Blog - Packet6

Securing Open WiFi with OWE

September 18, 2019 by Rowell Dionicio Leave a Comment

Every day we are connecting to open unencrypted Wi-Fi networks. These are networks such as enterprise guest networks, coffee shops, airport Wi-Fi, public venues, and more.

Security is everyone’s responsibility, including the user. But with Wi-Fi connectivity we seem to connect willingly without a single thought. Unencrypted Wi-Fi networks leave a gap in security. It can be a point of entry for malicious intent.

Unencrypted, open, Wi-Fi networks leave a device vulnerable between it and an access point. It’s one layer of security often left untouched and forgotten. Simply for the ease of use.

There is now a way to improve the security posture of open Wi-Fi networks while still keeping them “open” and easy to use.

It’s called Opportunistic Wireless Encryption (OWE).

OWE provides a way for devices to connect to open Wi-Fi networks with an encrypted session. Traffic exchanged between the device and access point can take advantage of having a third party snoop on the communications.

Inside technical look at OWE from https://rowelldionicio.com/identifying-owe-transition-mode-with-wireshark/

Why would OWE be needed? Opportunistic Wireless Encryption (OWE) will bring security to open networks.

Guest enterprise networks can feel more safe when browsing the web. Public spaces are less susceptible to sniffing since traffic is encrypted. Even the coffee shop can be safer. Remember the days of Firesheep? A Firefox browser extension allowed someone to hijack someone else’s Facebook, Amazon, and Twitter accounts. This was done over an open Wi-Fi connection.

We will see more support for OWE as newer access points are released by vendors. Currently, Cisco and Aruba support OWE with the latest version of firmware.

Many devices do not have support for it yet. The one device I’ve tested is the Samsung S10 which connected seamlessly to an OWE capable network.

One thing to keep in mind, because the Wi-Fi network is open, OWE will not be able to verify the access point you’re connecting to is indeed the organization’s broadcasting the SSID. There’s still more caution we must consider with open Wi-Fi networks but we can now begin encrypting our communications with open Wi-Fi networks.

Ask your Wi-Fi vendor if they are serious about Wi-Fi security and when they will support Opportunistic Wireless Encryption.

If you want to see some technical details around OWE check out these links:

Is It Foolish To Upgrade to Wi-Fi 6?

August 5, 2019 by Rowell Dionicio Leave a Comment

When was the last time you upgraded your wireless access points? You probably have received a call from your sales representative, informing you about all the benefits of Wi-Fi 6 and the problems it is going to solve.

Wi-Fi 6 is very new. The biggest benefits will be seen on Wi-Fi 6 capable devices. Do you have Wi-Fi 6 devices on your network? At the time this was published (August 2019) there is only the Samsung S10 and an Intel AX200 card. Is it foolish to upgrade to Wi-Fi 6 today? I think so. Here’s why..

Wi-Fi 6, or as it is defined 802.11ax, is not a standard yet. It is still in draft form. Any devices and access points that are currently selling are considered pre-802.11ax. There may be some Wi-Fi 6 features not supported on these devices.

The touted speed increases that have been mentioned are theoretical. There’s math involved to come up with the highest speed numbers which, in an enterprise environment, you may not be able to see for a number of reasons. We have not seen this tested in real environments yet to determine a realistic point of view.

Cisco C9115, C9117, and C9120 Wi-Fi 6 access points

Not to mention, Wi-Fi 6 is not about speed. It is about efficiency in the radio frequencies utilized. As those efficiencies are realized we may see an increase in speed, especially in high-density environments. But that is yet to be validated.

Without any tangible results from real environments, it can be foolish to upgrade just based on the marketing numbers we see from the vendors.

My recommendation is to acquire a few Wi-Fi 6 access points and test them. Find out how it works with your devices and if you do have Wi-Fi 6 clients, test out those Wi-Fi 6 features. Test as much as you can before deploying company-wide.

The real question is how much risk are you able to take in by deploying Wi-Fi 6 today?

Wi-Fi 6: What It Means To You

January 16, 2019 by Rowell Dionicio Leave a Comment

Announced October 3, 2018, a new name for Wi-Fi was created. Wi-Fi 6 is the new designation for 802.11ax.

Traditionally, Wi-Fi was designated under its standard:

Wi-Fi 6 is identified with 802.11ax (currently 802.11ax is in draft)
Wi-Fi 5 is identified with 802.11ac
Wi-Fi 4 is identified with 802.11n

The new naming convention is to help provide a method that’s easy to understand. The latest number will reference the latest wireless technology.

Wi-Fi 6 nomenclature was created by the Wi-Fi Alliance, an organization which certifies devices under certain wireless certification programs.

What Does This Mean?

Moving forward, you will begin to see new designations on wireless devices such as laptops, mobile phones, tablets, and access points. If it is built on the 802.11ax draft, then it is Wi-Fi 6.

Purchasing wireless devices will become easier for those who are not necessarily up-to-date with the technology lingo.

But take caution on trusting a device is Wi-Fi 6. 802.11ax is not a standard yet. It is still a draft at the time of this writing.

When considering your next upgrade, think about how many clients are at least Wi-Fi 5 (there are no Wi-Fi 6 clients yet). Wi-Fi 6 access points may look appealing but they are based on the draft of 802.11ax. It may be bleeding edge technology, or maybe future proofing but 802.11ax has not been fully tested with APs and clients yet.

Wi-Fi 6 (802.11ax) will bring efficiency to Wi-Fi and hopefully better user experience.

I do not recommend upgrading any Wi-Fi 6 access points yet. Purchase a Wi-Fi 6 access point and test it before deploying it to production.

5 Challenges in Retail Wi-Fi

August 6, 2018 by Rowell Dionicio Leave a Comment

In-store Wi-Fi connectivity is now an expectation from customers and associates. Associates rely on Wi-Fi to complete sales and search inventory supplies so they can provide the best customer service possible. Customers carry a mobile phone in their pocket and conduct their own research before making a purchase.

How can retail stores evolve in a highly competitive industry and leverage the best of both worlds, e-commerce and brick-and-mortar? In-store Wi-Fi must be leveraged for both business operations and customer service.

Download the FREE PDF resource: 5 Challenges in Retail Wi-Fi

1. Reliable Network For Associates and Customers

Improving business efficiency through the use of technology requires a reliable Wi-Fi network. Every store is different. The layout, point-of-entries, and the types of customers can drive different results. We do know coverage is needed throughout the entire store.

The biggest mistake is having an inadequate Wi-Fi design. Ignoring this critical step is designing for failure. With every store having different characteristics, a design is necessary for a successful deployment of Wi-Fi services.

With an excellent Wi-Fi design, associate efficiency increases. Associates can better assist customers by having information on-hand, such as knowing inventory information. Customer service is increased through technology advances within the store.

According to research conducted by ¹IHL, retail stores have claimed a 48% positive impact on customer loyalty when associates leverage Wi-Fi. This lead to a 3.4% increase in sales.

2. Retail Customer Analytics

Gaining a competitive edge in a mobile first world means standing out from the rest. Retail stores must be superior in service by understanding customer behavior.

Improving customer service means focusing on the right key metrics. Metrics such as peak customer time periods or where customers spend their time in the store. This type of information can be gathered from the Wi-Fi network.

These metrics lead to further understanding of customer behavior. Take advantage of Wi-Fi infrastructure to get a big picture of traffic patterns. Which ingress and egress points in the store are customers walking through? End caps and featured products can be strategically placed.

How many customers are walking through the store and where do they dwell the most? Foot traffic can determine the popularity of the store along with the path they take within the store. Where do customers stop to look at products? This type of information can feed into marketing and sales efforts. Information which can be gathered because everyone has a Wi-Fi capable phone. The next step in leveraging highly valuable Wi-Fi metrics using personalized messaging.

Location-based services dashboard for retail. — Mist dashboard showing location-based services analytics.

3. Customer Engagement

Wi-Fi location-based services provide a way to increase customer engagement and improve customer loyalty. Customer frustration can be eliminated if an in-store app provided wayfinding directions to a product they’re looking for without ever needing to speak to an associate.

As the customer browses the store, Wi-Fi location-based services can customize in-store displays with messaging aimed towards products that customer may be interested in.

Proximity messaging and marketing can be very powerful. Leveraging location-based services and virtual Bluetooth Low Energy (vBLE) Beacons can enable the marketing and sales teams to guide very specific customers towards a sale. With virtual beacons using Mist solutions, there’s no need to deploy hundreds of battery powered devices.

4. Customer Loyalty

Wi-Fi can help retail stores find new meaningful ways to thrive. IHL conducted a survey and found Wi-Fi had a big impact on customer loyalty. 28% of retailers reported an increase in customer loyalty due to in-store Wi-Fi helping to increase sales by 2%.

Customers expect retail establishments to offer free Wi-Fi. There’s no doubt, customers are searching for competitive pricing or possibly using it Wi-Fi as an influencer of the store’s products. Social media has created a new wave of influencer marketing.

Retail companies are looking for ways to monetize a Wi-Fi installation which is the wrong approach. By offering free Wi-Fi to customers, direct them to download the store mobile app and collect their email address to tie a loyal customer to a mobile phone. A loyalty program can be used to send proximity messages for special in-store deals.

5. Lean IT Staff

Planning and deploying a robust Wi-Fi infrastructure is no easy task. It requires a lot of planning and design. Having a solution that can scale is important for lean IT teams supporting hundreds of retail stores. Ease of management needs to be simple, straightforward, and flexible.

A retail Wi-Fi solution needs automation in both deployment and troubleshooting. IT cannot be the roadblock in rolling out multiple stores quickly. By automating the configuration and deployment, IT can begin focusing on other important matters.

Retail Wi-Fi root cause analysis using Mist. — Wi-Fi root cause analysis with Mist.

When it comes to troubleshooting, the Wi-Fi solution should be able to narrow down the issue to a potential root cause allowing IT to take action instantly. When the Wi-Fi solution performs event correlation and anomaly detection, it makes the lives of IT more easier. Issues within stores can be identified and resolved quickly. Service level expectations can be set and when the threshold is breached, IT can be made notified of the exact issue immediately. This eliminates wasted time in chasing false positives and false information.

Learn you can leverage Wi-Fi in your retail business with the Wi-Fi experts at Packet6.

¹https://www.earthlinkbusiness.com/_static/_files/_pdfs/Impact_of_Store_Networks_on_Customer_Experience.pdf
²https://www.prnewswire.com/news-releases/study-finds-28-of-retailers-report-increased-customer-loyalty-due-to-in-store-wifi-300019094.html

3 Quick Wi-Fi Tips for Small Businesses

July 2, 2018 by Rowell Dionicio Leave a Comment

Having a mobile workforce is a must for a small business to maintain a competitive edge. According to a survey conducted by iGR, 75% of businesses say they consider free wireless access to be either “important” or “very important” to their business now.

Download the free PDF Checklist below

Success! Now check your email to confirm your subscription.

There was an error submitting your subscription. Please try again.

Email Address

End users rely on Wi-Fi to help generate revenue for small businesses. It can be the sales team conducting webinars or demos over Zoom conferencing and they get dropped off Wi-Fi thus crippling the experience of the sales call.

With Wi-Fi being more vital to end user productivity or for enhancing the experience to your consumers, we outline 3 quick Wi-Fi tips for your small business.

Channel Configuration
Transmit Power Configuration
AP Placement

Channel Configuration

Small businesses experience a large number of Wi-Fi issues due to misconfiguration. Because Wi-Fi is easy to deploy, it is difficult to see what problems may crop up. The symptoms are visible through user complaints.

When there are multiple APs (APs) deployed in your business, it’s important to validate which channels they are operating on by inspecting the 2.4 GHz and 5 GHz frequencies of the Wi-Fi network management system. A common issue we see businesses run into is having too many APs operating on the same channel, limiting the capacity of the Wi-Fi network.

Minimize the amount of channel overlap by having APs operate on different non-overlapping channels. In 2.4 GHz, there are three non-overlapping channels – 1, 6, and 11. The 5 Ghz range has 24 non-overlapping channels.

The 5 GHz range provides more capacity and less congestion compared to the 2.4 GHz frequency. Migrating users to 5 GHz will result in a better user experience.

Perform a site survey of your area to identify which channels are being used, what the channel utilization looks like, and if there’s interference. The result will assist in creating a channel plan around the most utilized channels.

RF spectrum of 2.4 GHz — 2.4 GHz spectrum

Channel widths should be configured to 20 MHz in the 2.4 GHz frequency due to the number of non-overlapping channels and capacity available. For 5 GHz, we recommend 20 MHz or 40 MHz. If there’s enough channels to available and the frequency looks clean without interference and other neighboring networks, then 40 MHz channel widths can be used.

Increasing channel widths can increase throughput but the drawback is increased noise floor which decreases signal-to-noise ratio (SNR). The SNR can indicate the signal quality of a device. It can be a major trade-off.

Lastly, it’s important to understand the capabilities of the devices utilizing the Wi-Fi network. Some are not capable of using larger channel widths, some only operate in 2.4 GHz, others do not support all 5 GHz channels, and device drivers are not created equal.

As with any critical network service, we recommend looking into a full design or consultation on your next Wi-Fi implementation.

Transmit Power Configuration

A big issue with small business Wi-Fi is the default settings of the AP. Typically, we see the transmit power of an AP’s radios set to maximum power. Higher power is not always better. This often leads to clients unable to select the best, nearby, AP.

Devices have different thresholds when it comes to selecting the best signal and it’s typically beyond -70 dBm. An AP radio transmitting it’s signal at max power can create a situation called “sticky clients”. A scenario where a user brings their mobile device to another location in the office but the device maintains its connectivity to the AP where it first connected. The user then joins an important web meeting and the quality of that meeting is severely degraded due to the poor signal quality. All the while there’s a closer AP with a better quality signal.

A higher transmit power on the AP radios also creates an issue with devices that are unable to send signal back to the AP. Devices have lesser radio capabilities than APs thus they don’t transmit data at the same power. The device can “hear” the AP just fine, but AP cannot “hear” (demodulate) the device’s signal.

Lower the transmit power to a reasonable amount without creating a coverage hole. There should be 10-20% coverage overlap between APs to help facilitate roaming between APs.

This type of fine tuning requires careful planning and a validation survey is used to ensure the requirements have been met.

AP Placement

Many Wi-Fi issues can be quickly resolved with better AP placement. Omnidirectional APs propagate signal in a 360 degree fashion. There is less signal propagation coming from the back of an AP if you take a look at hardware polarization charts.

Poorly mounted AP — AP mounted with metal

It’s important to mount the APs properly. Best practice is to mount them from the ceiling grid or, if you have to, on the wall.

Keep APs away from metal, hidden in the drop ceiling with the HVAC ducts, and other material that can alter the characteristics of the signal.

A thorough design process can predict where APs should be deployed by taking wall materials into consideration and other obstructions.

Conclusion

Wi-Fi is a mission critical service in today’s business landscape. Accessing resources needs to be seamless and fast for small businesses to gain a competitive advantage. These quick tips can help improve your Wi-Fi network in the short-term. For a deep look into lost productivity, Packet6 can be your trusted partner. If you’d like to get to doing what you do best and allow Wi-Fi Pros to manage your Wi-Fi, take a look at Managed Wi-Fi as a Service.

Cisco Select Partner Certification Achievement

May 9, 2018 by Rowell Dionicio Leave a Comment

I am pleased to announce Packet6 is now a Cisco Select Partner. The Cisco Select Partner Certification strengthens our relationship with Cisco and our commitment to our clients. This enables us to provide an increased level of support and further enhances our ability to address the needs of our clients’ evolving challenges.

I am very proud of our team. We’re dedicated to bringing an exceptional level of service and delivering solutions for our clients’ success to transform their business.

This distinction recognizes Packet6’s commitment to being a partner to enterprise wireless LAN solutions in the United States. We are very excited to serve your Cisco wireless LAN needs.

– Rowell Dionicio

Ready to engage us in your next project? Let us know today.