Archive

Posts Tagged ‘WIPS’

Blackhat 13 Wi-Fi Security Reports and Nuances of Detection Methods

September 12th, 2013

|

blackhat USA 13Shortly following the conclusion of Blackhat’13, a few articles came out reporting wireless scanning data from the venue.

  Inside the Black Hat 2013 Wi-Fi Network

  Karma is a …Errr, What We Learned at BlackHat 2013 

 

Both reports state that many security relevant events were detected in the Wi-Fi traffic during the conference. Given that Blackhat is attended by security experts, ethical hackers and just plain security geeks, finding security signatures in the traffic is not uncommon. Nonetheless, I think a few things still need to be matched up in these stats before arriving at sound conclusions.

|

1190 rogue devices detected compared to 1300 legitimate devices in 24 hours:

|

One of the articles states that: “It’s rather interesting to see an almost equal amount of rogue devices to real ones, and that is very unique”. What would be good to know is how they define ”rogue”. Depending on how you define rogue, you can call anything from a normal friendly device to a real threat posing device as a rogue.

I suspect that the definition for rogue used in the context of this report is so broad that it is classifying just about every wireless device unknown to the scanning system and seen in the airspace as rogue. But then, it is not clear why such an observation is considered “unique”. This is because, almost everyone attending Blackhat carries multiple Wi-Fi enabled devices and we cannot expect them to register each of their devices with the scanning system.

From the security perspective however, it is important not to get lost in definition of rogues, but be able to detect straight up genuine rogues (aka security threats) and not raise false alarms on normal wireless activity.

 

Fast WEP Crack (ARP Replay) Detected

|

The report also cites “most likely a security vendor demonstrating a tool”. What is perplexing is why Blackhat attendees still have interest in WEP crack tools or their antidotes, especially given that WEP has been beaten to nail and is now mostly irrelevant.

Or, it could point in the direction that the Wi-Fi community has done such solid job with security and WPA2 that hackers still think that they have to make hay out of WEP.

There is also a third possibility; that these ARPs are just part of normal Wi-Fi traffic that correlates with the signature of WEP cracking detection.

|

Spoofed MAC Address

|

Both reports state several occurrences of MAC spoofing. I suspect that these inferences are based on sequence number anomalies that were detected in the traffic. In fact, the video in one of the reports explicitly calls out sequence number anomalies. However, it’s important to note that sequence number anomaly also routinely happens due to normal traffic patterns.

Common reasons include :

  • sequence numbers fall in range 0-4096, so they wrap around very quickly making the wrap around appear like sequence number anomaly,
  • radios routinely skip sequence numbers due to implementation nuances,
  • intermediate frames may be missed because of device coming and going out of coverage making it look like a sequence number anomaly.

MAC spoofing should only be concluded after all these possibilities are eliminated.

|

Signatures and Anomaly Detection

|

Similar analysis can be performed for other anomalies detected in Blackhat traffic. In fact, this kind of analysis can be performed for several security alerts in many scanning tools and wireless security systems (may be another blog some day, I have many amusing stories to tell about these alerts :-)). The key take-away is that many times there is a leap from signatures and anomalies detected to inferring the presence of a genuine security relevant event.

Bubbleman path optionsWhose job is it to make this leap: system or admin? The need to make the leap gives rise to false alarm problem. Imagine how difficult the job of the security admins becomes when this happens in the enterprise setting! All of a sudden, the alerts also need to be chased and mitigated, not just documented in reports! These admins are also presented with the challenge of defining and tuning thresholds that are right for their environments. If admins are unable to filter false alarms and/or not get to the root causes of steady stream of alerts, it eventually leads to frustration and turning off the security system.

|

Policy Enforcing WIPS

 |

An alternative to signature and anomaly based system is policy enforcing WIPS. By de-emphasizing signature and threshold anomalies, and instead focusing on auto-classification and intrusion prevention, the policy enforcing WIPS offers strong security without overheads of threshold configuration, signature maintenance, false alarms and manual intervention.

So, to reiterate the meta level point about Wi-Fi security: “Intelligent security algorithms tall pole for effective WIPS. Dedicated scan radios otherwise only overwhelm admins with data”.

|

Hemant tall poll tweet

Wireless security , , , , , , ,

11 Commandments of Wi-Fi Decision Making

September 4th, 2013

|

Are you considering new Wi-Fi deployment or upgrade of legacy system? Then you should be prepared to navigate the maze of multiple decision factors given that Wi-Fi bake-offs increasingly require multi-faceted evaluation.

|

Follow these 11 “C”ommandments to navigate the Wi-Fi decision tree:

|

  1. Cost

  2. Wi-Fi CommandmentsComplexity

  3. Coverage

  4. Capacity

  5. Capabilities

  6. Channels

  7. Clients

  8. Cloud

  9. Controller

  10. 11aC, and last but not least …

  11. seCurity!

 

|hemant C tweet

 

1) Cost:

|

Cost consideration entails both “price and pricing” nuances. Price is the size of the dent to the budget and everyone likes it to be as small as possible. Pricing is the manner in which that dent is made – painful or less painful (I don’t think it can ever be painless!). One aspect of pricing is the CAPEX/OPEX angle. Other aspects such as licensing, front loaded versus back loaded, maintenance fees etc. have been around for a long time, so I won’t drill into details of those other than to say that they exist and need to be considered. Enough said on cost.

|

2) Complexity:

|

Complexity consideration spans deployment, configuration and ongoing maintenance. One pitfall to avoid is to “like complexity in the lab and then repent it in the production”. Too many knobs to turn and tune, excessive configuration flexibility and exotic features are some of the things that can add to complexity. That said, complexity considerations cannot swing to the point of being simplistic. Rather, the balanced approach is to look for solutions that have mastered complexity to extract simplicity to meet your needs (borrowing from Don Norman’s terminology here).

 |

3) Coverage:

|

When you hear terms like neg 55, neg 60, neg 65, you know people are reconciling coverage expectations to the number of access points. There’s no explanation needed for how important the coverage is for your wireless network, but the important factor is that the coverage determines the number of access points needed to cover the physical area. At the planning stage, RF predictive planning comes in handy to estimate the coverage BOM (a site survey can complement it for sample areas during the evaluation stage).

|

4) Capacity:

|

While coverage determines how far, capacity determines how many or how much. Capacity determines how small or large cells can be. Using practical models for Wi-Fi usage, capacity objectives can be set and network design can be evaluated against these factors. Capacity also determines the number of access points needed to provide the desired capacity in the physical area. RF predictive planning tools can be invaluable during the evaluation phase for capacity estimation.

|

5) Capabilities:

|

By capabilities, I mean feature set. This is one of the most important aspects because this is where you ask the question: “Will the Wi-Fi serve the needs of the business?” This is very industry specific. Some features are extremely critical for one vertical, but won’t even be noticed in others. So, it’s important to identify both the features you care about and also those for which you don’t.  Once identified, you move on to thoroughly evaluate the ones you care about.

|

6) Channels:

|

One aspect of channels is making decision on how the RF network will be provisioned along the lines of 2.4 GHz and 5 GHz operation. There are advantages to 5 GHz operation, but 2.4 GHz is not EOL yet. How applications are split between the two bands determines the number and type of radios required in the design. Tools and techniques that are needed to plan, monitor and adapt to the dynamic RF environment are also an important consideration.

|

7) Clients:

|

Much of what is achievable in Wi-Fi network depends upon the capabilities of the client devices that will access the wireless network. One set of considerations is mainly around the radio capabilities of clients such as 2.4 GHz/5 GHz operation, number of radio streams, implementation of newer standards in clients etc. Another set of considerations revolves around the applications they run and the traffic profile these applications generate. Yet another set of considerations centers around the level of mobility of the clients. BYOD is another consideration that has become important in the the clients arena.

|

8) Cloud or 9) Controller:

|

Today, we see pure cloud architecture, pure controller architecture and also architectures confused between the two concepts. While vendors and experts spar over which is the right architecture for today’s and tomorrow’s Wi-Fi, evaluators should focus on comparing them based on their derived value. It is also important to understand what cloud and controller concepts actually mean from the data, control and management plane perspective. Cloud and controller are distinct ways of organizing overall Wi-Fi solution functionality.

|

10) 11aC:

|

Making judicious decisions on “what to deploy today or whether to upgrade now” is a tricky one. There are many views around it. One reason is because of how the features of 802.11ac are split between Wave-1 and Wave-2. It is also important to note that immediate 802.11ac benefits are application and vertical specific. Several practical network engineering considerations exist beyond the casual description of the new 802.11ac speeds that are often marketed. So, listen to vendors, listen to business needs, listen to experts, analyze yourself, and in the end, do what is the best for your environment and situation. Speed is nice IF it can be leveraged in practice!

 |

11) SeCurity:

|

Any information system sans security is worse than worthless – especially today. That said, level of security required by the wireless environment depends on factors such as the value of information at risk, compliance requirements and enterprise security policies. Desired security level determines the right mix of data inline security (encryption, authentication) and security from unmanaged devices (WIPS). Talking of WIPS, the biggest red flags to watch for are trigger happy solutions that generate false alarms, boast long list of ”popcorn” alerts and require excessive manual involvement in the security process.

letter spoonfull|

My hope is that these “C”ommandments will help serve as guidelines in your Wi-Fi decision making process. You can follow them in any order you like to ensure holistic evaluation of options before you. Every vendor, big or small, has sweet spots on some dimensions and not so sweet spots on others. So, despite what they tell you, nobody scores all A’s on all C’s. Hence one has to work on the evaluation criteria until the palatable scorecard is achieved consistent with requirements and budget.

 |

Additional References:

 

802.11ac, 802.11n, Best practices, WiFi Access, WLAN networks, WLAN planning , , , , ,

The WIPS Detective

August 13th, 2013

|

With the ever increasing importance of Wi-Fi as the de facto access technology, WIPS plays a key role in overall enterprise network infrastructure security.

|

wips detective with listThe U.S. Department of Defense (DoD) recently created a separate category for wireless intrusion detection/prevention in its approved product listing for deployments in defense agencies.

Gartner now recommends including WIPS as critical requirement in all new RFPs for wireless technologies.

Drivers for WIPS such as PCI compliance for retailers and BYOD for enterprises are compelling.

Secure Wi-Fi is also seen as medium to increase efficiency of government and public services. UK courts recently announced a program to install secure Wi-Fi in 500 court rooms. WIPS is required to make Wi-Fi secure.

|

Evaluating any information security solution has always been difficult due to the comprehensive coverage of tests required to fully validate the solution. Though there is no substitute for thorough testing, there are some obvious clues which indicate the level of security and operational feasibility of a particular WIPS solution.  As long as you know where to look …  The WIPS Detective reviews some of the tell tale signs starting with Rogue AP protection.  Other signs are addressed in subsequent posts.

 

Rogue AP Protection

|

Rogue AP protection – protection from unmanaged APs connected to the enterprise network – is one of the most critical features of WIPS.

If you are deploying WIPS, then solid Rogue AP protection is the first thing you want out of it. Rogue AP protection is also one of the most important requirements for wireless PCI DSS compliance. While certain types of Rogue APs are trivial to detect, certain others are extremely difficult to detect. Also, there are many caveats to workflow for Rogue AP protection in large enterprise networks.

To the extent these aspects are addressed by different solutions, there is a wide spectrum from checkmark to genuine value. Below are some simple clues that help gauge the level of rogue protection obtained from a specific WIPS solution.

|

Clue #1: Automatic Rogue Containment

|

Some WIPS systems show a legal warning when you attempt to activate automatic rogue protection.

|

Cisco WLC-Fluke aWIPS verion 7.4

Cisco WLC-Fluke aWIPS verion 7.4

|

WIPS detective red flagThis means that “rogue on wire” detection is false alarm prone.  In other words, the system can incorrectly tag friendly neighborhood APs as rogues on wire (called “false positive”). With that possibility, it is impossible to automate rogue containment, since the user would otherwise be taking the liability of neighbor disruption on his head. Seriously, how many users would feel comfortable proceeding after reading this legal disclaimer?  

Accordingly, possibility of any false positive (there isn’t any leeway here) = automatic containment not practical due to liability of neighbor disruption.

|

Clue #2: Rogue Detection via Wired / Wireless MAC Relation

|

The most primitive rogue connectivity detection is to look for numerical relation (numerical neighborhood of 2 and 64 are common) between APs’ wired and wireless MAC addresses.  In fact, many run-of-the-mill WIPS actually do that to get their rogue detection checkmark in the product with the least amount of depth.

|
|Rogue detection via wired _ wireless MAC relation

 

WIPS detective red flagSaying that WIPS detects rogues on the wire using MAC relations is the same as saying that it fails to detect rogue APs which do not possess any relationship between their wired and wireless MAC addresses.  When it is known that some configurations of rogue APs are outside of the system’s scope for network connectivity detection, the entire neighbor AP list is suspect.

It is like old classic game of minesweeper where every unturned tile is a suspect. Playing minesweeper is fun, but manually examining thousands of APs to ensure that there is no undetected rogue among them is not fun!

 In short, partial “rogue on wire” detection (called false negative) = mountain of manual work to ensure there is no undetected rogue and high risk of lapses.

|

The 2 clues outlined above illustrate that the writing is on the wall and reflect on the level of robustness of the underlying security platform - in a particular for a WIPS solution. I will cover many more of these tell tale clues in this rolling blog series. Stay tuned.

 

Additional Information:

 

802.11n, Best practices, PCI, WiFi Access, Wireless security, WLAN networks

AirTight Demos on Demand and WFD5

July 31st, 2013

|

IDC’s recent IT Buyer Experience Survey reveals that “45% of the buying decision is made before your potential buyer even says “hello” to your sales rep.” and “buyers are more knowledgeable and connected”.

If you’re still in the investigation stage (as suggested by the IDC survey) and not quite ready for a customized personal demo with an AirTight expert, you might want to check out the first three installments in our Demos on Demand series.

|

Airtight Demos on Demand

|

Demos on Demand serves the communication needs of tech vendors and resellers across vertical industries with its video platform and content library.  Airtight is excited to leverage this innovative platform to present in depth product information to assists buyers by showing what our product is, what it does, and how it does it. 

Sean Blanton, senior systems engineer for the US Western region is featured in the first three installments of our Demos on Demand series.  Sean joined the AirTight team in early 2013.  He’s a Certified Ethical Hacker (C|EH).

As the title of the first video implies, in ”Quick Installation Guide“, Sean begins with a discussion and then goes through a step-by-step walk-through of the Airtight Wi-Fi installation process.  After a brief introduction, he covers the management console and its HTML5 GUI access, and then moves into location and configuration settings.

|
quick installation guide image 

Cloud Managed Wi-Fi for the Distributed Enterprise is the second video from the series.  After a brief architectural overview, Sean covers 6 main sections: Location-based Management, Enterprise Wi-Fi, Guest and Social Wi-Fi, Device Templates, Devices, and Wi-Fi Analytics and Reports.

 

cloud managed 

The third video focuses on WIPS (Wireless Intrusion Prevention System). In this video, Sean gives a quick introduction in which he touches on: WIPS Overview, Information about Wireless Threats, and AirTight Marker Packet™ Techniques. This introduction is followed by an AirTight WIPS demonstration.


WIPS

 

Once you’ve gone through these 3 videos, if you still have questions and want to know more, feel free to sign up for a customized personal demo with an AirTight expert.

If you have comments on how we can make these videos better, please don’t hesitate to pass along your suggestions.  We’re in the process of  recording other videos and can incorporate your feedback to make them even better.

|

Wireless Field Day 5

|

While we’re on the subject of demos, on August 8th between 8 and 10 am PT, you can watch Airtight present from Wireless Field Day 5 on this page

Sean Blanton will be joined by  Pravin Bhagwat – CTO, Hemant Chaskar - VP Technology and Innovation, Anthony Paladino – VP Global Technical Services, Kaustubh Phanse – Chief Evangelist, and David King – CEO.  Be sure to tune in for an opportunity at some techie giveaways. Follow @Airtight and the WFD5 delegates on Twitter as we’re talking SMAC from WFD5.

You might want to check out the following blog articles that were recently published as a lead up to WFD5:

|

Not only are we pumped about next week’s event, we’re already planning for the next one!  In case you can’t make it on August 8th, you’ll be able to find Airtight in the WFD5 archives.

 

Additional Information:

802.11n, mobile device management, WiFi Access, Wireless security, WLAN networks , , , , ,

How to implement BYOD with Wi-Fi / WIPS assist

June 18th, 2013

BYOD Bring Your Own Device

|

Wi-Fi has become the de facto access medium for smart mobile devices in enterprise networks. Sitting at the edge of the network, Wi-Fi can assist greatly in implementing secure and disciplined BYOD in these networks.

There is no one-size-fits-all when it comes to BYOD management in the enterprise. However, from my experiences working with Wi-Fi and WIPS deployments, I have seen certain features that are particularly useful for organizations in implementing BYOD. This blog post explores some of these in greater detail. |

 

1)      Monitor new devices entering Wi-Fi

 

Monitoring for new smart devices entering the network is a first and important step in the implementation of disciplined BYOD. Wireless clients connecting to Wi-Fi are fingerprinted using packet level and protocol level characteristics to identify smart mobile devices.

|

WPA2 alone is not sufficient to stop personal devices from entering the protected Wi-Fi network.

|Monitor new devices entering Wi-Fi

|

2)      Enforce pre-configured policies on new devices entering Wi-Fi

 

Once a new smart mobile device is detected in the Wi-Fi network, different types of pre-configured policies can be automatically implemented. For example, one policy would be to block or limit access to new smart devices pending authorization. The Wi-Fi/WIPS solution can facilitate such policy enforcement by blocking new devices from accessing the secure network or provide them only limited access (e.g., access to only Guest SSID) until they are approved by IT administrator. |

Devices pending review |

3)      Automated approval/onboarding of new devices on secure Wi-Fi

 

Using mobile apps provided by Wi-Fi/WIPS vendor:  With the rising volume of new devices entering the network, manual approval and inventory may prove to be cumbersome. Using onboarding apps provided by the Wi-Fi/WIPS vendor, this process can be automated. New smart mobile devices are redirected to a portal and upon installation of the onboarding app, devices are allowed to enter the protected Wi-Fi. The onboarding app facilitates automated inventory and tracking for smart devices after they are admitted into the secure network. This app can also automatically configure secure WPA2 settings on the device without administrator intervention.

| Onboarding with AirTight Mobile app

|

Using third party MDM agents: Many organizations deploy specialized MDM (Mobile Device Management) systems to manage smart mobile devices accessing corporate assets. Several MDM systems choices are available in the market. So, BYOD onboarding workflow in a Wi-Fi solution that facilitates device onboarding with third party MDM agents is useful. With this workflow, new devices attempting to connect the network without hosting the MDM agent prescribed by IT are detected and redirected to install the MDM agent. Upon installing the MDM agent, they are allowed to enter the protected Wi-Fi. A point to note here is that MDM alone does not complete the BYOD story, combination of MDM and Wi-Fi gatekeeping is what is required. This is because MDM can control only managed devices, but Wi-Fi/WIPS gatekeeping detects unmanaged devices and helps bring them under MDM control. Airtight Wi-Fi provides API to implement this workflow using third party MDM agents.

|

4)      Wireless security for the admitted devices

 

Once admitted into the network, the mobile devices need to be afforded strong protection from vulnerable wireless connections and wireless attacks including rogue APs, tethering, personal hotspots, Wi-Phishing, client connections to neighborhood APs, ad hoc connections, etc.  With BYOD, the sheer volume of wireless endpoints seen in the wireless environment is expected to triple or quadruple over next 2-3 years. As a result, fully automated strong WIPS, free from false alarms and not requiring excessive configuration and signature maintenance is needed to be the part of the Wi-Fi solution in order to implement truly secure BYOD. |

As we can see, enterprises can take advantage of many Wi-Fi and WIPS features to implement secure and disciplined BYOD in their networks. These features range from identifying new smart devices entering the network to assist in smooth onboarding of the new devices to securing the new devices once they are admitted into the secure Wi-Fi networks. So don’t get stressed by BYOD, there are Wi-Fi and WIPS to assist you.

|

Additional Information:

|

802.11ac, 802.11n, Best practices, BYOD, mobile device management, smartphones, WiFi Access, WLAN networks, WLAN planning

How AirTight’s new network+security console tames distributed Wi-Fi

January 14th, 2013

As Wi-Fi deployments extend into large distributed environments, management of these Wi-Fi networks poses unique challenges. It could be the clinic-wide deployment for the medical facility running into 100’s of sites, branch-wide deployment for the bank running into 1000’s of sites, or store-wide deployment for the fast food restaurant running into 10,000’s sites. The network and security management needs for such deployments are very different from the traditional campus Wi-Fi. Accordingly, the network management console has to deliver on a number of fronts. Read more…

Cloud computing, WiFi Access, Wireless security, WLAN networks , , , , , ,

Wireless IDS/IPS horror stories from the field

December 12th, 2012

These are some recent stories of the IT organizations who brought in wireless intrusion prevention systems (WIPS) to secure their network environments against Wi-Fi vulnerabilities and attacks, and what they encountered was the incessant flow of security alerts that they could not keep up with. That is because, the systems constantly crunched signatures and thresholds from wireless traffic to generate volume of alerts for the security admins to consume. Admins could not grasp the enormity of problems that they would face in the production deployments based on the product previews done in the tiny lab setups and based on the marketing material they saw (hey look, we have Gazillion attack signatures, configuration settings, and thresholds in here!). Learn from their experiences, and avoid the destiny they faced by asking the right questions and making the right technology choices early on. AirTight Networks to date has helped thousands of customers avoid such misery by helping them with the strongest WIPS protection without the overhead of ongoing system management. Read more…

Wireless security , , , , , , , , , , , , ,

Cisco’s recent acquisition shows exciting times ahead for the lead players in the cloud Wi-Fi space

November 28th, 2012

Barely two weeks after I posted my last blog discussing benefits of the true cloud Wi-Fi over the controller over WAN architecture using Cisco FlexConnect as example for the latter; news of Cisco acquiring Meraki broke out. I got a kick out of it since it showed that my inferences on Cisco FlexConnect and other controller centric offerings were dead on spot, that they can never become real cloud Wi-Fi by incremental touchups and jargon experimentation. I also got a kick out of its timing — 1.2B acquisition barely 2 weeks after I wrote that post! There are several takeaways for the future of cloud Wi-Fi from this big event. First and most obvious is that the cloud Wi-Fi market is expanding rapidly. Another takeaway is that for the vendors already committed to the controller centric WLAN architecture, migration to cloud architecture is not incremental, but it is disruptive. Cisco could not do the migration in-house even after trying for few years with incremental changes like REAP, H-REAP, ELM, and FlexConnect. As I said in my last blog, cloud Wi-Fi is not about throwing controller over WAN, but is needs to be architected differently from the bottoms up. Finally, it also shows that with the standardization of access point platforms, differentiation in mainstream enterprise Wi-Fi will come from innovations in the application space such as network management, security, and integration with other services.

AirTight envisioned value of the cloud managed Wi-Fi solutions way back in 2008; when it was the first to launch wireless intrusion prevention (WIPS) and wireless PCI compliance solutions from the cloud (cloud used to be called SaaS at that time). It saw wholehearted acceptance from customers for Wi-Fi security and compliance applications. Having seen the benefits of the cloud Wi-Fi security offering, those same customers then wanted Wi-Fi access bundled with security in the AirTight cloud offering and AirTight answered their call in 2010. AirTight’s cloud managed Wi-Fi access with built in PCI compliance, saw tremendous success in the market. Riding on this second wave of success in the cloud strategy, AirTight then launched cloud managed enterprise grade Wi-Fi access with its highly acclaimed, absolute best-in-class WIPS buit into it.

Due to strong security posture, extreme scalability, and unique management capabilities, AirTight Cloud Services™ are not just for the midmarket, but also fit very well into scale many times as big. No wonder, organizations even as large as multiple 10,000’s distributed locations have selected AirTight cloud Wi-Fi over all competing Wi-Fi solutions! I am excited to see the cloud Wi-Fi market ignited by Cisco right at the time when AirTight has reached great level of maturity on its cloud Wi-Fi offerings over all these years.

Cloud computing, PCI, WiFi Access, Wireless security , , , ,

1 Minute Survey: BYOD – Love it/Hate it?

March 16th, 2012

Take the BYOD survey and enter to win an 8GB iPod Touch.

The BYOD trend is causing new security concerns for enterprise network and data security. Corporate users (e.g. employees, contractors) are accessing enterprise network and data, and bypassing corporate security controls using their personal Wi-Fi devices. This uncontrolled access can open wireless backdoors into the enterprise network, malicious activity, leakage of sensitive data, and exposure to malware.

Click the link to take the BYOD survey and enter to win an 8GB iPod Touch.

https://www.surveymonkey.com/s/ATNBYODsurvey2012

 

Phones are increasingly becoming portals to the outside world, with their own networks that can bridge WiFi security and provide an unauthorized laptop access. AirTight would like a minute of your time to understand how pervasive these devices are in your organization and if they have affected the way you address network security.

As a thank you for helping AirTight with this short survey, two names will be drawn at random to win an 8GB iPod Touch. To be entered in the drawing please submit your contact information at the end of this survey.

BYOD, Wireless security , , , , ,

Don’t let BYOD turn into “BYOR” in your network

February 27th, 2012

BYOD (Bring Your Own Device) seems to be the dominant theme for 2012 in the Wi-Fi infrastructure and security space. As people increasingly bring in personal smartphone devices on the enterprise premises, the network/security administrators are grappling with the security implications. Given how engaging the new smartphone and tablet apps are, conflict arises between the users’ desire and the network/security administrators’ intentions. You need to ensure that this conflict does not turn BYOD into BYOR (Bring Your Own Rogue AP)! Read more…

802.11n, Best practices, Compliance, smartphones, Wireless gadgets, Wireless security , , , ,