5.15.2010

Harness the Power of Your Network

5.14.2010

Wireless for Home networking.

WiGig Alliance has announced the initial spec of the technology that would replace High-speed cable with Wireless for home networking.
WiGig would use 60GHz spectrum, to achieve data rates of up to 7Gbps, and retain backwards compatibility with current-generation WiFi devices. Literally, this would kill the current 108Mbps 802.11n spec for good.
Strong Backing, Technology
WiGig is working with the WiFi Alliance, and added networking giant Cisco to its board of directors, which all shows that technology is the future for our homes. Apart from that Intel, AMD and Dell, along with a handful of cellular companies, and some consumer electronics makers are all members of the board.
At this moment, the spec is not fully public, but as soon it does, we will find compatible devices operating of  three frequencies: the 2.4GHz chunk of the spectrum used by 802.11b/g devices, the 5GHz region used by 802.11n, and the new, 60GHz area of the spectrum that is currently not in use.
60Ghz is great for wideband wireless data communications because:
  • A lot of unlicensed space in that region
  • Almost zero interference (only few newer technologies operate in that region)
But at higher frequencies like that of 60GHz, signals don’t travel as far and are more prone to being absorbed by intervening devices and are very Line-of-sight centric. It would almost die on the edges and corners of rooms. But, WiGig plans on getting around by using beamforming. Beamforming is a technique in which we employ multiple transmitters. On a signal being transmitted to the recipient, its’ position is known, the signal is sent from each transmitter with slight delays in timing needed to ensure that it causes a constructive interference pattern at the destination. With constructive interference, the signal at the receiving end is amplified and hence works decently over 10-12 meters.
Replace the Cables, WiFi finally
We’ve been watching claims from industry’s leading wireless researchers, but none of them has provided a practical Wireless network to replace the current gigabit ethernet. This time things could play differently. A really high theoratical value: 7Gbps might come to 1gbps  (in the worse case). which is, still, very usable and attractive.

Today’s home Network is more demanding than ever with various file-serving and consuming devices, like NAS boxes, HDTVs, DVRs, and multiple wireless smartphones, notebooks, PCs.
There are a large number of MultiGigabit standards for the Wireless HD, but WiGig is more promising because of underlying technology that makes it: long range, low-power, and hence good for low-powered devices like smartphones.



5.13.2010

What WiMAX 2 promises- The Future of Wireless



         WiMAX Toshiba 13.3" Satellite U505-S2008 Intel Core i3 Laptop 4GB Notebook 500GB Computer PC



Technical Details

  • Intel® CoreTM i3-330M processor o 2.13 GHz, 3MB L3 Cache, 1066MHz DDR3 Mobile Intel® HM55 Express Chipset
  • Configured with 4GB DDR3 1066MHz (max 8GB); 500GB Serial ATA hard disk drive with TOSHIBA Hard Drive Impact Sensor (3D sensor)
  • 13.3 diagonal widescreen TruBrite® TFT LCD display with Webcam and microphone at 1280 x 800 native resolution
  • Intel® WiMAX/Wi-Fi Link 6250 wireless LAN
  • Genuine Windows® 7 Home Premium 64-bit


5.10.2010

Top Ten Wi-Fi Security Threats

Gone are the early days of Wi-Fi, when CSOs lost sleep over threats like WEP cracking and war driving. 802.11n products have matured to the point where many enterprises are investing in larger, faster WLANs to support mission-critical applications. And yet, pros know that security is never to be taken for granted. Here, we offer our Top Ten Wi-Fi Threats and explain why diligence is (still) required.

1.    Data Interception: Today, it’s widely understood that data sent over Wi-Fi can be captured by eavesdroppers – easily, within a few hundred feet; even farther with directional antennas. Fortunately, all Wi-Fi CERTIFIED products now supportAES-CCMP data encryption and integrity. Unfortunately, there are still legacy products that only speak TKIP, and many WLANs are configured to accept both AES and TKIP. But TKIP is vulnerable to message integrity check (MIC) attacks that allow a limited set of spoofed frames to be injected – for example, ARP. Although resulting risks are modest, the writing is on the wall: The time has come to retire TKIP and require AES-CCMP.
   
2.    Denial of Service: WLANs are inherently vulnerable to DoS. Everyone shares the same unlicensed frequencies, making competition inevitable in populated areas. The good news: As enterprise WLANs migrate to 802.11n, they can use channels in the larger, less-crowded 5 GHz band, reducing “accidental DoS.” Moreover, contemporary access points (APs) can auto-adjust channels to circumvent interference. But that still leaves DoS attacks: Phony messages sent to disconnect users, consume AP resources, and keep channels busy. To neutralize common DoS attack methods like Deauth Floods, look for newer products that support 802.11w management frame protection.
3.    Rogue APs: Business network penetration by unknown, unauthorized APs has long been a top worry. Fortunately, most enterprise WLANs now use legitimate APs to scan channels for possible rogues in their spare time. Unfortunately, verifying “true rogues” by tracing their wired network connectivity is a skill that ordinary WLAN gear has yet to perfect. Without accurate classification, automated rogue blocking is a risky proposition. To not just detect, but effectively mitigate rogue APs, deploy a Wireless IPS that can reliably differentiate between harmless neighbors, personal hotspots, and network-connected rogues that pose real danger, taking policy-based action to trace, block, and locate the latter.
4.    Wireless Intruders: Wireless IPS products like Motorola AirDefense, AirMagnet, and AirTight can also detect malicious Wi-Fi clients operating in or near a business’ airspace. However, truly effective defense requires up-to-date, properly deployed WIPS sensors. In particular, 802.11a/b/g sensors must be updated to monitor new 5 GHz channels (including 40 MHz channels), parse 802.11n protocols, and look for new 802.11n attacks. Furthermore, because 802.11n clients can connect from farther away, WIPS sensor placement must be reviewed to satisfy both detection and prevention needs.
5.    Misconfigured APs: Back when standalone APs were individually-managed, configuration errors posed a significant security threat. Today, most enterprise WLANs are centrally-managed, using coordinated updates and periodic audits to decrease TCO, improve reliability, and reduce risk. But 802.11n adds a slew of relatively complex config options, the consequences of which depend on (highly variable) Wi-Fi client capabilities.  Prioritization and segmentation for multi-media further complicates configuration. The answer here: Combine sound, centralized management practices with 802.11n/WMM education and planning to reduce operator error.
6.    Ad Hocs and Soft APs: Wi-Fi laptops have long been able to establish peer-to-peer ad hoc connections that pose risk because they circumvent network security policies. Fortunately, ad hocs were so hard to configure that few bothered to use them. Unfortunately, that barrier is being lifted by “soft APs” in Windows 7 and new laptops with Intel and Atheros Wi-Fi cards. Those virtual APs can provide easy, automated direct connections to other users, bypassing network security androuting traffic onto the enterprise network. Measures used to deter Ad Hocs may also prove useful against unauthorized Soft APs, such as IT-managed client settings and WIPS.
7.    Misbehaving Clients: Clients that form unauthorized Wi-Fi connections of any type, whether accidentally or intentionally, put themselves and corporate data at risk. Some enterprises use Group Policy Objects to configure authorized Wi-Fi connections and prevent end-user changes. Others use host-resident agents and/or WIPS to monitor Wi-Fi client activity and disconnect high-risk connections. However, many businesses (especially SMBs) still depend on end-users to connect only to known, authorized wireless APs.  Given ubiquitous deployment, longer reach, and broader consumer electronics integration, accidental or inappropriate Wi-Fi connections have never been easier.  If you haven’t already taken steps to stop Wi-Fi client misbehavior, start now.
8.    Endpoint Attacks: Now that over-the-air encryption and network-edge security have improved, attackers have refocused their attention on Wi-Fi endpoints. Numerous exploits have been published to take advantage of buggy Wi-Fi drivers, using buffer overflows to execute arbitrary commands – sometimes at ring 0 (high-privilege kernel mode).  Automated attack tools like Metasploit can now be used to launch Wi-Fi endpoint exploits with minimal effort.  Although vendors do (usually) patch these bugs once discovered, Wi-Fi driver updates are not distributed automatically with OS updates. To protect your workforce, track Wi-Fi endpoint vulnerabilities (for example, using WiFiDEnum) and keep your Wi-Fi drivers up-to-date.
9.    Evil Twin APs: Fraudulent APs can easily advertise the same network name (SSID) as a legitimate hotspot or business WLAN, causing nearby Wi-Fi clients to connect to them. Evil Twins are not new, but easier-to-use hacker tools have increased your risk of running into one. Tools like Karmetasploit can now listen to nearby clients, discover SSIDs they’re willing to connect to, and automatically start advertising those SSIDs. Once clients connect, DHCP and DNS are used to route client traffic through the Evil Twin, where local (phony) Web, mail, and file servers execute man-in-the-middle attacks. The only effective defense against Evil Twins is server authentication, from 802.1X server validation to application server certificate verification.
10.  Wireless Phishing: In addition to the above man-in-the-middle application attacks, hackers continue to develop new methods to phish Wi-Fi users.  For example, it’s possible to poison Wi-Fi client Web browser caches, so long as the attacker can get into the middle of a past Web session – such as by using an Evil Twin at an open hotspot. Once poisoned, clients can be redirected to phishing sites long after leaving the hotspot, even when connected to a wired enterprise network.  One technique for mitigating this threat is to clear your browser’s cache upon exit.  Another possibility is to route all hotspot traffic (even public) through a trusted (authenticated) VPN gateway.
In summary, the state of Wi-Fi security has significantly improved over the years. Today’s enterprise WLANs can be effectively hardened against intrusion and misuse. However, end-to-end security still cannot be assumed; just enabling Wi-Fi encryption will not make applications running over wireless networks “safe.” Wi-Fi technologies, products, and attacks will continue to emerge. Security admins still need to keep abreast of new threats, assess their business risk, and take appropriate action.

 

Top Ten Free Wi-Fi Security Test Tools


All new Wi-Fi CERTIFIED products support WPA2 (AES-CCMP) security, but that's not enough to harden a WLAN against attack. Breaches can still be caused by policy, configuration, and coding mistakes, overly-friendly clients, or unauthorized APs. Continuous surveillance and periodic assessments are important to spot (and then patch!) these and other WLAN vulnerabilities.
You can't conduct a thorough assessment with just one tool, no matter how great the tool. A well-stocked pentest kit includes many tools – some simple, some sophisticated; some free, some not. Ultimately, the "best" toolkit depends on network size, risk tolerance, budget, and personal preference. Commercial tools can save time and effort, but they aren't for everyone. So here we list our favorite free (open source or beggar-ware) wireless security test tools.
Wi-spy Spectrum Analyzer for Troubleshooting Wi-fi Networks10) Android WiFi Analyzer: The first step in any Wi-Fi assessment is to explore your surroundings for surprises on the 2.4 and 5 GHz bands. Free WLAN discovery tools exist for nearly every OS, from the infamous Win32 NetStumbler to Meraki's Java Cloud Stumbler. Our current fave is the Android WiFi Analyzer. With this handy tool, we can record SSIDs and APs, graph real-time channel usage and signal strength, and even locate selected APs – using nothing more than the smartphone in our pocket.
9) Heatmapper: Figuring out where APs are located so that you can identify their owner and threat level can be tedious. Ekahau's free Heatmapper (Win32) is a convenient way to map APs in a small area. Just import a floor plan (or use the default grid) and perform a slow walk-about, pausing to click on your location. After a few minutes (max 15), let Heatmapper plot RF footprints for every AP it heard--often with pretty good accuracy.

8) Kismet: Linux fans know that Kismet is a Wi-Fi Swiss Army knife--it discovers APs and clients, captures Wi-Fi packets from local NICa or remote drones, and can generate alerts for fingerprinted recon activities. Kismet is a versatile client/server tool that can be paired with any RFMON-capable adapter--even on OS X or Cygwin. Using Kismet, you can enumerate discovered APs and clients, helping you spot policy violations like misconfigured APs or misbehaving clients.
Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide7) Wireshark: Sometimes, you have to drill into captured packets to investigate suspicious findings, such as unauthorized apps on your WLAN. When it comes to free WLAN analyzers, nothing beats the cross-platform Wireshark. With the right adapter, Wireshark enables live Wi-Fi analysis on nearly any OS--including Windows. Alternatively, Wireshark can analyze capture files long after you return to the office.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning6) Nmap: An assessment should also include taking a hard look at WLAN infrastructure devices: APs, controllers, gateways, and switches that Wi-Fi intruders could try to compromise. Pentests must be performed while connected to every AP and SSID, scanning subnets and VLANs for leaks and probing devices for vulnerable services. Although this process might be different with Wi-Fi, tools don't have to be. We often use our favorite cross-platform TCP/IP scanner Nmap.
5) Nessus: Wireless infrastructure and clients must be hardened like any DMZ device. Many documented Wi-Fi exploits take advantage of poorly-designed Web admin interfaces and coding errors. Here again, general-purpose pentest tools like SARA, Metasploit, and Nessus can be helpful – for example, Nessus can spot many Web app, AP default password, and Wi-Fi driver vulnerabilities.
4) WiFiDEnum: Speaking of Wi-Fi drivers, just about every NIC vendor has made a mistake or two, like failing to parse 802.11 Information Elements correctly or crashing on too-long or missing SSIDs. Wi-Fi driver vulnerabilities are important to detect because drivers are not routinely patched and they run at a low level, where arbitrary code execution can have serious consequences. WiFiDEnum is an easy way to enumerate Wi-Fi drivers (and versions) on every Windows host in your network.
WarDriving and Wireless Penetration Testing3) Aircrack-ng: Other common Wi-Fi client exposures include weak configurations (e.g., accepting Ad Hoc requests or probing for FreePublicWiFi) and authentication mistakes (e.g., failure to validate 802.1X server identity, easily-guessed pre-shared keys). Many free tools are readily available to "crack" WEP keys or WPA/WPA2-PSKs, including our favorite: Aircrack-ng. This suite of tools comes in handy for many tasks, including discovery, packet capture, forced deauthentication, and WEP/PSK analysis.
2) MDK3: An essential aspect of Wi-Fi vulnerability assessment is exercising your WLAN's policies and countermeasures, looking for blind spots, mistakes, and attacks that can overwhelm your APs, controllers, or IPS. In other words, attacking yourself to validate your defenses. There are many tools that can be used for this, but one of our favorites is MDK3, a command-line utility that can guess hidden SSIDs and MAC ACLs, look for clients vulnerable to authentication downgrade, initiate Wi-Fi Beacon, Deauth, and TKIP MIC DoS attacks, and generally wreak havoc.
1) Karmetasploit: Finally, Wi-Fi clients can be too friendly, connecting to any AP and using sensitive apps without requiring server authentication. Tools like Karma, AirPwn, and Wi-Fish Finder can find clients vulnerable to Wi-Fi based (Evil Twin) man-in-the-middle attacks and teach you about their consequences. Our favorite is Karmetasploit: Karma, running on the Metasploit Framework. If you're responsible for securing Wi-Fi clients and haven't seen this one in action, you really should check it out.
These and hundreds of other Wi-Fi security tools are readily available as Internet downloads. However, your ability to run them depends upon test platform, OS, and Wi-Fi adapter(s). A good way to get started is to download a LiveCD/DVD/USB Linux distro for Wi-Fi pentesting. Our recommendation:BackTrack4, which includes many of the above-mentioned free Wi-Fi security tools.

Borders $150 Kobo Lacks 3G, WiFi | Launches June 17 Preloaded 100 "classic" books.


Borders' new Kobo eReader became available for pre-order today in a move to undercut Amazon's Kindle as the dominant eReading device.
The two devices have a number of differences, most notably price: The Amazon Kindle costs $259 while the Kobo comes in at just $150. The Kobo is also cheaper than the Android-based Barnes & Noble Nook, which is priced similarly to the Kindle.
That $100 discrepancy may make the Kobo more alluring to consumers but the device lacks the 3G and Wi-Fi wireless connectivity that are a key part of the Kindle's value proposition.
Instead, the Kobo comes equipped with a USB cord and Bluetooth. The eReader is platform-agnostic, allowing its content to be synced to devices based on several different platforms including Macs and PCs, as well as iPhone, BlackBerry, WebOS and Android smartphones.
The Kobo also lacks a qwerty keyboard, which allows Kindle users to make annotations, highlights and clip passages.
The device launches on June 17 and will come preloaded with 100 "classic" books. The upcoming Borders eBook store will feature more than 1 million titles.
"We are giving consumers the flexibility to read the content they want on a variety of devices of their choosing," said Borders interim president and CEO Mike Edwards in a statement. "The Borders eBook store will be positioned as a device-agnostic, content-focused destination with expertise from decades of deep book knowledge and experience."

WiGig is not WiFi - Linux and Open Source


The endorsement of WiGig by the WiFi Alliance does not mean your Internet connections will become faster or more competitive.
WiGig is something completely different. It’s a fast, short-haul service at 60 GHz that is meant to replace local area networks.
Its competitor in the standards race makes this very clear. The Wireless HD Consortium also wants to see faster wireless LAN links, specifically to move HD video around consumer homes.
The endorsement of the WiGig proposal by the WiFi Alliance could give it traction with manufacturers and governments, who must approve use of the frequency spectrum. But its importance can be easily overstated.
Current WiFi systems use two sets of frequency bands, one centered around 2.4-2.6 GHz and the other centered at around56.4-5.7 GHz. This has enabled speeds up to 100 MBps through the 802.11n standard, which is slowly replacing the 50 Mbps 802.11g in new gear.
But because 60 GHz is a much higher frequency band than current WiFi it attenuates quickly — the distance a signal can travel will be very low unless the power of the wave is pushed higher. Sure, the spectrum field is wider, enabling speeds up to 7 Gigabyte. But the bits are not traveling far at all.
WiGig tries to get around this problem with a technology called beamforming. Basically you’ll need a directional antenna to send a signal further than 10 meters (40 feet). When directional antennas were used for WiFi a decade ago (even simple things like empty Pringle cans) it became possible to send signals many miles. Forget about seeing miles and miles with WiGig.
This means your local coffee shop will pay no attention to WiGig. The whole aim of a coffee shop network is to move data between clients and a wired connection which goes on to the main Internet. A shorter-range 7 Gbps connection between a laptop and a router doesn’t make for faster browsing, just (potentially) more contention.
While a lot of attention is being paid here to consumer markets like moving audio and video without wires, the real key to WiGig may be the business market. Especially hospitals.
Hospitals are massive users with WiFi. A new industry has emerged to manage hospital WiFi networks, freeing doctors from phones and turning those phones into multimedia sets with electronic medical records and the latest tests.
WiGig could allow the heaviest loads to be switched on the shortest distances. An MRI test set could be sent to a nearby PC for processing, and that PC in turn could just send results via WiFi to a doctor’s set in a patient’s room.
But because we are talking about very high frequencies, and very short wavelengths, we’re also talking about very short distances with WiGig. It’s not “WiFi on steroids.” It’s a short-haul WiFi adjunct.

New Frequency Set to Turbocharge Wi-Fi


Wi-Fi is about to lay claim to a new frequency band that could result in speeds at least 10 times faster than what’s currently available.
An agreement between the Wi-Fi Alliance and the Wireless Gigabit Alliance will let the Wi-Fi Alliance carve out specs and standards to support Wi-Fi operation in the 60-GHz frequency band in a bid to make Wi-Fi faster. By contrast, Wi-Fi today operates in the 2.4-GHz and 5- GHz bands.
“Today’s Wi-Fi speeds are measured in the low hundreds of megabits per second,” says Edgar Figueroa, executive director of the Wi-Fi Alliance.”The 60-GHz band allows for significant boost in performance, so we are talking about speeds in the gigabits per second range.”
Wireless Standards & Data Speeds
802.11g Wi-Fi: The basic and most widely used Wi-Fi connectivity offers speeds of up to 54 Mbps.
802.11n Wi-Fi: The faster W-Fi standard it offers data transfer at up to 300 Mbps.
Standard Bluetooth: Most widely used between cellphones and headsets, it offers top transfer rate of about 3 Mbps.
Bluetooth 3.0: The ‘high-speed’ successor to standard Bluetooth, its top transfer rate hover around 24 Mbps.
Wireless USB: It can offer speeds of up to 110 Mbps at a range of 10 meters and 480 Mbps over a range of 3 meters.
Wireless HD: Aimed at HD video transfer it can offer speeds of up to 4 Gbps (for 10 meters). Theoretical speed can go up to 25 Gbps.
WiGig: The newest kid on the block tantalizes with promise of speeds ranging from 1 Gbps to 6 Gbps.
Zigbee: This low-power wireless standard is for applications that require low data transfer but quicker response time such as remote controls.
Specifically, the move to 60 GHz could allow for speeds in the range of 1 gigabits per second to 6 gbps, in contrast to today’s theoretical maximum of 150 Mbps for 802.11n.
“Wi-Fi in 60 GHz band could mean some compelling apps, such as those connecting your Blu-ray player to your TV or sharing uncompressed video in real time without any degradation,” says Figueroa.
With the proliferation of multimedia such as photos, home video and HD movies, consumers are looking for faster ways to transfer data that can also cut through the cable clutter. Users who are hooked on Lost through Hulu or can’t resist watching Lady Antebellum videos on YouTube currently have to hook up their computers to a TV through an HDMI cable.
Wi-Fi in the 60-GHz band could be the first step toward helping consumers go truly wireless, says Xavier Ortiz, an analyst at ABI Research. The drawback is that the higher frequency waves have much shorter range and won’t go through walls well.
“The 60 GHz is like a beam of light — you have to have line of sight — but you can get multi-gigabit point-to point networking speeds with it,” he says.
The agreement between the Wi-Fi alliance and the Wi-Gig standard also helps two different standards to come together. Earlier, the Wi-Gig alliance, which has been advocating the 60-GHz band, had to work independently to get chip makers and gadgets manufacturers to get on board with its technology.
“Now we are going to rally the industry around a compelling subset of features and go through a process of testing compatibility and interoperability,” says Figueroa.
Still the new Wi-Fi frequency will have to find a way to work with other standards including Wireless HD and Zigbee to free consumers from being tethered to their devices. Chip makers such as SiBeam have said they will try to find a way to make the Wi-Fi and WiGig chips compatible with Wireless HD.
Figueroa estimates routers and other gadgets that have dual-band or tri-band capability, that is the ability to switch between 2.4 Ghz or 5 GHz and the 60-GHz band, will be available in about two years.