WPA3 Adds Four Security Enhancements, One of Which Matters

The Wi-Fi Alliance announced its next security enhancement today, called WPA3.  The press release touts "four new capabilities", but only one of the four affects practical Wi-Fi security.

As they are occasionally wont to do, the Wi-Fi Alliance announced a new certification today via a press release featuring an artisnal blend of normal words and corporate gobbledygook.  For those who speak fluent corporate gobbledygook, here are the four enhancements of WPA3:
Robust protections even when users choose passwords that fall short of typical complexity recommendations.Simplify the process of configuring security for devices that have limited or no display interface.Strengthen user privacy in open networks through individualized data encryption.A 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems to forther protect Wi-Fi networks with higher security requirements such as government, defense, a…

Stay Out The Trap (f.k.a. The Corner)

Back in my day, we called it The Corner.  Nowadays, the kids call it The Trap. (WARNING: Very NSFW)

The average IT professional may not view Wi-Fi "Design" as being directly analogous to the inner city drug trade.  Yet, when Wi-Fi Professionals go through the process of choosing AP installation locations, they should know what even the most novice B.G. drug dealer knows: that The Corner is also The Trap.

When embarking on a Wi-Fi "Design", some things are obvious.  Coverage is needed everywhere.  The number of available APs must be appropriate for the number of expected Wi-Fi devices.  Physical objects (walls, doors, et al.) should be accounted for.

A less obvious part of Wi-Fi "Design" is avoiding Hidden Node problems.  The Hidden Node problem occurs when two or more devices on the same channel A) cannot "hear" each other, and B) can interfere with each other.

The reason why Hidden Node is a problem is that Wi-Fi devices rely on "hearing&qu…

Using Bluetooth to Debunk the Dual 5 GHz Myth

What does Bluetooth have to do with 5 GHz Wi-Fi?  Nothing.  Bluetooth operates in the 2.4 GHz frequency band.

If you look in the right spot, however, Bluetooth can teach you something about 5 GHz Wi-Fi.  Specifically, the Bluetooth 5.0 specification can teach you that Dual 5 GHz access points are a bad idea.

This blog's opposition to Dual 5 GHz access points (APs) is not news to long time readers.  The 'Two Radios Are Better Than One (Unless They're Both 5 GHz)' blog post, which details how Dual 5 GHz APs (like Cisco 3800 Series APs, for example) make enterprise Wi-Fi less stable, is nearly three years old. 

Today's re-stating of the pitfalls of dual 5 GHz radio APs is due to something I uncovered while reading about Bluetooth.  I was reading the Bluetooth 5.0 specification in search of anything that might affect Wi-Fi when I happened upon this table:

The middle rows of the table is most dramatic, showing that out-of-band RF activity can interfere with the 2.4 GHz b…

How to Fix a Cisco Wi-Fi Network Without Surveying, Adding APs or Moving APs

The vast majority of Cisco Wi-Fi networks can be fixed without having to spend precious time and money on surveying, adding new access points (APs) or moving existing APs.  Here's how.

Cisco has some very fine enterprise Wi-Fi products.  Unfortunately, those very fine products often get deployed in a manner that leads to connectivity and performance issues.

The following steps take about ten minutes to perform, and will stabilize connectivity and performance for the vast majority of enterprise-class Cisco Wi-Fi networks.  Anything in bold is something to click or select or check or uncheck or type.

1. Access the Cisco wireless LAN controller (WLC) interface via a web browser.

2. Navigate to WLANs (menu) -> -> Security (tab) -> Uncheck WPA Policy -> Apply

NOTE: Wi-Fi Protected Access (WPA) is a Wi-Fi security method that uses temporal key integrity protocol (TKIP) encryption by default.  Using TKIP encryption disables 802.11n and 802.11ac data rates, effectively renderin…

Channel 13, F*#k Yeah!

Wi-Fi is a technology used around the world and we, as Americans, respect all cultures and creeds.  That said, occasionally we like to celebrate ourselves (NSFW, as if the title didn't make it obvious):

Unfortunately, America has been behind the times in Wi-Fi.  No longer!  We now have motherf*#king 2.4 GHz channels 12 and 13.

This blog has a rigid rule to avoid politics, so I'll phrase this as apolitically as I possibly can: from January 20, 2009 to January 19, 2016, America's wireless authority -- the Federal Communications Commission (FCC) -- repeatedly authored rules that damaged Wi-Fi.  In 2010 the FCC banned Wi-Fi on channels 120 through 128, in 2014 the FCC messed up channels 52 through 144 by requiring additional dynamic frequency selection (DFS) scanning and in 2016 the FCC declined a proposal by satellite phone provider Globalstar to allow 2.4 GHz channels 12 and 13 to be used for "terrestrial, low power services" (TLPS), which just so happen to have the…

In Search of an Accurate Site Survey

This week's big Wi-Fi news was Ekahau's introduction of the Sidekick, an easy-to-carry, laptop battery-conserving device designed to make Wi-Fi site surveying more elegant.  Unfortunately, it appears to do more to exacerbate Wi-Fi problems than to solve them.

What is the number one problem in enterprise Wi-Fi?

It surely can't be security.  Security is a hot topic, but Wi-Fi security isn't really a problem anymore.  Even security problems that Wi-Fi gets blamed on -- Pineapple hijacking, Wi-Phishing, man-in-the-middle -- either aren't problems for modern devices & applications, or are problems that extend beyond Wi-Fi.

Maybe it's user density?  Or supporting a variety of devices?  Maybe it's connection issues; when moving or when the device is idle for too long?

Whatever the answer, chances are it comes down to one overarching issue: different Wi-Fi devices behave differently.  Capacity testing gets done using laptops, then smartphones cause the Wi-Fi to…

Eka-Heka-Hau Eka-Hiney-Ho or: Jussi's Big Adventure

There are times in life when I feel like I've been misunderstood, and I would like to just wish away the communication gap. 

Unfortunately, there is no Wi-Fi Jambi, so instead I am going to use this short blog post to try to smooth things over with Jussi Kiviniemi, SVP of Ekahau.

For those who are unfamiliar, Ekahau is site survey software.  You can do predictive surveying (sometimes called "planning") with it and you can do live surveying (the "walking survey") with it.  Either way, the result is a nice looking "heat map" showing Wi-Fi coverage over your floorplans, like so:

Jussi Kiviniemi is the public face of Ekahau.  He's a Finnish guy and he goes to Wi-Fi conferences, hosts events, is active on Twitter, etc.

There are days when I think that Jussi doesn't like me.  And being the rugged, pro-American American that I am, I take responsibility for things that happen to me.

The root of Jussi's occasional distaste for me -- I think; I supp…