Archive for the ‘WLAN Vendors’ Category

WiFi Pilot Post on

As you can see from the graphic on the left, I have a new blog post available on the CWNP homepage, 

If you are unfamiliar with the CWNP program, they are a vendor-neutral certification body for wireless networking and security.  

My most recent blog post at CWNP talks about a new product offering from CACE Technologies and MetaGeek, called “WiFi Pilot”.  The WiFi Pilot WLAN Analysis kit contains a WiSpy Spectrum Analyzer, an AirPcap wireless packet capture device, and the WiFi Pilot analysis software.  

Check out the review on CWNP for an extended discussion of product functionality, pricing, etc.  

One other thing that I mention in the post is the Sharkfest Conference for Wireshark Users and Developers.  The conference is being held Jun 15th – 18th.  I am attending the conference and *super* excited about it – feel free to email me at douglashaider <at> hotmail <com> if you are attending. I would love to meet up and chat!

Related Posts: 


Personal PSKs (Wi-Fi Masterminds)

This is the second in a series of posts that I am dubbing “Wi-Fi Masterminds” (TM). I will ask questions to a series of panelists and they will answer in round-robin fashion, where they can answer the question as well as respond to others.

If you have ever seen the show “Around the Horn” on ESPN, that is the type of interaction I am looking for.

I am planning on a pool of 6-8 masterminds, bit will limit each question to a panel of three members. I will try to minimize my own involvement in the questions to only provide structure where needed or correct any factual errors.

Here are today’s panelists: 

keithKeith Parsons CWNE#3@keithparsons A gifted  presenter, Keith is known for his wit and broad technical expertise. He holds over 50 technical  certifications and has earned an MBA from the Marriott School of Management. He is author (or editor) of a  dozen technical publications and has developed seven technical certification programs. He travels  throughout North America, Europe, Africa, Asia and Australia in behalf of a wide variety of IT vendors,  explaining networking technology to industry professionals.

Bruce Bruce Hubbert : Bruce is a veteran of the security industry since 1993, currently functions as the Principal Systems Engineer for AirMagnet. Bruce is the primary pre-sales technical expert for this market leading and award winning wireless analysis and WLAN security systems manufacturer. Bruce has represented AirMagnet to the media and has been featured in the Washington Post, New York Times, Wireless Week, The IEEE, EE Times, Information Week, Techworld Japan (in English Here) and on Television on the History Channel’s “Tactical to Practical” and ABC News “Business Now”. You can read Bruce’s wireless blog, “Freakquency” at

Ken Ken Hall, CWSP, RFID+As a Senior Technology Solutions Consultant with over 20 years in IT, Ken has designed and/or deployed approximately 100 wireless networks; including the design and initial deployment of the Air Force’s 2nd Generation Wireless LAN. His background includes security, routing, and switching with a smattering of everything else in between. Ken enjoys consulting due to the constant change in architectures and the possibility of helping customers resolve complex networking issues.

Today, the panelists are tackling questions related to the use of Personal Pre-shared Keys (PPSK): 

Several WLAN companies have recently developed alternatives to 802.1X networks that include a per-user pre-shared key (PSK).  What role do you see this technology playing in the enterprise?  What are its advantages? What are the disadvantages? 

Keith:  Traditionally, we have had in the WiFi industry three common ways to access a WiFi network.

1 – Open Authentication

  •             Great for Hotspots
  •             Easy to setup and use
  •             Hand-held devices and VoIP handsets easy to configure
  •             All traffic sent in the clear
  •             No control or QoS
  •             No-cost

2 – Pre-Shared Key (SoHo)

  •             Single authentication key for SSID
  •             Everyone shares the same key
  •             Encryption keys are based from this key
  •             Traffic sent encrypted
  •             Easy to implement
  •             No-cost

3 – 802.1X or 802.11i with a Radius Server

  •             Authenticates Users with a variety of methods
  •             Each user gets unique encryption keys
  •             Hard to setup and configure
  •             May be more costly depending…

But now a couple of vendors are entering the fray with an additional access method. One that has the ease of use of Pre-Shared Keys, but with the per-individual ability of 802.1X!

These PPSK systems offer an alternative to an 802.1X implementation. Guests can be given unique credentials that can be easily revoked, or based on time duration. This makes the management of WiFi encryption much much easier. Client devices also can be more easily configured and can roam quicker using the PSK method.

Depending on the size and security policies of your enterprise, this might be a great new service to speed and maintain security for your now-open WiFi network. I look forward to more vendors opting for this easy, simple solution.

Bruce:  I remember awhile back that T-Mobile allowed it’s subscribers to utilize 802.1x with EAP-TTLS and PAP via their hotspots ( and I used that method all the time. It was fast and secure. I wish more Hotspot providers would do that. It just used you standard login as a T-Mobile subscriber.

There is also the company, DeviceScape who has a method to pre-authenticate you to a hotspot without the nasty splash page, which is handy. Neither of these systems, however can assist you if you rolling out to an Enterprise or SOHO. There you are stuck with 802.1x and WPA/WPA2-PSK

I am not a big fan of Proprietary systems and I think most IT administrators agree. It can lead one down a long road to a possible dead end with a large amount of time and effort wasted. If you are Ruckus or Aerohive or Aruba and your system is a good one, then why not pony it up to the IEEE for consideration. I really do like the idea of per-user PSK’s, however, so I am hoping that these vendors do the right thing and present it as a new task group. Pre-Shared Keys, especially ones with a real world association (think “a real English word or phrase”) have serious issues. With only one key used to authenticate, the hacker need only crack it to get in. per user PSKs would theoretically allow you a much higher degree of control as you might be able to limit access to subnets on a per user basis.

I was at ShmooCon in Washington DC in 2006 when RenderMan release the Church of WiFi Rainbow Tables ( which made it quick and trivial to crack pre-shared keys for both WPA and WPA2. The solution? On his website, RenderMan puts it this way:

‘The fact that we found a way to speed up WPA-PSK cracking does not mean that it is broken. Far from it. The exploit used by coWPAtty and other similar tools is one of dumb passphrases. The minimum number of characters for a WPA-PSK passphrase is 8. The maximum is 63. Very few users actually use more than about 20 characters. As well, they also choose known words and phrases, likely to be in a dictionary. This allows us to leverage a human element in obtaining the key. 

To get decent protection from WPA-PSK, you should use a very long, very random, alphanumeric string longer than 20 characters. To protect yourself further, particularly against the WPA-PSK hashtables, you should use a SSID not on the top 1000 list. This will force the attacker to compute their own list, rather than use one of the CoWF tables.

All that said; you should be using WPA2 with a radius server to get more reliable protection.”

I think time will tell, through testing, debate and consensus building which method is best but I am resisting any method not adopted by the industry as a whole.

Ken:  Maybe I’m old-fashioned, but I typically keep my employee access limited to PEAPv0 (EAP-MSCHAPv2) and guest access to open authentication/no encryption or a captive portal/walled garden. While a per-user PSK may be beneficial in some solutions, I believe it will prove to be a niche-market. Most organizations want to decrease the amount of management required to implement a solution. With a typical, centrally-managed, overlay WLAN solution, once it’s initially configured, it doesn’t tend to need a great deal of extra management. All of the wireless users are already managed through other resources (i.e. AD, LDAP, etc.); and guest users are severely policy restricted and quite possibly on a physically separate network, so the typical recommendation would be for them to use a layer 3 method (i.e. VPN, etc.) for their encryption. The per-user PSK will increase the amount of “touch” required to manage those unique users/devices, but at the same time will provide a more secure previously unavailable method of authentication/encryption mechanism. So, yes, I believe it is a feasible technology and there is certainly a case for it…but, I also believe that it will see more application specific deployment than wide-spread adoption and use.

What do YOU think?  Are Personal PSKs a legitimate form of WLAN security or just marketing fluff?  Let our panelist know what you believe by submitting a comment! 

Related Posts:

Packet Analysis 2.0

It seems like I am going to bring my wireless packet analysis to a whole other level – “Packet Analysis 2.0”, if you will. Two of my favorite wireless capture and analysis tools have recently been updated – OmniPeek Professional and Wireshark.

I have been at meetings at our company HQ (Xirrus) most of this week, so I haven’t had a lot of hands-on time with either updated tool.

OmniPeek Professional has just been updated to version 6.0.1, as of April 3rd. It seems to offer much more flexibility of viewing multiple data windows through mechanisms similar to tabbed browsing.

I also downloaded a few plug-ins for OmniPeek Professional, including the multichannel aggregator – once I acquire one more USB 802.11n dual-band adapters, I will try to write a blog post documenting my experiences with the aggregation feature.

The new version of Wireshark seems to focus on a lot of bug fixes, although it includes an experimental package for Mac OS X 10.5.5 and above. Version 1.0.7 of Wireshark was announced April 8th. On the Wireshark front, I am attending Sharkfest this June, which I am pretty excited about.

Now that I am thinking about wireless product upgrades, I realized that AirMagnet also came out with an updated version to their Site Surveyor product about six weeks ago (version 6.1_13206)

So many product updates, so little time…

Related Posts: 

MetaGeek to Offer Upgrade Program for Wi-Spy Devices

MetaGeek, makers of the Wi-Spy Spectrum Analyzer announced earlier this week a special upgrade program.  It allows existing customers to upgrade from Wi-Spy v1 to either a Wi-Spy 2.4X or the newer, dual-band Wi-Spy DBx.   To upgrade, customers pay only the price difference between the devices.  


Wi-Spy DBx

Wi-Spy DBx


MetaGeek then sends out the new device and a pre-paid FedEx envelope to return your legacy device.  The program was designed this way to allow for no down time in your Layer1 WiFi analysis capability.  However, returns must be sent back to the company within seven days. 

The official announcement states that this is a trial offer, and that the program may not be permanent.  It is also limited to one upgrade per customer.   Additional details, pricing, and ordering information can be found on the company’s official upgrade page.  

The Wi-Spy is definitely one of my favorite troubleshooting and analysis tools, and I think this is a great program.  It actually reminds me of another favorite tool, the AirPcap Wireless Packet Capture Tool, which offers a similar upgrade program by its manufacturer, CACE Technologies.

Optimize Your 802.11n Performance (Webinar Review)

Yesterday, I attended a webinar hosted by AirMagnet entitled “Optimize Your 802.11n Performance”.   

It was an hour well spent, which isn’t always the case with webinars.  The product sales pitch was kept to a minimum.

It really focused on educational aspects of 802.11n networking and security.  Additionally, the webinar contained several live demos during the webinar, which were executed flawlessly.     

The live demos were of the WiFi Analyzer and Survey programs.  While I use the AirMagnet Survey product several times a week, it has been almost a year since I used the AirMagnet WiFi Anlyzer tool.  They have instituted some really great features since I have last used it.  Most of these features directly relate to 802.11n networks:

The first is an 802.11n Device Throughput Calculator.  It calculates the throughput of a single device depending on a number of parameters – MCS, max frame size, channel bonding, block acknowledgement, etc.  It also factors in the effect of the Least Common Denominator client (i.e. effect of adding an 802.11g client).  

The second is a WLAN Throughput Simulator, which estimates the aggregate throughput of an entire WLAN.  The tool takes actual meaurements from the existing WLAN, and then allows users to add simulated APs or Clients.  This allows users to consider an infinite number of “what if” scenarios with regards to how to optimize the WLAN. 

The webinar wasn’t limited to exploration of the cool features of the WiFi Analyzer.   A good portion of the presentation talked about the importance of live/active site surveys and how using real meaurements of the uplink and downlink rates is valueable to network administrators.  It was also exciting to see that the iPerf throughput testing tool is now integrated directly into AirMagnet Survey

Lastly, I wanted to point out that one of the five main points of the webinar was that channel bonding in 2.4 GHz is not suggested.  This is something that I blogged about in a post regarding 5 GHz vs. 2.4 GHz in 802.11n networks on   I seemed to take a decent amount of “heat” in the comments, primarily from advocates of channel blankets, so I am glad to see that the fine folks at AirMagnet agreed with me.   🙂

Related Posts: 

Can IT Vendors be Objective?

Here is another guest post that I wrote for An Information Security Place.   This is something that I am worked up about, so I am re-publishing it here to maximize the audience.  🙂  

Can IT Vendors truly be objective?  Or does everything they say have to be viewed through a lens of “they are trying to sell me something”?  


Join me while I rant… 

Personally, I think IT vendors can be objective.  

Sure, we manufacture and sell things…

*Gasp* – We even profit from selling.  

But that doesn’t mean we can’t be objective.  

i.e. – I try to provide solid vendor-neutral information to the wireless community through my blog,  

(In fact, only 2 of the nearly 40 blog posts I have completed to-date have been about my employer, Xirrus.)

However, not everyone sees it that way.  

Let me give you an example…  

I requested press access to an industry event as a blogger.  

However, I was told that I can’t get a pass of this nature because I work for a vendor.  

Furthermore, I was told that bloggers of major publications (ComputerWorld, Network World, ZDNet, etc.) would qualify.  

So I went out seeking a spot with one of these publications as one of their bloggers.  

(I even had a solid lead directly to an editor with a reference from another well know blogger at one of these publications.)

However, I was turned down again.   Because I work for a vendor.


My “commentary”…

Presumably, working for a vendor means that I can’t be objective.  Which I personally think is %^&$*&

Let’s take a look at some profiles of bloggers who have been picked up by these publications.  I would like to take a closer look at two common blogger profiles: Value Added Resellers (VARs) and Independent Consultants.

I have noticed that if you work for a VAR, you can blog for major publications.  Correct me if I am wrong – as a VAR, don’t you sell some vendor’s equipment, but not others?  It would seem to me, in that position, it is possible to have nuances or conflicting agendas.  At least working for a manufacturer, you know where my “official” loyalties are

Other common profile for bloggers on these publications is that of an “independent” consultant.   I would think a large portion of their livelihood depends on their ability to provide consulting services.  If that’s the case, don’t you think they would blog about things that (at least indirectly) drive their own business?  After all, their financial success is directly tied to the success of a single person – themselves.   Working for a manufacturer (or any large organization) mitigates this factor because my financial situation is determined by the success of the group, and not by what I do or say to drive my own consulting business.  

This isn’t intended as an attack on publications or their bloggers, just an honest discussion of how they can be objective, but somehow it is perceived that I can’t.  What about my credentials?!?

Besides working for a vendor (for several months), I have also worked as a consultant and auditor (for many years).  I hold over a dozen IT certifications, ALL of which are vendor-neutral.  On my LinkedIn profile, I have the coveted “500+ connections”, many of who are employed by my competition – Aruba, Meru, Motorola, etc.  I started my blog to serve as a thought leader and I am a frequent speaker at industry events, professional organization meetings, and universities. 

If you know someone at an IT publication that is willing to have me as a wireless networking and security blogger, have them contact me at  

Wait, I had better not use my corporate email address.  That might signal I can’t be objective.  🙂  

Instead, have them contact me at

The Next Great Wireless LAN Vendor

I wrote this as a guest post for An Information Security Place, but republished here for my readers.


Yesterday was one of the few days that I bought a hard copy of the USA Today newspaper.  I get the Arizona Republic paper delivered to the house daily. I even get six copies of the Sunday paper  (don’t ask…)  I bought it because one headline on the cover page of the USA Today caught my attention.  It was “Who Might Rise From the Wreckage” with a subtitle of “It’s happened before – Cisco and MySpace emerged in tough times.  Tech can bloom again“.

The headline and subtitle brought up a good point.   In the economic crash of the late 1980’s, Cisco began it’s rise as one of the large tech companies.  The article mentions Facebook and MySpace as companies who had a similar rise after the dot-com crash.  Personally, I remember two *other* (more relevant to networking) companies who accomplished a similar jump in market share in the wake of the dot-com crash – Foundry Networks and Extreme Networks.

This economic downturn presents the same opportunity for tech companies to rise out of the aftermath stronger than when they entered.  Who are likely candidates this go-around?   I would suggest that the opportunity is particularly ripe for Wireless LAN vendors.

Why?  There are several reasons WLAN manufacturers have an opportunity to grab market share in this economy, especially compared to their wired counterparts.  Most reasons point back to the fact that organizations are now forced to do more with less.

During these times companies…

  • need to get more out of their employees – WLANs enable their employees to be connected everywhere in their enterprise all the time
  • will not want to invest in permanent infrastructure – WLANs can easily be moved from location to location vs. desktop switches / cabling
  • will want even tighter security because of dismissed employees and competitive pressures – WLANs allow for easy deployment of 802.1X port based authentication and can execute rapid adds and deletes

Which WLAN vendor is poised to take advantage of such a situation?  Aerohive? Bluesocket? Meru? Rukus? Xirrus?  Let me know what you think in the comments section!  Be sure to state specific reasons that you think one vendor will be able to gain more market share than another.  Also, if you like this post, check out my blog for related info such as 50 Questions K-12 School Districts Should Ask WLAN Vendors.

WiFi Jedi

50 Questions K-12 School Districts Should Ask WLAN Vendors

Lately, I have been working on a large, district wide wireless implementation here in Phoenix.  It has served as inspiration for several blog posts about pre-implementation planning, as well as the importance of taking notes during system installation.

Working on this project sparked another thought – how do K-12 School Districts choose their wireless vendor in the first place?  What should they consider in vendor selection?  Below is my list of 50 questions districts should ask prospective WLAN vendors. After reading the list below, are there any questions you think I missed?


  • Does WLAN vendor support all standard LAN and WLAN standards without proprietary solutions or protocols that will limit the ability to expand the Wi-Fi network?
  • Can the vendor provide like type references?
  • Is the platform, firmware, and software upgradable to support future evolution of the 802.11 standard (i.e. 802.11n, 802.v, 802.11w, etc.)?

Site Surveys

  • Does the vendor provide site survey services?
  • Is there a separate cost for this?
  • Does the vendor perform the survey?
  • Is the same equipment to be deployed used for the survey?
  • Is it a live survey, vs. just predictive software?
  • Do they perform a Spectrum Analysis to identify possible noise sources?
  • Do they guarantee the results?
  • Will they provide heat maps of the coverage?

Product Installation

  • Will the vendor do the install?
  • Is the installation free?

Support Services

  • Does the vendor directly support their products or is support via a 3rd party?
  • Does the vendor offer free on-site customer training on their product?


  • Is Access point able to support all 802.11a channels (extended channels)?
  • Is access point able to simultaneously support 802.11 a/b/g radios?
  • Does the Access Point offer integrated high gain antennas for greater range?

Bandwidth and Supported Channels

  • How much bandwidth does each device provide via 802.11b?
  • How much bandwidth does each device provide via 802.11g?
  • How much bandwidth does each device provide via 802.11a?
  • How much bandwidth does each device provide via 802.11n?


  • Does the Access Point support multiple (4 or more) independent radios?
  • Does the Access Point offer a sectored antenna architecture, which equals higher data rates at longer ranges?


  • Are the following security services supported:
    • WEP, WPA & WPA2?
    • Authentication: Open, MAC, 802.1x, Web Page Redirect?
    • Integrated Stateful Firewall in the AP?
    • Integrated RADIUS server in the AP?
    • Integrated IDS/IPS sensor?

System Design

  • Is switching performed at the Access Point?
  • Is QoS tagging applied at access point?
  • Is Filtering/Firewall Policies applied at Access point?
  • Is encryption/decryption performed at the Access Point?
  • If encryption/decryption performed at controller how many APs can it support before being oversubscribed?
  • Are Wireless Distribution Services (WDS) available in the AP?

High Availability

  • Do proposed APs offer redundant uplink ports?
  • Is Radio-to-Radio failover available?


  • Is Direct AC power supported?
  • Is POE over Gigabit connections supported?
  • Does the AP support AC/DC redundancy?

RF Management Tools

  • Does the proposed system offer an Integrated Spectrum Analyzer?
  • Does the proposed system offer Auto Cell Sizing?
  • Does the proposed system offer Auto Load Balancing?
  • Does the proposed system offer Auto Channel Selection?

System Management Tools

  • Does the proposed system offer Serial/CLI management?
  • Does the proposed system offer Centralized SNMP management?
  • Does the proposed system offer Web Based Management?
  • Does the proposed system offer Management over the air?
  • Does the proposed system offer Secure Management (SSH, HTTPS, etc.)?
  • Can management traffic be disabled on all interfaces?