I’ve said it before and I’ll say it again, the worst thing that can happen to the wireless industry is commoditization. Specifically, when I say commoditization, I am referring to the thinking that all WLANs are the same so we should just put out an RFQ and go with the lowest offer. Or, even worse, the quality of the WLAN can be determined by the price tag so we should just buy the most expensive solution we can afford. I’ve seen this happening more and more in the information security industry and I refuse to let it happen to the wireless industry without a fight. After all, look at all the good that commoditization has done for the state of security today.

Take a look at any industry and you will see examples of good products and bad products, feature-rich solutions and feature-poor solutions, feature-focused and unfocused solutions. There will always be a broad spectrum of craftsmanship to choose from but that doesn’t mean you can predict how well the solution will perform just by looking at the price tag. For example, give me a brand new Steinway & Sons Concert Grand Model D and I will play you a horrible rendition of Three Blind Mice. Take that same piano and give it to someone like Nora Jones and she’d play something that is much more worthy of such a fine instrument. When it comes to music, you can’t buy talent. Either you can play the piano well or you can’t and no amount of money is going to fix that.

The same holds true for WLANs. Either you, or your consultant, can design a WLAN properly or not. Give a skilled WLAN professional a low-cost WLAN solution and he/she will still be able to give you a functional and somewhat efficient WLAN. Conversely, give the top-line WLAN solution to an unskilled person and they will give you the type of WLAN disaster that will be used as a cautionary tale to others for years to come. How is this possible? The answer is quite simple, really. I’ve broken it down into three parts below:

1. A skilled WLAN professional has a deep understand of the underlying technology. Instead of just learning which checkboxes to select, a WLAN professional makes a point of knowing what happens under-the-hood when any given checkbox is selected.
2. A skilled WLAN professional probably has more experience deploying WLAN solutions. Remember the old saying: Practice makes perfect.
3. Lastly, and this is probably the most important reason, a skilled WLAN professional designs a WLAN with the intention of fulfilling specific business needs instead of just to implement the latest and greatest technology. Start a WLAN deployment by focusing on why it is being deployed instead of on what is being deployed and your chances of a successful deployment will increase dramatically.

We owe it to ourselves not to let commoditization get the best of our wireless networks. Maybe you have the budget for the Concert Grand Model D of WLANs and maybe you don’t. Focus on your business needs and you may find that a regular run-of-the-mill up-right piano is all you really needed to make beautiful music.

Dan C. @simplywifi

Are you currently stuck in the piano store staring, wide-eyed at all of the choices? You’re not alone. Leave a comment or send us a message and we would be happy to discuss your business needs and get you started down the road to wireless success.

A while back I delivered a short wireless security presentation, at a Toastmasters meeting, designed to explain a technical subject to a non-technical audience. The presentation went well enough that I’ve decided to record a modified version to place here.

This video is a very high-level explanation of how wireless networks operate. This is by design as I want to keep the information accessible to everyone and not just to those individuals who already have a deep technical understanding of wireless networking and information security.

Dan C.

Do you have additional tips for protecting yourself from this type of wireless attack? Leave your tip in the comments section and, as always, please be sure to share this post with anybody you think would benefit from viewing it.

A while back I wrote a blog post explaining how an antenna works when it is connected to a wireless access point. Today I’m going to add to that lesson by explaining The Rule of 10s and 3s. Essentially, you can use this rule to figure out what your transmit power is going to be when you add various connectors, cables, and external antennas to your access points. Without further ado:

Please remember that using The Rule of 10s and 3s does not give you exact figures. It should only be used to perform rough calculations. Also, this video is not intended to be a technical deep-dive into the field of RF mathematics. Instead, my goal is to explain the basics of a complex topic so that almost anyone can understand it. (I’ve assumed knowledge of milliwatts and decibels though).

Dan C.

Bonus marks if you can explain why having this knowledge is important for anyone working with WLANs. Leave your answer in the comments section and share this video with anyone you think might benefit from knowing this rule.

Read the rest of this post »

The growth of mobile phone usage seems to be rapidly outpacing the growth of mobile security adoption. For instance how many people are running anti-virus (AV) software on their laptops and desktops? And now how many are running AV on their mobile phone? There are several free anti-virus applications available for most platforms, including laptops, desktops, tablets or even smartphones. An informal poll conducted by SANS in July 2010 found that approximately 85% of smart phones did not have any AV installed. Of the 14% who did have AV installed, 18% had reported finding malware.

The thing I found strange about this poll is that security has seen improvements on the laptop/desktop side yet, our mobile devices have a fair bit more exposure and are left vulnerable. In 2010, Android had seen several firsts: SMS Trojan, Botnet, Monitored GPS, and even a Bank Phishing application. These firsts signal a dramatic increase of malware on the Android platform. One report, by McAfee, stated that the rise since last quarter was 76%. 

Android is not the only mobile platform that is susceptible. Research has shown that there is a positivie correlation between the popularity of the device/operating system and the infection rate. This correlation is similar to that seen in the PC world and the same is true for the techniques that are being used to infect the victims. One of the largest threat vectors I can think of is the large volume of applications within the app stores. With such an influx of new apps, it is hard to ensure that each one is safe.

You may wish to thank me for a sleepless night, but you already know how to protect yourself because mobile phones are just small computers. So you should start by doing the same things you do on your laptops and desktops. First get some basic AV installed from a reputable source. Second, perform some research before installing any apps on your phone. If you are uncertain of the source then maybe it is not worth the risk. Afterall, an ounce of prevention is worth a pound of cure.

Joe O.

What do you do to protect your mobile phone from malware? Share you thoughts, and techniques in our comments section.