obvious benefit of making sales associates more efficient and able to serve more customers faster.  Anyone who has ever gone into an Apple store near Christmas – and really who has not – has experienced just how fast one can get in and out even in a crowd.

However since retail stores have been late to this party, they need to think about the security implications of adding Wi-Fi and continuing to comply with the PCI DSS wireless scanning requirements.  Kopytoff points out that several large retailers added Wi-Fi capabilities just before the holiday season, which is unusual in and of itself since retailers rarely want to disrupt their systems too close to the holidays. In haste, they may have overlooked adding true Wi-Fi security processes to protect credit card data. It will be interesting to see if any problems arise during this season of manic shopping.

Retail , , , ,

Wi-Fi Insecurity Wrap-up for 2010

December 27th, 2010

The year 2010 witnessed continued growth in the enterprise WiFi deployments. The growth was fueled by the latest 802.11n revision to WiFi technology in the late 2009 and ready availability of WiFi in most consumer electronic devices launched in 2010, including the smart phones, printers, scanners, cameras, tablets, TVs, etc. The year 2010 also witnessed popularity of the specialized WiFi centric devices, such as MiFi.

However, the year 2010 also has some major WiFi security revelations/incidents in its kitty, which re-emphasize the continued need for adoption of the best practices for secure Wi-Fi deployment/usage. Here is the run-down on significant WiFi insecurity events which we witnessed in 2010:

  • Windows 7 virtual WiFi can turn a machine into a soft Rogue, which took Rogue AP thinking to a new level beyond the commercially available AP hardware.
  • Insecurity exposed due to MiFi like devices after the WiFi malfunction was experienced at two major trade shows in 2010 due to these devices – the first one was Google’s first public demo of Google TV and second was iPhone 4 launch at Apple Worldwide Developers Conference. Though this manifested as performance problem, it did show how easy it had become to set up personal HoneyPot AP or Hotspot AP on enterprise premises. Read more…

Wireless security , , , , , , , , , , , , , , , , ,

Has your data been “Woogled”?!

June 3rd, 2010

Google Street View car gets a ticketThe WiFi snooping row  Google has gotten itself into seems to be far from over. In April, Google revealed that its Street View cars had been collecting basic data such as the MAC addresses and SSIDs of WiFi networks in the vicinity. But after German authorities asked Google to audit the data, it admitted to have been “mistakenly” snooping payload data from Open WiFi networks. Apparently, a piece of WiFi data analysis code, written by Google engineers back in 2006, was part of the software used by the Street View cars, in turn leading to the WiFi snooping (of about 600 GB of data across 30 countries!). Read more…

Wireless security , , ,

WPA-PSK Passwords Now on Sale…Starting $17!

December 14th, 2009

A cloud-based service called WPA Cracker launched last week promises to crack WPA-PSK (WiFi Protected Access with Pre-Shared Keying) for you starting $17 .

Like any other password-based authentication system, WPA-PSK (and WPA2-PSK) is vulnerable to a “dictionary attack.” This is a brute force technique in which a hacker uses a dictionary or database of commonly used passwords to guess the WPA encryption key. The problem with this approach is that it might take days or weeks to crack even a moderately strong password with a typical PC.

What makes the WPA Cracker service interesting is that it provides you access to huge amount of computing power using a 400-node cluster. The service promises to parse a dictionary of 135 million passwords and email you the results in 20 minutes for $34. If that price tag sounds steep or if you are ready to wait longer, then you can pay $17 to use half the cluster and receive the results by email in 40 minutes.

The service is targeted to ethical hackers that do wireless vulnerability assessment and wireless network penetration testing for a living. But I wonder…what would keep the “unethical” hackers from misusing a cloud-based service like this.

Not every cloud has a silver lining. What do you think?

Wireless security , ,

How “soft APs” can create “soft spots” in your network security

November 13th, 2009

In several of my recent wireless scanning exercises, I have encountered soft APs much more often than before. In one case, it was an employee who returned from business trip who had used USB WiFi AP in hotel to share his Internet connection with fellow workers (well, they did not all want to pay $5 per hour, if they can get around by paying only once!) and did not care to remove it from laptop before connecting into enterprise network. In another case, it was an employee in no-WiFi organization who used to impress others by creating soft AP on his Window’s laptop for others to access. The moral of these stories is that the occurrence of rogue AP on the enterprise network in the form of soft AP has become more pronounced of late. I think the reasons behind this are the ease with which operating systems (notably Microsoft Windows) allow soft AP configuration on embedded WiFi interfaces as well as off-the-shelf availability of PCMCIA cards and USB sticks designed for soft AP operation. It is also worth noting that soft AP is also a perfect “solution” to put rogue AP on network evading wireside controls such as 802.1x, NACs and wireside-only rogue AP scanner.

So what is a soft AP? Soft access point (AP) is a laptop or other such wireless enabled device which performs traffic forwarding between its wired and wireless interfaces. If the wired interface of such device is connected into enterprise network, soft AP acts as rogue AP on the network. It can be accessed on the wireless side by unauthorized users who can then get bridged to wired enterprise network through the soft AP. Easiest way to create soft AP on Windows laptop is to enable bridging or ICS between its wired and wireless interfaces. Another easy way to create soft AP is to plug USB devices such as Windy31 in the laptop which then auto-configure rest of the things required for soft AP operation.

So it becomes imperative that protection from soft APs be an important consideration while evaluating WiFi security posture of enterprise networks.

Wireless gadgets, Wireless security , , , , ,

802.11n ratified as IEEE standard

September 14th, 2009

Finally the news that everybody in the WiFi world has been waiting for! Exactly six years after the 802.11n task group was formed, 802.11n got the final ratification as IEEE standard last Friday.

It has also been reported that 802.11w (protection for 802.11 management frames) was also approved as a standard in the IEEE Standards Board meeting.

If you are now looking forward to rolling out a fresh 802.11n deployment or migrating parts of your WLAN to 802.11n, you may want to look at this informative white paper 802.11n The Good The Bad The Ugly: Will You Be Ready? and watch the archived webinar 802.11n deployment checklist — what you need to know before you start by Sri Sundaralingam and Lisa Phifer.

WiFi Access ,

Using neighborhood wi-fi to get kids into the car

June 16th, 2009

My 12 yr old son was fiddling with his iTouch in the back seat of the car last week when it finally dawned on him that he could see several available wi-fi networks in our neighborhood from the front of the house . “Hey, I can connect to Marci’s wi-fi ! Can we sit in the driveway for a couple minutes so I can download some songs?” 

Hmm.. Maybe I can use this to my advantage to get the kids in the car so we can actually be someplace on time.  “Hey kids, better hurry, you only have 3 minutes to download songs before we go to the dentist.”

Wireless gadgets ,

AirTight on Wired/Wireless Security at HP Technology Forum

June 5th, 2009

AirTight’s director of technology joins HP ProCurve executives for two informative sessions at the HP Technology Forum in Las Vegas
June 15-18, 2009, Mandalay Bay, Las Vegas, Nevada, USA
Session: Wired/Wireless Management
Speakers: Dr. Hemant Chaskar, Director of Technology, AirTight Networks, Carl Blume, HP
This session offers timely advice for managing wireless and integrated wired/wireless networks from the perspectives of security, policy enforcement, performance optimization, and scalability.

Session: Wired and wireless Security
Speakers: Dr. Hemant Chaskar, Director of Technology, AirTight Networks, Mauricio Sanchez, HP
This session will present some differences and commonalities between protecting your network in a wireless versus a wired environment. It will outline the fundamentals of a comprehensive, multi-layered network security strategy and will drill down into some specific IDS/IPS (intruder detection system/intruder protection system) solutions that are particularly useful for combating wireless threats.

Wireless security , , ,

MiFi = WiFi on the move!

May 15th, 2009

Interesting gadget from Novatel/Verizon that lets you carry your WiFi hotspot with you. You can even share it with your friends. Check this out!

Wireless gadgets ,