About The Editor

This author has not yet filled in any details.
So far The Editor has created 26 blog entries.

Meraki’s Air Marshal Gets Help from a New WIPS Sheriff

Wi-Fi hacking is a hot topic, but one that’s plagued by ambiguous and often contradictory technical terminology. Luckily, the lack of common definitions for Wi-Fi threat vectors has actually produced a solution to the problem: the Trusted Wireless Environment. The Trusted Wireless Environment framework succinctly defines the six Layer 2 Wi-Fi hacks that affect nearly every business today and provides a simple test criterion to determine if a Wi-Fi network is protected from each type of attack.

Wi-Fi professionals at Miercom, a global, independent security and performance testing laboratory, recently tested Cisco Meraki’s MR33 access point (AP) to determine if it could automatically detect and prevent the six known Wi-Fi threats. The MR33 was only able to automatically detect one of the six threats – the Evil Twin AP – and failed to automatically detect the other five. The MR33 also failed to automatically prevent all six threats. These results are likely not surprising to Wi-Fi security researchers and enthusiasts who have witnessed the Wi-Fi industry consistently deprioritize security protection in Wi-Fi products in favor of improving speed, capacity, and network efficiency.

Having been exposed to the Trusted Wireless Environment in the past, Miercom test professionals recognized that WatchGuard has been gearing its cloud-managed AP roadmap with unique security feature sets. To determine how existing Cisco Meraki networks can become Trusted Wireless Environment compliant, Miercom configured a WatchGuard AP125 AP as a security sensor dedicated to protecting the Meraki MR33 from the six known Wi-Fi threats. The results show that Meraki Wi-Fi networks that would’ve been vulnerable to the six Wi-Fi threats are 100% protected once a WatchGuard AP125 APs was added.  From a deployment perspective, network and security administrators will find a simple solution where the Meraki APs continue to connect Wi-Fi users as usual and the WatchGuard APs act as a sort of Wireless Intrusion Prevention System (WIPS) sentry, constantly monitoring the air space and wired network for presence of any of the six threats.

If they’re as curious as I am, Meraki Wi-Fi network administrators have probably been banging their heads against their desks trying to understand how Air Marshal (the WIPS solution included with most Meraki APs) functions in a live network. For many of us, we tend to feel nervous about enabling the Air Marshal containment feature and often disable it completely after reading the warning message from Cisco:

Rest assured Meraki administrators! You can disable Air Marshal completely and safely offload WIPS to WatchGuard APs, which are designed specifically to plug the serious security gaps in the Wi-Fi attack surface.

Those interested in testing their own Meraki Wi-Fi networks for Trusted Wireless Environment compliance can follow the Trusted Wireless Environment test guide, and contact Miercom via their website for a more thorough test involving live client workloads. Lastly, if you’re wondering how many WatchGuard APs you need to add to your existing Meraki Wi-Fi network to protect it, any WatchGuard reseller near you has access to a professional service from WatchGuard that will provide you with a predictive simulation survey that determines the recommended number of WatchGuard APs, installation locations, and WIPS/Wi-Fi coverage range.

5 Hot Topics From Wi-Fi NOW 2019 London

Wi-Fi NOW, an independent organization led by Claus Hetting, exists to hold the thought leadership agenda for the Wi-Fi industry.   Their mission is to support and promote all things Wi-Fi and they work with individuals, carriers, service providers, tech vendors, and regulators.  Basically, if there’s something happening in the world of Wi-Fi, it’s discussed at one of Wi-Fi NOW’s events first.  This year their European event was held in London where I and several colleagues were in attendance, soaking up and reflecting on all the great presentations and forward-looking ideas from our fellow Wi-Fi industry peers.  In the unfortunate situation you missed the event, have no fear, below are my summary and analysis of the top five hot topics from the event that foreshadow big things are coming to anyone who uses, installs, or supports Wi-Fi ecosystem devices.

1. Wi-Fi 6

802.[insert letter here] Wi-Fi technology versioning is so yesterday people.  The Wi-Fi Alliance has adopted a more simple numbering scheme and the newest version is Wi-Fi 6.  This version of Wi-Fi is a big leap for the industry and basically makes Wi-Fi work much better in situations with large number of clients (IoT, venues, campuses) or vast amounts of traffic (AR/VR, gaming, video conferencing).  A Wi-Fi 6 client such as a laptop, smartphone, etc, connected to a Wi-Fi 6 access point or router will perform better and users will experience the stability and reliability they haven’t previously had with Wi-Fi in busy environments like airports, conference centers, train stations, and so on.  Think about the times you switch off Wi-Fi and use cellular because ‘the Wi-Fi stinks here’, well Wi-Fi 6 has some serious technology improvements that might make that situation a thing of the past:

  • Orthogonal frequency division multiple access (OFDMA) increases network efficiency
  • Target wake time (TWT) significantly improves network efficiency and device battery life, including IoT devices
  • 1024 quadrature amplitude modulation mode (1024-QAM) increases throughput for emerging, bandwidth-intensive uses by encoding more data in the same amount of spectrum
  • Transmit beamforming enables higher data rates at a given range to increase network capacity
  • Improvements apply to both 2.4GHz and 5GHz. 4GHz hasn’t seen any serious improvements since 2009

2. 6GHz

If you’ve ever read the cardboard box your home router came in or know a little about Wi-Fi, you know it operates on two frequency bands: 2.4GHz and 5GHz.  Well buckle up because we are about to see a third band added: 6GHz.  Adding more spectrum for use with Wi-Fi allows more Wi-Fi devices to send/receive at the same time (also known as reducing contention).

3. AI/ML + Wi-Fi

There are literally hundreds of driver settings that can be tweaked for a Wi-Fi radio inside a business access point or home router.  There are some serious Wi-Fi gurus out there, but no human being can possibly monitor the dynamic environment variables like traffic load, client count, temperature of room, open/closed doors, moving people and adjust theses driver settings for optimal performance.  The holy grail of Wi-Fi is to utilize artificial intelligence and machine learning algorithms to dynamically tweak radio settings and pinpoint root cause issues for common user complaints like “the Wi-Fi sucks” and present options for resolving problems to network administrators.  No one has fully cracked the code on this but there are Wi-Fi access point vendors emerging with very promising tools with the beginnings of a powerful roadmap ahead.

4. Stopping Wi-Fi Hacking

We’re celebrating the 20th anniversary of modern-day Wi-Fi in 2019.  We also have been living with six Wi-Fi hacks for all that time which allow attackers to silently intercept Wi-Fi users’ data/passwords/website traffic and more.  The industry has had to deal with WPA2 and WPA3 encryption getting hacked recently as well so the subject of protecting people from Wi-Fi hacks was top of mind at the event.  We advocated the Trusted Wireless Environment movement which raises awareness around Wi-Fi security and offers an easy way to test a Wi-Fi network for vulnerability to these attacks and a way to plug the attack surface once and for all.

5. 5G AND Wi-Fi

The next generation of cellular technology is out our doorstep, 5G, and it has a best friend: Wi-Fi.  You may not realize it, but today when you are nearby a public area like an airport or shopping mall, even though your smart phone’s icon says “4G LTE” or “5GE”, it’s actually connected to a Wi-Fi access point and your data is flowing over Wi-Fi.  The cell carriers lack enough frequency spectrum and network capacity to provide all of our smartphones with sufficient bandwidth so they utilize Passpoint (AKA Hotspot 2.0) to automatically move our smart phone traffic off their cell towers and onto Passpoint compliant Wi-Fi networks.  Cisco reports somewhere around 54% of 4G traffic is offloaded to Wi-Fi and predicts over 70% with 5G due to sharply rising bandwidth demands of mobile users.  For you infosec folks, check this article about a cautionary message of the 5G to Wi-Fi handoff attack surface.

The Most Common Wi-Fi Attacks Hotel Guests Need to Worry About

hotel room laptop

Wi-Fi is an important amenity at hotels around the world, whether for business travelers working on the go or vacationers watching Netflix on their phones. But hotel Wi-Fi networks are often vulnerable to Wi-Fi attacks that allow hackers to eavesdrop on network traffic and steal things like credit card information and sensitive corporate data. Our Director of Product Management for Wi-Fi, Ryan Orsi, wrote a guest post for Hospitality Technology explaining the most common Wi-Fi attacks that affect hotel guests and management.

There are six common Wi-Fi threats: Rogue APs, Rogue Clients, Neighbor APs, Ad-Hoc Connections, Misconfigured APs and Evil Twins. Of those, the Evil Twin attack is especially nasty; it’s easy to perform using legal Wi-Fi hacking tools and there are even YouTube tutorials showing how to pull it off. Since security hasn’t been a priority among wireless vendors and standard-setting organizations, most Wi-Fi networks are still vulnerable to these attacks, even though several of them are quite old and well-known in security circles.

In fact, WatchGuard engineers have been testing Wi-Fi security in the field at airports, restaurants and hotels around the world to get a sense of the scope of the problem. The results did not inspire confidence. Here’s an excerpt from Ryan’s article explaining what his team discovered.

[WatchGuard tested] the security of public Wi-Fi hotspots against Evil Twin attacks at more than 45 locations across five countries, including 12 hotels and 13 airports. Only four locations (9%) had adequate protection in place against Evil Twin attacks and of those, no hotel passed the test. The four locations that did pass were located within the United Kingdom. All other failed test locations were at well-known retail, restaurant, and transportation brands located in the U.S., Germany, Brazil, and Poland. The problem isn’t with any one specific vendor or hotel/restaurant chain – it’s an issue across the hospitality industry overall. This security testing research is continuing with more worldwide locations, and there are plans to collaborate with brand owners to test for the other additional five Wi-Fi attack categories.

Read Ryan’s full article in Hospitality Technology to learn more about these attacks and some of the ways hotels can protect their guests from them. Learn more about what WatchGuard does to help solve this problem here and read more about Wi-Fi security standards at https://www.trustedwirelessenvironment.com/what-is-a-trusted-wireless-environment/. There’s also a petition to urge wireless vendors to create a global standard for Wi-Fi, which you can sign here.

5G Versus Wi-Fi: Which is More Secure?

cell tower

Most smartphone users assume that cellular data networks are more secure than unknown Wi-Fi. In general they’re correct (and we still advise people to use their cellular data rather than an unknown or public Wi-Fi network when accessing sensitive information on a mobile device)! But, as the 5G rollout progresses, more and more cellular users will be exposed to Wi-Fi security threats via a process called Wi-Fi offloading. There are also weaknesses in 5G traffic itself that can be exploited by a determined attacker. Our Director of Product Management for Wi-Fi, Ryan Orsi, wrote a guest article for Network Computing explaining what these processes are and what 5G and Wi-Fi users need to know about them.

Thanks to the public’s ravenous demand for bandwidth on smartphones and tablets, a large portion of “cellular” traffic is actually offloaded to nearby Wi-Fi networks to help equalize the load. When a device is in range of a Wi-Fi access point configured for this (called Hotspot 2.0 or Passpoint) the connection seamlessly moves to Wi-Fi without any visible change on the user’s device. This is common in large public areas like sports stadiums, malls and airports. 59% of 4G traffic is offloaded now, and Cisco predicts that 71% of 5G traffic will be offloaded. This means these connections can be exposed to common Wi-Fi attacks, like the Evil Twin attack where a hacker sets up a duplicate of a legitimate access point and eavesdrops on the data of anyone that connects to it. Here’s an excerpt from Ryan’s article explaining this issue in more detail.

 Attackers primarily eavesdrop and intercept Wi-Fi traffic via man-in-the-middle positions and are constantly looking for easy ways to steal valuable information, like user credentials for a juicy target like cloud-based HR sites, email, or online shopping and travel sites. For example, if a 5G user has their cellular connection offloaded to an Evil Twin AP mimicking a legitimate Passpoint AP, then the attackers have full visibility into the data stream they thought was private and secured via cellular technologies.

 Offloaded Wi-Fi is technically supposed to be protected by enterprise versions of the WPA2 or WPA3 security protocol. However, both of these encryption methods have suffered serious flaws lately with the KRACK and Dragonblood vulnerabilities, which have exposed fundamental flaws in the system design (although enterprise versions are considered a bit safer). In addition, tools and research are being developed to exploit this protection constantly. Encryption, after all, is supposed to be the last resort of protection for our connections.

Read Ryan’s full article on Network Computing to learn about the other common Wi-Fi attacks that 5G users could be exposed to, and some of the vulnerabilities in 5G traffic itself. Learn more about what WatchGuard does to help solve this problem here and read more about Wi-Fi security standards at https://www.trustedwirelessenvironment.com/what-is-a-trusted-wireless-environment/. There’s also a petition to urge wireless vendors to create a global standard for Wi-Fi, which you can sign here.

How MSPs Can Get a Leg Up on Their Competition with Wi-Fi Security

TWE graphic

I’m a little embarrassed to admit this, but I think about Wi-Fi ALL THE TIME. Not just because Wi-Fi has become a necessity that I can’t live without, but also because I work for a company whose mission is to not only offer Wi-Fi to our partners and customers, but offer them secure Wi-Fi, so that they don’t ever have to worry about their data being compromised by hackers.

When I think about the Wi-Fi market today, it consists of Wi-Fi offerings that are all relatively the same, making it extremely difficult for MSPs to differentiate themselves. When choosing a Wi-Fi solution, simply offering consumer-grade Wi-Fi fails to provide the performance, security, or even scalability that today’s organizations require, while traditional enterprise-grade Wi-Fi comes at high costs with added overhead. This leaves SMBs in search of a middle ground.

So what is an MSP like yourself left to do? Offering a Trusted Wireless Environment that is fast, easy to manage, and most importantly, secure is the way to go. When MSPs offer a Trusted Wireless Environment, they deliver on the three core pillars of market-leading performance, scalable management, and verified comprehensive security, defending their customers against the six known Wi-Fi threat categories:

1.     Rogue Access Point

You own a retail store that has customers coming in and out all day. When it’s busy, it’s impossible to keep an eye on everyone there every second of the day. It’s easy for someone to jump into the wire closet and plug in the cheapest access point they could get and they’re now able to gain access to the company’s private secure network and can hijack POS systems to reveal credit card numbers and more.

2.     “Evil Twin” Access Point

On your lunch break you decide its finally time to update your wardrobe – nothing wrong with that! But a hacker is using an evil twin access point and you’ve now unsuspectedly connected to their copy of your Wi-Fi SSID. Once you go to check out and enter in your credit card information to order that new dress, the hacker has your information and is ready to go sell it on the dark web.

3.     Rogue Client

You stop by the same café on the way to work every day. Since you’ve connected to their Wi-Fi network before, your phone automatically connects as soon as you set foot in the door. Unfortunately, that day, someone had set up an evil twin access point, tricked your phone, and infected your phone while you’re in range of your private WLAN with ransomware for you to take back to the office. As soon as you’re back at your desk, your phone connects to your corporate Wi-Fi and the ransomware is off and running!

4.     Neighbor Access Point

Susan in marketing cannot get through the morning without listening to her favorite new soundtrack. Her phone is almost dead, so she wants to use her company-issued computer to connect to a streaming site. Her company’s firewall restricts access to streaming music, but that’s no worry for Susan – she’ll just connect to the downstairs coffee shop’s unsecure Wi-Fi and start listening away. Unfortunately for you, a hacker is sipping his first cup of coffee, just waiting for her to connect and get to work on accessing your network.

5.     Ad-hoc Network

As a meeting is getting ready to start, Carl’s boss is STILL waiting for that file he promised would be there this morning. It would take him too long to use the corporate-approved secure network file sharing, so he decides to set up an ad-hoc network to send it directly from laptop to laptop. Sending files via AirDrop or AirDroid creates security and legal implications that could affect your organization.

6.     Misconfigured Access Point

An access point gets shipped from corporate to your new office and Charlie, the receptionist, volunteers to set it up! He follows the instructions and installs the access point that’s now broadcasting an open SSID, which is leaking private data like a sieve. You can’t blame him, because he’s not an IT pro, but you’re still left with a misconfigured AP that could be a serious risk to your organization.

All these threats are not new and have been around since Wi-Fi went mainstream 20 years ago. But one thing that has remained the same and is so shocking to me, there are no security standards around Layer 2 Wi-Fi to keep Wi-Fi users like you and me safe. This is why I’m advocating for change. We all deserve to connect to Wi-Fi we can trust. I want to be able to connect to Wi-Fi at my favorite coffee shop and not have to look around wondering if the person sitting next to me on their laptop is a hacker. Hackers prefer to go after Wi-Fi because it’s the weak link in the security chain and it doesn’t take much to hack into a Wi-Fi network. There are thousands of how-to videos on YouTube and a $99 pen testing tool like the WiFi Pineapple to make any Wi-Fi hack seamless.

We must put a stop to this! Join me and let’s end Wi-Fi hacks together by signing this petition: www.TrustedWirelessEnvironment.com. Every signature we collect will help us partner with organizations such as Congressional Wi-Fi Caucus, WiFiForward, PCI Security Standards Council, Wi-FiNOW, IEEE, and Wi-Fi Alliance to name a few. These organizations help build security standards for businesses around the world and we want to join forces by collaborating with them to make this world a safer place.

Establishing a Global Standard for Wi-Fi Security

When was the last time you thought about the security of your wireless communications? We’re constantly leveraging Wi-Fi networks during business meetings, and at coffee shops, restaurants, airports and more. It’s almost second nature to tap into the local Wi-Fi network wherever we go. And while wireless security and privacy standards have been around for quite some time, none are completely immune to the six known Wi-Fi threat categories. This leaves businesses, employees and everyday users open to data theft and other major security issues.

In his latest Forbes Technology Council column, WatchGuard CTO Corey Nachreiner highlights the shortcomings of existing wireless standards and protocols, and calls for the industry to rally together to establish a global standard for Wi-Fi security that truly protects organizations and their users from every class of Wi-Fi attack. Here’s a brief excerpt from the piece:

The problem is that there are Wi-Fi threats that work regardless of these encryption and authentication protocols. The Evil Twin attack is one such example, where an attacker simply copies the wireless network name (something called an SSID) of a Wi-Fi network you have joined before, such as your official corporate Wi-Fi network. Unfortunately, Wi-Fi clients happily connect to any network with the name they are looking for. Which version of that network they join depends more on the range and signal strength of the network than any other factor.

Even if your real wireless network uses strong WPA3 encryption to make sure only authenticated clients join it, your phone or laptop will connect to a fake version of that network, even without any wireless security enabled at all. While Wi-Fi security standards have protocols that can protect you when you join the right network, they don’t have industry-wide security technologies that keep your devices from unknowingly connecting to evil fake networks (the Mystique version).

Beyond the Evil Twin attack, other examples of Wi-Fi threats today include ad-hoc or peer-to-peer wireless networks, rogue access points, rogue clients and more. For more information on all six of the known Wi-Fi threat categories, check out the Trusted Wireless Environment (TWE) movement. This movement outlines the threats that WPA3 and other Wi-Fi security standards don’t currently detect and prevent and is gathering support for the development of a better worldwide Wi-Fi security standard.

It’s clear that we need to standardize new wireless security technologies that not only encrypt users’ wireless communications but ensure wireless devices aren’t tricked into joining networks without any security. The good news is that there are methods organizations can use to defend against each Wi-Fi attack category. Generically, solutions that provide Wireless Intrusion Prevention System (WIPS) provide extra layers of security that not only discover bad actors on your wireless network or within your wireless proximity but can actively prevent your devices from connecting to evil networks or block attackers from completing their attacks.

Read the full article on Forbes for more information on the weaknesses of today’s wireless security standards. And to help advocate for a new worldwide Wi-Fi security standard, sign the Trusted Wireless Environment movement petition today.

How MSPs Can Differentiate with Secure Wi-Fi

The Wi-Fi market is one of the most established and mature in the broader IT landscape. Wi-Fi vendors produce highly similar product offerings with highly similar capabilities, making it increasingly challenging for managed service providers (MSPs) to differentiate themselves in a crowded field of wireless service competitors.

Fortunately, there’s a clear answer to this problem, which WatchGuard’s resident Wi-Fi expert, Ryan Orsi, covers directly in his recent guest blog post and podcast segment with Auvik, a leading provider of network management software for MSPs. Ryan explains that offering Trusted Wireless Environments is the most effective way for IT solution providers to stand out and differentiate their wireless services. Here’s a brief excerpt from the blog post:

“The Trusted Wireless Environment framework is a guide to building Wi-Fi networks that are fast, easy to manage, and most importantly, secure. The framework helps you defend clients from the six known Wi-Fi threat categories.

I challenge you to find a business of any size that doesn’t have Wi-Fi. Businesses spanning every vertical, and crowded public places like coffee shops, conferences, and train stations, are perfect places for a hacker to take advantage of the six attack vectors.”

To learn about each of the six known Wi-Fi threat categories and how the Trusted Wireless Environment framework can help you defend against them and differentiate from the competition, check out the complete blog post and podcast at Auvik.com. Sign the Trusted Wireless Environment movement petition today to help us make the world a safer, more secure place by advocating to establish a global standard for Wi-Fi security.

How to Enhance Wi-Fi Security Controls for PCI DSS

Credit Card Reader
The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted and mature information security standard designed to secure credit/debit card transactions and protect cardholders against misuse of their personal information. But, more could be done to help protect against Wi-Fi Layer 2 attacks such as flooding an access point (AP) with de-authentication frames, cracking WPA2/WPA3, and connecting a Rogue AP onto the network that allows attackers to siphon cardholder data over Wi-Fi.

To help educate readers on these major security challenges, WatchGuard recently worked with Wayne Murphy, a passionate Senior Security Consultant at Sec-1 Ltd, on a blog post that addresses today’s growing Wi-Fi security vulnerabilities and threats. What Wi-Fi threats should you be worried about? Wayne outlines each of the six known threat categories, as defined by the Trusted Wireless Environment framework, in this new PCI Ramblings blog post. Here’s a sample of the first two:

Rogue Access Point: Rogue access points are physically connected to an organisation’s IT infrastructure without their knowledge.  These APs will then provide the threat actor with connectivity into the organisations networks and IT systems.  From here, the threat actor will attempt to compromise the system components being used by the organisation.  Think of a Rogue AP like a long invisible ethernet cable that attackers can use to connect to a company’s Local Area Network (LAN) and comfortably work their way into the rest of the network over a Wi-Fi connection.

Rogue Client: A rogue client is a client that is authorized on the wireless network but has been compromised by malware.  This can occur if the client has been involved in an “Evil Twin” attack, which has resulted in malware being installed.  This risk is that the malware that the client has been infected with could spread through the organisation’s environment.”

Read the entire post to learn more about these Wi-Fi threats, along with neighbor APs, ad-hoc networks, evil twins, and misconfigured APs. To join the Trusted Wireless Environment Movement, click here. For more information on WatchGuard Secure Wi-Fi solutions, click here

Coffee and Wi-Fi with Ryan Orsi

On May 14-16 Washington D.C. hosted Wi-Fi NOW 2019 USA ‘Celebrating 20 Years of Wi-Fi’ conference and expo. Surrounded by all the Wi-Fi industry players who gathered together to present and discuss future opportunities and challenges – it was the place to be! For three days, the conference agenda was packed with inspirational keynote speakers, innovators, and experts. At the expo, you experienced live demos and had the opportunity to connect with companies representing every aspect of the Wi-Fi industry.

While at the event, I took the opportunity to connect with Ryan Orsi, director of product management, at a nearby coffee shop. As we sat down, it felt appropriate to ‘cheers’ with our coffee mugs and offer congratulations, since shortly before Ryan delivered the message about just how vulnerable Wi-Fi users are, that there is not enough education about the very real threats they’re up against when using Wi-Fi every day, and the need for new Wi-Fi security standards. Here’s a recap of our Q&A:

MB: We are celebrating the 20th anniversary of Wi-Fi. Where do you think Wi-Fi will be 20 years from now?

RO: To try to think about where Wi-Fi will go in the next twenty years is a tall order. If I forget, for a moment, what APs and clients devices look like today as well as their limitations like battery life, security of the connection, and just think about what kinds of problems the world twenty years from now will need to solve, I see everything getting faster, smaller, and more secure. We all love the convenience of staying connected wherever we go and we like information coming to us in more visual and interactive ways. We also hate carrying bulky electronics around or slapping big honking devices around our homes and offices that ruin the Feng Shui going on. This means that twenty years from now versions of us are going to want everything, literally everything connected and it better be fast, inexpensive, tiny (not implying Zoolander size mobile phones) and not leak personal or business information. I’ve seen brilliant advancements in antenna technologies that could allow Wi-Fi devices to be made much smaller and other technologies like energy harvesting that could power Wi-Fi devices with no batteries. I also think the average person is going to hear the message about Wi-Fi security and the pressure to design better security into Wi-Fi devices will be very high. Over time, I think these kinds of advancements, and more I’m not even thinking of now, will become cost- effective and we’ll all be enjoying secure Wi-Fi connectivity in whole new ways twenty years from now.

MB: Over 90% of people find Wi-Fi the most important amenity when they travel. Why do you think the general public is not as cautious about connecting to public Wi-Fi as they should be?

RO: Have you ever seen those caution signs on the jetway when you board a plane that warn people that there are chemicals nearby that are known to cause cancer, birth defects and other medical problems? Rhetorical question there. I travel a lot –like, a lot –and have never seen a single person read the sign and do a one-eighty. So these warning signs are there to educate us, raise awareness of a serious issue that effects our health and still most everyone ignores them. When’s the last time you saw a warning message on a public hotspot saying “use the Wi-Fi at your own risk, everything you’re doing could be stolen by someone nearby”?  We have a long way to go in just raising the general public’s awareness to the seriousness of the dangers of using Wi-Fi that’s not properly protected from well-known hacks. That’s one of the reasons we brought the Trusted Wireless Environment Framework into the industry. For the first time, people can have their Wi-Fi tested to see if it’s safe from the six attacks that have literally been around for twenty years. I think it should empower hotspot network operators to test their Wi-Fi security and if it passes the test, advertise it to let people know “this Wi-Fi can be trusted, and you won’t be hacked”.

MB: Every presenter at the Wi-Fi NOW 2019 touched on Wi-Fi 6. Is it really that much faster?

RO: Faster is just one benefit and I should say faster in a real-world dense environment. Those of us who have been around wireless for a while don’t get too excited about cabled laboratory speed tests. Wi-Fi 6 brings OFDMA among other features that will really make users in the real world feel Wi-Fi work better, more reliably, and yes faster. I’m excited about where Wi-Fi will go with this sixth generation. If you think about areas you tend to turn Wi-Fi off on your phone because it just “doesn’t work” and go try cellular, many of those use cases could now be addressed much better with Wi-Fi 6. Large indoor public areas come to mind, for example. The future is bright for Wi-Fi thanks to the folks that have put together this sixth generation; can’t wait to see where we go from here.

MB: And does Wi-Fi 6 mean better security?

RO: Some people mix in WPA3 into the discussion about Wi-Fi 6 and that’s fair because most vendors are going to support WPA3 with their Wi-Fi 6 products. So yes, WPA3 is better than WPA2, which was completely cracked in 2017 and shocked many of us; that in fact WPA2 had been broken for ten years before the whistle was blown. Without going too deep, one of the security improvements of WPA3 is that people shouldn’t be able to passively sniff traffic as easily anymore as is common with malicious and even bored people at hotels, airports, and so on. Also, it’s a bit of a sore subject but WPA3 should eliminate the easy-to-do “handshake” Wi-Fi password cracking techniques that WPA2 suffered from. Sore subject because the Dragonblood vulnerabilities, now patched, showed that WPA3 could still be vulnerable.

MB: Since we’re talking about Wi-Fi security, why do you think the Wi-Fi industry has not adopted any standards around Layer 2 security?

RO: Most all the demand over the last twenty years has been for connectivity and performance. The industry isn’t going to build something if they don’t think their market wants it. I definitely want this to change and I think vendors that normally compete need to come together and design new security into the Wi-Fi standard that solves these hacking problems for the average person without them having to take additional steps beyond what they do today: tap or click to connect.

MB: I’ve been following #TrustYourWiFi hashtag on social media and see that you’ve been traveling the world advocating for safe Wi-Fi for everyone. Where are you off to next?

RO: What a first half of 2019 it’s been! Spain, Germany, Chile, Italy, The Netherlands, Denmark, Sweden, Puerto Rico, Washington DC, Croatia and I’m probably forgetting some stops. I go where people want to learn what they’re up against with Wi-Fi security. One of my next stops is going to be in Utah where members of the AIM (an Association for Information Management – security) group want to learn.

With just minutes left of our meeting, I couldn’t resist and snuck in a few non-Wi-Fi-related questions (you’re welcome!):

MB: How do you spend your free time?

RO: Anytime there’s not a laptop, camera, or AirPod around, I’m spending time with my wife and two young boys in San Diego. Everything we do, we do as a team like day hiking 14-mile trails, camping, crawling the zoo, or living it up on the Coronado Island beaches. Let’s say Team Orsi works hard and plays hard, too.

MB: What’s one food item you can’t live without?

RO: Avocado. I’m unapologetically Californian and we put that amazing fruit on many things.

MB: What are you reading right now?

RO: Astrophysics for People in a Hurry by Neil deGrasse Tyson. Nerd alert, I love space, string theory, dark matter and energy.

MB: Favorite place you’ve ever visited?

RO: That’s a hard one but Tarragona on the Mediterranean cost of Spain is near the top of the list. My wife and I took the boys there last summer and the place was amazing.

MB: If you weren’t a director of product management, who would you be and why?

RO: Product management is pretty fulfilling, especially at WatchGuard where I get to make an impact and that’s really what drives me is to be able to impact the world nudging it to a better future. If I was in one of Neil’s parallel universes, I suppose I’d be your Californian tech startup entrepreneur. I’ve done several startups and highly recommend everyone get that experience at least once in life!

And it’s a wrap, folks!

At the end of the day, it’s critical every organization understands that most Wi-Fi products available today simply aren’t enough when it comes to the level of security they can provide, and for users to remain educated about the very real threats they’re up against when using Wi-Fi every day.

To join the Trusted Wireless Environment Movement and advocate for a global security standard for Wi-Fi visit TrustedWirelessEnvironment.com

Until next time!

Great Wi-Fi Security Comes in a Small & Affordable Package

Where other enterprise-grade Multi-User MIMO (MU-MIMO) access points (APs) focus only on serving up Wi-Fi to users, the new AP125 model does this and also blocks hackers from stealing passwords, credit cards, and other valuable data from you. More and more devices are leveraging Wi-Fi connectivity. This trend isn’t expected to slow down anytime soon, and while your customers and employees demand access to fast Wi-Fi, you might not know the huge gap it’s leaving in your security.

Wi-Fi served by WatchGuard’s AP125 is built using the Trusted Wireless Environment framework. When deployed, companies can rest assured that they are protected by verified, comprehensive security that automatically detects and prevents the six known Wi-Fi threat categories, while enjoying the benefits of Wi-Fi networks with market-leading performance and scalable management.

What’s more, WatchGuard’s secure Wi-Fi products are compatible with most other Wi-Fi solutions, so companies can leverage them to deploy a WIPS overlay without ripping out and replacing every existing AP in their network (Meraki, Ubiquiti, Ruckus, etc). For more information about how managing the AP125 as a dedicated WIPS sensor click here.

“When customers ask for Wi-Fi, they want to make an investment into a future-proof infrastructure with the best technology available to date,” said Jean-Pierre Schwickerath, head of IT, HILOTEC AG. “With the 2×2 Wave 2 AP125 we found the perfect match for these SMB requirements: it has a low footprint, a most attractive price, and easy installation, configuration and management of the whole network out of WatchGuard’s Wi-Fi Cloud. With this powerful little beast, we can deliver and guarantee a high-quality Wi-Fi network, protected by WIPS, which will make the customer happy for many years to come.”

The AP125 can be managed with either a Firebox, via the Gateway Wireless Controller, or with WatchGuard’s Wi-Fi Cloud. When managed by the Wi-Fi Cloud, you get strong set-up, management and reporting features including:

  • Patented Wireless Intrusion Prevention System (WIPS) protection against the six known Wi-Fi threat categories
  • Intelligent Network Visibility & Troubleshooting
  • Engaging Guest Portal Experiences
  • Powerful Location-Based Analytics
  • Scalable Management

Take our Wi-Fi Cloud for a test drive: www.watchguard.com/wifi

To join the Trusted Wireless Environment movement and advocate for a global security standard for Wi-Fi, click here.

To learn more about WatchGuard’s Secure, Cloud-Managed Wi-Fi visit: www.watchguard.com/wifi