michael lauth, security analyst · -introduced tkip (still like wep)-easy to hack ... •wpa-psk...
TRANSCRIPT
Wi-Fi Industry Evolution
Company
Company
Company
Fat APs(1993-2003)
Central ControllerThin APs
(2003-2013)
Distributed ControlCloud Managed(2013-current)
Wi-Fi Architecture ComparisonDistributed ControllerCloud Controller
Single point of failure
WAN-dependent performance
Controller-limited scalability
Central Controller
Single point of failure
Controller-limited performance
Controller-limited scalability
No single point of failure
Full performance
‘Infinite’ scalability
= Control Function
Training Rooms Outdoors
AuditoriumsCommittee Rooms Chambers
Offices
The Scalability Challenge: Density Everywhere
The Adaptability Challenge: Constant ChangeModel Released Wi-Fi Mode 2.4GHz 5GHz Antennas Max Rate
iPhone June 2007 11g ✔ 1 54 Mbps
iPhone 3G July 2008 11g ✔ 1 54 Mbps
iPhone 3GS June 2009 11g ✔ 1 54 Mbps
iPhone 4 June 2010 11n ✔ 1 65 Mbps
iPhone 4S Oct 2011 11n ✔ 1 65 Mbps
iPhone 5 Sept 2012 11n ✔ ✔ 1 150 Mbps
iPhone 5S / 5C Sept 2013 11n ✔ ✔ 1 150 Mbps
iPhone 6 / 6 Plus Sept 2014 11ac ✔ ✔ 1 433 Mbps
iPhone 6S / 6S Plus Sept 2015 11ac ✔ ✔ 2 866 Mbps
iPhone Example: Continuously Improving Technology
Xirrus Wi-Fi Portfolio Use Cases
Use Case Density
AP
De
nsity
2 radios
2 radios
4 radios
4 radios 8 radios
XR-320 X22 radios
Lodging Office Committee Chambers Stadium/Convention
XR-600
XD2
XD4
XR-2000 XR-4000
11ac Wave 2
11ac Wave 1
Security in Wireless Networks
• WEP
- 128-bit encryption (key length is 104 bits)
- Very Easy to hack
• WPA
- Introduced TKIP (still like WEP)
- Easy to hack
• WPA2
- Introduced AES encryption
- Difficult to hack
Personal vs Enterprise
• Personal
- Uses one shared key. The security lies within the key created. Also known as PSK.
- Uses a 256-bit key of 64 hexadecimal digits or a passphrase of 8 to 63 ASCII characters.
- Fairly easy to hack. Brute force methods can successfully crack your key.
• Enterprise
- Does not use a shard key
- Uses RADIUS for authentication
- Supports NAP (Network Access Protection)
Wireless Encryption Summery
• Open (risky): Open Wi-Fi networks have no passphrase. Public WiFi only (maybe)
• WEP 64 (risky): The old WEP encryption standard is vulnerable and shouldn’t be used. Its name, which stands for “Wired Equivalent Privacy”.
• WEP 128 (risky): WEP with a larger encryption key size isn’t really any better.
• WPA-PSK (TKIP): This is basically the standard WPA, or WPA1, encryption. It’s been superseded and isn’t secure.
• WPA-PSK (AES): This chooses the older WPA wireless protocol with the more modern AES encryption. Devices that support AES will almost always support WPA2, while devices that require WPA1 will almost never support AES encryption. This option makes very little sense.
• WPA2-PSK (TKIP): This uses the modern WPA2 standard with older TKIP encryption. This isn’t secure, and is only a good idea if you have older devices that can’t connect to a WPA2-PSK (AES) network.
• WPA2-PSK (AES): This is the most secure option. It uses WPA2, the latest Wi-Fi encryption standard, and the latest AES encryption protocol.
EasyPass Personal Provides:
• Personalized Public Wi-Fi security
• Secure individual network for each user
• Simplified connection of devices
• Protection from snoopers/hackers
The Best Security for Public Wi-Fi
Reliability Through Application Intelligence
PRIORITIZE
LIMIT
BLOCK
Identify and Control Over 1,400 applications Directly in the AP