Slashdot Mirror

Tracking and advertising. These things emit BLE beacons that apps on your smartphone pick up. This allows for analytics in malls, geofencing ads, ... (Look up Eddystone and iBeacon.) That coupon app for your supermarket chain? Allows them to track your every move through their store, from the moment you enter to when you check out.

Other uses include "indoor GPS" (having the app show your location in the building on a map, ...).

https://documentation.meraki.c...
https://www.arubanetworks.com/...
https://www.cisco.com/c/en/us/...

I guess HPE-Aruba counts as a lot of nothing?

https://www.arubanetworks.com/...

Care to explain or are you using the opportunity to prove your account name?

Coming from an AC, that is ironic. How about: YOU FIRST.

Watch the researcher's video or Aruba Network's FAQ

I expected better from a 4 digit UID.

"hardware doesn't support ipv6" - Sure, and it's all being steadily replaced. As everybody replaces their stuff on the normal cycle, the new stuff supports v6. 5 years later, everything supports it - starting at the backbone, moving to the ISP core, then the individual gateways. Case in point - Comcast, Time Warner, Verizon, ATT, etc. Not sure what you mean by "expensive hardware that ISPs have in their data centers" because the big ISPs don't seem to have any trouble with it. Perhaps you mean some shitty ISP nobody's heard of (got any names?) that went out of their way to *not* buy all the v6-compatible gear? Or perhaps they're running 8 year old equipment, even though bandwidth requirements have gone through the roof since then. Well, either way, yeah occasionally upgrading your shit is part of being an ISP.

"virtually all wireless network hardware sold today" - You mean like Aruba and Cisco? Fun fact - my university uses Aruba gear for WLAN and they flipped on native v6 quite successfully. In 2010. Or perhaps you mean consumer gear, like my shitty Arris gateway from the cable company that requested a v6 prefix when I plugged it in and has been happily advertising it to all my machines? And "machines" includes my cellphone, Smart TV, and fucking Blu-Ray player!

"cost the ISPs time and money and aggravation to support" - You'll have to do better than that. IPv6 brokenness is a non-issue, and most of the negligible fraction of people who have a problem are having a problem due to ISP misconfiguration - a support non-issue if the ISP is configured properly. In fact, when the support guys realized that widespread v6 support would essentially eliminate all their "how do I forward a port" support calls, I bet they had to change their pants. If by "support" you mean "configure this shit they bought over the last 5 years"... well, that's known as a "job".

Normally I'd expect a bullshit post full of ad-homenims to be some sort of astroturf but all the ISPs are already fucking doing this so they have no reason to troll forums. So I don't know what your deal is. Maybe you get a jolly from shitting on v6. That's fine, go nuts. We'll all be over here using it happily, spinning up v6-only services in a few years, and leaving you in the dust.

Why not considering using Aruba instant solution? http://www.arubanetworks.com/products/instant/

Agreed.

If your company has WiFi for you to connect to there is a good chance this is already happening to you without you even knowing it. The WiFi monitoring system my company uses also has a location tracking solution built into it. If you sign into your works WiFi then chances are you are being tracked.

The common excuse for this solution is if the employee is hurt, security can find them. http://www.arubanetworks.com/solutions/by-application/location-and-tracking/ I came across this friendly feature after upgrading the WiFi monitoring server for the networking team, I was surprised to see it and that you can also see where the person has been over a specified time period.

Worried about this technology being brought into your work place? Chances are it is already there.

Too many outdoor deployments are radiating out their best coverage over everyone's heads. (You can also tilt the antenna a bit, but then you're essentially just painting stripes of coverage on the ground, which isn't ideal either.)

Too many outdoor deployments are radiating out their best coverage over everyone's heads. (You can also tilt the antenna a bit, but then you're essentially just painting stripes of coverage on the ground, which isn't ideal either.)

According to this (pdf warning) what you're calling 'containment' is a 'wireless DoS attack', otherwise known as jamming, and highly illegal. How is Aruba avoiding the wrath of the FCC?

Wow, that's a string of misguided replies, with the occasional person that actually knows what they're talking about. Full disclosure: I'm an engineer for Aruba Networks, and this is exactly the kind of thing I/we do regularly. I've personally done the Interop shows in Javitts Center in NYC, the All-Star Game at Yankee Stadium, and various other conferences with 1,000 or more people. As a company, we've done the wireless network at Black Hat for years (without one failure or hack), the HoPe conference, as well as most of the hotels and conference centers in Vegas. Oh yeah, and every US Air Force base in the world. If you want this to work, here are the unique features that ONLY Aruba Networks provides for high density deployments (all without needing software on the clients or CCX extensions in the NIC card)...


- Band Steering: Use dual-radio access points. The Aruba gear detects if a client supports both 2.4g and 5g, and moves the client automatically to the 5g band, which is cleaner and has more channels available.
- Spectrum Load Balancing: Every vendor offers load balancing: there are 10 users on AP-1/Channel 1, and 20 on AP-2/Channel 6, so put the next user on AP-1. This ignores the fact that the only resource you're really constrained by is the amount of spectrum in use, not the number of users on an AP. If those 10 users are using most of the spectrum of Channel 1, while Channel 6 isn't being used as heavily by the 20 users, you'll get better performance by balancing the user to the less-utilized spectrum, rather than the lowest user-count AP.
- Co-Channel Interference: The Aruba architecture knows when a client is within range of two APs on the same channel, and schedules transmissions out of the APs so they don't collide in the air.
- Adjacent channel interference: Aruba ecognizes that there *will* be some bleed between transmissions on adjacent channels, and manages transmissions to avoid that.
- Airtime Fairness: Aruba recognizes the different client phy types (802.11a, b, g, and n-2.4/n-5) and allocates certain amounts of airtime to each client, so those old 11b clients don't drag your 11n clients to a screeching halt.
- Channel Reuse: modifying the collision threshold on the channel to allow you to reuse channels in much closer proximity to one another than normally possible.
- Dynamic Multicast Optimization: The APs can detect a multicast stream and determine if it's better to send the stream to all multicast clients at one, but at the normal lowest data rate, or convert the stream to a series of unicast transmissions that can be sent to each client at a much higher rate.
- Mode-aware Adaptive Radio Management: Deploy as many APs as you want. The Aruba architecture will automatically turn on (or off!) individual radios based upon RF needs; too much RF is worse than not enough, in most cases.
- Client bandwidth contracts: Set a rate limit for each user, so one person can't use half your bandwidth.
- Policy Enforcement Firewall: Allow your users to only do what protocols you want (http, https, dhcp, dns), and block all the others. iTunes/Bonjour/MulticastDNS from Apple products will KILL your network otherwise.


If you want more information on the physics of these methods, check out this white paper which has more info than you'll want to read:
http://www.arubanetworks.com/pdf/technology/whitepapers/wp_ARM_EnterpriseWLAN.pdf

Now, all of that said, here are some BAD ideas that people have suggested:

- Use all 14 channels!
------ Not only is this illegal almost everywhere, but most clients will use the operating system's country code and only use the channels that are supposed to be available. In the U.S. for example, only channels 1-11 are valid; client devices won't try to use channels 12-14.

- Use channels 1, 4, 7, 10 on one group of APs, then 2, 5, 8, 11 on the next set....
------ TERRIBLE idea. Because 802.11a

Not the cheapest stuff, but... well, $marketing says that of the Adaptive Radio Management

• Band steering - actively guides faster 802.11a/n clients, and even specific applications or users, to the best available wireless channel. The result is better noise immunity, fewer sources of interference, and more available channels. If a client supports both 2.4GHz and higher speed 5GHz bands, this feature will automatically direct it to the 5GHz band for best performance;
         
• Spectrum load balancing - enables Aruba access points and Multi-Service Mobility Controllers to dynamically shift Wi-Fi clients to access points on channels with available bandwidth. This technique is intended to prevent degraded network performance due to over-subscription;
         
• Coordinated access - coordinates access to a wireless channel, across all access points that share that channel, to overcome the challenges of densely populated deployments such as lecture halls, airport lounges, and conference centers;
         
• Co-Channel Interference Mitigation - access points with excess capacity reduce RF transmissions by reverting to air monitor mode;
         
• Airtime fairness - scheduled access for dense deployments delivers equal access to all Wi-Fi clients. This feature works with all 2.45GHz and 5GHz Wi-Fi clients, regardless of its wireless chip manufacturer or standard operating system supplier; and
         
• Performance protection - prevents higher speed clients using 802.11n from being compromised by slower 802.11b/g clients.

and here's the press release about the Australian Open, whose organizers said

We have more than 1,500 journalists, photographers and producers on site that require reliable, time-critical access to the network, and they have been getting best-in-class service.

But I'd say, a few Aruba AP-105s (with 802.11abgn and band steering - which tries to put clients on the 5Ghz band), or maybe even AP125s (which have more MIMO) for the core. You can fill in the corners with cheap little AP-65s. The ARM (adaptive radio management, shoves clients from one AP to another or something like that) means that Aruba works very well in dense deployments. (You'll also need a controller behind them... probably an Aruba-200 or a 651 - the latter has a built in AP. Having the controller limits the configuration you'll need to do.)

I work for Aruba, but I never look at a price list. I believe, however, the pricing should be rather competitive with Cisco .... Also, I'd cite some super awesome deployments and customers but I forget who's a super awesome reference customer that my parents would recognize and who's just "a major hospitality win in the Middle East" (which is so much less impressive-sounding!) here's their press release page anyway.

But I'd say, a few Aruba AP-105s (with 802.11abgn and band steering - which tries to put clients on the 5Ghz band), or maybe even AP125s (which have more MIMO) for the core. You can fill in the corners with cheap little AP-65s. The ARM (adaptive radio management, shoves clients from one AP to another or something like that) means that Aruba works very well in dense deployments. (You'll also need a controller behind them... probably an Aruba-200 or a 651 - the latter has a built in AP. Having the controller limits the configuration you'll need to do.)

I work for Aruba, but I never look at a price list. I believe, however, the pricing should be rather competitive with Cisco .... Also, I'd cite some super awesome deployments and customers but I forget who's a super awesome reference customer that my parents would recognize and who's just "a major hospitality win in the Middle East" (which is so much less impressive-sounding!) here's their press release page anyway.

But I'd say, a few Aruba AP-105s (with 802.11abgn and band steering - which tries to put clients on the 5Ghz band), or maybe even AP125s (which have more MIMO) for the core. You can fill in the corners with cheap little AP-65s. The ARM (adaptive radio management, shoves clients from one AP to another or something like that) means that Aruba works very well in dense deployments. (You'll also need a controller behind them... probably an Aruba-200 or a 651 - the latter has a built in AP. Having the controller limits the configuration you'll need to do.)

I work for Aruba, but I never look at a price list. I believe, however, the pricing should be rather competitive with Cisco .... Also, I'd cite some super awesome deployments and customers but I forget who's a super awesome reference customer that my parents would recognize and who's just "a major hospitality win in the Middle East" (which is so much less impressive-sounding!) here's their press release page anyway.

But I'd say, a few Aruba AP-105s (with 802.11abgn and band steering - which tries to put clients on the 5Ghz band), or maybe even AP125s (which have more MIMO) for the core. You can fill in the corners with cheap little AP-65s. The ARM (adaptive radio management, shoves clients from one AP to another or something like that) means that Aruba works very well in dense deployments. (You'll also need a controller behind them... probably an Aruba-200 or a 651 - the latter has a built in AP. Having the controller limits the configuration you'll need to do.)

I work for Aruba, but I never look at a price list. I believe, however, the pricing should be rather competitive with Cisco .... Also, I'd cite some super awesome deployments and customers but I forget who's a super awesome reference customer that my parents would recognize and who's just "a major hospitality win in the Middle East" (which is so much less impressive-sounding!) here's their press release page anyway.

Alcatel-Lucent's 802.11 wireless access points and controllers are OEM'd from Aruba Networks. This is interesting and relevant because Aruba also has a big "green island" initiative.

Just one random examples - I believe these guys' hardware uses licensed MySQL technology for internal databases in their hardware: http://arubanetworks.com/

What kind of loser uses wireless in an SMB?

Well, for the "medium" sized businesses in SMB.... with the advent of 802.11n, wireless to your desktop is about as effective (if you've got decent gear) and frequently cheaper than stringing Ethernet cables and hooking them up to fancy switches. Or so the marketing message goes:

A typical enterprise 48-port switch costs 3-5x more than an 802.11n AP, yet they support about the same number of devices in common usage. Annual wired costs are also several times higher for maintenance fees, moves/adds/changes, power, depreciation and hardware refresh. The difference is often thousands of dollars per year for every switch. Consequently, annual savings from rightsizing may well exceed the cost of a new pervasive 802.11n WLAN build out, thus achieving net budget savings in the first year.

But I work for these people; what do I know? *shrug*

seriously, what is so special about this ?

Wow... Someone has a serious lack of Imagination. Here is what is special about this:

These guys manage the most actively hostile network on the planet. Just bringing your laptop/cell phone/PDA within wireless range of this event is asking for trouble. These are the people that put your username/password up on a giant wall of sheep if you choose to use an unencrypted connection for e-mail/web browsing.

Have you considered the challenges of maintaining a server in this environment? You are one giant target for the world's largest collection of black/grey/red-hats in the world. Let's just say that there would be a substantial amount of "iStreet-cred" if you were to 0wn the firewall.

Now, if you read the article, they describe how they setup their wireless network. They keep things very simple and maintain centralized configurations. If you are setting up a network in a potentially hostile environment, their model is a good one to follow. Why? Here are a few reasons:

• Users: 2,226 and 3,801 DHCP leases issued
• 22 Access Points deployed
• Man-in-the-Middle Attacks detected: 215
• DoS Attacks: ~80
• Rouge AP's Detected and Destroyed: 130
• Wireless Bridges Detected: 300
• ARP MAC Spoofing Attempts: 836
• Traffic for the last 30 hours: IN 12gb / OUT 1.2gb

Think your network can handle that? Let's take a look at one of the interesting ones - the Rogue AP's.

The people that run defcon (and many of the attendees) eat these attacks for lunch. These people triangulate wireless signals within a high-em noise environment with enough multipath to give K-9 a headache. They manage to actively seek and destroy rogue AP's (not to mention the ARP spoofing!) while maintaining a healthy network. You don't think that's special!?

Now, what about hardware reliability? Heck, if I had a choice between two pieces of gear and one of them had a "Survived DefCon 2008" sticker on it, I could tell you what I would be picking up. They had a nice Cisco fiber switch (no real surprise) but I have never heard of the Aruba AP's before. I know I'll at least check them out now. Do you not think that exposing battle-proven hardware to electronics-consuming people is special?

Look at the software too. BSD & pf. No real surprise there either. When you want ungodly-stable network filtering - that is the way to go. Don't take my word for it. Heck, don't take BSD's word for it. The setup survived the hacker Olympics with no downtime. THAT is what is special about it.

It really depends on your usage. For standard internet access you can get by with 1 AP per 20 users. Anything more than that you need more APs. 5 users per AP is more realistic for users doing more than web surfing. Wireless sucks for moving large files around. Not a problem for any single user but more if more than one tries to do it your network goes in the toilet.

You can deploy a secure WLAN infrastructure but it takes some work. Ideally you would have a wireless IDS system such as Air Defense and encryption on the "wire". Some options for encryption are Air Fortress and Cranite . Both install a layer2 encryption client. Depending on what kind of AP you are using you can set the up to only forward Air Fortress frames and ignore everything else. Another option is something Aruba Networks product. Their are centrally managed and they have integral WIDs encryption.

If your users are using laptop you should mandate some sort of file system or whole disk encryption. Laptops are cheap to replace if a user leaves the laptop in a coffee shop but losing data is not cheap.

Look at the overall costs for all of the solutions before you make a decision.

I guess no one has ever heard of these guys: http://www.arubanetworks.com/

The time it takes a packet to make a round trip is stupid. Theres too much uncertainty and interference in the 2.4 GHz spectrum for that to be a reliable security mechanism. An AP should be just that, an Access Point. In order to gain access, prove who you are. Thats what 802.1x is for, wow! We already have that!

Strong encryption, none of this silly breakable WEP, is needed too. Thats what WPA and WPA2 (802.11i) are for. So, I guess we already have that too...

Most modern AP's that a home user can buy should support at least WPA-PSK (Wifi Protected Access - Pre Shared Key), and if they don't like mine didn't at first, firmware upgrades are sometimes available.

IMHO, we the community of /. should not worry about Joe Shmoe so much, but rather make sure your own equipment is good and tight.

We should worry about the opensource wifi security software that is out there, like xsupplicant or wpasupplicant and FreeRADIUS. Make it better, make it work with more wireless cards.

Joe Shmoe is an idiot. Don't worry about him. Eventally their type will be weeded out and taken care of.

Ahh, but the system they installed automatically works around interference and will find the best channels for the APs to live on. This is how the big boys do it. http://www.arubanetworks.com/products/casestudies/ dartmouth.php

You really are a shmuck I guess since they ripped out all their Cisco stuff and put in Aruba: http://www.arubanetworks.com/products/casestudies/ dartmouth.php

They chose the anti-Cisco - Aruba. Cisco pretty well sucks at wireless if you ever have to deploy a real network. http://www.arubanetworks.com/products/casestudies/ dartmouth.php

hdr_bg.slashdot.jpg
If you didn't notice, they have a special header image for Slashdot users. I thought it was rather cute.

nice picture on the http://www.arubanetworks.com/ site

We *HEART* Slashdot

Disclaimer: I'm guilty of rolling my own as much as anyone, but there is such a thing as using the right tool for the job and I have decided this is the way to go in regards to wireless.

The real question though is what does this *really* mean to wireless security? The answer is: not much. Most large enterprises that were using LEAP migrated to Cisco PEAP (or MS PEAP), or EAP-TLS in recent months or just simply unplugged their wireless from the network in some instances.

The state and history of wireless security is this. First there was static WEP, and static WEP had a technical problem (not to mention the social vulnerability of a shared key) with weak IVs, but any modern implementation has fixed this and is immune to wepcrack/airsnort. In response to this, three different technical solutions were created:

1. Dynamic WEP (change out key via 802.1x framework every 4 minutes).

2. WPA 1.0/TKIP (new key every packet, new MIC, 48-bit IV).

3. WPA 2.0/802.11i (802.1x, RSN, and AES). The standard is being finalized and products will begin to appear at the end of the year.

With the addition of new wireless IDS's and 802.11 aware stateful firewalls, (like Aruba), wireless gets even more secure then it ever has been before.

The world of wireless is moving away from the unmanagable Fat AP model purveyed by Best Buy networks and even Cisco. The new kids in town are pushing centralized wireless with built in RF Site Survey tools, authentication, firewalls, IDS's and hardware-based encryption. The APs are really just dumb radios that download their configs from the switch when it boots. If you want some big boy toys (that will fit into your budget) take a look at Aruba Networks. We have used them in many apartment buildings and couldn't be any happier.