www.SCStateHouse.gov Michael Lauth, Security Analyst

Wi-Fi Industry Evolution

Company

Company

Company

Fat APs(1993-2003)

Central ControllerThin APs

(2003-2013)

Distributed ControlCloud Managed(2013-current)

Wi-Fi Architecture ComparisonDistributed ControllerCloud Controller

Single point of failure

WAN-dependent performance

Controller-limited scalability

Central Controller

Single point of failure

Controller-limited performance

Controller-limited scalability

No single point of failure

Full performance

‘Infinite’ scalability

= Control Function

Total AP count:36

Cisco AP Layout

Total Array count:16

Xirrus Array Layout

Training Rooms Outdoors

AuditoriumsCommittee Rooms Chambers

Offices

The Scalability Challenge: Density Everywhere

The Adaptability Challenge: Constant ChangeModel Released Wi-Fi Mode 2.4GHz 5GHz Antennas Max Rate

iPhone June 2007 11g ✔ 1 54 Mbps

iPhone 3G July 2008 11g ✔ 1 54 Mbps

iPhone 3GS June 2009 11g ✔ 1 54 Mbps

iPhone 4 June 2010 11n ✔ 1 65 Mbps

iPhone 4S Oct 2011 11n ✔ 1 65 Mbps

iPhone 5 Sept 2012 11n ✔ ✔ 1 150 Mbps

iPhone 5S / 5C Sept 2013 11n ✔ ✔ 1 150 Mbps

iPhone 6 / 6 Plus Sept 2014 11ac ✔ ✔ 1 433 Mbps

iPhone 6S / 6S Plus Sept 2015 11ac ✔ ✔ 2 866 Mbps

iPhone Example: Continuously Improving Technology

Xirrus Wi-Fi Portfolio Use Cases

Use Case Density

AP

De

nsity

2 radios

2 radios

4 radios

4 radios 8 radios

XR-320 X22 radios

Lodging Office Committee Chambers Stadium/Convention

XR-600

XD2

XD4

XR-2000 XR-4000

11ac Wave 2

11ac Wave 1

Wireless Security

Security in Wireless Networks

• WEP

- 128-bit encryption (key length is 104 bits)

- Very Easy to hack

• WPA

- Introduced TKIP (still like WEP)

- Easy to hack

• WPA2

- Introduced AES encryption

- Difficult to hack

Personal vs Enterprise

• Personal

- Uses one shared key. The security lies within the key created. Also known as PSK.

- Uses a 256-bit key of 64 hexadecimal digits or a passphrase of 8 to 63 ASCII characters.

- Fairly easy to hack. Brute force methods can successfully crack your key.

• Enterprise

- Does not use a shard key

- Uses RADIUS for authentication

- Supports NAP (Network Access Protection)

Wireless Encryption Summery

• Open (risky): Open Wi-Fi networks have no passphrase. Public WiFi only (maybe)

• WEP 64 (risky): The old WEP encryption standard is vulnerable and shouldn’t be used. Its name, which stands for “Wired Equivalent Privacy”.

• WEP 128 (risky): WEP with a larger encryption key size isn’t really any better.

• WPA-PSK (TKIP): This is basically the standard WPA, or WPA1, encryption. It’s been superseded and isn’t secure.

• WPA-PSK (AES): This chooses the older WPA wireless protocol with the more modern AES encryption. Devices that support AES will almost always support WPA2, while devices that require WPA1 will almost never support AES encryption. This option makes very little sense.

• WPA2-PSK (TKIP): This uses the modern WPA2 standard with older TKIP encryption. This isn’t secure, and is only a good idea if you have older devices that can’t connect to a WPA2-PSK (AES) network.

• WPA2-PSK (AES): This is the most secure option. It uses WPA2, the latest Wi-Fi encryption standard, and the latest AES encryption protocol.

EasyPass Solves Wi-Fi Access For All UsersGuests Customers Employees

Secure Public Wi-Fi

EasyPass Personal Provides:

• Personalized Public Wi-Fi security

• Secure individual network for each user

• Simplified connection of devices

• Protection from snoopers/hackers

The Best Security for Public Wi-Fi

Reliability Through Application Intelligence

PRIORITIZE

LIMIT

BLOCK

Identify and Control Over 1,400 applications Directly in the AP

*Questions*

ContactMichael Lauth

michaellauth@scstatehouse.gov