Witnessing ethical train wreck after train wreck in Silicon Valley, it’s easy to conclude that the quest for success at all costs is a recent phenomenon and one limited to startups.
Witnessing ethical train wreck after train wreck in Silicon Valley, it’s easy to conclude that the quest for success at all costs is a recent phenomenon and one limited to startups.
Witnessing ethical train wreck after train wreck in Silicon Valley, it’s easy to conclude that the quest for success at all costs is a recent phenomenon and one limited to startups.
You can tell how long someone has been troubleshooting networks by the length of their arms. Orangutans like me have been doing it a long, long time. I started with a sewing machine sized Network General luggable that I carried around the world. Now I have to stand up very straight to keep my knuckles from dragging on the ground.
Mojo’s Cognitive WiFi platform - Aware, saves network engineers from having to have shirts specially made because it includes Auto Packet Capture.
The power of Mojo APIs can be harnessed to build a variety of useful applications. One such application is an Alexa skill that can provide a voice interface for Mojo Cognitive WiFi. In this example I show how to build an Alexa skill that runs a live client connectivity test for any of your network locations and then tells you the results. This example uses the Alexa skills kit API and the Mojo’s RESTful APIs.
Merseyrail is one of the most punctual and reliable railway networks in the UK, running 800 trains and carrying over 100,000 passengers daily.
Merseyrail is currently 14 years into a 25-year concession managed by local transport authority, Merseytravel. Concession reviews are undertaken every five years, and it was between two review dates that Kevin Lindsay, Business Systems Support Analyst for Merseyrail became aware of the spike in passenger demand for WiFi access and recognized that something had to be done.
What were once revolutionary words when talking about enterprise WLAN – monitoring, visibility, single-pane-of-glass management – now sound conventional to the ears of network managers. Today, for many, the features those words describe have evolved into what is now known as the “cloud console.”
As WiFi networks have moved from merely supporting the business to serving as its backbone, WLAN management must evolve as well. Yesterday's security, scalability, and remediation are inadequate for the digitally transformed enterprise in which WiFi is the conduit to customers, suppliers, and mission-critical business applications.
Have you imagined classrooms of the future, how they would look? Today, despite the smart-device revolution and near-ubiquitous networks, technology is viewed as a distraction in a classroom, and even more so in an exam-room. Having taught several classes of size 100+ at IIT Bombay, I believe that technology can be a positive enabler in a smart classroom. Future classrooms should have enhanced interactivity, and enriched communication through the correct use of technology. Students should be able to collaborate with one another, and teachers should be able to interact better with students, get feedback on their understanding, and also conduct exams easily. The path to this vision lies in the effective use of the smart-phones already lying in the students’ pockets, to build a smart classroom.
We have conceptualized several applications in this direction. The applications below are in different stages of development: some in early prototypes, some well tested and used.
Today’s learning environments are evolving and growing at a rapid pace, with more students & faculty accessing and sharing online content than ever before. For many schools, it is a balancing act to meet the demand for ever-increasing bandwidth on a secure network utilizing fixed budgets and existing IT staffing levels.
In March of 2016, Texas Governor Greg Abbott announced the launch of the Classroom Connectivity Initiative, designed to facilitate access to technology in a world where learning is no longer confined to the pages of a book or the walls of a classroom. Working with the Texas Education Agency and Education Service Centers like Region 6, the State aims to equip every classroom with robust connectivity to support each student’s digital learning experience.
How often do you say “Wow, this WiFi is great!”? WiFi is like a utility, you take it for granted until the lights don’t turn on or water doesn’t come out of the tap. Just like the electrical grid or the water infrastructure, WiFi takes planning to implement correctly and maintenance to keep running smoothly.
The great news is that WiFi keeps getting smarter and Mojo is leading the way with Cognitive WiFi™. An example of our dedication to excellent user experience is how the C-130 uses its third radio and Dynamic Channel Selection (DCS) to quickly, reliably, and automatically detect disruptive interference.
We recently performed a benchmark test to see how well access points avoided channels with high WiFi and non-WiFi interference on boot up and during operation. We evaluated how well the AP avoided interference and how user experience was impacted.
The Mojo C-130 was the only access point to avoid interference 100% of the time, on both boot up and when introduced on the operating channel. All other solutions failed to avoid a channel with a constant interference source that made the channel unusable, or failed to change channels when the channel utilization got so high that it severely impacted the user experience.
User experience was evaluated using the following quality score rating system:
Recently, I received a ‘Thank You’ letter from IEEE President & CEO for making a contribution to an IEEE fund that helps advance technology for humanity and realize full potential of IEEE. The IEEE President listed three areas of global concern – access to high speed Internet, adequate sanitation and electric power. Today Internet access is indeed as fundamental as having electric power and sanitation. This is reflected in policies across nations worldwide.
For instance, in India, Prime Minister Modi has outlined his vision for every Indian to have high speed access to Internet. Its akin to a Prime Minister laying out the vision for expressways for speedy and hassle free movement of vehicles across the country. A network of good roads and good communication infrastructure are critical to growth and prosperity. Hon. Indian Prime Minister is on the mark putting digitization along with ‘Swaccha Bharat’ as a top national priority.
In an emerging economy like India where wired network infrastructure is limited largely to urban areas, wireless Internet access is an attractive proposition. People love the convenience of wireless access even if the quality of connection is poor. You don't have to be glued to one place as it happens when using a landline phone or a computer connected to an Ethernet cable. Wireless access is ubiquitous as the entire space becomes the medium of communication. Governments around the world have recognized this as a national asset and have sold radio spectrum at a charge. While this creates revenue for governments, it can work against building affordable communication infrastructure. WiFi on the other hand operates in 2.4GHz and 5.0GHz radio spectrums that are unlicensed; one can operate in these frequency ranges without having to pay a license fee. This is very important as telecom operators, Internet service providers can build networking infrastructure using WiFi without having to pay for the spectrum. Coming to my road analogy, one needs a combination of toll roads and non toll roads. Both have their place in creating the infrastructure. In a country like India where sensitivity to pricing is high, WiFi will not only de-congest expensive licensed radio spectrum like 4G LTE but will reduce the cost significantly.
Smart cities and public hotspots are among the best known use cases of WiFi. However, many other innovative ways exist. For instance, top national colleges like IITs, NITs, IIITs and IIMs want WiFi across their campuses and spend considerable time and effort putting together vendors to look for this technology. There is a very good chance that requirements are largely the same for all of them and hence these need not be handled individually. A massively scalable WiFi Management Console that can manage WiFi at say top 100 national universities with a sharable architecture while giving flexibility to each university is feasible. The same approach can be used for smart cities, government departments and even Gram Panchayats. A unified approach for critical national digital infrastructure is efficient and possible with the current state of the art in WiFi technology.
The data center industry has embraced hardware/software disaggregation promoted by Open Compute Project (OCP) in servers and switches. It brings benefits of cost, flexibility and innovation. OCP has now started a working group called Campus, Branch and Wireless (CBW) to extend disaggregation concept to enterprise networking. For additional details on OCP/CBW whitebox WLAN AP, see this #wlpc 2017 video presentation by @CHemantC. Mojo Networks has been an active contributor to the CBW group. At the recently concluded Open Compute Summit in Santa Clara, we demonstrated open install of Mojo WLAN software on the latest Qualcomm 802.11ac Wave 2 AP platforms manufactured by 3 different hardware vendors (ODMs).
On any given day, the Santa Rosa County School District has 30,000 students accessing WiFi across 31 elementary, middle and high schools. As WiFi is quickly becoming the prevalent network access technology in schools, Santa Rosa knew they needed to have a secure and reliable WiFi network in order to provide a pristine user experience on an ongoing basis.
The School District needed a comprehensive WiFi network monitoring and security solution that would provide complete visibility and control of the wireless airspace, all of which was lacking in the wireless controller solution previously deployed. With a small central IT staff to cover the 31 school locations, the ability to remotely manage and quickly troubleshoot WiFi networks was critical.
In the past, the “open revolution” became ingrained in our lives in the form of open source software. Now it is coming to infrastructure components in the form of hardware-software disaggregation.
What is Hardware-Software Disaggregation?
Disaggregation breaks vendor lock-in between infrastructure hardware and function-enabling software. The approach is to standardize interfaces between the two. Standardization of disaggregation started with OCP (Open Compute Project) founded by Facebook. Now, OCP has vendors across the industry as active participants. OCP’s first focus areas was scale computing. Disaggregation for data center compute and storage turned out to be a big success as many vendors today provide OCP based server technologies.
Today we announced the launch of Mojo Aware™, which is based on a technology we invented called “cognitive WiFi”. It is a core technology that goes beyond anything previously devised to create a network with independent cognitive ability. Aware is a network that thinks, and drives itself to provide faultless never ending high performance connectivity. Aware exploits the limitless resources of the cloud to serve a singular purpose: to make the network run better.
Sound impossible? It’s not.
Aware harnesses the power of cloud, big data analytics, automation, and self-awareness to deliver a pristine experience to your WiFi users – all the time, in every location, regardless of what devices and applications they’re using. Cognitive WiFi visualizes the quality of experience for every one of your users and automates root cause analysis if network problems do occur. It helps you resolve problems rapidly instead of turning them into a wild goose chase. It even proactively fixes WiFi issues before they happen, but if a user does call the helpdesk with a “WiFi problem,” it tells you exactly what's going on – even if it has nothing to do with WiFi.
Why should network admins be chained to the network? Why should users have to flag WiFi issues? They shouldn’t. We think that networks should be intelligent and self-healing, which is exactly what we’ve built.
A Mojo Customer Story: Knob Noster School District
Located in West Central Missouri, Knob Noster School District provides a distinctive mix between rural and urban settings. With 1,600 students and 225 faculty dispersed between four locations, Knob Noster maintains a commitment to high-quality education by identifying ways in which technology can be integrated into all functions for their students.
Local wireless connectivity is critical for IoT. Early IoT applications such as appliances remote control have used WiFi due to its prevalence in homes and offices. That said, WiFi is not suitable for many other IoT applications, particularly those requiring low power operation on coin batteries. Also for many IoT applications, WiFi data rates are much higher than needed. WiFi also does not provide elegant approach to create self-organizing mesh network of IoT nodes. These gaps are filled by Zigbee, Thread and BLE.
We just got notice on some very exciting news on the K-12 education and Higher Education front. Mojo Networks and its C-130 have won New Product of the Year Awards! One for best new networking product for the K-12 market in School Planning & Management, and one for best new networking product for the higher education market in Campus Planning & Management.
A chill is in the air, the holiday season is upon us, and the wait for the 8.2 release is over! We are excited to announce the following new features -- now available to all our customers at no extra cost.
We all know performance testing is as important a task as any in the WiFi business. We need to know the limits of our access points after all, and it certainly helps you to have all the information at hand to make the most informed decision you can. But performance testing focused soley on speed? Well, while it's important, it doesn't give you all the information you need. Because you, dear reader, are not just upgrading your WiFi for speed. You want all the bells and whistles that come standard with enterprise WiFi platforms today. And you want to turn them all on. And most importantly, you want to know if and how they affect speed.
Walsh, a Catholic University of Distinction, is well known for its outstanding academic facilities, chapel, residence halls and unique educational programs. Over the last fifteen years, Walsh has seen an 80 percent growth in student enrollment; they soon discovered that their student capacity was growing too fast for their wireless network to keep up, and they needed to clear up the bottleneck. The Office of IT quickly found that their Cisco, controller-based wireless network was a significant contributing factor and could not maintain adequate throughput for the growing number of devices connecting to it. More importantly, they began to see that students and faculty were unable to stay connected at all.
It goes without saying that WiFi can be, how should I put it, a bit temperamental at times. To be fair, any mode of digital communication that occurs over-the-air is subject to subtle and invisible fluctuations that pop up in the surrounding environment at any time. But when you add on top of that the necessity that WiFi provide an uninterrupted, easy-to-access and (above all else) fast experience, you can begin to imagine the tremendous stress WiFi administrators must feel every day. But imagination doesn’t help us quantify the problem, nor fix it. That’s where a brand new survey by ZK Research comes into play.
Disaggregation is a hot topic, and a major trend for data centers. Many large enterprises look for flexibility, choice, rapid deployment and cost efficiencies that disaggregation brings technology. By separating the costs of hardware from the costs of cloud software, enterprise organizations are able to find the best solutions.
Hello Mojo World! Autumn is fast upon us and as the leaves begin to change (depending on where you are of course) so too does our cloud platform with another great product release. Today I want to highlight two key aspects, each of which represent a significant foot forward towards the future of WiFi, and we are excited to share them with you today.
In today’s mature networking market, there are a good number of wired and wireless networking vendors. They offer traditional hardware pricing, complicated packages, expensive on-premise appliances, and limited cloud managed WiFi solutions. They are trusted logos and appeal to the “play it safe” mindset.
However, there are a good number of organizations that don’t want more of the same. They are looking for something innovative. They are looking for networking infrastructure solutions that offer:
Why don’t most enterprise WiFi access point vendors tell you what’s inside their AP? They don’t publish which WiFi chipset the AP uses, or the CPU specification. At best they state the amount of RAM. When you evaluate APs for your deployment, you should consider hardware components. Hardware components and the software running on it will impact the AP’s performance and user experience. The test results below demonstrate this.
While doing research on the Ruckus website for the R710, I noticed the statement of “Up to 2 times extended range and coverage with Ruckus BeamFlex technology.” Challenge accepted! To evaluate this claim we used a distributed client test, which determines the AP’s downstream performance when its clients are spread near and far, from excellent to marginal signal strength and points in between. This test simulates the performance of the AP in a typical enterprise, carpeted environment.
When is the last time you said: “Wow, this WiFi is great!”? You don’t really notice it when it works. You are more likely to say: “This WiFi is crap” when it doesn’t meet your expectations. WiFi is no longer a convenience, it’s an essential utility like electricity. You would like it work every time and without hesitation, like turning on a light.
Like the power grid, one of the biggest challenges in designing a wireless network is capacity planning. The goal of capacity planning is to determine how many access points are needed to provide a good user experience. Deploying too many APs is a waste of money and can make performance worse, but deploying too few will cause user experience problems (the equivalent of brownouts) when an AP becomes oversubscribed.
Surprisingly, we have been receiving a lot of social media chatter from Meraki folks about our latest performance testing comparing the Mojo C-120 to Meraki’s MR53, two leading 802.11ac Wave 2 access points.
In a recent blog post we compared the performance of the Mojo C-120 to the Meraki MR42. In that blog we highlighted results of a test we ran last spring. When we test, we test the best of the competition with the latest software and published best practices at that point in time. When that test was run, the MR42 was the best Meraki had to offer. Once Meraki made the MR53 available, we tested it and here are the results.
Google Apps for Education is crushing it in the education market. They deliver tons of management features, securely via the cloud, and make their architecture highly extensible via rich application programming interfaces (APIs). To date, Google Apps for Education hosts user and device policies for more than 50 million students, teachers, and administrators around the world.
Mojo Networks provides a great K-12 solution by covering the three S’s for education – Safety, Simplicity, and Savings. We provide safety with the best WIPS solution in the industry. Our cloud managed WiFi stretches E-Rate dollars, saving the unnecessary cost of controllers, and our pricing eliminates expensive AP markup. Our automatic AP configuration couldn’t be simpler. I’d like to add a fourth S to this line-up: Speed.
The classroom paradigm continues to shift as new technology is adopted. Long gone are the days of watching a movie in class by threading the film from one reel, through the projector, onto the other reel. Film was replaced by videotape, which was replaced by laser disks and then by DVDs. The new classroom instruction model includes HD video streamed wirelessly on demand from a local/regional distribution server (or from the web) to each student, who has their own computer or tablet.
The latest paradigm is much more personal and interactive, which greatly increases the number of clients (tablets, laptops, and smartphones), the client density, the different types of applications, and the requirements and bandwidth those applications. In order to be able to support this shift, many parts of the school’s IT infrastructure must be updated, especially the wireless LAN.
When we do competitive performance testing, we expect the premiere APs from our competitors to be in the same ballpark. We were quite surprised at the poor showing of the Aruba IAP-325 in the 50 client, mixed application test. The Aruba IAP-325 performed on par with the Mojo C-120 for the video and voice clients, but at the expense of the data clients where only 40% met the 1 Mbps minimum data throughput standard.
Mojo Networks recently introduced the C-130, a three-radio 802.11ac Wave 2 access point, because our enterprise and university customers demanded more functionality for their WiFi infrastructure. The C-130 is a multi-purpose access point that can dedicate the third radio for an array of functionalities and associated benefits:
It’s all about software! Software on networking devices, and a robust software management architecture delivered via the cloud that manages thousands of networking elements.
To assure customers about security, vendors of cloud managed WiFi often tell their customers that they use “SSAE 16 certified data centers.” It is essential to drill down into this claim, else it stands the risk of being a half-truth, and as Mark Twain once said, “A half-truth is the most cowardly of lies.”
One of the challenges of WiFi is that clients are notoriously self-interested and use a very rudimentary decision-making process to determine which access point to connect to. This decision is simply based on AP signal strength or signal-to-noise ratio (SNR). The IEEE 802.11k standard is designed to help the clients make better, more informed roaming decisions, but to date very few clients have implemented it.
When Oakland Catholic High School implemented a new 1:1 initiative during the summer of 2014, Vernon Young (Director of Information Technology) expected to encounter some hiccups along the way, but what he did not anticipate was how poorly their controller-based WiFi would perform in a high-density K-12 environment.
I have a friend in Hong Kong who bought a new Lamborghini. As an automotive enthusiast I was inquisitive. Hong Kong traffic is horrendous, thus I was particularly curious about where he could actually drive his Lambo. I asked: “Where can you go fast?” In all seriousness he replied: “Why would I want to go fast? Nobody would ever see me!”
The backbone of any WiFi network is the access point. Speeds have increased significantly with the advent of 802.11ac, and its second iteration (referred to as “Wave 2”) we are finally seeing multi-gigabit WiFi come to the forefront. These improvements owe a lot to the advancements made by chipset manufacturers and ODMs, who in turn create an ecosystem from which all major players pull their hardware. But hardware only goes as far as the software that lives within: in reality the highest levels of performance are realized from these two aspects working together. So when it comes to understanding that performance, two questions come to mind: How do you measure WiFi performance? And: Who has the best access point performance in the market today?
WiFi in K-12 classrooms is central to today’s e-learning approach to education. While there are many ways to deploy WiFi in schools, here are four simple things to consider when you upgrade the wireless network at your school.
There has been much chatter over the years on controller versus controllerless WiFi for large networks. No matter your WiFi religion, there is nothing like a real-world use case to see how the market is evolving, and we have an impressive one for your consideration.
Mojo Networks has captured anonymized data from a Global 2000 customer who runs both a cloud managed WiFi and a Cisco wireless LAN controller network. This customer supports large distributed and campus networks in K-12, higher education, enterprise, hospitality, retail, and an array of other verticals. They will eventually roll out one million access points.
Within a week of its launch, Pokémon Go has become one of the all-time hottest smartphone games.
The first popular implementation of augmented reality (AR), Pokémon Go is based on the Nintendo Game Boy games first introduced in 1996, and which then led to cartoons, card games, and more. (Ah, memories...!) The game has already captured players of all ages and pulled them into capturing Pokémon at the office, on the street, at the park, and everywhere in between. The question is, with schools starting back up in August and September, is your campus Pokémon Go ready?
It’s no secret that WiFi is becoming the primary (sometimes only) way to access the network in major enterprises, universities, and schools. WiFi networks are seeing growing numbers of devices, and in turn growing traffic of high-bandwidth voice and video applications. You can no longer simply plug in an access point and expect it to maintain strong, reliable connections: you need access points that can dynamically adjust themselves and the clients around them when conditions turn for the worse. But how can an access point do that? Two words: dedicated scanning.
Networks are a shared resource and as such suffer from the tragedy of the commons. In networking terms this means that applications and protocols are designed to do their job (self-interest) with no regard to the impact on the network (commons).
Release 8.0 of Mojo Wireless Manager included Application Visibility. With release 8.1 we are increasing application control power by adding Application Firewall. With the two together, you get robust application management. Here’s why you need it.
Every wireless troubleshooting story starts with a user complaint: “There’s a problem with the WiFi.” (Although sometimes the complaint is in more colorful language.) Here’s how we easily solved one issue using Mojo Packets, our online troubleshooting tool (formerly called WizShark), and busted the myth that stationary clients don’t roam.
Happy summer, Mojo World! It’s time again for another cloud release and I want to take some time to highlight a couple of key items. Our goal is simple: deliver superior enterprise WiFi. And though our past releases focused on our cloud architecture built around WiFi analytics and automation, this time we want to hone in on the cool new things our access points are doing to help ensure your WiFi is the best it can be. So let’s focus on two specific additions: Mojo Air and the Mojo Cluster Protocol (MCP).
RRM (Radio Resource Management) is a collection of techniques in which access point radios continuously analyze the RF spectrum to do the following:
Imagine 65 million years ago, a Tyrannosaurus rex looking up at the night sky. (Despite what we saw in Jurassic Park, the T. rex actually had excellent eyesight.) She might enjoy looking at the stars, and maybe one night, she saw a shooting star moving across the sky. She gave it a second glance, and probably should have paid closer attention, but continued to move on into the night.
Last month, USAC released E-Rate Funding Year 2016 Wave #1, and now roughly $17M in recently-approved funds is at risk of being delayed or cancelled if applicants don’t adhere to these new changes in the E-Rate funding process. We’ve sorted through all of the important updates from USAC to provide you with a simplified list of what’s new, and what’s needed in order to obtain your E-Rate reimbursements.
We’ve all been there right? Stuck in a rut, unable to break free from the ways we’ve always done things. No, I’m not talking about your love life (well, not in this post, anyway), I’m talking about WiFi! Big things are happening in the world of enterprise WiFi, and we at Mojo are excited to lead the efforts to innovate our business and deliver services and specialized features that really make a difference. Let’s dive into an example, shall we?
802.11ax is the new 802.11 standard currently in the making. Unlike earlier 802.11 standards that mainly focused on increasing raw link speeds, the design objective now is to increase airtime efficiency. One feature it introduces is OFDMA (Orthogonal Frequency-Division Multiple Access) to address the airtime inefficiency caused by short WiFi frames. The other is dynamic sensitivity control, which modifies traditional CSMA (Carrier Sense Multiple Access) to address airtime inefficiency caused by co-channel interference during channel reuse.
Wireless testing is hard. Any variable can change the results. This post is for those of you who are interested in WLANs and comparing the myriad AP performance tests published by AP vendors, third-party test labs, universities, and anyone who has an AP and a client.
Since the introduction of the STEM (Science, Technology, Engineering and Math) and STE(A)M (Science, Technology, Engineering, Arts and Math) movements about 10 years ago, there has been a focus on making sure that our students in the United States receive a great education to stay competitive in a worldwide market.
For me, the STE(A)M movement has a deeply personal connection. My background is in engineering and technology, my degree from Cal Berkeley is in Chemistry, which lead me to a 25-plus year career in technology. My education and career path have been very “left brain” (i.e. logical, analytical) focused. What I discovered over the years is that my “right brain” (intuitive, thoughtful, creative) not only needs a release but that giving that part of my mind regular exercise makes me better at my job.
Last week, Mojo introduced the C-130, the industry’s first tri-radio Wave 2 access point with a 2x2 802.11ac third radio. (In an earlier post, Hemant Chaskar explained the security benefits of a 2x2 third radio.) In this post, I will show how that third radio provides significant performance improvements, especially for enterprises running voice and video over WiFi.
WiFi, like walkie-talkies, uses a shared medium. Only one device can effectively transmit at a time. When two people talk on walkie-talkies at the same time, neither is understood. The serial nature (one transmission at a time) limits the capacity of the channel. Capacity can be increased by having users talk faster, or by compressing what is said by using abbreviations for words or phrases. (OMG, this blog post has TMI!)
WIPS monitoring requires scanning all WiFi channels in round-robin fashion to detect threats and vulnerabilities. This scanning can be in one of two forms:
For enterprises that desire strong WIPS security and/or those that deploy real-time applications, background scanning isn’t adequate for the following reasons:
As a leader in secure cloud managed WiFi, we look to introduce products that push the envelope in the industry. With that in mind, we’re extremely excited and proud to introduce the C-130 for a few key reasons.
First, the C-130 is the most powerful, versatile, and multi-purpose tri-radio 802.11ac Wave 2 access point. Second, Mojo Networks pricing makes the C-130 the best option on the market, even better than dual-radio access points.
Hello, Mojo world! As you saw, in April we had a new release that brought new features to our access points and our cloud. Today I want to hone in on Mojo Wireless Manager’s new Monitoring tab. We recognize that the average IT organization spends almost 80% of their day on monitoring and troubleshooting, and that with the growing demand for fast, reliable WiFi it’s paramount that you see what’s happening everywhere, so you can take action fast.
Mojo Networks recently announced the new version of Mojo Planner, a Windows-based predictive wireless LAN planning tool for our customers and partners. It optimizes your WLAN based on WiFi coverage, capacity, and security.
We hear this question a lot. The explosion of mobile devices and the increased bandwidth possibilities of 802.11ac Wave 2 mean even greater demands on WiFi networks. That often means more pain for network managers, but eliminating those pains is our goal at Mojo Networks.
Your current WiFi vendors are making a fortune on your back. They’re overcharging you, keeping you tied to on-premise controllers, and limiting your choices. They’re doing what’s best for them and not what’s best for you, all under the premise of “enterprise grade” and “high performance” marketing jargon.
It wasn’t too long ago that we announced how we’re changing the way customers purchase WiFi. We don’t want you stuck in a business model that stymies innovation and maintains expensive, inefficient processes. We know there’s a better way. And so today I am proud to announce the new Mojo Lifetime Limited Warranty: a continuation of our efforts to remove inefficiencies, promote innovation and seriously reduce your headaches. You heard it here first: no more RMA.
Hello Mojo world! Today I am psyched to announce yet another amazing release of the Mojo cloud managed platform and, as always, I want to take some time to share the highlights. We’re making a big jump forward as we introduce Mojo Wireless Manager 8.0 and setting the stage for an exciting year of change. We want you to have the accurate, in-depth analytics and automated processes needed to effectively monitor and troubleshoot your network.
I am thrilled to share that following a successful trial with Global 2000 customers over the past year, Mojo is rolling out its new business strategy for enterprise WiFi to all users. Through our esteemed channel partners, our customers can now purchase our state-of-the-art WiFi hardware without a pricey markup...none, zero, no mark up...period. Customers can buy our access points just the way they always have – from Mojo partners – along with our leading cloud service to manage those access points. The access points, and thus the overall solution, is now (a lot) less costly. This revolutionary direct-to-market business model lets users save up to 50% over traditional WiFi vendors.
What factors enter into a calculation of the total cost of ownership of a WiFi network, in terms of money, time, and trouble? Let’s start with the obvious.
Early adopters of cloud managed networking (WiFi in particular) cited simplicity of deployment, ease of management, and favorable economics as key benefits of this architecture. While these benefits continue to hold true and improve by the year, I now see increasing awareness among customers about the security posture of the cloud. Part of the reason may be that cloud networking architecture is now transcending from niche to mainstream, even encompassing bigger enterprises and large service providers. As this happens, there are a growing number of cases where security departments in organizations weigh in on major infrastructure decisions.
Necessity is the mother of innovation. Cloud managed WiFi was born out of the need to provide a management plane for controllerless WiFi, and provided additional benefits of reducing network TCO via economies of scale, multi-tenancy, and simplicity of administration.
Having come thus far, the question now is: What lies ahead for cloud managed WiFi? What are today’s needs that will drive the next wave of innovation?
802.11ac Wave 2 is rising fast, as legacy 802.11n networks are upgraded. Current 802.11ac Wave 1 networks may not upgrade to Wave 2 right now, but by the time these networks have hit their typical 4-5 year lifespan, the next WiFi standard will be available: 802.11ax.
Early adopters of cloud managed networking (WiFi in particular) cited simplicity of deployment, ease of operation, and favorable economics as key benefits. These benefits have proven themselves over years for many organizations, but of late I have seen a new consideration coming to the forefront: security of the cloud.
The campuses of today (and tomorrow) need high-capacity, reliable, and secure WiFi networks. It’s quite a challenge to design a WLAN that will support all applications, anytime and anywhere, on all devices (smartphones, tablets, and laptops). Happily, 802.11ac Wave 2 access points and clients are here. They’ll make your job easier.
A network-focused strategy for wireless security is the conventional wisdom, but is it really the right one? In our next webinar (Wednesday, March 30th, at 8:00 am PST), I’ll argue that a client-focused strategy is best.
As many of you saw last week we announced our latest release for Wireless Manager and Guest Manager - it’s packed with great new features to enhance every aspect of your wireless network. Today I want to zero in on one aspect of that release, and introduce you to another member of the Mojo Access Point family: the W-68!
In the past, a school IT department kept the phone systems running and maintained some desktop computers. Those days are long gone. Today, IT people need to monitor and maintain not just more computers than ever before, but mobile computers: tablets and laptops and smartphones. Some are owned by the school, but teachers and students also bring their own. How can IT maintain, control, and keep track of them all?
It’s easier than you think: a Mojo network comes with an extensive suite of features, each designed and built to make your job (and your life) easier. You won’t need a separate, third-party application for mobile device management (MDM) to accomplish these core tasks.
Hello, Mojo world! We’re really excited about our most recent release to the Mojo cloud managed platform and I wanted to quickly share some highlights. There’s a lot packed into this release. Both Wireless Manager and Guest Manager got updates that will help you with every aspect of your WiFi program - whether it’s for providing fast, reliable access, ensuring the most secure environment possible, or looking for cool new ways to engage with your guests after they connect.
WiFi is changing in a big way. The explosion of wireless devices and growth in cloud applications means that enterprise-grade wireless networks are now a must for more than just the enterprise. Education, hospitality, retail, healthcare, and large public venues also need robust, secure networks.
Since launching in 2003, we’ve been committed to advancing innovation and integrity in the digital age. We take pride in creating — and constantly improving upon — cloud-managed WiFi that can meet the world’s increasing demand for seamless connectivity. We recognize that the industry has many hurdles to overcome, and as such are always excited to see fellow tech visionaries sharing our values and goals — enterprises that are focused on the present and the future needs of an increasingly cloud-first world.
Enterprise-grade isn’t just for the enterprise any more. Educators need fast, high-capacity, secure networks to handle lots of mobile devices and the classroom learning that depends on them. Old-fashioned networks with hardware controllers just aren’t enough. They are too expensive, too difficult to maintain, too hard too expand. That’s why more and more schools are turning to cloud managed, controller-less WiFi networks.
The explosive growth in mobile devices, high-bandwidth applications, and the Internet of Things (IoT) all place greater demands on WLANs. The new 802.11ac Wave 2 standard has come along just in time, and Mojo and Qualcomm are on board with it.
In today‘s increasingly connected world, the need for Wi-Fi hotspots and wireless business connectivity has skyrocketed as cable operators look for ways to deliver value-added services like video, voice and high speed Wireless Internet access. With a wireless network in everyone‘s mobile device, cable providers are constantly in search of the most innovative, scalable and cost-effective products to keep up with the growing demand for connectivity.
Forbes reported in 2014 that only 25% of all technology administrators said they have enough connectivity and bandwidth to meet student and teacher needs. Today’s classrooms increasingly need not “just” WiFi, but reliable, high-capacity WiFi. They need to deal with many challenges: the interactive learning of the “flipped classroom,” streaming video, online testing, and of course lots of mobile devices. They need to empower teachers, even those with limited access to IT support staff.
Over the past year, we’ve been working closely with our channel partners to understand how to make it easier for them to sell and close deals faster. That lead us to completely re-engineer our partner portal to focus on speed, agility, and responsiveness, and today I’m proud to announce the result of that effort: our new Mojo Force platform. I firmly believe this platform is going to set a new standard for the relationship between vendors and the channel.
The role of WiFi is evolving to encompass much more than mere connectivity, and the growing demand for free and guest WiFi has created an opportunity to turn WiFi into another point of engagement for businesses. That’s why we’re launching Mojo Canvas, the only real-time customer engagement solution for the WLAN market. It allows retailers offering on-site WiFi to better engage with customers while they’re connecting, while remaining cost-effective, easy to manage, and flexible to scale across any location.
After almost a year of behind-the-scenes work, I’m proud to finally introduce Mojo Networks to the world as the next evolution of our company as we say goodbye to the AirTight Networks brand. When AirTight was founded in 2003, WiFi was starting to gain traction as a critical piece of enterprise infrastructure. There were numerous concerns about WiFi and security and AirTight pioneered a Wireless Intrusion Prevention Solution (WIPS) to bring greater integrity and safety to networking. Eventually, our customers wanted AirTight to be their all-in-one wireless solution, and in 2009 we launched our cloud-managed WiFi platform that has since been used by Fortune 500s, Global 2000s and the highest levels of government.
By now, kids in primary and secondary schools across North America are settling back into their routines. But school IT administrators and tech-savvy principals and teachers should already be thinking about how to prepare their schools for the following year with fast and secure Wi-Fi, protect students from Wi-Fi hacking, and take advantage of available E-Rate Wi-Fi funds for next year’s deployments.
Telecom operators have set their eyes on offloading traffic to the unlicensed spectrum in the quest of increasing wireless capacity. To this end, we often hear terms like Wi-Fi offload, LTE-U (and its standards-based version called LAA), LWA etc. It is one thing to learn about any technology by hearing about it, but it is another to learn by getting your hands dirty working on it. I got to do exactly the latter when we engaged in the project to provide Wi-Fi offload network (of seven digit scale) for a telecom operator on the AirTight cloud Wi-Fi platform. It helped me gather better understanding of the offload technology and telco Wi-Fi market vertical.
Any technology often sparks lengthy discussions, questions, and tends to summon some common misconceptions that can and should be disproven. Cloud Wi-Fi is no exception to this. I want to share some of the most common myths about cloud Wi-Fi that I’ve seen and show you why they are not reality.
Remember the 3 R’s in K-12 education – “reading, writing, and arithmetic”? Well, at AirTight, we’re bringing the 3 S’s to K-12 education – safety, simplicity, and savings.
The most exciting advancements in Wi-Fi are happening right now in the cloud. Whether your priority is guest engagement, driving revenue, enhancing security, easier Wi-Fi management, or simply learning more about what cloud-managed Wi-Fi can do for you, this is your chance to understand how cloud Wi-Fi benefits your business!
There is an emerging trend to apply SDN (Software Defined Network) to Wi-Fi. Much of this discussion today is geared towards applying SDN constructs like OpenFlow and Network Function Virtualization (NFV) to Wi-Fi access points (APs). For example, OpenFlow interface on the AP to configure its settings from the SDN controller or to configure traffic handling on the AP such as packet classifiers and QoS from the SDN controller. Another discussion point is around tunneling AP traffic to NFV node for service provisioning. While these are good ideas, they do not cut to the essence of Wi-Fi, which is in the wireless. That is to say, these concepts are applied to APs in the same way they apply to other wired network elements like switches.
What is cloud-managed Wi-Fi and why should you care about it? This is exactly what I’ll be discussing in an upcoming webinar on Wednesday, August 19 from 11 am to 12 pm Pacific Time. This session is kicking off a brand new series on Cloud Wi-Fi webinars that Mojo will be hosting over the next several months. View the entire webinar series schedule here.
Mobility is transforming the world around us. And we are thrilled and honored to be recognized for wireless innovation in the mobile industry.
Great news: you can now have outdoor Wi-Fi that is easier to manage, more secure, and increases revenue.
How well do you know your customers and patrons? Do you know where they spend the most time in your building? Can you say what the busiest areas are throughout the day?
At Presidio Partners, we strongly believe in the power of technology, innovation, and data to push our entrepreneurs and ourselves in ways that will make the world a better place and help us meet ever-changing societal challenges. This view informs our pursuit of investment opportunities with young, growing companies.
Over the last few months, we have been thrilled to announce several new additions to AirTight Networks’ leadership team. You can read the press releases from December 18, 2014, June 17, 2015, and July 14, 2015 covering these leadership appointments, but we wanted to take some time to share a holistic view of the latest updates to AirTight’s executive team and vision. Our experienced and innovative leaders will position the company for continued success in the fast-growing enterprise Wi-Fi market.
Elevate the classroom experience with AirTight Secure Cloud Wi-Fi
I am proud to announce two new systems for Mojo end-users and partners.
MOJO SUPPORT PORTAL FOR END USERS
Mojo Support provides access to our knowledge base, makes it easy to create support tickets and contact support agents.
Recent security reports from Verizon and new data from Mary Meeker of Kleiner Perkins Caufield & Byers have important security lessons for retailers. This blog summarizes key findings from these two widely respected sources.
Introducing Mojos Zoning feature – integrated zone-based Wi-Fi analytics
Google Project Fi is a new program launched by Google that claims to deliver fast, easy mobile service in partnership with leading carriers to create a unique experience for its subscribers. Below is a summary of its key features as advertised:
iBeacon has been getting a lot of attention lately mainly because of claims of how it can transform the retail industry. After having talked to many retail customers, iBeacon technology providers, and others closely associated to this eco system, it occurred to me that iBeacon and baseball have a lot in common.
On April 15, the PCI Security Standards Council (PCI SSC) published PCI Data Security Standard (PCI DSS) Version 3.1 and supporting guidance. The revision addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk.
The first part of this 2-part blog covered the following topics:
Wi-Fi networks are a workhorse for internal restaurant operations. But when properly designed and implemented, they can also be highly lucrative, driving both customer loyalty and revenue.
Earlier in my career, I worked for a cellular network vendor where I specifically focused on 3GPP (and 3GPP2) networks. Today, I am majorly into Wi-Fi and as you would expect, cellular networking went to my back burner. There existed a clear separation between cellular and Wi-Fi networks. That has now changed as the telco carriers turn to the unlicensed spectrum to add capacity.
In many Asian countries, the New Year is based on the lunar calendar and is dictated by the first new moon and ends on the full moon. In the case of the Chinese calendar, each New Year is marked by the characteristics of one of the 12 zodiacal animals: the rat, ox, tiger, rabbit, dragon, snake, horse, sheep, monkey, rooster, dog and pig.
The Wireless LAN Professionals Conference is the brain child of Keith R Parsons - certified Wireless LAN professional, consultant and teacher. The conference consists of two days of fun, great topics, awesome gear, and wonderful networking. It features presentations from a vast array of experts in the field. The event is designed with two track sessions and short powerful talks called Ten Talks.
In many Asian countries, the New Year is based on the lunar calendar and is dictated by the first new moon and ends on the full moon. In the case of the Chinese calendar, each New Year is marked by the characteristics of one of the 12 zodiacal animals: the rat, ox, tiger, rabbit, dragon, snake, horse, sheep, monkey, rooster, dog and pig.
Recently, net neutrality has been a hot topic of debate. The discussion mostly centers on Internet video transmission in the ISP (Internet Service Provider) core network.
The New Year is a time to reflect on the changes we want or need to make. January is usually all about resolutions, setting goals and getting a fast fresh start. This applies just as much in business as it does on an individual level. All indications are that 2015 will be a banner year in the Wi-Fi industry as well as for AirTight partners and customers!
They are different notions. Scale is mostly about numbers, but scalability incorporates business enablement in addition to scale.
One of the biggest benefits of using the cloud is its ability to scale. In the world of cloud managed Wi-Fi, scale really means being able to deploy tens of thousands of access points (APs) without having to worry about additional resources being available to manage them. However scaling Cloud Wi-Fi is not without its set of challenges. In this blog we will look at some interesting challenges in scaling Cloud Wi-Fi, and how they are addressed. So read on!
What is the CxOs to do? Whether you’re a CEO, CMO, CIO/CSO, or COO, your organization’s future must have a stake with cloud Wi-Fi. Dr. Kaustubh Phanse, VP of Content and Product Design at AirTight Networks recently keynoted on this very topic at CRN’s NexGenCloud Conference. In case you missed his keynote, you can flip through the SlideShare companion.
Each year, CRN Test Center's Tech Innovator Award program recognizes companies that deliver outstanding innovation in hardware and software solutions specifically developed for the enterprise.
In the last couple of weeks, several reports on carriers’ plans and practices to track and analyze their mobile web traffic caught the attention of consumers and privacy watchers.
Our security researchers recently took a look at Apple’s iOS8 MAC randomization feature. It was touted by Apple for its ability to protect consumer privacy from persistent WiFi tracking, but turned out to be of limited usability as currently implemented. With all the interest in privacy features, we thought we’d give you a look at what’s ‘under the hood’ in retail WiFi analytics.
AirTight Networks was honored with two industry awards for Cloud Wi-Fi, and Social & Analytics. AirTight won a 2014 Cloudys Cloud Channel Innovation Award and a Gold status from 2014 Golden Bridge Awards. Both awards were announced on September 8, 2014.
Recently, I was invited to speak on Wi-Fi security at Wireless LAN Professionals Conference Europe in Maastricht, Netherlands. Excited about my first trip to the Netherlands, I quickly said yes and off I went. After meeting up with my co-worker, we arrived the evening before the conference to relax and check in. As a vendor neutral conference, the only Wi-Fi available was offered by the hotel (free!). On night one, we enjoyed some conversation with a few of our peers, and retired early to catch up on email (and sleep).
The FCC’s decision to impose a fine on Marriott Hotels for unscrupulous Wi-Fi containment has set off numerous debates. Many in the WLAN community have opined on its implications for the use of unlicensed spectrum (see references below and follow Twitter discussion on the topic). These parleys have touched upon performance impact, security challenges and Wi-Fi monetization practices.
Unless you've been hiding under a rock or are a WLAN newbie (in which case you’re forgiven), you know about Keith R. Parsons and WLAN Pros …
Yesterday the FCC issued an order and consent decree (settlement details) DA 14-1444 in the investigation of Marriott International regarding blocking of personal Wi-Fi hot spots in the conference facilities of the Gaylord Opryland hotel property. The FCC imposed $600,000 fine. The decree mentions Marriott admitting that the blocking was performed using the rogue containment feature of a Wi-Fi monitoring system (We do not know which Wi-Fi monitoring system they used).
The First Annual CWNP Conference is fast approaching. Here at AirTight Networks, as participants and presenters, we’re very excited about this inaugural event. We’ll be up at 1:00 P.M. ET on Tuesday September 23rd with Robert Ferruolo and Gopinath KN leading a session on wireless troubleshooting made easy (you read correctly, it’s not an oxymoron).
Did you know that sales of enterprise-grade wireless LAN equipment with the new 802.11ac Wi-Fi standard are expected to skyrocket over the next four years? This is partly due to the aggressive pricing strategies, according to a report from Dell'Oro Group.
C-65 Wi-Fi AP/sensor makes the 802.11ac transition easy and affordable as connected devices proliferate.
On September 4, 2014, we announced the launch of our new AirTight C-65, an 802.11ac Wi-Fi point AP / sensor. It eliminates current and emerging wireless security threats and removes the tradeoffs in functionality often associated with upgrading to 802.11ac. Read the announcement.
The AirTight C-65 has dual concurrent 5 GHz and 2.4 GHz band radios supporting 802.11a/n/ac, 802.11 b/g/n, two spatial streams, and data rates of up to 866 Mbps and 300 Mbps, respectively. The device operates on AC power or can be powered using the prevalent IEEE 802.3af PoE standard. This does not result in any loss of 802.11ac performance unlike for some 802.11ac products, which require expensive infrastructure upgrades to PoE+ (802.3at) for full functionality.
You may have already noticed - Google search has been strictly using HTTPS for some time now. Typically, people do not enter passwords in keyword search and so people probably were not terribly worried about search sites not using HTTPS (Bing still allows HTTP). Nonetheless, Google seems to have taken position in favor of HTTPS. YouTube also allows HTTPS (though HTTP option is also available today). When YouTube page is accessed over HTTPS, videos also stream over HTTPS (a way to check this is funny name option called "Stats for nerds" which shows on right click on YouTube video). One could also say Google is making a point here that HTTPS isn’t necessarily the scalability bottleneck today.
Will my friends get spam if I use Facebook social login? What information about my friends will be shared?
-- updated with the answer --
As someone who has walked more than a few miles in a network administrator’s shoes, I’m all too familiar with the challenges of configuring and troubleshooting mesh environments. In my last position, as an administrator responsible for 300+ mesh nodes, I know the stress and frustration of dealing with dropped connections along with the other problems associated with mesh environments.
AirTight offered early beta access to WizShark, our visual WiFi troubleshooting tool in cloud, and since then it has been a fun ride for the team. It was heartening to see a number of WiFi professionals taking interest in the tool and appreciating its graphical representation of packet captures. Of course, the positive feedback was accompanied with, as expected, feature requests!
Popular literature on 802.11ac describes 40 MHz and 80 MHz operation (channel bonding) as doubling and quadrupling of the data rate, respectively. Every time I saw that mentioned, the following question came to my mind.
When radio transmits over 40 MHz (or 80 MHz) channel, is the total transmit power proportionally increased over 20 MHz to maintain the SNR (signal to noise ratio)? And, how is the data rate multiple with channel bonding distributed over the cell?
This question nagged me like a little stone in the shoe that is impossible to ignore. My subsequent findings from the lab tests show that the popular literature is only partially true. Read on to find out why.
ISTE 2014, the largest US education technology conference, closed July 1 - good-bye, Atlanta! The time frame coincided with new developments around FCC's proposal to close the E-rate's "Wi-Fi gap"; we cover these below.
As always happen with these large events, not everyone can go. But educators are a creative bunch. Rather than feeling left behind, they organized a parallel #NotAtISTE14 conference - complete with presentations, virtual badges and ribbons, Google+ community and hangouts, Twitter chats, karaoke (!), challenges and prizes. (Links and resources pertaining to a #NotAt... conference are at the end of the post).
We reached out to the community with a contest asking why they needed Wi-Fi for education technology initiatives.
A summary of the tweets are below, with responses ranging from robotics and iPad carts, to working with special ed kids and spurring creativity in students.
Last week, AirTight's Senior Technical Marketing Engineer, Robert Ferruolo (@RAFerruolo), added another chapter to the AirTight 802.11ac webinar series. Robert presented on "802.11ac Deeper Dive" focusing on features that come along with the 802.11ac wireless platform.
During the presentation, Robert broke down channel availability, QAM, beamforming, MIMO, MU-MIMO, frame aggregation, and error correction. To view the recording, click here.
Throughout this 6-part series, we'll continue to break down why 802.11ac should be a serious consideration for your wireless network. The series will address the inevitable migration from 802.11n to 802.11ac.
We'll be continuing to post our Q&A sessions for all of our webinar series. Stay tuned for more updates on upcoming webinars and their corresponding Q&A sessions.
The Wi-Fi Offload Summit is taking place in Palo Alto through today, June 19. Lots of interesting perspectives on what Wi-Fi offload is, Wi-Fi monetization and how to go about it, along with privacy discussions and the future of mobile network operators.
The number of solutions (and vendors) in the Wi-Fi monetization space seem to have exploded in the last 18 months. There are options for
Antony Paladino, AirTight's president of technology services, focused his session on "unconventional engagement" - using Wi-Fi to connect communities, develop company culture, and, yes, fight crime!
Last week AirTight launched its 802.11ac webinar series. Throughout this six-part series, we will be touching on various aspects of the 802.11ac wireless platform. The first session touched on the Essentials of 802.11ac.
We will be continuing the series next week with "802.11ac Deeper Dive." Stay tuned for later installments in our 802.11ac series, where we'll be discussing:
With the theme of “Monetize Thyself!” AirTight speakers will tackle issues of real-time business intelligence, user engagement and creating value from Wi-Fi investments. Update: Please see our recap of Day 1: Suddenly, Everyone Attacks Wi-Fi Monetization.
In today’s environment even the non-traditional telecom companies are jumping into the big data and monetization fray, as seen in Google’s leaked plans to offer free Wi-Fi equipment to local businesses and Facebook’s integration of its sign-on with Wi-Fi.
Most recently, Apple announced plans to obscure MAC addresses in iOS 8 potentially impacting Wi-Fi presence analytics. The change in iOS 8 was heralded as a privacy win, but astute observers noted that the move supports Apple’s iBeacon technology, which collects location data much more comprehensive than information inferred from MAC addresses.
Carriers need to ask themselves: “Are you willing to have Google, Facebook or Apple monetize your brand, or would you rather do it yourself?” With tools and solutions available today, carriers do not have to give up control (and monetization opportunities) to others.
Edit: We will update the blog with the recording and the presentation.
Meanwhile, you can register for the next webinar in the 802.11ac series to take place on June 24.
Watch the video from Wi-Fi Hacking 101 event series with Rick Farina, AirTight Networks senior wireless security researcher and resident hacker.
“Security? Who cares,” I hear most people say. They would quickly change their mind if they had met Rick Farina, AirTight’s ethical hacker (known on Twitter as @RickLikesWIPS). UK resellers got the opportunityat a series of Wi-Fi Hacking Events in May. The audience definitely got more than they bargained for with these workshops.
In attendance were partners who sell into all verticals varying from schools and colleges to banks and retailers. Rick was not only able to demonstrate the importance of providing a secure wireless solution, he showed the audience a range of wireless threats that hackers from around the globe may use to steal sensitive data.
UK high school uses social networking technology to enhance student experience.
Headmasters in the UK see social Wi-Fi as an invaluable way of promoting their schools as tech savvy. Competition is fierce, especially among private schools, and social Wi-Fi is an innovative means of recruiting students and connecting with them. What better way to reach students regarding events, news and key issues than by communicating on their preferred social platforms.
“Children often find school boring, so if we as an institution are able to communicate with them on a level that they find interesting and engaging, then we are not going miss out on this opportunity. On the other hand, the need for security within education is paramount and is often a deciding factor for parents when looking for a school. AirTight social Wi-Fi supports our mission to be social, while protecting the network and securing users’ communications.”
Richard Blott, IT manager for Harwich and Dovercourt High School
Read the interview with Greg Griffiths, vice president of retail solutions at EarthLink Business, on the trends in retail WiFi. Also download RIS report "Is CMO on Your Side?", courtesy of EarthLink.
We need to look at retail and restaurants separately. Restaurants have deployed WiFi for a while for their operations and mobile POS. They want to take advantage of their loyalty programs to further connect with their guests, doing more with what they already have. On the other hand, specialty retailers are just now deploying WiFi and it’s all about connecting with the consumer, especially the millennial generation. And that’s all because marketing is evolving from ‘one-to-many’ to ‘one-to-one.’
With AirTight’s scanning technology, retailers get presence analytics at the device level – when people come in, how long do they stay, etc. And with the social media integration, retailers can engage with the consumer and continue to do so even after they leave the store.
Read the interview with Greg Griffiths, vice president of retail solutions at EarthLink Business, on the trends in retail WiFi. Also download RIS report "Is CMO on Your Side?", courtesy of EarthLink.
We need to look at retail and restaurants separately. Restaurants have deployed WiFi for a while for their operations and mobile POS. They want to take advantage of their loyalty programs to further connect with their guests, doing more with what they already have.
On the other hand, specialty retailers are just now deploying WiFi and it’s all about connecting with the consumer, especially the millennial generation. And that’s all because marketing is evolving from ‘one-to-many’ to ‘one-to-one.’
With AirTight’s scanning technology, retailers get presence analytics at the device level – when people come in, how long do they stay, etc. And with the social media integration, retailers can engage with the consumer and continue to do so even after they leave the store.
Wireless packet capture has always been important to Wi-Fi professionals and support engineers for resolving network problems. With the diversity of wireless clients that is already around and which is only expected to grow with the Internet of Things (IoT), packet capture capabilities will continue to be critical. Wireless packet capture can be facilitated in the AP radios using the hardware and the driver level hooks. Read on to find out what’s under the hood.
There are two main plumbing points to get frames from wireless up to the application: one in the hardware and the other in the driver software. At the hardware level, the radio supports “Promiscuous Mode” option. When this option is activated, the hardware passes all wireless frames received on the channel where the radio is operating up towards the driver software. When this option is deactivated, the hardware passes only the wireless frames for the MAC of the radio (and the frames like probe requests & beacons based on the additional sub-settings under non-Promiscuous mode) up towards the driver software.
The driver software can operate in AP, STA, or Monitor Mode.
WizShark is changing Wi-Fi troubleshooting for the better. This tool is now open, register for a risk free trial account.
At Interop in Las Vegas, a Wireless Field Day delegate and all around wireless guru George Stefanick presented “The Wireless Engineer’s Essential Toolkit” and covered everything you could need to properly deploy, maintain, and troubleshoot a WLAN. George took extra time to emphasize how important it is to quickly get the information needed to diagnose an issue. The attendees were engaged and afterwards the conversations continued in the hallways. It’s clear that people want to know how to use the tools of the trade but not everyone has the time to learn such specific tools (I know I didn’t when I was the resident networking jack-of-all-trades).
In the comments to my earlier blog post (Social Wi-Fi and Privacy: Keeping Balance in the Force), Dale Rapp correctly notes that brick and mortar stores can use social Wi-Fi and analytics as a way to compete with online commerce, where every click of the mouse is tracked and scrutinized.
It’s been my experience that many B&M stores begin their thinking on implementing Free Wi-Fi as simply for Free Wi-Fi’s sake – they recognize that their competitors are doing it and that more and more shoppers are using its presence as a deciding factor in where they spend their time; this creates the feeling of crap-we-need-to-do-this-too (and most people don’t like to feel that way).
It’s the savvy groups that recognize that their network can provide more than just Free Guest Wi-Fi; it’s a new opportunity to communicate directly with their visitors, one that takes advantage of the latest technologies and behaviors of modern consumers – and that’s the whole idea behind Social Wi-Fi.
I read with interest Lee Badman’s article in Network Computing: Social WiFi Sign-In: Benefits With A Dark Side. Despite the gloomy title, the article is a fair and balanced look at both benefits and privacy implications of social Wi-Fi.
Perfect timing, I said to myself. Facebook just announced that they will be adding new functionality to their OAuth capabilities which would allow users to access any service using Facebook OAuth anonymously. This is obviously in reaction to the ongoing privacy conversation across the entire Internet spectrum. And it just so happens that we at AirTight released a blog post about it on the same day as Lee Badman's article ran: Facebook ‘Anonymous Login’: What Is the Impact on Social Wi-Fi? We've maintained since the beginnings that Social Wi-Fi should allow an anonymous path for any user who does not want to engage on social media.
Reporting from Facebook's developer conference, CNET writes:
"The biggest news for Facebook's 1.28 billion members is "Anonymous Login," a twist on the standard Facebook Login option that gives people a way to try an app without sharing any of their personal information from the social network. The move addresses concerns about user privacy as Facebook seeks ways to encourage people to explore new apps."
"Facebook says it's testing the new log-in option with select developers,including Flipboard. That means you likely won't see the black button in your favorite apps for several months."
"The news aligns with one of the event's broader themes around putting people first and giving them more control over their data. Zuckerberg expounded upon this notion of improving trust and getting people more comfortable with using Facebook in conjunction with third-party apps."
How does this impact social Wi-Fi, and specifically social log-ins?
As it turns out, we at AirTight recognized early on that despite tremendous growth and acceptance of social media generally, it's essential that users are provided a means to utilize Wi-Fi services anonymously.
This was the first year we attended MES (Midsize Enterprise Summit) where over 200 CIOs of midsize companies gather to discuss how to improve business outcomes through the strategic use of technology.
Vendors give a 3-min pitch during Quick Fire general session, give boardrfacebook loginoom presentations and demonstrate solutions on their booths in the showcase. We went with the Wireless Mojo theme (“we may not be the best known Wi-Fi vendor, but we have lots of mojo!”) CIOs then vote on numerous categories, including best Quick Fire, best ROI, best case study presentation, and others. (For all categories and winners, please see "XCellence Awards Honor Vendors At MES East 2014" from XChange. As you will see, we beat other Wi-Fi vendors who had attended these events for many years).
Highlights from the show:
Airtight Networks has cracked the code on how to deliver meaningful customer experiences specific to each individual through the delivery of personalized analytics in real time. Understanding individual customer behaviors can now be driven by actionable data. Businesses are always looking at ways to improve sales and efficiency. AirTight analytics provide answers to common questions like:
This week we are at Midsize Enterprise East Summit (MES East) in Orlando. The conference brings together 220+ CIOs and senior level IT decision makers. They come together to meet with top technology vendors to focus on the latest and greatest IT opportunities for their business.
What is AirTight focusing on during the conference? Businesses are always looking at ways to improve sales and efficiency. At the same time, brand protection is paramount, especially in the light of recent high-profile security breaches at major retailers. With our analytics DNA, we are turning Wi-Fi from a cost center to a business driver - the value of the network is not just in connectivity, but in the ability to constantly monitor your environment, be it for sales & marketing or security.
EarthLink launched its Secure WiFi™ service in the US, with the official announcement out yesterday: EarthLink Launches New Secure WiFi Service, Featuring Integrated Security, Customer Analytics and Social Media
Check out the news coverage following the announcement:
This is the biggest show in the UK for physical and technical fraud protection within the retail and online industries and AirTight was invited to attend for the first time, an invite we accepted gladly as we can offer secure, PCI compliant Wi-Fi which ultimately offers brand protection, so a win-win for all!
In what turned out to be a very secretive show, the majority of the audience we met protected their identity, something I haven’t experienced before. This wasn’t just the hiding of the delegate badge, but a refusal to give out names of any kind or any detail about their interests or concerns. On further questioning it transpired that some of the institutions and organisations in attendance did not want to acknowledge that they had a retail fraud issue and that their organisations couldn’t be seen attending as this by default meant they possibly had an issue! Our stand had steady traffic throughout the day with leading professionals (we guess!) from various law enforcement agencies, technology companies trying to offer an solution to their client base, high street food and fashion retailers and national coffee shops.
Industry professionals have tended to view mesh networking from a “realist” point-of-view as a niche solution to be avoided if possible, and have never considered the technology the most popular of Wi-Fi capabilities. This pragmatism is rooted in the typical negative performance implications of mesh networks. Just a few years ago mesh capability was limited to a few highly targeted products that served niche markets for large-scale outdoor deployments or service provider environments. These solutions typically relied on multi-radio mesh units, which provide frequency separation between uplink and downlink traffic paths as well as between upstream and downstream hops, in an attempt reduce the negative performance impact for high bandwidth backhaul links.
However, there exists a growing market for mesh networking that utilizes single-radio mesh units to provide an extension of network access across limited mesh hops for hard to wire locations.
Within the vast expanse of Earls Court, West London, RBTE 2014 has been a roaring success, again, for Airtight. This is the second year Airtight has exhibited at RBTE. Following AirTight's rapid growth within the UK and across Europe over the past year, we couldn’t miss out on this opportunity to discuss and demonstrate our “firepower” in the retail arena.
So much competitive marketing noise has been made over the last half dozen years about managing WLANs that vendors are now trying to manage WLANs from anywhere using everything. It wouldn’t surprise me in the least to hear a vendor say that they can now manage a branch WLAN in France from the comfort of their kitchen’s refrigerator’s management widget. It has gotten downright silly. I thought I would recap just how diverse the WLAN management scene has become: first for a good laugh, and second as a reference for those newcomers to the Wi-Fi industry.
You may be thinking, “why are there so many ways to manage a Wi-Fi system?” There’s a variety of answers to that question, such as:
Not every vendor provides each of the management methods described below, but rest assured that every vendor will tell you that you don’t need anything other than what they sell. Can I get an amen? Below, I have offered a visual reference of the seven prevalent methods of managing a Wi-Fi infrastructure. It’s important to note that I will not address Wi-Fi client management methodologies in this post.
There is large and ever increasing assortment of enterprise access points offered by wireless vendors today. APs have different number of radios, number of streams, 11n/11ac, POE compatibility, peripherals, price, etc. While this diversity is overwhelming, have you wondered what lies in the hardware guts of these APs? What are the hardware design concepts that are responsible for rendering feature personality to the AP? How does the hardware ecosystem work among chip vendors, ODMs and AP vendors? What are state of the art hardware architectures for the 802.11ac APs? This blog post discusses key hardware concepts, such as SoC, dedicated CPU and offload architectures that are commonly found inside the APs, along with the ODM sourcing model for the Wi-Fi APs and its implications for product offerings.
In my blog called Corner Cases, I mentioned that high density, high throughput (HDHT) cases are in the extreme minority (<1%). In this blog, I would like to discuss High Density, Low Throughput (HDLT), which I believe will be the situation that over half of the installed Wi-Fi infrastructures of the world will face at some point over the next 5-7 years. I want to clarify that that when I use the term “high density”, I’m referring to client density (lots of clients in a physical area), not AP density (lots of APs in a physical area).
Read about trends in education technology: Wi-Fi as a subscription service, outlook for 802.11ac adoption in schools and integration of social media into wireless networking.
BETT 2014, UK's learning technology show, has been and gone, but it certainly won’t be forgotten! For those in the educational technology sector, be it primary school teachers all the way to network managers of colleges and large secondary schools, this was THE event and is memorable for new technology and aching feet from over 4 days of the conference.
So what was all the fuss about and why was #BETT2014 trending on the social feeds? There were a few noticeable trends this year noted by attendees and exhibitors alike. Firstly came “XXX as a service”! As educational funding changes, so does the need to adapt and service the new legislation whilst still enabling the educational IT needs in what is a constantly evolving technology landscape.
This year’s show was huge. According to the events organizers, there were 1,200 exhibitors and 38,000 healthcare professionals in attendance and there were more nurses, physicians, IT staff and executives in attendance at this year’s HIMSS than ever before.
One of the most interesting Wi-Fi capable devices at this year’s HIMSS was a Wi-Fi enabled bionic exoskeleton. The Ekso Bionics unit (pictured above) was featured in the Lockheed Martin booth. This device is for patients with lower extremity paralysis or weakness. It enables patients to stand, walk and it can assist them with their rehabilitation. The unit is equipped with a single Wi-Fi radio. The radio supports two data streams currently. One stream allows engineers to see real-time telemetry data to determine how the unit is performing. The other stream is for the unit’s user, where information such as steps taken, distance traveled, etc., are sent over the air to an application that the user can access later.
Last week we participated in the Restaurant Wi-Fi Primer webinar with Hospitality Technology Magazine, Boston Market and Spartan Computer Services.
Kevin McCauley presented on best practices in retail Wi-Fi analytics and social media integration. To view the webinar on demand, go to Hospitality Technology (free registration required).
You can also view AirTight's slides on SlideShare.
Most Wi-Fi manufacturer’s marketing departments would have you believe that 99% of all deployments are what I’d call “corner cases.” I call B.S. (as usual).
Here are the high-density/high-throughput (HDHT) corner cases that so many manufacturers would have you believe are so prevalent:
The growth and adoption of mobile technologies is impacting businesses in multiple industries, and we can see strong evidence of this by looking at the healthcare industry. I just returned from the WLAN Professionals Conference in Austin, TX where I heard first-hand evidence of this in a presentation on Continuous Wireless for Medical Devices. A strong emphasis was placed on improving patient safety through the use of mobile technologies that enabled doctors, nurses, and assistants to effectively handle their ever-increasing workload.
A reliable, stable, cost-effective, and simple to manage WLAN is required that enables healthcare professionals without causing undue distraction from their primary objective to provide high-quality patient care. The question then becomes, “how can WLANs provide these qualities for distributed healthcare organizations?”
Network stability and availability is of primary importance for healthcare professionals relying on mobile devices to provide patient care. What’s more, this network stability must be provided in a cost-effective and simple to manage manner. Rather than relying on expensive wireless LAN controllers that are complex to manage and represent a large risk to the organization as a single point of failure, AirTight has developed a mature cloud architecture over the past 7 years that simplifies the network and is resilient to outages – the network continues to function even if cloud access is disrupted.
What a great start to year on the industry events front – we started with NRF in January, looking forward to HIMSS and our ACTS event in February, and MURTEC in March. In NRF, high points of discussion were around Social Wi-Fi and analytics. That said, topics of security and PCI compliance were also high on the agenda prompted by the Target credit card breach that occurred just before NRF. I expect to there will be a lot of security discussions at HIMSS too.
The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996. It is enforced by the Department of Health and Human Services (HHS), and implemented by regulations of 45 CFR. Among other provisions it has rules mandating that healthcare organizations safeguard the privacy and security of patient health information.
What a week it was with WFD6 edutainment! Great minds from different vendors presented their great Wi-Fi stuff during WFD6. With so much happening, our challenge was to fit in as much update as possible in two hours.
Thanks to all who watched the AirTight session live stream!
Here are Twitter highlights from the event (in reverse chronological order, so you will get the praise first :-) )
Please see our recap of Wireless Field Day 6
Last August, AirTight Networks made its Wireless Field Day debut. We had such a good time with all of the delegates and organizers that six months later we’re back as the opening presenters for WFD6 on January 29, 2014, 10 a.m. Pacific.
Netgear recently announced integration with Facebook on their APs using Facebook Wi-Fi API. Meraki and Cisco have also announced the same capability on their APs. Facebook Wi-Fi franchise is growing. It is easy to configure and get working (except when used on Cisco APs, which requires running separate CMX VM and per-AP license). That is good news for local businesses. However, does this architecture meet the requirements of mid-size to big retail enterprises? Not so fast! Let me explain.
Retail enterprises operate multiple stores across regions, states or countries. They run targeted marketing campaigns for customer engagement. This puts certain requirements on Social/Wi-Fi integration for retail enterprises, which are currently unmet with Facebook Wi-Fi integration.
Facebook Wi-Fi allows only Facebook logins, obviously. So merchants miss out on other social channels like Twitter, Google+, Linkedin, Foursquare, etc. In addition to social logins, enterprises also want to promote brand loyalty programs when users access guest Wi-Fi. Facebook Wi-Fi does not allow this as well.
At AirTight Networks, we talk a lot of SMAC (Social, Mobile, Analytics, Cloud). Together these forces have come together to significantly impact and radically change various markets. It’s not hard to wax eloquent about SMAC for long periods of time, but in this article, I want to focus only on the Analytics piece - that numerical, statistical, miracle whip that drives business decisions.
In the SMAC model using Wi-Fi as the Mobile piece, data is collected from Wi-Fi access points. The analytics data itself generally falls into one of two categories: 1) Presence, and 2) Opt-in.
Presence Analytics is, as it sounds, focused around whether the client device is on-location (“present”) and whether it is inside or outside a boundary (e.g. a store front). This type of data is device-specific (MAC Address), independent from the user of a device (contains no user-identifying information), and therefore anonymous. It is collected by using Access Points (APs) to scan the air and to gather MAC addresses (which only a hashed representation thereof is stored). Presence Analytics can be used for a variety of things, but some examples might include:
AirTight Networks secure cloud Wi-Fi will power EarthLink’s new WiFi/WIPS solution designed for the multi-unit retail industry. EarthLink announced the upcoming launch of this solution at NRF 2014.
“Consumers are already using their mobile devices in-store to enhance their shopping experience. With EarthLink WiFi, retailers can roll out corporate applications to connect with those consumers and service them more efficiently, while gathering valuable data for marketing and store operations. AirTight’s offering stood apart with its cloud-based management, rich retail analytics and ease of deployment.” -- Greg Griffiths, EarthLink Vice President of Retail Solutions
Did 2013 have to end with the somber news of a big credit card security breach? But it did! It is reported that 40 million credit cards were compromised in the security breach in stores of a major U.S. retailer Target. This is only a shade second to the earlier TJX breach in which 45 million credit cards were compromised. (After this blog was published, it was reported that the number of affected accounts in the Target breach is as high as 110 million, which would make it more that double the TJX breach!)
After any breach, and surely after the breach of such dimension, discussion on the data security issues at the retailers escalates. Earlier, the TJX breach resulted in stricter wireless PCI (Payment Card Industry) compliance requirements. The current Target breach can also trigger tightening of the compliance requirements. This breach may also prompt IT, security and compliance managers at major retailers to take a hard look at the information security aspects of the various technologies that they have deployed. Add to it the fact that retailers are aggressively deploying mobile and wireless technologies like POS, kiosks and tablets in stores. What are some of the core issues they should be looking at?
This is part 2 of last week's post The Holy Grail of Retail. In today's installment, I discuss what it takes to reach it.
There is a set of coordinated technologies required to affect the Holy Grail. A complex set of variables if you will. It’s the responsibility of manufacturers to implement this set of technologies in such a way that they become a simplified, unified structure. This keeps the learning curve short, deployment and operational costs down, and assures a less error-prone implementation. Consider the following parts:
What’s even more of a challenge is when one or more of these technologies are provided by multiple vendors who have loose (or no) integration.
In the retail market, the current Holy Grail is to unify the online and in-store shopping experiences (sometimes called ‘omni-channel’ retailing) such that the customer has a personalized shopping experience that promotes brand loyalty. The customer experience should be enjoyable and personalized, with available contextually relevant and timely information that makes interacting with the retailer effortless and transparent.
The technology now exists to enable such capabilities, and retailers can drive a new generation of brand awareness and loyalty programs. The new focus will be on growing the business while leaving behind the worries of showrooming and shrinking margins.
Since the technology is here, why then isn’t every major retailer making a move toward the Holy Grail at a break-neck pace? Why can’t I walk into my local electronics store, expecting this guy to walk up to me with an iPad, and…
Wi-Fi is installed after everything else in the network is already set up – switches, routers, servers, firewalls, VPNs etc. Naturally, customers rely on their Wi-Fi solution provider to alleviate any network problems that arise during the Wi-Fi deployments, even though the problems are not necessarily Wi-Fi specific.
Network issues aren’t something new in any project. However, the troubleshooting task becomes challenging when it needs to be done remotely and when there isn’t much onsite IT help. This is often the case with the distributed Wi-Fi deployments. Also, due to the heterogeneity of the network infrastructure in many environments in the distributed vertical, sometimes very stealthy network problems are encountered. Take these recent troubleshooting examples which underscore these points.
This is part 2 of the 2-part series on the managed service provider model in Wi-Fi. Click here for part 1.
An important consideration when offering Wi-Fi as a managed service is whether or not the Wi-Fi solution you will choose is designed for it, both from the technical and business aspects. There’s far more to the selection process than meets the eye, and a few (of many) requirements might include:
This is part 1 on our two-part MSP series. Part 1 focuses on the basics of the MSP delivery, while part 2 will discuss how to make this model work for you.
Nothing’s much has changed since I last blogged about Wi-Fi managed services almost a year ago, other than that I now work for a different manufacturer. The reason for the longer-than-expected ramp-up time is that Wi-Fi manufacturers (in general) haven’t yet adequately equipped their channel partners to take advantage of this market trend. The slow ramp-up is over, and it looks like it’s a land grab of epic proportion… starting… NOW. For those of you waiting on the sidelines, it’s time to get in the game.
As the challenges of delivering high-performance wireless access networks in the face of exploding user demands become ever more daunting to the average IT guy, midmarket CIOs are still having a difficult time of adequately staffing their IT organization. Gartner and I both still believe that midmarket companies should consider using Managed Service Providers (MSPs) to solve this problem.
Speed-n-feeds are not the future of enterprise Wi-Fi. Speed-n-feeds are like my grandmother's potatoes. I'll explain.
Speed is a given. Speed is a commodity. This is what you talk about when you have nothing else to offer, such as system intelligence. Some companies keep trying to rehash the speeds-n-feeds story like my grandmother used to treat potatoes. First, you'd have baked potatoes. If you didn't eat all of them, the next night, you'd have mashed potatoes – made from those same potatoes, of course. If there happened to be any left-overs after that, you'd have fried potato cakes the next night. Believe me, the list of how those potatoes could be served was endless until those potatoes were gone. Same potatoes, different day.
802.11ac has brought with it MIMO alphabet soup ... spatial streams, space-time streams, explicit beam forming, CSD, MU-MIMO. Alphabet soup triggers questions to which curious mind seeks answers. This post is an attempt to explore some questions surrounding explicit beam forming (E-BF) that is available in Wave-1 of 802.11ac. E-BF is a mechanism to manipulate transmissions on multiple antennas to facilitate SNR boosting at the target client.
E-BF is a technique different from spatial streams. E-BF can be used whenever there are multiple antennas on the transmitter, irrespective of the number of spatial streams used for transmission.
In earlier blog posts on 802.11ac practical considerations, we reviewed 80 MHz channels, 256 QAM and 5 GHz migration. Continuing the 802.11ac insights series, in this post we will look at some practical aspects of MU-MIMO, which is the star attraction of the impending Wave-2 of 802.11ac.
At a high level, MU-MIMO allows AP with multiple antennas to concurrently transmit frames to multiple clients, when each of the multiple clients has lesser antennas than AP. For example, AP with 4 antennas can use 2-stream transmission to a client which has 2 antennas and 1-stream transmission to a client which has 1 antenna, simultaneously. Implicit requirement to attain such concurrent transmission is beamforming, which has to ensure that bits of the first client coherently combine at its location, while bits of the second client do the same at the second client location. It is also important to ensure that bits of the first client form null beam at the location of the second client and vice versa.
Both reports state that many security relevant events were detected in the Wi-Fi traffic during the conference. Given that Blackhat is attended by security experts, ethical hackers and just plain security geeks, finding security signatures in the traffic is not uncommon. Nonetheless, I think a few things still need to be matched up in these stats before arriving at sound conclusions.
Have you ever noticed that there always seems to be a disconnect in the Wi-Fi industry whereby vendors build and sell their products based on hardware capabilities, tech specs, and geeky feature sets while customers ultimately evaluate products based on how the solution fits with their organizational objectives? That’s a problem.
The Wi-Fi market is on the cusp of a second-wind of tremendous growth that will be driven by focusing product solutions on the tailored needs of customers in every vertical market. However, this is a departure from the status-quo as historically the Wi-Fi market has grown by pushing products (not solutions) based on the latest hardware enhancements and improvements in speed that have come with each iteration of the 802.11 standard. But that model is breaking down as the technology matures, and hardware differentiation alone is very minimal. And customers are demanding more tailored solutions as their own markets evolve into a mobile-enabled workforce and customer experience.
Are you considering new Wi-Fi deployment or upgrade of legacy system? Then you should be prepared to navigate the maze of multiple decision factors given that Wi-Fi bake-offs increasingly require multi-faceted evaluation.
Anyone who knows me knows that I'm always looking way ahead, and it's my opinion that AirTight Networks is uniquely positioned to take advantage of a major confluence of forthcoming Wi-Fi market changes and requirements. With
1) a scalable, plug-n-play, API-enabled, elastic cloud,
2) controller-less technology,
3) innovative and industry-leading security offerings, and
4) cost-effective, high-performance, feature-rich access points,
no other vendor is as well-positioned to take on managed services, plug-n-play enterprise Wi-Fi, and a wide variety of cloud services.
The need for uncompromising, flexible, and robust security (without the complexity that's normally associated with it) has become a top-of-mind issue, and AirTight is the unmistakable leader in this area.
With the ever increasing importance of Wi-Fi as the de facto access technology, WIPS plays a key role in overall enterprise network infrastructure security.
The U.S. Department of Defense (DoD) recently created a separate category for wireless intrusion detection/prevention in its approved product listing for deployments in defense agencies.
Gartner now recommends including WIPS as critical requirement in all new RFPs for wireless technologies.
Drivers for WIPS such as PCI compliance for retailers and BYOD for enterprises are compelling.
Secure Wi-Fi is also seen as medium to increase efficiency of government and public services. UK courts recently announced a program to install secure Wi-Fi in 500 court rooms. WIPS is required to make Wi-Fi secure.
In early days of cloud Wi-Fi, incumbents used to say that cloud Wi-Fi was just about moving traditional controller appliances to centralized data centers. As time progressed, it became clear that this was a gross mischaracterization of cloud Wi-Fi. In the first dimension, cloud Wi-Fi would differentiate from traditional architecture by decoupling the data plane from the control plane (also called “local switching”). However, this alone wasn’t adequate since tying the control plane to centralized controllers created an inefficient architecture. Accordingly, the second new dimension consisted in moving the control plane to the edge of the network (also referred to as “smart edge APs”).
IDC's recent IT Buyer Experience Survey reveals that "45% of the buying decision is made before your potential buyer even says “hello” to your sales rep." and "buyers are more knowledgeable and connected".
If you're still in the investigation stage (as suggested by the IDC survey) and not quite ready for a customized personal demo with an AirTight expert, you might want to check out the first three installments in our Demos on Demand series.
Demos on Demand serves the communication needs of tech vendors and resellers across vertical industries with its video platform and content library. Airtight is excited to leverage this innovative platform to present in depth product information to assists buyers by showing what our product is, what it does, and how it does it.
The age of the empowered consumer is upon us. According to a recent Harvard Business Review article called Mobile Shopping’s Data Goldmine, some 44% of shoppers use their smartphones while they’re shopping; more than a third of them are comparing prices. The impact of mobile research can be profound, “affecting the buying behavior of nearly 90% of mobile shoppers,” according to the HBR article.| Customer empowerment is extending beyond mobile as consumers become comfortable interacting with retail companies through any channel available, including ecommerce, online, kiosk, voice, webchat, and more. The question is how aggressively retailers are moving to enable this new reality for the customer.
Raise your hand if you have ever gone to a store to test a product or to try on a piece of clothing, then ordered it online, from home, for a cheaper price. Or, if you have compared prices and purchased online, right from your mobile device, right there in the store.
Wi-Fi architectures today come in three main flavors: controllers, controller-less and cloud. While vendors spar over which is the right architecture for today’s and tomorrow’s Wi-Fi, customers are mostly interested in comparing them based on their derived value.
Social, mobile, analytics and cloud (SMAC) technologies are high on everyone’s investment priorities list—so much so that SMAC has become the new enterprise IT model. Research firm Gartner refers to the trend as the Nexus of Forces, a convergence of technologies that is building upon and transforming consumer behavior and ushering in the next-generation of business technology.
“Although these forces are innovative and disruptive on their own, together they are revolutionizing business and society, disrupting old business models and creating new leaders,” says Gartner. Therefore, the SMAC model calls for evaluating individual technology investments by how well it helps you integrate social, mobile, analytics and cloud services to transform your enterprise.
In my previous blog on the 11ac series, I explored 80 MHz channel operation in 802.11ac in the context of data rate, OBSS (Overlapping BSS), network throughput, and auto-channel assignment.
In the present post, I explore the other speed factor of 1.33X that shows up in the Wave-1 data rate equation: (2.16 x 1 x 1.33) x 450 Mbps of 802.11n rate = 1.3 Gbps. This 1.33X factor is attributed to the new modulation technique called 256-QAM introduced in 802.11ac (802.11n had only upto 64-QAM). Consistent with the theme of this blog series that the data rate equation does not bring out critical network engineering aspects, this post explores 256-QAM from the enterprise network design perspective.
Many brick-and-mortar retailers have used data analytics from their online sites to create in-depth customer portraits based on geography, demographics, interests and shopping habits. But when the customer enters their physical store, suddenly the store is largely blind, unable to connect the wealth of online data to the customer walking in their store.
Perhaps this is why brick-and-mortar retailers are being hammered by online-only retailers who know so much about their customers. A recent Forrester report predicts online sales will reach $262 billion by the end of 2013, a 13 percent rise from $231 billion in 2012, while retail store sales have limped along at just under three percent growth.
How could you not! 802.11ac is the new Wi-Fi standard and it has new techniques to increase the wireless data rate above the existing 802.11n standard.
11ac is slated to arrive in two Waves – Wave-1 this year and Wave-2 next year.
At its full potential (Wave-2), the standard is characterized as: 802.11ac max data rate of (4.33 x 2 x 1.33) times the 600 Mbps max data rate of 802.11n, which comes out to be about 6.9 Gbps. The current version (Wave-1), which is commercially limited to 80 MHz channels and 3 spatial streams per AP, the standard is characterized as: 802.11ac max data rate of (2.16 x 1 x 1.33) times the 450 Mbps current data rate of 802.11n, which comes out to be about 1.3 Gbps. It is also important to note that Wave-1 does not have MU-MIMO. The MU-MIMO effect does not explicitly show up in the data rate equations, but it can have profound benefits in practice. |
| Network engineering insights – that’s what is missing! There are several network engineering nuances which do not show up in the above equations. I will discuss them in a series of blog posts starting with this one. In this initial post, the focus is on the nuances of operating 80 MHz channels in the practical network deployments. These 80 MHz wide channels are responsible for the first multiplicative factor of about 2X in the Wave-1 data rate equation.
Due to the myriad of issues that need to be addressed while making these determinations, manual processes and rules of thumb have always been cumbersome and/or imprecise, particularly for Wi-Fi deployments with large footprints.
802.11ac adds more elaborate channeling structure and new techniques to raise wireless data rates. 802.11ac is slated to arrive in two Waves – Wave-1 this year and Wave-2 next year. While the decibel level in the market is raised to prematurely hasten the 802.11ac upgrade cycle, the reality is that this is just the beginning of Wave-1. Many people may not see justification to jump on Wave-1 due to a myriad of practical, network engineering, and interoperability issues that Wave-1 faces. Also important is the fact that Wave-1 lacks the complete feature set of 802.11ac and new radios will be required when Wave-2 hits with those features. All this points to Wave-2 next year to be realistic timeline for large scale network upgrade to 802.11ac.
A lot according to IDC. By 2016, 80% of new IT investments will directly involve line-of-business executives (Source: IDC Directions 2013).
Similarly, Gartner predicts that by 2017 the marketing arm of businesses will control more of the IT spend than IT organizations at those companies.
We’ve certainly noticed this shift. In this blog post, we highlight three customer success stories where this dynamic came into play and how we were able to effectively collaborate across the different lines-of-business.
Lisa Phifer recently wrote a tech note on Webtorial discussing this current topic. It was great talking to her as always on hot topics in Wi-Fi. From these types of conversations and from firsthand experience with many enterprise Wi-Fi network deployments, some salient points stand out for me pertaining to operation of Wi-Fi networks in the 5 GHz band. They are as follows.
I remember my mom’s shopping list. Usually written on scraps of paper and stuffed in her purse, it served an effective single-function purpose: memory enhancement. And while it was mobile, it was easily misplaced, difficult to replicate, and sharing it with others required a physical handoff.
To say that mobile technology is impacting brick-and-mortar retail is akin to proclaiming at the turn of the last century that the motorcar just might change the horse-drawn carriage business. Shoppers today are empowered by technology to gain the advantage at every turn, whether it’s using a smartphone to find the best price for the same product online, locate out-of-stock sizes or colors in the store next door, or learn what their friends or other customers had to say about a product before they buy.
Retailers have long battled the dual pressures of online shopping and congested marketing channels just to get people to walk through their door. Now showrooming has moved the war inside the store, as a fragile economy combined with the ubiquity of mobile devices has created a savvy new breed of consumers who use their smartphones and tablets to research products and prices while they browse the aisles. It’s like having scores of invisible competitors whispering in the ears of your hard won customers.
Canadian Doug Stephens, founder of "Retail Prophet” is the author of this groundbreaking new book.
In early 2013, IDC issued the updated version of its IDC Retail Insights report outlining the top 10 predictions for the world-wide retail industry. One of the report’s authors is retail research director Leslie Hand. She and I recently met at IDC’s Directions annual conference in Silicon Valley to discuss the recently published report.
By Hemant Chaskar|
The expression “it’s too good to be true … then it probably is” is befitting of a recent Ocean’s Eleven type caper. In March, the Crown Casino in Melbourne, Australia was the victim of a skimming scheme. Mark Butler of the Herald Sun reported that "a gambler has been able to get into the security system remotely and, … advise the player about what other cards the other players are holding, and he's cleaned up to the tune of 32 million." Amazing isn’t it, but anything is possible for that kind of “ROI”!
If predictions from leading technology analyst firms are to be believed, the worldwide Wi-Fi market will continue to grow.
Dell’Oro estimates the Wi-Fi market to grow to $9.9 billion by 2016 of which the enterprise WLAN segment alone is estimated to be over $5 billion in revenues.
Gartner anticipates an even faster growth for the enterprise WLAN segment, with spending expected to reach $7.9 billion in 2016.
Here are a few trends (some of which are already happening!), which will go hand-in-hand with this next wave of massive growth in the enterprise WLAN market.
A growing number of enterprises will want to extend their Wi-Fi rollout across remote locations, e.g., branch offices, retail stores, distribution centers, restaurants, and the list could go on. The key challenge then would be to have centralized visibility and management of the entire deployment—ideally from a single console.
This trend will make the traditional controller-based architecture outdated sooner than later because it was not designed to manage Wi-Fi networks across geographically distributed sites. It’s too complex, costly, and does not scale. The change of guards is evidenced in the number of recent announcements by controller-based WLAN vendors. Some are hiding the controller in the cloud, some are hiding them in arrays, some are saying that they are giving customers a “choice” to turn it off (without telling them what functions will stop working without it!), while some are simply giving their marketing a “controller-less” spin. Unfortunately, you can’t turn a fork into a spoon overnight to eat soup instead of spaghetti! Or maybe you can! ;-)
The word “cloud” in the name doesn’t tell the whole story, one has to dig deeper. Here’s why.
- Cisco Warns of Vulnerabilities in Wireless LAN Controllers by Mike Lennon Managing Editor at Security Week
- Cisco Wireless LAN Controllers Wireless Intrusion Prevention System Denial of Service Vulnerability via Cisco Vulnerability Alert
As Wi-Fi deployments extend into large distributed environments, management of these Wi-Fi networks poses unique challenges. It could be the clinic-wide deployment for the medical facility running into 100’s of sites, branch-wide deployment for the bank running into 1000’s of sites, or store-wide deployment for the fast food restaurant running into 10,000’s sites. The network and security management needs for such deployments are very different from the traditional campus Wi-Fi. Accordingly, the network management console has to deliver on a number of fronts.
Really interesting article in Forbes by Verne Kopytoff on the reasons retailers have recognized the value of Wi-Fi for their customers and business processes. He notes that after years of resistance, stores have conceded that the shoppers have won the war. They want Wi-Fi and they will use their smartphones to check out deals.
These are some recent stories of the IT organizations who brought in wireless intrusion prevention systems (WIPS) to secure their network environments against Wi-Fi vulnerabilities and attacks, and what they encountered was the incessant flow of security alerts that they could not keep up with. That is because, the systems constantly crunched signatures and thresholds from wireless traffic to generate volume of alerts for the security admins to consume. Admins could not grasp the enormity of problems that they would face in the production deployments based on the product previews done in the tiny lab setups and based on the marketing material they saw (hey look, we have Gazillion attack signatures, configuration settings, and thresholds in here!). Learn from their experiences, and avoid the destiny they faced by asking the right questions and making the right technology choices early on. AirTight Networks to date has helped thousands of customers avoid such misery by helping them with the strongest WIPS protection without the overhead of ongoing system management.
Barely two weeks after I posted my last blog discussing benefits of the true cloud Wi-Fi over the controller over WAN architecture using Cisco FlexConnect as example for the latter; news of Cisco acquiring Meraki broke out. I got a kick out of it since it showed that my inferences on Cisco FlexConnect and other controller centric offerings were dead on spot, that they can never become real cloud Wi-Fi by incremental touchups and jargon experimentation. I also got a kick out of its timing -- 1.2B acquisition barely 2 weeks after I wrote that post! There are several takeaways for the future of cloud Wi-Fi from this big event. First and most obvious is that the cloud Wi-Fi market is expanding rapidly. Another takeaway is that for the vendors already committed to the controller centric WLAN architecture, migration to cloud architecture is not incremental, but it is disruptive. Cisco could not do the migration in-house even after trying for few years with incremental changes like REAP, H-REAP, ELM, and FlexConnect. As I said in my last blog, cloud Wi-Fi is not about throwing controller over WAN, but is needs to be architected differently from the bottoms up. Finally, it also shows that with the standardization of access point platforms, differentiation in mainstream enterprise Wi-Fi will come from innovations in the application space such as network management, security, and integration with other services.
With rising popularity of the cloud Wi-Fi in the distributed Wi-Fi deployments, there is also an attempt to pass off the legacy controller technology as the cloud Wi-Fi by deploying conventional controllers over the WAN. Realizing that it is infeasible to deploy many smaller controllers in the distributed Wi-Fi deployments such as retail, remote offices, etc., the controller over WAN architecture deploys bigger controllers at the HQ and calls it a cloud Wi-Fi. However, the controller over WAN Wi-Fi does not measure up to the true cloud Wi-Fi for many reasons as outlined below. We will use example of Cisco’s controller over WAN architecture to illustrate these differences. Earlier, Cisco called it H-REAP and ELM, now it calls it FlexConnect, but does changing terminology get controllers to measure up to the true cloud? Let us find out.
Currently, market is inundated with announcements from vendors on 3-stream MIMO APs. Sure enough AirTight has also launched one being at the forefront of Wi-Fi technology. But what sticks out of some of those announcements is lopsided mention of high speed wireless connectivity, even to the extent of misleading claim of 900 Mbps for the dual radio 3-stream APs albeit with a sneaky word "upto" before the number. While connectivity speed is important consideration (actually now a commodity available out of 3-stream Wi-Fi chipsets), that consideration alone does not help to come up with a good game plan for deploying 3-stream Wi-Fi. A more holistic thinking taking into account real world performance, security, and next generation Wi-Fi architecture is required when selecting 3-stream MIMO APs.
Retailers are increasingly looking to deploy Wi-Fi in their stores. They want to provide guest Wi-Fi to their patrons and also want to deploy in-store applications such as wireless POS and printers, wireless kiosks, wireless digital signage, and HQ network access over Wi-Fi. Coupled with these business drivers there is also a wireless PCI compliance requirement to protect credit card transactions. Retailers however face some unique challenges which were hitherto not met by traditional autonomous or controller Wi-Fi solutions. Now cloud managed Wi-Fi has made it quite feasible for them to achieve these goals.
What makes network administrators and security professionals tear their hair out - the "cool" employee who is carrying 2 or 3 or more devices and only one of them is actually issued by the company. I admit, I am one of them but not sure how "cool", just a gadget junkie. There is a lot of advice around these days about how to manage this deluge of personal smart devices entering the enterprise, but I found much of the advice given by Software Advice and CRM Market Analyst, Ashley Furness, very solid in her recent post, "Strategies to Secure Your Enterprise in the New World of BYOD". Some of it may seem obvious, but, often the obvious is overlooked for just that reason. We all know folks who do not change their password from "admin". Ashley's article is a good addition to the body of work out there about the challenges of BYOD in the enterprise. One area which is not mentioned, however, is wireless intrusion prevention (WIPS), which is the natural ally of MDM. With MDM, employees have to have an incentive to get the agent on their devices. WIPS solves that problem. AirTight WIPS as an example protects the network from being accessed by unauthorized devices - those which have credentials but are not an authorized device - by allowing administrators to set up rules which will automatically block unauthorized devices (not just rogue APs) from connecting to the network.
Only two weeks left - take AirTight's One Minute Survey - BYOD: Love it? Hate it?
Click the link - take the survey - enter to win an 8GB iPod Touch.
Corporate users (e.g. employees, contractors) are accessing enterprise network and data, and bypassing corporate security controls using their personal Wi-Fi devices. This uncontrolled access can open wireless backdoors into the enterprise network, malicious activity, leakage of sensitive data, and exposure to malware.
Traditionally, talking of wireless security in the enterprises we talked about embedded Centrio Wi-Fi, Linksys rogue APs, open source DoS tools, and compliance requirements (PCI, DoD, HIPAA). While these topics continue to be important today, the upcoming proliferation of the smart mobile devices is the new frontier for the enterprise wireless security to address. The inundation of smart mobile devices will result into new monitoring requirements, not hitherto discussed. These requirements would amount to "stress test" for the WIPS and only the best of the breed can hold up. While the new monitoring requirements will be many and varied ranging from unauthorized BYOD to heightened rogue AP risk, in this post I wish to discuss some interesting and unique scenarios (numerous soft mobile hotspots, Nintendo chat blocking, wireless geo-fencing) I already encountered this year working with the customers.
BYOD (Bring Your Own Device) seems to be the dominant theme for 2012 in the Wi-Fi infrastructure and security space. As people increasingly bring in personal smartphone devices on the enterprise premises, the network/security administrators are grappling with the security implications. Given how engaging the new smartphone and tablet apps are, conflict arises between the users’ desire and the network/security administrators’ intentions. You need to ensure that this conflict does not turn BYOD into BYOR (Bring Your Own Rogue AP)!
As the BYOD (Bring Your Own Device) tide rises, the network and security admins wonder if their existing Wi-Fi infrastructure security will hold on. In particular, will WPA2 with PEAP, which is pretty much the norm for the Wi-Fi infrastructure security in the enterprise networks today, continue to be adequate? WPA2 with PEAP is simple enough, still strong enough, and has served the enterprise Wi-Fi security needs very well in the past several years. The forthcoming BYOD revolution however pops a new challenge for WPA2 and will require additional thinking on part of the network and security admins about how to complement PEAP to address some of the BYOD security issue. This new challenge comes from the ease with which people can bring in personal mobile devices on the enterprise premises and connect them to the WPA2 enterprise Wi-Fi network without administrator knowledge or help.
Shmoocon labs is a group of vendors and attendees who get together before Shmoocon begins for a learning experience. The task – build a stable and SECURE network infrastructure to meet the needs of the convention. The idea is to teach people how to use the hardware from various vendors and make it all work together as a network that remains secure, stable and functional throughout the conference, no matter what.
Right when the Wi-Fi access and security management are moving towards the controller-less architecture, another interesting architecture seems to have evolved at the other extreme. This architecture seems to be advocating not one, but two WLAN controllers in tandem – and that too from two different vendors. And, some optional (additional?) security management servers on top of the tandem. You think I am kidding? Then check this announcement from Aruba Networks, which is a leading controller-based WLAN vendor: http://www.arubanetworks.com/solutions/by-application/byod-services-on-your-existing-wi-fi/. The stated business case seems to be to put a band-aid on the Cisco WLAN’s (another leading controller-based WLAN vendor) insufficient security features.
This month, AirTight Networks' flagship product, SpectraGuard® Enterprise, achieved FIPS 140-2 validation from the National Institute of Standards and Technology (NIST) of the United States and the Communications Security Establishment of Canada (CSEC).
Recall “Skyjacking” vulnerability discovered with Cisco LAPs couple of years ago? It allowed hacker to transfer control of enterprise Cisco LAPs from enterprise WLC to hacker controlled WLC in the Internet with over-the-air attack. Once control is transferred, the hacker could change configuration on those LAPs in any way by adding, deleting and modifying SSIDs. The hacker could also tamper with Cisco monitor mode APs and take away the security layer. Cisco Skyjacking exploited vulnerability in Cisco’s over-the-air controller discovery protocol. Know more about it here.
Now a similar vulnerability seems to have been discovered in Aruba OS and AirWave console. The advisory states: “[a]n attacker could plant an AP with maliciously crafted SSID in the general vicinity of the wireless LAN and might trigger a XSS vulnerability in reporting section of the ArubaOS and AirWave WebUIs. This vulnerability could potentially be used to execute commands on the controller with admin credentials.” Though modus operandi is different from Cisco, the end result is similar - transferring the control of Wi-Fi controller to hacker by launching over-the-air attack.
No system is free from vulnerabilities and such things will continue to be discovered. But, you don't have to give away "hack one, get one free". You don't have to give hackers control of Wi-Fi coverage and Wi-Fi security in a single shot. This can be achieved by ensuring that the Wi-Fi security layer operates independent of Wi-Fi infrastrucutre.
This article in Information Week by Mathew J. Schwartz is well worth reading. It is time that security came first and compliance second IMHO. Click on the link below and I would love your feedback on the article and my comments.
With the explosive growth of smart devices in the enterprise, Mobile Device Management (MDM) is a hot topic among IT departments these days. In order to secure the network and protect sensitive data on mobile endpoints, many organizations are deploying tools to secure, monitor, and manage smart devices accessing their networks. Installing an MDM agent on mobile assets gives the IT department the ability to enforce VPNs, remotely wipe data off stolen/lost devices, and ensure that devices under management by the IT staff are running the most current and secure applications.
Last Friday, a vulnerability in Google's ClientLogin Protocol was disclosed that makes most Android users vulnerable to "sidejacking." All services (Calender, Contacts, Picasa, Stock Quotes, etc.) that use the Google's ClientLogin API for "Auto Sync" are vulnerable.
Sidejacking (aka session hijacking) is not new to Wi-Fi. Firesheep that caused a stir last October is a recent example of a tool demonstrating sidejacking attack against Twitter and Facebook. The latest vulnerability though holds significance given the huge userbase of Android smartphones commonly using their smartphones at Open Wi-Fi hotspots.
AirTight Networks will be demonstrating cloud-based PCI compliance and Wi-Fi access solutions at the NACStech conference in Las Vegas, May 16-18.
There's been a lot of news in recent weeks surrounding the Sony PlayStation Network breaches. One of the questions that I have received multiple times since this started is whether or not this was a wireless breach or if wireless was in any way part of the Sony vulnerability.
After the TJX breach, the PCI security council strengthened their wireless security standard in an attempt to prevent such catastrophic incidents from reoccurring. While some of the largest retailers strengthened their wireless security, small and medium businesses need to take a look at their own security practices because they are just as susceptible, maybe more. In its annual Data Breach Investigations Report earlier this week, Verizon said "criminals are increasingly hitting smaller businesses as it becomes harder to steal financial data from big companies."
When: Tuesday 26 April 2011, 11:00 AM - 12:00 PM
Time Zone: (GMT-08:00) Pacific Time (US and Canada); Tijuana
If you are concerned about the proliferation of smart devices (Iphones, Droids, tablets) and the impact on your network security, then this is a "can't miss" webinar. The inability to detect and block unauthorized personal devices from attaching to your network puts your business at risk. AirTight CTO and Founder Pravin Bhawat discusses the challenges with mobile device management and the limitations of existing wireless network security measures.
1. Have you wondered if Wi-Fi threats can be present in your network?
I meant to publish something when I first saw this article in Network World. Apparently Gartner debunks the myth that a single vendor network solution is more cost effective and easier to manage. Pretty strong statement by Gartner and there were some pretty strong reactions if you look at the comments on the Network World site.
Controller based WiFi architectures have been the standard for some time, but the advantages of the cloud appear to be a perfect fit for deploying a scalable, and more importantly, manageable WiFi infrastructure. Cloud based solutions are intended to drastically reduce the cost and complexity of delivering an enterprise solution. And WiFi should be no exception.
By now, you have discovered CFO’s like cloud computing. IT solutions that can be purchase as a cloud solution eliminate up front capital expenditures, depreciation, and product obsolescence.
Cloud solutions improve cash management because there is no need to write a big check all up front. Paying only for the capabilities you need, lowers your organizations financial risk. And the recurring (often monthly) operational costs of cloud based solutions provide easy to forecast and budget IT expenditures. Lastly, because deployment time and on-going operational overhead can be recognzed in weeks not months, results are easier to measure.
If you are considering a new WiFi deployment or are ready for a refresh, take a look at this video to see how AirTight's Cloud Services can help.
The year 2010 witnessed continued growth in the enterprise WiFi deployments. The growth was fueled by the latest 802.11n revision to WiFi technology in the late 2009 and ready availability of WiFi in most consumer electronic devices launched in 2010, including the smart phones, printers, scanners, cameras, tablets, TVs, etc. The year 2010 also witnessed popularity of the specialized WiFi centric devices, such as MiFi.
However, the year 2010 also has some major WiFi security revelations/incidents in its kitty, which re-emphasize the continued need for adoption of the best practices for secure Wi-Fi deployment/usage. Here is the run-down on significant WiFi insecurity events which we witnessed in 2010:
Will deploying wireless intrusion prevention make me better "protected" or will it leave me "frustrated" because of the increased operational overhead? If you as a network or security administrator are looking for answer to this question, the answer is: Depends! That is because; it depends on how your wireless intrusion prevention is architected. This video will tell you more about it .
Due to the overwhelming attendance and response we got to the recent WPA2 Hole196 webinar, we did not have time to answer all the questions asked during the webinar. In this post, we are keeping our promise and answering those webinar questions.
By the way, the webinar slides and recording from this webinar as well as answers to the frequently asked questions on Hole196 and a white paper are available here.
So here we go!
Wi-Fi security has experienced a lot of churn over the last decade. As protocols like WEP and TKIP fell by the wayside, WPA2 emerged as the "Last Wi-Fi Security Protocol Standing." Wi-Fi Alliance recently announced its plan to phase out WEP and TKIP, promoting WPA2 as the go-to security standard.
With solid protection in the form of AES encryption and 802.1x based authentication, there was no reason to look beyond. WPA2 did its job well keeping the bad guys outside, out of the network. And traditionally that has always been the focus of Wi-Fi security.
I am just back from a trip to New Delhi (along with my colleague, Prabhash Dhyani). The weather was quite hot and humid. Amidst flight delays and apparently unstoppable Delhi traffic, we managed to meet up with some interesting folks and exchanged several ideas. You may be wondering what this has got to do with a security blog, hold on, you will soon find out!
Wi-Fi Alliance has (finally) decided to take some giant steps in improving the state of wireless security. Starting Jan 2011, TKIP will be disallowed on new APs and from 2012, it will be disallowed on all Wi-Fi devices. Come Jan 2013, WEP will not be allowed on new APs and from 2014, WEP will be disallowed on all Wi-Fi devices. This is the good news. But, let us also get to the “bad” news.
Last week we saw Google facing legal tangles for “accidental interception” of WiFi signals and this week it was Apple facing “mysterious disappearance” of WiFi signals during iPhone-4 demo at WWDC keynote. So “what’s going on”, does WiFi not like us any more? Well, because these things struck Eric and Steve, we got to hear about them, but in fact they strike Tom, Dick and Harry everyday.
The WiFi snooping row Google has gotten itself into seems to be far from over. In April, Google revealed that its Street View cars had been collecting basic data such as the MAC addresses and SSIDs of WiFi networks in the vicinity. But after German authorities asked Google to audit the data, it admitted to have been "mistakenly" snooping payload data from Open WiFi networks. Apparently, a piece of WiFi data analysis code, written by Google engineers back in 2006, was part of the software used by the Street View cars, in turn leading to the WiFi snooping (of about 600 GB of data across 30 countries!).
Recently, there have been multiple instances of Wi-Fi issues related to iPads. Apple has also acknowledged some of the issues - e.g.,an iPad may not automatically rejoin a known Wi-Fi network on a dual band router . Also, Princeton university has faced serious network problems due to iPad. This has been attributed to a problem in the DHCP client on iPad. Here is an interesting theory on how the IEEE 802.11 Power Save mode may be playing a role in this. The Wall Street Journal reports that such issues have lead to the ban of iPads at several universities. This is a cause for concern.
With more enterprises deploying wireless LANs and employee-owned WiFi devices flooding enterprises, wireless LAN forensics is becoming a key component of any network forensic audit -- whether to prove compliance with a regulation such as PCI DSS or in response to a security incidence. But wireless presents unique challenges to forensic audits.
Last month, at RSA 2010 conference in San Francisco, I had the oppourtunity to discuss this issue with experienced auditor and certified PCI QSA Jim Cowing. Here you can view the video recording of an abridged version of our RSA 2010 talk "Anatomy of a Forensic Audit: How Wireless Changes the Game."
Let me summarize the highlights from the talk:
We often hear that WiFi network performance degrades due to radio interference. We also hear that interference is a complex beast which cannot be easily tamed. There are two types of interference sources which affect WiFi network performance - non-WiFi sources and WiFi sources. This post provides a guide to some practical steps to combat often cited non-WiFi interference sources such as microwave oven, Bluetooth, baby monitors, cordless phones, wireless cameras and jammers. The WiFi interference sources will be discussed in later post.
Every now and then we run into network administrators and CSOs that brag about how their organization is not vulnerable to wireless security threats, only to see their rash confidence fizzle out once the results from a wireless vulnerability assessment or penetration test are out.
Today, most are aware that Open WiFi on enterprise network is foolish and using WEP encryption is a bad idea and that WPA2/802.1x is the way to go. Then where do they go wrong?
Windows7 Virtual AP – Why is it a big deal now?
Ever since WiFi radios were available, there have been open source and priced software that allowed users to convert their client cards into APs. While these were available only on Linux based operating systems to start with; ‘Soft AP’ drivers and software has been available for most operating systems for at least a few years now. Also available were USB devices that operate as an AP. In addition; the WiFi interface could always have been put into ad-hoc mode, allowing other clients to connect to it, effectively creating the same vulnerability as a soft AP
So, why is soft AP suddenly a big deal when Windows7 provides this as a built in option in the OS?
Last week AirTight presented the first Webinar designed to educate network administrators and security professionals about the wireless risk introduced with Windows 7. The response was so overwhelming that we are presenting it live again on March 10. I guess we hit a nerve since AirMagnet is bringing up the rear now and presenting a Webinar on the subject. But if you want an in depth look at this topic and solid advice on protecting your network, join AirTight experts for a live encore presentation of our webinar:
Windows 7 - a New Enterprise Wireless Risk
When: Wednesday 10 March 2010, 10:45 AM - 12:00 PM
Time Zone: (GMT-08:00) Pacific Time (US and Canada); Tijuana
My previous post "WiFi Hots(Honey)pots Go Mobile" (http://blog.airtightnetworks.com/wireless-security-mobile-hotspot/) talked about Palm Pre/Pixi Plus going the hot(honey)pot way.
Are you already having trouble preventing your enterprise Wi-Fi clients from connecting to some of the existing public Wi-Fi networks (e.g., T-Mobile, Google WiFi)?
The SSL renegotiation vulnerability disclosure created mood swings in the security community over last month. Immediately after the disclosure, security community was split in opinion about its severity and relevance.
Ever cared to take objection to someone putting flower vase on the table in your office, as it violates your wireless security policy? That is preposterous, isn’t it? Not any more. Look at the artistic WiFi router design from STC.
In several of my recent wireless scanning exercises, I have encountered soft APs much more often than before. In one case, it was an employee who returned from business trip who had used USB WiFi AP in hotel to share his Internet connection with fellow workers (well, they did not all want to pay $5 per hour, if they can get around by paying only once!) and did not care to remove it from laptop before connecting into enterprise network. In another case, it was an employee in no-WiFi organization who used to impress others by creating soft AP on his Window’s laptop for others to access. The moral of these stories is that the occurrence of rogue AP on the enterprise network in the form of soft AP has become more pronounced of late. I think the reasons behind this are the ease with which operating systems (notably Microsoft Windows) allow soft AP configuration on embedded WiFi interfaces as well as off-the-shelf availability of PCMCIA cards and USB sticks designed for soft AP operation. It is also worth noting that soft AP is also a perfect “solution” to put rogue AP on network evading wireside controls such as 802.1x, NACs and wireside-only rogue AP scanner.
Interesting piece on Wi-Fi security on the Today Show this morning. The Today Show aired a piece called “Is your Wi-Fi connection safe?”
The story shows war driving through a residential neighborhood to show that many residential Wi-Fi users still deploy their wi-fi devices without passwords, leaving their connections vulnerable to eavesdropping.
At every turning point big or small, mankind has faced the challenge of making choices between available technologies. May it be “DC vs AC” debate which laid foundation for our electrical distribution systems, or “mainframe vs workstation” debate which created platform for the modern Internet. At this turning point today when WiFi is poised to become mainstream enterprise networking technology, the network security administrator faces challenge of making right technology choice for WiFi security.
Among other things, one important technological choice the administrator will have to make is between wireless intrusion prevention systems (WIPS) which use “active” vs “passive” network connectivity detection methods.
Robust detection of wireless access points' connectivity (or non-connectivity) to the enterprise network being protected lies at the heart of security and manageability aspects of the WIPS. A false negative, i.e., network connected AP called as not connected, results in security hole as it can cause rogue access point (AP) to go unnoticed. A false positive, i.e., network unconnected AP called as connected, results in nuisance and also creates hindrance to initiating to automated blocking.
An interesting survey on PCI DSS compliance was recently published by the Ponemon Institute. There are many interesting findings in the survey some of which I summarize here.
One critical requirement from wireless intrusion prevention system (WIPS) is that it should offer robust protection against rogue wireless access points. The protection should entail instant detection followed by automatic blocking (prevention). Rogue AP detection should be free from false alarms – both on positive and negative sides.
Rogue AP means unauthorized AP wired to (connected to) monitored enterprise network. In other words, rogue AP satisfies two conditions: i) It is not on the authorized AP list, AND ii) it is wired to the monitored enterprise network.
The first of the above two conditions is easy to test, just compare BSSID of detected AP with your managed AP BSSID list. The second condition is where things start to become interesting. Accurately and reliably detecting if every AP seen in air is wired or not wired to the monitored enterprise network requires technological sophistication. Based on the level of sophistication, three types of rogue AP detection workflows are prevalent in wireless intrusion prevention system (WIPS) solutions available in the market.
Finally the news that everybody in the WiFi world has been waiting for! Exactly six years after the 802.11n task group was formed, 802.11n got the final ratification as IEEE standard last Friday.
When talking about wired security, enterprise IT administrators talk about multiple layers of defense such as internet firewalls, VPNs, admission control, email filtering, content filtering, web application scanning and many others. It is like a hacker has to peel multiple layers of an onion before getting to the core. Each layer of security is independent and is preferably sourced from different vendors. Each layer compounds the amount of work that a hacker has to perform to get in.
When considering the security of a wireless network, the same enterprise IT administrators are content with the basic security mechanisms integrated into the wireless LAN infrastructure by vendors such as Cisco Systems and Aruba Networks. IT departments have a hard time understanding why an inner layer of defense for wireless network security is needed in the form of an advanced wireless intrusion prevention system (WIPS). The wireless network security posture of an organization is the weakest when the security integrated into wireless LAN infrastructure is the only layer protecting the core network. Without an inner WIPS layer, the core network is open to rogue APs, unauthorized client connections, ad-hoc networks, MAC spoofing and many other attacks that the wireless LAN infrastructure security cannot protect against.
The recently announced improved version of the original Beck-Tews attack on WPA/TKIP appears to have put the wireless security community in a tizzy again. In this post, I argue that the new attack is neither groundbreaking in academic terms, nor is it more worrying in practical terms.
The proposed attack assumes (somewhat unrealistically) that the AP and client cannot hear each other but the attacker can hear both (and can thus act as a man-in-the-middle). In terms of attack speed as well, it is actually slower than the original attack under its stated assumptions.
Security is hard to get right and shortcuts -- be it coding shortcuts or design shortcuts – come back and haunt the product designers when the rubber hits the road.
The recently discovered “skyjacking” vulnerability of the Cisco LAPs seems to be a classic example. The “Over The Air Provisioning” (OTAP) feature allows an out-of-the-box Cisco LAP to automatically discover available WLC controllers to connect to by listening to wireless OTAP packets broadcast by neighboring Cisco LAPs. This feature obviously has attractive plug-and-play benefits for the end user but has also resulted in some critical security holes in the Cisco wireless infrastructure as reported recently. Malicious OTAP packets transmitted by an intruder can make a LAP connect to a “rogue” WLC controller on the Internet. This controller can modify the wireless settings of the AP in devious ways resulting in an AP that is in your airspace, connected to your wired network but completely controlled by an attacker.
Many security vulnerabilities are due to coding bugs (for example, inadequate input checking or the infamous buffer overflows). In contrast, the skyjacking vulnerability has its root, in my opinion, in two questionable design decisions that were probably made as early as the requirements definition stage.
Rouge AP is an unauthorized AP connected to enterprise wired network. It can allow access to the enterprise wired network from its RF spillage outside of the premises. While it is well established in the mainstream that wired-wireless correlation is the only robust technique to detect such rogue APs, there also have been some wireside-only scanning techniques around to detect rogue APs connected to the enterprise wired network. At first sight, wireside-only scanning appears attractive from cost and deployment perspective as it does not require RF scanners. However the reality is that wireside-only scanning fails to detect many common types of rogues on the wired network.
This latest vulnerability on Cisco WLAN (AP Skyjacking) points out the importance for customers to deploy overlay WIPS to have a zero day response capabilities in place. Making changes to your WLAN controller, APs, and firewalls takes time and new vulnerabilities like this will continue to surface.
Skyjacking vulnerability which allows Cisco LAP to be diverted to connect to rogue controller by manipulating OTAP could be more dangerous than what has been clarified by Cisco in its advisory. The advisory says that “An exploit could prevent the device from functioning properly, resulting in a DoS condition. There is no risk of data loss or interception by the rogue access point or Wireless LAN Controller.”
I recently read a statement put out by Senator Kay Bailey Hutchison urging support for her bill, " The Safe Prisons Communications Act creates a framework for the FCC to test and approve jamming equipment and to review applications from corrections facilities seeking to install cell phone jammers. Most importantly, to ensure the integrity of wireless networks for public safety and commercial wireless providers, and minimize any chance of interference, the legislation outlines the coordinated efforts from all stakeholders, including prisons and the telecommunication providers."
According to Hutchison cell phones are used within the prison walls to coordinate crimes outside the wall, including murders, intimidation and fraud. The idea struck me as one that could be a slippery slope but one could hardly argue that prisoners have a "right" to cell phones - or do they. I would love to hear comments on this one.
Story Highlights from CNN International
LONDON, England (CNN) -- You're sitting in an airport lounge and seize the chance to check your e-mails before your flight departs. You log on and are tempted by a wireless Internet provider offering free Internet access. So, do you take it?
Security experts warn that hackers may be masquerading as free public Wi-Fi providers to gain access to the laptops of unsuspecting travelers.
Moxie Marlinspike presented SSLstrip at Blackhat early this year. The author made observation as to how most people initiate access to secure (HTTPS) websites using insecure connection (HTTP) which creates opportunity for the man-in-the-middle (MITM) attacker to get into the middle of the connection without flashing certificate mismatch message on the user’s machine. It is also possible to display a fake lock icon on the browser. This is unnerving because even those scrupulous users who pay heed to the certificate mismatch warnings can no more avoid MITM attacks by just doing that.
What % of WiFi laptop users in your organization are vulnerable to WiFishing attacks? The odds are very high that you don’t have an exact answer.
“The notion of a hard, crunchy exterior with a soft, chewy interior [Cheswick, 1990], only provides security if there is no way to get to the interior. Today, that may be unrealistic.”-- What Firewalls Cannot Do, Firewalls and Internet security
Rogue APs are Access Points (APs) that are deployed in an enterprise network without the consent of the network administrator. In certain cases, the intent behind a Rogue AP may be benign – for example, an employee who wants to access the network from his favorite corner of the office. While in other cases, a Rogue AP can be deployed with a malicious intent – say, by an attacker or his accomplice.
Sneaking in Rogue APs into an enterprise may not be difficult. Pocket size WiFi APs for less than $50 are readily available in retail stores. Due to spillage of RF signal, a Rogue AP enables an attacker sitting in the parking lot to directly access your enterprise wired network. After interacting with some of our customers and prospects, I have realized that they are familiar with Rogue APs but, lack a complete picture of what all damages one can inflict via a Rogue AP. Hence, I thought of compiling this list of “uses” for a Rogue AP (yes, “use” from the perspective of an attacker or an unauthorized user).
Any organization handling payment card data should pay immediate attention to the PCI DSS Wireless Guideline published by the PCI Security Standards Council Wireless Special Interest Group last week.
The key highlights are:
In my previous blog post (5 Wireless Intrusion Detection Questions You Need to Worry About), I talked about the key questions that are related to the detection of Wireless (WiFi) based intrusions in your enterprise. Today, let’s turn the focus on to the other important aspect of WiFi security – Intrusion Prevention. Here are the 5 questions you should ask on wireless intrusion prevention in your enterprise. Let me know if your answer to all of these questions is in the affirmative.
North American Electric Reliability Corporation (NERC) has promulgated Critical Infrastructure Protection (CIP) standards for cyber security in electric power industry. A recent white paper in Automation World magazine brings out challenges faced in CIP implementation due to proliferation of wireless networking. The paper lays out various scenarios such as approved wireless use, inadvertent wireless use, covert wireless use etc. which break conventional perimeter security model. It recommends state of the art wireless monitoring and control to enforce wireless perimeter security for energy assets.
Recently we did a webinar with one of our health care customers (Maine Medial Center) and it was interesting to note how Wi-Fi networking has become mission critical in health care driven by applications. Various patient care applications enabled via Wi-Fi networking increases patient care quality, improves efficiency, and drives down overall cost. Given all the current discussion regarding healthcare reform and driving down costs, this is interesting to note how a technology like Wi-Fi networking can help you do that.
If you own an enterprise grade local area network (LAN), you need to be aware that wireless (WiFi) based intrusions can potentially be exploited to create security backdoors into your network. This is true even if you have not rolled out your wireless LAN (WLAN) or have rolled out a WLAN that adopts the best-in-breed cryptographic security.
Today, Chief Security Officers (CSOs), Chief Information Officers (CIOs) and network security administrators have different perceptions on the extent of WiFi based intrusions. Hence, they have adopted different solutions to secure their enterprise network from WiFi intrusions.
Independent of which of the above groups you may belong to, here is my list of 5 intrusion detection questions that you need to worry about. If you don't agree, I would love to hear your views.
This story seems to come from the files of "I am ten feet tall and bulletproof." Many of us have a mixed reaction to those who are able to manipulate computers and code to their advantage for criminal acts. We wonder why they do not use their talents to simply make money the old fashioned way but also are outraged at their actions which disrupt our lives, compromise our security and cost us money. But then you read a story such as the one Robert McMillen of IDG posted over the weekend about the security guard and ersatz hacker who allegedly videotaped his cyber exploits at the clinic he was supposed to be protecting and then posted them to YouTube. He claimed to be adding botnets which would allow him to do a denial of service attack on July 4 just for the fun of it. He did get caught. You really have to read this story which is both funny and sad at the same time.
Zero Day Attack is exotic name for hacks which will be realized in future and which we don’t know about today. Conventionally, it is believed that a zero day attack will create some anomaly in the network behavior and hence some form of anomaly detector can provide protection from zero day attacks. However, there have always been practical difficulties in implementing robust anomaly detector. Fortunately for 802.11 WLANs, there is also an alternative viable way to defend against zero day attacks.
My 12 yr old son was fiddling with his iTouch in the back seat of the car last week when it finally dawned on him that he could see several available wi-fi networks in our neighborhood from the front of the house . "Hey, I can connect to Marci's wi-fi ! Can we sit in the driveway for a couple minutes so I can download some songs?"
Live Alerts helps system administrators to quickly identify the ongoing vulnerabilities and performance related issues in an enterprise Wi-Fi deployment.
Before Live Alerts, it was very difficult for an administrator to identify the ongoing threats from the list of reported threats/anomalies. However, with the introduction of Live Alerts, he can now easily distinguish and prioritize between ongoing and past threats/anomalies.
Realizing mobility advantages in businesses, Wi-Fi is increasingly being deployed in corporate premises. However, due to the nature of Wi-Fi technology, an administrator has to face certain security and performance challenges while managing the corporate Wi-Fi space.
Wi-Fi telephony is the upcoming technology that can be set up on existing enterprise Wi-Fi network and empowers enterprises with voice mobility benefits in an easy, scalable and cost-effective way.
Increased deployment of superior Wi-Fi networks to achieve wireless data access and increased adoption of VoIP technologies to make cost-effective calls has led the concept of Wi-Fi telephony to emerge in the recent years.
With Wi-Fi telephony in place, voice mobility can be achieved in an easy to use and inexpensive way. Voice mobility in general refers to flexibility for users to make telephone calls from any place within a premise. Enterprise premises empowered with voice mobility have more productive employees, increased employee convenience and improved business process resulting in faster decision making, increased responsiveness and greater overall productivity and efficiency.
Early 802.11b APs used to have 1 antenna on them, which later became 2 in the 802.11g/a era, which now have become 3 or 6 in the current 802.11n era. So why do number of antennas keep changing as WLAN technology advances to every next generation.
Michael is the Message Integrity Code adapter by the TKIP standard. Michael is actually a weak code which uses simple additions and shift operation which are computationally less expensive, but strong enough as a intermediate solution from WEP. Michael was chosen as MIC in TKIP, so that the already deployed low end Access Points can also be software upgraded to TKIP without any hardware change. This video explains the working of MIC in TKIP.