Tag Archives: IoT

A Good IoT Set of Design Guidelines, But Missing an Important Point

Go here. Read it. It won’t take long.

I especially like #4:

Give Humans the Power to Opt-Out – I understand that the features in your device are amazing, life-changing even. However, when a device or its software affects someone’s life, they deserve a say in how they use it. It’s as simple as that. Especially if the software or its updates are in a life-saving healthcare device. The doctor and the patient must not only understand the features but need to come to an agreement on how and when they will be used. So yes, while sending an automatic order to the grocery store when you are out of milk seems innocuous, your customers should still get a say in how and when that order happens.

It’s refreshing to see Core Security take IoT vendors to task on security, but as a WLAN Architect/Admin/Instructor/Supporter/Philosopher/Fanboy, I do find a deficiency with the otherwise good blog.

EVERY kind of device finds it’s way to the business WLAN. And the business WLAN landscape should be moving away from pre-share-based WLAN security and MAC-exceptions on Guest WLANs. If you aren’t building in 802.1X support with the top few EAP types, you are still not getting it.

And too many device makers still are not getting it.

 

Become Aware of Wi-Fi Aware

It looks we’re on the verge of another one of those Wi-Fi features that seems like (maybe?) it’s a good thing for wireless users of a certain mindset, but perhaps not so much for those of us in the business of business WLAN. The topic is Wi-Fi Aware, and it’s time we wireless administrator types started paying attention- before the expected deluge of devices later this year or early next.

I’ll start by admitting I know that I don’t know a lot about Wi-Fi Aware, but I’m trying to grasp the potential implications from both the client and system ends. I do know that Wi-Fi Aware is being touted as both a services discovery mechanism for seeing what your fellow clients are capableof, and is something akin to beacons for location-based triggering except with a much longer range. Supposedly, the framework is opt-in/out per application, and you share whether your device advertises or accepts interactions with other wireless users. There aren’t yet many client devices out with the capability, but they will definitely come in the months to come.

Wi-Fi Aware is stirring up a lot of media attention, but before I share a couple of examples, it’s worth pointing out that this is yet another baby of the Wi-Fi Alliance. If you want to start learning about Wi-Fi Aware, I recommend you first visit the Alliance’s pages on it:

Because it’s new, there is a lot of speculation about how Wi-Fi Aware might get used, but little in the way of real-world example yet. Nonetheless, here are a couple of speculative articles to prime the pump: Wi-FI Aware and the IoT, and all your devices will connect instantly. There are plenty more to be found with simple Internet search.

It’s way too early to form a reality-based opinion on Wi-Fi Aware, but I can tell you one thing that makes me a bit uncomfortable. Like with many of it’s initiatives, the Wi-Fi Alliance does no real favors to enterprise Wi-Fi folks with early hype on Wi-Fi Aware. This feature set is very much client to client before and outside of the clients actually being on the WLAN- which means it’s one more thing the WLAN is likely to get blamed for when some aspect of Wi-Fi Aware doesn’t work as expected. It would be great if the Alliance would go so far as to say:

  • Here’s what it means to home wireless networks
  • Here’s what it means to public wireless networks
  • Here’s what it means to captive portal Wi-Fi networks
  • Here’s what it means to 802.1x secure WLAN

Given that client-to-client actions can trigger attempts to join and use Wi-Fi infrastructure networks, it would be great if some of the nitty-gritty was shared up front rather than left to admins to suffer through. 

Here’s where I’ll admit to being a bit pissy about the Wi-Fi Alliance. I’m pleased that they are so into new feature sets and the like, but it very much feels like they have pretty much turned their backs on the enterprise wireless demographic in favor of simply pushing product to non-business consumers. 

Where the consumer and enterprise worlds collide, it’s up to the WLAN admin to clean up the frequent messes while the Alliance either stays quiet or simply pipes up with a Neanderthal-like “Wi-Fi good. Buy more Wi-Fi”.
Let’s hope Wi-Fi Aware proves to be more friendly to the enterprise than I’m expecting. Meanwhile, it’s time to start learning about it.

Have you formed any opinions yet about Wi-Fi Aware? Do you have any expected business use cases in mind? Have you found any decent technical articles that help explain what Wi-Fi Aware might really be about? Please share, and thanks for reading.

Aerohive and AirTight Announce IoT “Firsts”

There aren’t too many opportunities in life to claim “we’re the first to _____!”  There’s a bit of a glow that comes with being first to market, even if the first whatever isn’t really monumental or exactly disruptive.  In the last couple of weeks, both Aerohive and Airtight (cloud-managed WLAN vendors for those of you late to the party) made a “We’re first!” announcement, each with Internet of Things (IOT) implications. Let’s take a look at both.

Aerohive- First Integration of WLAN and iBeacons

Here’s the official news from Aerohive. The nuts of it is that Aerohive and beacon-maker Radius Networks are pals, and Aerohive APs can directly host ibeacons via USB port on the access point. The notion of ibeacons (and altbeacons) is really just getting started, so this could become big and will likely ripple out far beyond it’s infancy in retail spaces. Though the companies are partners on the initiative, there’s really no changes per se to Hive Mananager that goes with having RadBeacons attached to APs.

Here’s my own coverage of the story at Network Computing. If you’d like to further the iBeacon discussion, please post comments over there.

Then there’s this:

AirTight- First Access Point with ‘IoT-ready’ WiPS

I’ll admit to being underwhelmed when I saw the press for Airtight’s new C-65 access point. Sure, any new 11ac AP is worth noting, but the up-play of it’s “IoT readiness” seemed to be a stretch. So, I asked- what makes this one so special versus the competition?

Here’s what AirTight says about the C-65 in their own words:

Two key things in IoT readiness for WIPS are system scalability andoperation scalability because of increasing device volume and diversity and growing attack variants.

 
1.     System scalability
o    AirTight increased the ability to monitor active wireless devices from 500 to 2000 per AP/sensor
o    On the cloud side, we increased the ability to scale to hundreds of thousands of devices being monitored across multiple geographies and customers
 
Scalability bottleneck in IoT will be coming from neighborhood devices that you need to track for threat detection, compliance reporting, etc, rather than your own APs that you manage in the cloud.
 
AirTight’s tests and customer POCs have shown that because the competition does not have this scalability today, device history is not maintained long enough; alerts are quickly purged to maintain scalability; reporting and forensics are thin; and threat detection is slow.
 
This happens today; what will happen tomorrow with hundreds of IoT devices in your wireless neighborhood?
 
2.     Operation scalability
o    The detection is behavioral based rather than signature-, rules or MAC heuristics- based
o    “Zero day protection”: no learning or adding of signatures is required
o    Minimal human intervention required
o    False alarm free
o    Reliable automated prevention without neighbor disruption
 
Our detection algorithm has matured over the years because of our focus on WIPS and is able to handle nuanced protocol implementations. So AirTightWIPS is better suited to handle device diversity. Other vendors are mostly doing MAC heuristics to detect rogues and have not invested in detecting all variants of threats and attacks.
 
Again, we have seen the impact of this in POCs and internal tests. We have seen competition raising false alarms (false positives and false negatives), along with creating large number of alerts for the administrator to sort through. Some products even discourage users from turning on automated prevention via product messages and technical documentation.
And there you have it.  Neither of these announcements is mind-blowing yet at the same time they serve as examples of where WLAN vendors’ heads are regarding IoT at this stage.
In case it isn’t obvious, we’re likely to hear a lot more about how the Internet of Things will shape wireless solutions, and how vendors think we should be preparing for the IoT onslaught. It’s gonna continue to come at us in little chunks as the seeds of IoT take root, so keep your eyes open or you’re going miss something.