They are different notions. Scale is mostly about numbers, but scalability incorporates business enablement in addition to scale.

In the Wi-Fi industry, we’ve always talked about “scalability at the edge” which is about higher wireless speeds, more clients served, high density and so on. This will continue to be important in 2015 as more applications and clients connect to Wi-Fi.

However, there is another scalability requirement that is becoming increasingly important in some verticals. I call it “scalability behind the edge” and I think that it will be a hot topic in 2015.

What is “scalability behind the edge”?

As I see it, there are two aspects to “scalability behind the edge” – quantitative and qualitative.

Quantitative

Historically, quantitative, in a large WLAN deployment could mean hundreds to thousands of APs under single management. This is characteristic of private enterprise which was the main vertical for Wi-Fi.

Now that ISPs and MSOs are entering the ever increasing Wi-Fi market, the number of APs under single management is set to rise exponentially: going to the hundred thousand to million device range. Tackling the deployment, configuration, monitoring, security, troubleshooting of such a “super-size” deployment is challenging to say the least!

Now you might say that there are a few Wi-Fi providers that have done large scale deployments today. Kudos to them, but keep in mind that they are early adopters. Early adopters are willing to take the challenge of adapting whatever is available at a given point in time and make it fit for their requirements. However, when things become mainstream and the competitive landscape becomes crowded, tailor made solutions are desirable. Current back-end systems are tailored to enterprise deployments and that will not suffice for the “super-size” deployments.

Qualitative

On the qualitative side, the business requirements of these massive deployments differ from the enterprise vertical on many fronts. For example, if you look at ISPs, they are entrenched in low touch home deployment business models. It’s only natural that they will try to apply their established business recipe to business Wi-Fi services.

So the big scalability question is … will today’s back-end systems enable that approach?

Another aspect of qualitative scalability is services delivered on Wi-Fi. In the enterprise context, Wi-Fi mostly supported enterprise applications and where guest Wi-Fi was a matter of convenience for visitors. However in the ISP, MSO or MSP business model, guest Wi-Fi, or public facing Wi-Fi if you will, is a key element of the business offering. The scalability aspect stemming from this requirement is in the form of big data set analytics and integration of multiple guest engagement platforms into Wi-Fi.

Quantitative and Qualitative Scalability Behind the Edge

“Scalability behind the edge” has 2 vector considerations: quantitative (volume) and qualitative (business enablement).  In 2015, expect to see innovations on both fronts.

What type of engagement platforms will be prominent in 2015?

Last year we already saw the emergence of MAC analytics, social Wi-Fi and loyalty recruiting over guest Wi-Fi. Love them or hate them, these will continue to be around, and are likely to be “super-charged” in 2015.

In 2014, from a Wi-Fi analytics and engagement perspective, it held true that “what happened in Wi-Fi stayed in Wi-Fi”.

However, now there is an increased push to integrate Wi-Fi engagement with back-end CRM platforms. Such integration will require high performance APIs between the Wi-Fi system and the CRM platforms. This will be used to derive insights from various big data sets.

What will happen to captive portal in 2015? And what about Hotspot 2.0?

Captive portals initially came into being as a legal requirement for disclaimer. With disclaimers in place, marketing discovered that they could leverage the portals for customer engagement. Since legal is unlikely to remove the requirement for disclaimers, marketing is likely to continue leveraging captive portals. In fact, I see them becoming richer in terms of content, as well as becoming more contextual and dynamic.

Also, in the past, a technical issue with captive portals has been the variability in how different clients react to captive portals. This was either due to their proprietary captive portal auto-detect mechanisms and/or micro-browser implementations. Sometimes this would even become a blocker in establishing a Wi-Fi connection. In the future, these types of technical issues should go away as a natural path to maturing implementations. Hotspot 2.0 can also help here somewhat as it has a mechanism to indicate captive portal to prospective clients.

In the service provider space, Hotspot 2.0 will be prominent and the current form of captive portals will dissappear. However, a new incarnation is now emerging, it is called “in-browser messaging on Wi-Fi”.

In-browser messaging on Wi-Fi: What is it?

In-browser messaging on Wi-Fi provides the ability to overlay content and in-browser apps on a Wi-Fi user’s browsing session. This approach renders captive portal 1.0 irrelevant but the engagement channel now exists in the form of in-browser messaging.

Of course, you can also use in-browser messaging along with captive portal… The more things change, the more they stay the same … or do they?

What about alternative technologies like iBeacon? Are there others?

In 2015, there will be some mainstream deployments of iBeacon. Though people talk about iBeacon as fine grained location tracking technology, I predict that most deployments this year will be zone based. There again, I think the biggest challenge is the back-end which is where decisions are made on what content to send to the user based on an iBeacon proximity trigger.

This is the job of the “offer layer” and the “content policy layer” that need to be present behind the iBeacon infrastructure.  These layers are mostly missing today (at scale) and will evolve in 2015.

Beyond iBeacon, there may be furtherance of other techniques such as POS (Point of Sale) integration, surveillance footage analytics and so on.

Mobile Mind Shift:  the expectation that you can get what you want in your immediate context and moment of need.  Source: Forrester

Concerns around Monetization, Intrusiveness and Privacy are not going away!

Monetization, intrusiveness and privacy will continue to be hot topics in 2015.  I categorize monetization and intrusiveness as “opinions” and privacy as “requirement”.

Monetization

Monetization of digital engagement is the basis of the public Internet economy. Whether it’s search tools, social media, or Internet email, all providers monetize user engagement by selling ads and analytics on their pages. In return, you get access to these offerings without explicitly paying for them. Accordingly, if you consider public Wi-Fi as part of the broader public Internet, then it can be inferred that public Wi-Fi will be monetized in the same manner.

Intrusiveness

At the Spengler Cup the Referees aren’t Zebras, they are Cows!

When you go to an NHL hockey game, there are ads around the rink boards but the main action is on the ice. In that same vein, consider that there are ads around the pages you browse on the public Internet.

As in enjoyment of a hockey game or consumption of content on a browser, I think that the key is to strike the right balance between engagement and intrusion.

This balance might be different across markets and geographies.  Unlike the NHL, the Spengler Cup hockey tournament held annually in Switzerland features a more overt advertising strategy on player and referee uniforms.  What is the right approach?  It depends what the market will bear.

Getting back to Wi-Fi, how can meaningful engagement be achieved without offending your users?  That is the key question and I think that the answer should be “within the limits of acceptable quid pro quo for the target market”. Strike the right balance and most people will be fine with it; cross the line and users go away.

The boundaries of Wi-Fi monetization and intrusiveness will be tested in 2015.

Privacy

Privacy concern exists for all information that is digitized and put in the network. This is not just a Wi-Fi engagement specific issue. So we need to take cues from what is being done in other fields for privacy protection.

It then comes down to the chaining of multiple controls to minimize the chance of violation. The controls that stand out are:

• Opt-in controls (user chooses what to disclose),
• Engagement application and Wi-Fi infrastructure controls (These try to limit collection of personally identifiable information without the user having to make a selection. For example, controls on OAuth server is Social Wi-Fi or Facebook Graph API 2.0 controls about what information an app can collect), and
• Legal, policy and compliance controls.

There is a wealth of experience on this front with organizations in ISP, MSO and retail verticals. So, I am hoping that right balance will be achieved between engagement and privacy over Wi-Fi.

Wi-Fi Scalability and Engagement in 2015

To summarizes, in 2015 we can expect 5 key Wi-Fi Trends:

1. Super-Size:  Deployments as large as hundred thousands to million APs
2. Super-Charge: ISP, MSO, MSP business model enablement, increased spectrum of engagement applications, CRM integration and big data set analytics
3. Scalability Behind the Edge: Importance of backend systems to support Super-size and Super-charge
4. Right Offer, Right Time, Right Place: Integration of multiple platforms such as Wi-Fi, iBeacon and other innovations
5. Opinions and Requirements: Concerns around monetization, intrusiveness and privacy are hot topics in 2015

May the New Year be filled with plentiful Wi-Fi!.

Related Information:

-

View the companion On The Fly Wi-Fi webcast (episode 13 on-demand): Mike Leibovitz and Hemant Chaskar discuss scale and engagement trends for 2015.

• 2014 Cyber Security News Was Dominated By The Sony Hack Scandal And Retail Data Breaches | via Forbes
• Horizontal Scaling of Cloud Wi-Fi Management Plane | via AirTight blog
• Monetization and the Future with Cloud Wi-Fi |via AirTight blog
• Simplified Wi-Fi configurations and in-browser messaging enable retailers to capitalize on their airwaves | via AirTight Press Room
• What’s Your Wi-Fi Strategy For 2015? by Edgar Figueroa, President and Chief Executive Officer – Wi-Fi Alliance | via InformationWeek
• 2015 TRENDS How will customer experience develop and change in the year ahead? | via Internet Retailing
• 2015 Prediction: IoT Will Drive Digital Transformation in Businesses | Executive Viewpoint by Hemant Chaskar via Virtual Strategy Magazine

The post 2015: The Year of Experience and Scale appeared first on MOJO Wireless.

Cloud-managed business Wi-Fi – infrastructure and managed services – will reach $653 Million in 2014 and $2.5 Billion by 2018.

Source:  IDC Insight Report, March 2014

‘Risk-On’ attitudes and modern technology key to business growth in the digital era.

Source: The 2014 Gartner CEO and Senior Executive Survey, April 2014

AirTight Cloud Services™ provide a cost-effective, easy to manage, scalable and robust solution to deliver enterprise class Wi-Fi access, wireless intrusion prevention system (WIPS) and regulatory compliance.

Dr. Kaustubh Phanse keynotes at NexGenCloud Conference: 4Cs and The Future with Cloud Wi-Fi. View the companion SlideShare.

Individual customers or even MSPs managing multiple customers can centrally manage the AirTight WLAN and WIPS services as well as other applications such as WizShark and BrandBuilder from AirTight’s single sign-on Mojo Studio console.

AirTight’s C-75 802.11ac access points and the companion MOJO Studio cloud-based portal provide value-added business services beyond basic connectivity. The access points combine rich data analytics with social Wi-Fi to help customers build targeted loyalty programs, while also providing measurement of the marketing programs’ performances through visibility into customer traffic and engagement.

Additionally, they offer AirTight’s top rated wireless intrusion prevention system (WIPS), customized guest Wi-Fi and social sign-in options for guest engagement.

AirTight’s channel partners can design their own value-added business services, such as wireless vulnerability assessments for proactive threat prevention. They can also create custom branded engagement leveraging AirTight’s BrandBuilder™ application to build Wi-Fi splash pages.

Get things done quickly and simply!

Powered by AirTight’s RESTful Web APIs and SS, AirTight Nano provides enterprise Wi-F functionality with consumer-level user-friendliness.  AirTight Nano provides a level of simplicity unprecedented in the configuration of an enterprise access point (AP). It gives personnel, with or without IT skills, the ability to customize their Wi-Fi networks right from their mobile device – even remotely, – without the need to go into the cloud console. They can get Wi-Fi up and running in minutes with enterprise-class features.

Recognized as an innovation leader in the wireless space, AirTight is at the forefront of moretization of Wi-Fi. Dr. Phanse’s keynote addresses this central thesis.  The same topic was also recently covered by Dr. Hemant Chaskar (VP Technology and Innovation at AirTight) and Pravin Bhagwat (AirTight CTO) in discussion with Rohit Mehra (VP Network Infrastructure at IDC) in the following video interview.

Video:  Rohit Mehra (VP Network Infrastructure at IDC) questions Hemant Chaskar (VP Technology and Innovation at AirTight) and Pravin Bhawat (AirTight CTO) about “monetization” and “more-itization” of Wi-Fi.  click-to-tweet

4Cs and Planning for the Future

In the end, Dr. Phanse concludes that CxOs must make sure whatever WLAN they choose gives them the ability to provide an instantaneous, positive user experience that will meet the expectations of their business and customers, without compromising security.

Related information:

• 

  From left to right: Anita Pandey – Vice President of Marketing at AirTight Networks, Lisa MacKenzie – Senior Vice President at The Channel Company, and Ashley McLean, Director Channels at AirTight Networks.
  Airtight Networks beat out VMware and other major vendors to take top honors in the CRN Test Center’s Tech Innovator Award for the Wireless category.

  AirTight Networks Named by CRN as One of the IT Industry’s Tech Innovators | via AirTight blog – November 2014

• AirTight Networks Honored with Two Industry Awards | via AirTight blog

• Horizontal Scaling of Cloud Wi-Fi Management Plane | via AirTight blog

• The Impact of IoT on Enterprise Wi-Fi | via AirTight blog [includes videos with Rohit Mehra – VP Network Infrastructure at IDC]

• Dr. Kaustubh Phanse keynotes at NexGenCloud Conference:  4Cs and The Future with Cloud Wi-Fi | via SlideShare

The post Kaustubh Phanse talks 4Cs and The Future with Cloud Wi-Fi appeared first on MOJO Wireless.

There are two techniques to scaling resources in the cloud – vertical scaling and horizontal scaling. In vertical scaling, you keep adding more hardware resources like processor and memory on the same server instance to meet the capacity demand. In horizontal scaling, you increase the capacity by adding parallel server instances to meet the demand. In vertical scaling, you will hit the limit on how much resources can be added on to a single instance of the server, whereas horizontal scaling allows you to surpass the capacity limits of Vertical Scaling.

Horizontal Scaling in Cloud Wi-Fi

In cloud managed Wi-Fi, there are two factors that affect scalability.

• First is the number of APs being managed, which dictates the amount of management processing power required. The processing power required per AP is almost static, but as a deployment grows to large number of APs, scaling challenges need to be addressed.
• The second factor that affects scalability is the volume of data from the APs that needs to be stored for analytics and security forensics. The amount of analytics and security data to be stored increases over time; and with the growth of Wi-Fi enabled devices, the rate of increases is expected to keep rising.

In this blog, I will address the problem of scaling the management processing power and will address storage scaling in the follow up blog.

One of the very first considerations in horizontal scaling is distributing the management processing amongst the servers. This can be addressed by having the APs managed across multiple servers in the cloud. We call this ‘Server Peering’. Server instances and environments are created on demand as and when required.

Now, when a single customer’s AP management gets distributed across multiple servers (which is often the case with large distributed Wi-Fi rollouts), the cloud architecture has to ensure that customers are still able to manage their entire network from a single pane of glass for configuration, monitoring, reporting etc. This is the requirement of ‘Unified Console’ over multiple servers.

Some questions that arise are:

• How do configuration changes get distributed to multiple servers?
• How are stats aggregated from all the servers and rolled up for unified reporting and monitoring?

The server instances in the AirTight cloud communicate and co-ordinate with each other using our communication channel called ‘Graft’. Grafts create a logical communication channel between instances that are managing a specific customer network and this keeps these instances in sync with each other to provide unified console. When a customer logs in to the cloud account, the management console has aggregated view of APs distributed across multiple servers. Also, policies and configuration changes for the network are pushed from console seamlessly to multiple servers.

Hierarchical Management Model using Tree Structure

The AirTight management console uses a Tree Structure to logically represent geographical, functional and/or administrative organization of a distributed rollout in a hierarchical fashion. The APs live within logical folders consistent with their location in the network. As administrators navigate the tree structure, the server boundaries are transparent even though APs belonging to different folders in the tree structure could be managed by multiple servers in the cloud.

The tree structure is context aware throughout for management, monitoring and admin roles. What that means is that any configuration or policy change at any specific folder is inherited to all devices falling under the logical context of the selected folder. Similarly, the statistics, alarms and reports presented at any folder is the aggregation of information from devices falling under the logical context of the selected folder. Importantly, both of the above actions are seamlessly performed as the user navigates the tree, irrespective of devices in multiple folders being managed by multiples servers. Below is a screen shot of AirTight’s cloud console managing 10,000+ APs distributed across multiple servers in the AirTight Cloud.

In large distributed deployments such as service provider networks and retail and restaurant chains, number of APs under management grows organically to large numbers over a period of time. The management processing power in the cloud required to manage them also needs to grow organically and surpasses capacity of a single server instance, thus necessitating horizontal scaling. Distribution of management processing across multiple servers while preserving the unified management console is the key to achieve horizontal scaling in the cloud managed Wi-Fi.

Additional Information:

-

• AirTight’s C-75 AP takes top honors in the wireless category via Airtight blog and CRN Awards at NexGenCloud Conference
• AirTight Networks Honored with Two Industry Awards | via AirTight blog
• AirTight Cloud Services DataSheet [PDF] : The AirTight Cloud Services™ provide a cost-effective, easy to manage, scalable and robust solution to deliver enterprise class Wi-Fi access, wireless intrusion prevention system (WIPS) and regulatory compliance.

The post Horizontal Scaling of Cloud Wi-Fi Management Plane appeared first on MOJO Wireless.

To determine this year’s winners and also those worthy of honorable mention CRN Test Center editors reviewed hundreds of products across 18 hardware and software categories.  The AirTight team is thrilled that the C-75 802.11ac access point took top honors in the 2014 wireless category.  This is our third industry award in recent months.

Back in September, AirTight Networks was honored with two industry awards.  AirTight won a 2014 Cloudys Cloud Channel Innovation Award and a Gold status from 2014 Golden Bridge Awards. In addition, Anita Pandey – AirTight Vice President of Marketing – was named to the @CRN 100 People You Don’t Know But Should 2014 list.

News for solution providers and VARs  via crn.com

Hardware and software products from 18 categories are evaluated based on their ability to increase worker productivity and reduce cost and complexity for solution providers, IT departments and end users through innovation and technical advancement.

Source:  CRN 2014 Tech Innovator Awards

AirTight’s C-75 802.11ac access points and the companion MOJO Studio cloud-based portal provide value-added business services beyond basic connectivity. The access points combine rich data analytics with social Wi-Fi to help customers build targeted loyalty programs, while also providing measurement of the marketing programs’ performances through visibility into customer traffic and engagement.

Additionally, they offer AirTight’s top rated wireless intrusion prevention system (WIPS), customized guest Wi-Fi and social sign-in options for guest engagement.

AirTight’s channel partners can design their own value-added business services, such as wireless vulnerability assessments for proactive threat prevention. They can also create custom branded engagement leveraging AirTight’s BrandBuilder™ application to build Wi-Fi splash pages.

-

AirTight Networks Named by CRN as One of the IT Industry’s Tech Innovators

“AirTight Networks is honored to be named one of CRN’s top Tech Innovators for our 802.11ac access points. This award is proof that resellers are in tune with our message and that value-added applications are the wave of the future for Wi-Fi business models.”

AirTight CEO David King

The annual Tech Innovator Awards are showcased in the December issue of CRN magazine, and the complete list of winners and honorable mentions is available online. Award winners will also be spotlighted during the NexGen Cloud Conference & Expo, December 4-5, 2014, in San Diego.

The AirTight team will be on hand at NextGen Cloud and we hope you’ll drop by our booth for a chat, a MOJO Studio demo and some MOJO Moonshine!

———————————- updated December 4th 2014 ———————————-

Tops in Wireless = Smiles All Around at NexGenCloud Conference

From left to right: Anita Pandey – Vice President of Marketing at AirTight Networks, Lisa MacKenzie – Senior Vice President at The Channel Company, and Ashley McLean, Director Channels at AirTight Networks.
Airtight Networks beat out VMware and other major vendors to take top honors in the CRN Test Center’s Tech Innovator Award for the Wireless category.

Related Information:

AirTight Networks Honored With Two Industry Awards for Cloud Wi-Fi, Social and Analytics | via AirTight blog (September 2014)

AirTight Networks Named by CRN as One of the IT Industry’s Tech Innovators | via AirTight PR – November 2014

AirTight Networks Honored With Two Industry Awards for Cloud Wi-Fi, Social and Analytics | via AirTight PR – September 2014

AirTight Networks Honored with Two Industry Awards | via AirTight blog

Video Repap: Cloudys – Cloud Channel Innovation Awards – September 2014

AirTight Networks wins 2014 Golden Bridge Awards | via YouTube.  Ksenia Koffman accepts the award on behalf of AirTight Networks.

View the C-75 data sheet.

AirTight’s C-75 AP takes top honors in the #wireless category #CRNAwards | via @AirTight blog
Click To Tweet

Kaustubh Phanse keynotes on the 4Cs and The Future with Cloud Wi-Fi at NexGenCloud Conference | via AirTight blog

Kaustubh Phanse keynotes on the 4Cs and The Future with Cloud Wi-Fi at NexGenCloud Conference | via AirTight blog. Includes SlideShare and video.

The post CRN 2014 Tech Innovator Awards appeared first on MOJO Wireless.

According to media reports, US and international carriers are experimenting with inserting unique identifiers into the data traffic flowing between your smart phone and websites you visit.

Verizon

Verizon Wireless has been doing it for the past two years by implementing a device identifier which it calls a “Unique Identifier Header” or “UIDH.” The UIDH is a core enabler of Verizon’s Precision Market Insights program targeted at agencies, partners and brands. According to Verizon:

“Precision Market Insights create the next generation of advertising, publishing and commerce technology solutions to improve how brands, publishers and consumers connect.”

Source:  Precision Market Insights by Verizon.

The carrier further explains how it can create anonymous identifiers it dubs “PrecisionID” to target advertising based on demographics, location, and interest:

“The PrecisionID is a deterministic, privacy-safe identifier matched to devices on Verizon’s wireless network powering data-driven marketing and addressable advertising solutions that offer audience scale and increase ROI.”

Source:  Precision Market Insights by Verizon.

AT&T

Verizon is not the only carrier injecting a unique identifier into the web traffic your phone generates. ProPublica reports that:

“In 2013, AT&T launched its version — a plan to offer anonymous AT&T data to allow advertisers to deliver the most relevant messages to consumers. AT&T’s program eventually shut down. […] AT&T is currently inserting the identifiers as part of a test for a possible future relevant advertising service.”

Source:  ProPublica, October 30th 2014.

Opting Out of Carrier Monetization…

ProPublica has a handy tool to check if your phone is assigned a unique identifier when browsing online over a cellular data connection.

Does Your Phone Company Track You? Find out with Tracking Code Check by Al Shaw and Jonathan Stray via ProPublica.

Test it out and see if you get one of the following messages:

Test with T-Mobile device.

However, as Wired notes:

“because Verizon is broadcasting this unique identifier to every website, ad networks could start using it to build a profile of your web activity, even without your consent.”

Source:  Verizon’s ‘Perma-Cookie’ Is a Privacy-Killing Machine | By Robert McMillan via Wired, October 27 2014.

ProPublica has called out Twitter as the apparent user of this ad technology from Verizon.

Opting out is hard to do. Now I know I know that it’s true …

Let’s all sing along to the classic 1962 song recorded by Neil Sedaka. Or better yet, let’s go for the Toni Tenille version!   All that to say that it is very hard to opt out, and results are not guaranteed. ProPublica recaps the efforts of an AT&T user who tried to opt out:

“He found that he needed to visit four different webpages to opt out, including one web page not even on AT&T’s domain: http://205.234.28.93/mobileoptout/ . But he continues to see the AT&T identifier in his mobile traffic.”

Source:  ProPublica, October 30th 2014.

 UIDHs Not Present When Connecting Over Wi-Fi

Wired notes that if you connect via Wi-Fi, or a virtual private network (personal or enterprise), or are talking to a site via SSL, then the UIDH “will not display.”

If you connect over Wi-Fi, carriers cannot track your website visits since you are not on a cellular data connection any more. However, we do not know if hotspot providers on the internet side are injecting any other identifiers – perhaps security researchers have not found a way to ferret these out yet.

Still, we can posit that using Wi-Fi does protect you to some extent from potentially omni-present carrier tracking and subsequent monetization. You may be connecting to the web across many heterogeneous Wi-Fi networks, with no way, at least at this time, to correlate your data across all the places you visit: airports, coffee shops, malls and restaurants. Some hotspots may be AT&T, some may be Comcast, etc.

In contrast, your carrier’s unique identifier follows you everywhere you use your cellular data connection, day in and day out. By using Wi-Fi you disperse your digital breadcrumbs and leave your phone carrier with just snippets of your data.

Will This Still Be True in Hotspot 2.0 World?

However, this perceived protection of Wi-Fi may go away with Hotspot 2.0.

Hotspot 2.0, and a related certification program Passpoint™, is an approach to public access Wi-Fi by the Wi-Fi Alliance. Passpoint aims to make the process of connecting to public Wi-Fi networks seamless and secure, by automatically authenticating the user to a Wi-Fi network based on an existing relationship with the user’s mobile carrier or internet service provider.

Passpoint is a foundational ingredient to Wi-Fi roaming standards currently taking shape across the world. For example, while traveling internationally, you may be able to take advantage of hotspots managed by a provider you do not have a relationship with, based on a roaming agreement between the provider and your home-based ISP or carrier.

But this increased convenience will come with caveats. Wi-Fi web traffic from carrier-deployed hotspots will pass through carrier service gateways providing them an opportunity to inject UIDHs into Wi-Fi traffic.

Carriers may be able to observe you digital behavior across many more locations, even those they don’t own. The implication is that when Passpoint becomes pervasive, your digital breadcrumbs may eventually be correlated.

As things stand now, Passpoint is still in early stages of adoption by device manufacturers and mobile OS providers. According to several speakers at WBA Wi-Fi Global Congress in October of this year, consumer awareness is even lower.

Passpoint: Why all the no-shows? Most of what’s broken with Wi-Fi is fixed with Passpoint. So why are so many important companies on the sidelines?

Source:  Larry Seltzer for Zero Day via ZDnet.

Reverse Offload is Not the Solution, Unfortunately

In the context of discussions on Wi-Fi analytics, monetization and privacy, some people joked that the widespread application of Wi-Fi analytics would lead to ‘reverse 3G/4G offload’ – with consumers favoring cellular data connections over Wi-Fi to avoid their digital behavior being analyzed.

The stories referenced in this post bring an interesting twist in how we look at Wi-Fi analytics vs web usage tracking. Today’s public facing enterprise Wi-Fi technology does not inject unique identifiers into your traffic while accessing the Internet. The ability to sense the presence of Wi-Fi devices in the air is used for anonymous analytics, such as dwell time or repeat visits. One can say that Wi-Fi MAC-based presence analytics technology looks relatively benign in comparison to carriers inserting unique identifiers for every web site to potentially see.

In light of these unique identifiers, ‘carrier analytics’ technology is beginning to look like a more intrusive and persistent option.

One way or another, Wi-Fi or cellular analytics and monetization programs appear inevitable.

Related Information:

• Somebody’s Already Using Verizon’s ID to Track Users. Twitter is using a newly discovered hidden code that the telecom carriers are adding to every page you visit – and it’s very hard to opt out. By Julia Angwin and Jeff Larson via ProPublica.
• Verizon’s ‘Perma-Cookie’ Is a Privacy-Killing Machine | By Robert McMillan via Wired.

• Verizon’s Precision Market Insights program.
• Verizon promotional video of partners ‘Addressable advertising solutions that solve the ad industry’s identity crisistalk about how they are working with Precision Market Insights.

• Apple’s new feature to curb phone tracking won’t work if you’re actually using your phone | via Washington Post
• iOS 8’s location-tracking protections aren’t as powerful as predicted | by Russell Brandom @russellbrandom via The Verge
• Report: iPhone anti-tracking feature only works with cell data off | via Gizmodo

• Read the iOS Blog Series by Bhupinder Misra via AirTight blog.
  • iOS8 MAC Randomization – Analyzed!
  • iOS8 MAC Address Randomization Update

• View Wireless Field Day 7 Delegate Roundtable Videos
• Enchantment is The New Black #WFD7 | AirTight guest author blog by Drew Lentz (@Wirelessnerd) of Frontera Consulting.
• AirTight Networks Honored with Two Industry Awards | including Frontera Consulting‘s innovative cloud-based Scrape application | via AirTight blog.

• What’s Under the Hood in Wi-Fi Analytics via AirTight blog.
• What Facebook friends info is shared during social login, and does it spam them? by Hemant Chaskar via AirTight blog.

• Terms and Conditions May Apply – 80-min documentary on privacy. Available at http://tacma.net/ or on Netflix.
• Privacy Badger from Electronic Frontier Foundation – Chrome or Firefox extension for your desktop browsing; support for Firefox Mobile is expected in the future.

The post How Long Will Wi-Fi Protect You from Carrier Monetization Programs? appeared first on MOJO Wireless.

Webinar:  What’s ‘Under the Hood’ in Retail Wi-Fi Analytics: Technology, Engagement, Privacy

November 11th at 8:00 a.m. PT (and available on-demand)

Register

Wi-Fi is becoming a new medium of communication, which – as physical or online ‘real estate’ – is now being evaluated for its capacity to deliver community building, ‘monetization’ and stickiness. The new way of leveraging Wi-Fi is through accessing the information that you can garner out of ‘thin air.’

• The top advanced analytic project planned for 2015 is customer segmentation and personalization (57.9%). Social analytics comes in second at 44.7%.

• The top core retail functions that achieve the most measurable performance gains are personalized marketing (68.4%), customer loyalty (55.3%) and inventory management (52.6%).

Source:  It’s the 11th Hour, Do You Know Where Your Retail Analytics Are? | by Joe Skorupa via RIS News

IT managers used to focus on the Wi-Fi service itself – its value and reliability. They are now dealing with the information that the business can derive from it. This provides them with a springboard to bring in marketing and merchandising into the conversation. Now that the system can provide analytics data, these teams can be much more engaged in IT projects and can even become drivers of this new technology in store.

• 8% of retailers locate the decision maker for managing, executing and investing in advanced analytics under the umbrella of the CIO. Marketing is only the decision maker for 13.5% and merchandising for just 8.1%. The only constituency that has a large say in analytic investment aside from the CIO is the C-suite at 29.7%.

• Although the CIO and C-suite control the purse strings, the top three departments that are driving greater expansion of advanced analytic capabilities are marketing (76.3%), merchandising (60.5%) and store/channel operations (31.6%).

Source:  It’s the 11th Hour, Do You Know Where Your Retail Analytics Are? | by Joe Skorupa via RIS News

Wi-Fi based analytics is one of the crucial tools in the retailer’s arsenal to be able to compete for the customer’s disposable income. The more retailers understand the patterns, the more efficiently they can deploy their (limited) resources, be it staffing, IT, marketing dollars, or make decision on store locations and merchandizing. The retailers now have the means to market directly to the customer through splash pages, push promotions or loyalty programs.

The real-time presence and engagement data sets are powerful. That is why Wi-Fi based analytics garnered so much interest from retailers, creating the discussion in the mainstream press around technology and its privacy implications.

We saw this in June when the new MAC randomization feature was first spotted at Apple’s developers’ conference, and why we got so much attention with our testing on how this feature works in the real world when iOS 8 was released in September.

- 

Read the iOS Blog Series by Bhupinder Misra via AirTight blog.

1. iOS8 MAC Randomization – Analyzed!
2. iOS8 MAC Address Randomization Update

There is a need in the market for education on big data opportunities in retail Wi-Fi analytics, related technologies and options for customer engagement. Ivey Business School professor Niraj Dawar wrote about the importance of harnessing as much data as possible for marketing initiatives in his 2013 book Tilt, published by Harvard Business Review Press.

AirTight one of the few Wi-Fi companies that offer both association analytics and customer engagement through social login, while maintaining an option for anonymous access.  Join me for the upcoming webinar to learn and ask questions.

-

Webinar:  What’s ‘Under the Hood’ in Retail Wi-Fi Analytics: Technology, Engagement, Privacy

November 11th at 8:00 a.m. PT (and available on-demand)

Register

-

Wipro commissioned Economic Intelligence Unit to study the effects of Big Data Analytics on Retailers. The study conducted has been compiled into an infographic. It shows how big data analytics is being used by the retailers to their advantage. (March 2014)

Related Information:

• Art and Science of Advanced Analytics | by Joe Skorupa via RIS News — October 17, 2014
• This Week In Startups [YouTube] : At LAUNCH Beacon, Ryan Craver of Lord & Taylor sits down with Jason to show us how we shop — “are you brick or are you click?” — and predicts how technology will enhance our purchasing power and rock the in-store experience.
• No more remnant inventory: how brands have to change their marketing in an IoT world – Target’s VP of Product discussing new technology initiatives at GigaOm StructureConnect conference [YouTube]
• Big Data puts more power in marketers’ hands | by Josh O’Kane via The Globe and Mail
• ANZ Webinar: Introduction to social Wi-Fi and analytics. | via @powerretail with @AirTight

• Read the iOS Blog Series by Bhupinder Misra via AirTight blog.
  • iOS8 MAC Randomization – Analyzed!
  • iOS8 MAC Address Randomization Update
• Apple’s new feature to curb phone tracking won’t work if you’re actually using your phone | via Washington Post
• iOS 8’s location-tracking protections aren’t as powerful as predicted | by Russell Brandom @russellbrandom via The Verge
• Report: iPhone anti-tracking feature only works with cell data off | via Gizmodo

• What Facebook friends info is shared during social login, and does it spam them? by Hemant Chaskar via AirTight blog.

What’s ‘Under the Hood’ in Retail Wi-Fi Analytics: Technology, Engagement, Privacy
Click To Tweet

The post What’s Under the Hood in Wi-Fi Analytics appeared first on MOJO Wireless.

1) Data-backed marketing programs deliver big returns to win a Cloudy

AirTight’s Wi-Fi project for Roosevelt’s at 7 restaurant, deployed by AirTight partner Frontera Consulting, won in the category of Most Innovative Cloud Customer Deployment at the Cloudys award ceremony in New Orleans. The award program is managed by Channel Partners, a resource for indirect sales channels offering IT and telecom solutions.

The deployment delivers big company capabilities made easy for a family-owned restaurant whose staff and owners are not experts in IT, security or marketing. Using visitor analytics provided by the AirTight system, the restaurant was able to encourage longer stays and to provide special promotions to draw in patrons on slow nights. The result was a 10% month over month increase in visitors staying longer. This translated to a run rate of $60,000 per year of additional profit at a single restaurant location.

Great things are happening! Congrats @scrapecorp @gofrontera & our partner @Airtight! #CPEXPO | View original tweet.

For an easy-to-budget monthly fee, Frontera Consulting delivered a 5-in-1 AirTight-based solution including cloud-managed Wi-Fi, wireless intrusion prevention, automated PCI (payment card industry) compliance reports, presence analytics and demographics information for visitors who opt into Wi-Fi via social logins.

Frontera developed an innovative cloud-based application called Scrape which allows the restaurant to take the AirTight solution even further. The app takes opt-in social media information collected by the AirTight social Wi-Fi and uses it to compile individual guest preferences. The result is playback of favorite music and videos that match, in real time, the known likes of customers who are at that location at that exact moment.

-

2) Social Wi-Fi wins in social media category of Golden Bridge Awards

On the same night as the Cloudys awards were announced at a Cloud Partners event in New Orleans, AirTight earned Gold status at the Golden Bridge Awards in San Francisco.

More than 40 judges from a broad spectrum of industry voices participated around the world. Their average scores determined the 2014 Golden Bridge Business Awards winners. AirTight won for its Social Wi-Fi and Analytics, an innovative platform that integrates Wi-Fi access and social networking to facilitate omnichannel communication and new ways to drive user engagement.

Retailers can integrate social media channels with AirTight’s customizable guest Wi-Fi captive portals to engage with in-store customers and turn them into loyal promoters, encourage them to opt into marketing programs and reach out to them via geo-marketing campaigns, coupons or special offers. Similarly, event organizers can use social Wi-Fi at live venues to encourage participation, provide real-time updates, and then follow up after the event.

What Facebook friends info is shared during social login, and does it spam them?

Will my friends get spam if I use Facebook social login? What information about my friends will be shared?  These questions come to many when faced with the Facebook login option on websites and captive portals. A blog post by Hemant Chaskar seeks to answer these questions from the technical standpoint.

Cloud innovation and business model transformation key to AirTight’s winning entries.

The Wi-Fi industry is changing. The value chain is moving from hardware to software and applications as is evidenced by these awards. Our industry peers and the channel community are taking notice.  Two awards in one night is a reflection of the growing momentum of AirTight solutions.

More Information:

• Enchantment is The New Black : AirTight guest blog by Drew Lentz (@Wirelessnerd) of Frontera Consulting [#WFD7 speaker]
• Enchantment is The New Black :  SlideShare companion to the blog post
• AirTight Networks Partner Case Study – Frontera Scrape Social Wi-Fi Demonstration – via Wireless Field Day 7 YouTube

• Social Wi-Fi and Analytics Deliver Dividends for Local Businesses by Ksenia Koffman via AirTight blog.

• AirTight EZ Street Partner Program Overview via YouTube

• Responding to Social Wi-Fi Concerns by Drew Lentz (@Wirelessnerd) of Frontera Consulting
• What Facebook friends info is shared during social login, and does it spam them?  by Hemant Chaskar via AirTight blog.

• Video Repap: Cloudys – Cloud Channel Innovation Awards – September 2014
• AirTight Networks wins 2014 Golden Bridge Awards | via YouTube.  Ksenia Koffman accepts the award on behalf of AirTight Networks.

#Cloud innovation and business transformation key to AirTight winning award entries http://t.co/Zk0wZexkjF #WiFi pic.twitter.com/yiwmdZHetd
— AirTight Networks (@Airtight) September 18, 2014

Anita Pandey named to @CRN 100 People You Don’t Know But Should 2014

 

Update (November 2014):  AirTight Networks Named Tops in Wireless Category for 2014 CRN Tech Innovator Awards via @AirTight blog

The post AirTight Networks Honored with Two Industry Awards appeared first on MOJO Wireless.

Normally the conferences I attend are full of hackers wearing black t-shirts and carrying MacBook Pros covered in stickers, however, this convention was full of Wireless LAN Professionals wearing black polo shirts and carrying Macbook Pros not covered in stickers…a truly different kind of convention.  As people showed up, I resorted to one of my favorite past times, people watching.  I spent a lot of time quietly monitoring all of the conversations, and even having a few great exchanges of my own.  The more conversations I observed, or was a part of, the more I realized that these Wireless LAN Professionals seemed to share a lot with my usual hacker crowd, especially the sense of humor.  I overheard a number of delegates having chats about how easy it would be to put up an AP to spoof the hotel wireless, and even a few boasted about their Wi-Fi pineapples.  As the day wound down, I went back to my room to finish up some work, respond to some emails, and possibly work on my presentation for the next day.

Like many others, my time in the evening was dedicated to catching up on the work I had been ignoring all day, and the email from my customers in the US was building at an alarming rate.  I sat down to get some work done, and found the hotel splash page wasn’t loading.  Great, everyone at the hotel had the same plan… but wait, we were all clumped together all day and things worked fine, why would the hotel network fail after we spread out?  Immediately my thoughts returned to all the conversations I overheard that morning, of people talking about evil twins and Wi-Fi pineapples and other things that would look exactly like what I was experiencing, and all at once I felt like I was finally at home.

Immediately the game began.  I opened up my wireless sniffer and took a survey of the Access Points in the area, for the hotel SSID, I saw many from the same manufacturer, and one from a different manufacturer.  The one mis-matched AP also happened to be the one I was currently connected to, and the one which didn’t appear to be getting me to the Internet.  I then started looking at data.  All over the airspace, you could see clients talking to AP’s, Internet traffic, all working as it should.  When any client roamed from an AP to the mis-matched AP, all of a sudden, their Wi-Fi packets seemed to never go past the AP to the wired side of the network; no DHCP, no DNS, and certainly no gateway or Internet.  Armed with the fact that nothing was making it through the AP, it seemed obvious what was going on, someone was spoofing the hotel Wi-Fi, not providing Internet, and being generally obnoxious.

Obnoxious is a game I am very familiar with due to my experiences at hacker conventions, so I figured I would play to win.  I dug around in my bag, and took my AirTight WIPS Sensor.  I positioned it near the window, where I would have maximum visibility of the hotel airspace, and then settled myself back on the desk.  Once the WIPS system was up and running, it was again obvious, all the AP’s with the hotel’s SSID were made by the same manufacturer except one, and that one was clearly not actually passing traffic to the internet.  I clicked the quarantine button, and with just that one click, I knocked every client off the evil twin, and suddenly, everyone at the hotel had working internet again.  I laughed to myself, and made a quick tweet:

To the person running the evil twin at #WLPC_EU : I have ruined your game for the night. Stop it or I’m playing foxhunt… cc @KeithRParsons

— Rick Farina (@RicklikesWIPS) October 14, 2014

After finishing some work and email, I couldn’t help but check back on my new friend, the quarantined Evil Twin.  I noticed the device was still on and functional, even as the hour grew late, and I couldn’t help but notice my battery was full.  So off to fox hunt I went.  I took a look out my window, made a few guesses of where the target could be, and I started walking around.  I put my cell phone in my pocket with “Wi-fi Analyzer” tracking the evil twin, then I put my bluetooth headset on to listen to the Geiger counter like sounds as I got closer and farther from the AP.  Fully armed with my Wi-Fi tracker I left my room, and began to walk the hotel.  I walked my floor, some of the common areas, and found myself on the first floor.  I wandered around the restaurant as it was closing, the business center, and various other places.  One thing was certain, the device was powerful, and I couldn’t seem to get close to it. I wandered through the bar and found our happy host Keith, as well as a few other conference go-ers, and discussed my activities.

One of them was certain he knew who was behind the evil twin, so the whole group of us got up to go hunting.  We went to the front desk to ask what room the potential evil doer was in, and they were happy to provide the information, so off to the 4^th floor we went.  The large group of us stormed out into the hallway, certain we would find our target, but alas, we searched the whole floor, and not a blip, not a beep, no sign of the AP we were looking for.  Discouraged by failure and the late hour, my newly acquired entourage said goodnight as I headed back to the first floor to continue the hunt.  I reached the lobby, and one of my helpers had decided to ignore the call for sleep, in exchange for joining the hunt.

@KeithRParsons unable to locate it exactly but I narrowed it down extremely. wish I brought my real gear bag with me.

— Rick Farina (@RicklikesWIPS) October 14, 2014

 We searched all over the lobby looking for strong signals.  We ended in the business center, searching around under desks and behind hidden doors for anywhere an AP could have been hidden.  We came up short, but not without attracting some attention from the hotel staff.  Leaving the business center we were greeted by the front desk clerk, who was very curious what we were doing.  I explained that we were playing a game called a “fox hunt” and trying to find an AP which was placed by one of our people.  She laughed and thought it was very interesting, so I asked her if she would like to play as well, and escort us into some of the more secure areas of the hotel to search.  She happily agreed, and unlocked the restaurant for us. 

We searched high and low, searched through the kitchen, searched the dining room, and just when we were ready to give up, the Wi-Fi analyzer started to go crazy.  We were in the middle of the dining room, nothing in sight, but the signal was climbing rapidly.  We looked around, checked every nearby power outlet, every hidden corner, nothing to be found. The hunting party, now three strong, went out onto the patio which was closed for the night, and continued the search.  We searched high and low, under benches, in the boxes that contained yard toys (I was shocked to see how many frisbees the hotel had), but again, completely foiled.  We looked everywhere we could with the flashlights on our cell phones to guide us, but it looked like failure. 

After an exhaustive search of the entire hotel, we managed to get right on top of the evil AP, but couldn’t pinpoint it.  We went back to the lobby and my cohort and I discussed our search.  After a short while, we only had one conclusion, maybe it wasn’t an evil AP at all, maybe one of the hotel’s legitimate AP’s was stuffed up in the ceiling where we couldn’t see it, and that AP was malfunctioning in some way.  We asked the front desk when their network technician normally shows up to work, and then we went to bed. In the morning there was much discussion over breakfast about my tweet and my search the night before, but everyone was disappointed to hear that I was unable to pinpoint the problem.  After breakfast, the technician was scheduled to arrive, so I went by the front desk to ask to speak with the tech. 

A very nice gentleman greeted me, and said he heard a little bit about all the fun we had the night before, and asked me what I thought was going on.  I took him back to the spot where I had the strongest signal, and told him all about the problems which led me up to my hunt, and how we had given up unable to find the device.  The tech was very excited to hear the story, he mentioned that they had been having problems with the Wi-Fi in half the hotel for weeks, and no one had been able to trace it down.  I told him I traced it to a single AP, I had a map of its coverage, I knew who made it, but for the life of me I just couldn’t find the darn thing.  He laughed, and walked me 12 ft. from where my strongest signal was and pointed up. 

There, in the glory of the morning light, was the AP in question.  Just barely visible, crammed up against the doors to the courtyard was an AP, the right manufacturer, the right location, with a madly blinking Wi-Fi light, and an unlit LAN light.  We found the problem.  For the last several weeks, everyone near this side of the hotel had been having Wi-Fi issues as they tried to connect to this AP because the LAN cable was damaged and no longer passing data.  

And the moral of the story is, never assume malice when the problem can be adequately explained by hardware failure.  In a conference filled with nearly 100 WLAN professionals, it took one determined security guy to track down the network issues. Next time you see a convention which offers games like Wireless Capture the Flag or Fox and Hound, join in. 

Not only is the game fun to play, but you can gain valuable experience to track down not only attackers, but problems in a hotel’s wiring. On the enterprise security front, this also shows how manual effort intensive it can be to chase security alerts. And if they are false alerts, it means next time nobody will even chase real alerts. As a result, my colleagues and I at AirTight have always preached approach to wireless intrusion prevention that does not rely on chasing alerts and maintaining signatures. Find out more about it here.    

The Hunt for Rogue October | by @RicklikesWIPS via @AirTight blog #WLPC_EU
Click To Tweet

Related Information:

• Follow Keith R. Parsons on Twitter
• Follow Rick Farina on Twitter
• Wi-Fi Hacking 101 – Ethical of Course via AirTight blog
• Rick Farina at Wireless Field Day 6 
• Rick Farina on Wi Fi Security 101 – Hacking Demo via YouTube
• Wireless LAN Professional Conference web home
• WLAN Pros Summit 2014 Videos 
• Rules for Successful Hotel Wi-Fi by Keith R. Parsons

Call for presentations for #WLPC 2015 http://t.co/F7aDTkbIo7 Please help suggest topics you’d like to see at the next #WLPC.

— Keith R. Parsons (@KeithRParsons) October 20, 2014

The post The Hunt for Rogue October appeared first on MOJO Wireless.

Clearly we’re not in Kansas anymore … According to IDC, the growing global Internet of Things (IoT) market is on course to hit $7.1 trillion by 2020. With the rapid rise of connected devices in the IoT landscape there is growing concern about elevated security risks associated with the sheer volume of new devices coming online.

Video:  Pravin Bhagwat (AirTight CTO) asks Rohit Mehra (VP Network Infrastructure at IDC) about 802.11ac adoptions trends.  click-to-tweet

More on IoT at ZDnet.com.

Watch out for the Flying Monkeys!

The design of your wireless LAN (WLAN) must plan for IoT capacity and network traffic, as well as optimal secure coverage across your site. Tracking and monitoring devices on your network as well as devices around your network are important considerations of WLAN design. Choosing the right cloud solution is imperative as the wrong solution will quickly create two scalability challenges:

1. system scalability and
2. operational scalability.

System Scalability involves the ability to monitor many devices, store and process their data in the cloud whereas operational scalability focuses on minimizing false alarms resulting from the exponentially increasing volume of devices on your wireless network.

Half of Holiday Shoppers Say They’ll Avoid Stores That Got Hacked | by Gerry F Smith via Huffington Tech.

Lions, Tigers and Bears

Cloud Wi-Fi is a great choice to consider when planning your wireless network’s ability to handle the coming tidal wave of IoT devices.  On the road to an IoT future your focus should be on how your wireless network offers simplicity, scalability and security.

Simplicity,

Scalability, and

Security.

Oh my!

The Cloud provides an optimal architecture for managing scalability especially in a large distributed environment where IT staffing can be limited.  A Cloud solution also offers efficiency because all of the data does not have to be tunneled through a central controller. This translates into increased performance.

Wi-Fi as a Platform

Video:  Rohit Mehra (VP Network Infrastructure at IDC) asks Hemant Chaskar (VP Technology and Innovation at AirTight) about CIO considerations for when and how to upgrade to an 802.11ac infrastructure.  click-to-tweet

A good cloud solution must provide speed, efficiency, and be secure.  It should also offer value by providing user engagement capabilities that allow innovative new value added services for your business through the Wi-Fi platform.

More-itization

New aspects of wireless LAN technology that were not anticipated will be fueling the growth of Enterprise wireless LAN over the next 5 years. There have been two surprising developments aside from the predictable evolution of speed, the first was detecting and preventing attacks on the WLAN. The second unexpected development of the Enterprise WLAN has come from the reverse of the technology that keeps it secure and now using it to allow engagement into the network. This is especially relevant in markets such as retail, hospitality, healthcare and even public venues.

Video:  Rohit Mehra (VP Network Infrastructure at IDC) questions Hemant Chaskar (VP Technology and Innovation at AirTight) and Pravin Bhawat (AirTight CTO) about “monetization” and “more-itization” of Wi-Fi.  click-to-tweet

Click-to-tweet: Within the next 5 years we will see more new ideas and creativity that will continue to evolve the “more-tization” of Wi-Fi.   Hemant Chaskar @CHemantC

Planning for the Future

In the end, make sure whatever WLAN you choose gives you the ability to provide an instantaneous, positive user experience that will meet the expectations of your business and customers, without compromising your security.

Choose your wireless network carefully.  Cloud and APs are not all created equal.  

AirTight can help you plan for IoT capacity and network traffic, as well as optimal secure coverage across your site.

• Choose The Easiest and Most Secure 802.11AC Wi-Fi on the Planet.
• Schedule a FREE Wireless Network Vulnerability Assessment by AirTight Networks today!

Additional Information:

• Internet of Things market to hit $7.1 trillion by 2020: IDC | by Leon Spencer via ZDnet.com
• Make the Internet of Things More Human-Friendly | by H. James Wilson via Harvard Business Review
• 802.11ac Webinar Series (on-demand) by AirTight Networks.
• 802.11ac AP with ‘IoT-ready’ WIPS Launched | by Ksenia Coffman via AirTight blog.
• 802.11ac WLAN Sales on a Tear | via AirTight blog.

The Impact of IoT on Enterprise Wi-Fi | via @AirTight blog
Click To Tweet

Social Information:

• Rohit Mehra, VP Network Infrastructure at IDC
• Pravin Bhagwat, AirTight CTO
• Hemant Chaskar, VP Technology and Innovation at AirTight
• Mojo Wireless is the AirTight Networks blog.  View latests posts.
• AirTight Networks on Twitter, SlideShare, and YouTube

The post The Impact of IoT on Enterprise Wi-Fi appeared first on MOJO Wireless.

Talking of security and PCI compliance in light of this FCC decision, there is one Wi-Fi containment  feature that deserves a shout-out,  as it is still very effective and virtually unaffected by these events. It is called “wire-side containment”.

Wire-Side Containment

This is meant to block rogue access points (APs) connected to the enterprise wired LAN. Rogue APs get connected to the LAN by unscrupulous employees, casual visitors or intruders.

Traditionally, wire-side containment has received attention in scenarios such as containing rogue APs operating on illegal channels (since the security system cannot legally transmit wireless de-authentication on channels that are not allowed in the regulatory domain) or containing rogue APs that may be using MFP (802.11w) to resist de-authentication based containment. However, nothing prevents making wire-side containment a primary containment feature for rogue APs and avoid the FCC debate altogether.

Depending on the level of confidence the security system has in its detection of the network connectivity of rogue APs and the technique used for wire-side containment (see below), wire-side containment can be triggered manually or automatically. There are two main techniques for wire-side containment – switch port blocking and ARP tarpitting.

Switch Port Blocking

Once the rogue AP is confirmed to be connected to the LAN, the idea here is to trace the switch port where it is connected and turn it off. As appealing as it may sound, I have observed that administrators are generally averse to using this approach in real life deployments. This is because it requires entering and maintaining IP addresses and SNMP community strings of network switches in the Wi-Fi security system, which is a large overhead in big networks. Also, the port tracing job requires fetching CAM table entries from all these switches which is quite an overhead in large networks and can also face interoperability hurdles.

And then, most systems that support this feature do not attempt to trace the leaf switch. Remember, the MAC address of the rogue AP or of the client connected to the rogue AP shows up in the switch hierarchy all the way up to the core switch. It is not technically impossible to follow the spanning tree databases in the switches to isolate the leaf switch, but this is additional complexity and I have not seen that done in most systems. Accordingly, administrators do not want to take the risk of turning off a port on the distribution switch or the core switch with this feature. One way around this issue could be to enter only access switches identities in the Wi-Fi security system, but then rogue APs connected into ports on the distribution or core switches will not be traced. However, even the access switches count can be large in big/distributed networks and sometimes  the access switches are not managed switches which creates a roadblock for this approach.

ARP Tarpitting

This approach is quite lightweight and still effective. It is based on ARP poisoning – aren’t most containment techniques usually blackhat tools in whitehat hands? The idea here is to tarpit communication through the rogue AP by sending ARP messages on the subnet advertising altered IP-to-MAC mapping for the rogue AP’s wire-side interface or for the wireless interface of the client connecting through the rogue AP.

Background Scanning Radios

Many customers deploy 24×7 background scanning on AirTight access points for the purpose of rogue AP protection. In this mode, the AirTight system uses ARP tarpitting for automatic containment as it is lightweight, does not require switch ID management and is safe for automatic trigger. Also, use of wire-side prevention avoids the stress on background scanning radios of frequent channel switching to send periodic de-authentication to rogue AP. This type of deployment is very popular among our retail customers covered by PCI compliance. Today there is reason for them to cheer as their deployments are not affected whichever way the debate around FCC’s decision swings. Wire-side containment turned out to be a hidden gem for them in the security system!

Wire-Side Containment – Hidden Gem of Rogue Access Point Protection via @AirTight blog
Click To Tweet

Related Information:

• FCC order and decree in the matter of Marriott International
• Marriott’s position on rogue WiFi containment action
• Understanding FCC decision regarding Wi-Fi containment at Marriott | by Hemant Chaskar via AirTight blog (October 4th 2014).  View the companion SlideShare.
• FCC’s Rulings Concerning Shared Unlicensed Spectrum | by Keith R Parsons via WLAN Professional (October 6th 2014)
• FCC-Marriott WiFi Blocking Fine Opens Pandora’s Box | by Lee Badman via InformationWeek Network Computing (October 7th 2014)
• E48 – Get Off My RF:  No Strings Attached Podcast | with Blake Krone featuring Sam Clements (October 11th 2014)
  
• AirTight WIPS at Wireless Field Day 6 via YouTube.
• The WIPS Detective by Hemant Chaskar via AirTight blog.
• Wireless IDS/IPS Horror Stories from the Field by Hemant Chaskar via AirTight blog.
• Ugly, Bad and Good of Wireless Rogue Access Point Detection by Hemant Chaskar via AirTight blog.

The post Wire-Side Containment – Hidden Gem of Rogue Access Point Protection appeared first on MOJO Wireless.