Wireless guru Lisa Phifer discusses steps enterprises should take to avoid honeypot access points (APs) and subsequent...
man-in-the-middle attacks in an AirWise blog. Validating server certificates is vital, Phifer says, but that doesn't mean IT staff knows which servers to trust. Alas, the solution remains elusive. Root certificate authority (CA) is the mechanism that Wi-Fi clients use as a trust anchor. But these CAs -- particularly if they are self-signed, a common occurrence in today's enterprise WLAN landscape -- can be easily hijacked by rogue APs, making access point security a critical challenge. Administrators must also wrestle with establishing secure connections in public hotspots or guest WLANs, where no existing trusted relationship has been established, Phifer writes. Help may come from the Wi-Fi Alliance, which is trying to address security issues with Release 2 of its Wi-Fi certified Passpoint program."Ultimately, server cert validation remains somewhat of a work in progress for many WLANs that use WPA2-Enterprise," Phifer writes. "However, it is important that the WLAN industry work towards strong authentication solutions that enable robust detection and avoidance of honeypot APs -- especially in ways that do not require end users to make choices."
Get more access point security advice from Phifer.
Cisco Intercloud initiative to ease enterprise deployments?
Enterprise Strategy Group senior analyst Colm Keegan writes that Cisco's Intercloud initiative dovetails with CEO John Chambers' admonition that only the quick and nimble will succeed. Chambers said businesses must embrace the strategy of "fast IT" if they are to survive, citing Uber and Airbnb as examples of companies that have disrupted their respective industries. Intercloud, in which Cisco provides tools and apps that permit companies to more easily develop apps across internal and public cloud environments, could be the answer organizations are looking for as they examine their cloud strategies, Keegan says.
"[Intercloud] gives businesses the depth and breadth they need to maintain cost competitiveness and flexibility across all of their application workloads," Keegan writes. "For example, if a business wants to run Microsoft's Azure stack on-premises in their private cloud or in an Azure data center facility, they can use the Intercloud service to manage and orchestrate the movement of those workloads."
See what else Keegan has to say about Cisco's cloud strategy.
Juniper, Ruckus alliance could change unified management
ACG Research principal analyst Elias Aravantinos has some good things to say about Juniper Networks' recently announced alliance with Ruckus, which would extend enterprises' ability to unify their wired and wireless networks.
The deal will pose "significant competition" to Cisco as well as HP/Aruba, Aravantinos says; but more important, it could fuel the development of new products that would trim the number of network devices now managed by IT admins.
"The bottom line is that it's all about innovation and positioning," Aravantinos writes. "Similar solutions could be attractive enough to disrupt the Wi-Fi enterprise market and threaten the major vendors' leadership."
Find out what else Aravantinos has to say about the Juniper/Ruckus alliance.
How to understand MPLS IP on Cisco, Juniper gear
Networking expert Ivan Pepelnjak writes about the differences between Cisco and Juniper Networks when configuring the vendors' devices for multiprotocol label switching (MPLS). Chief among them: When configuring MPLS on an interface in a Cisco router, the Label Distribution Protocol (LDP) is implicitly started. In a Juniper router, an admin has to explicitly begin LDP and he or she has to enable MPLS family on each interface listed in the "protocols ldp" section. Pepelnjak provides examples of the commands needed to allow MPLS for each company's devices and offers some troubleshooting tips to admins who run into problems. "In most well-designed networks, the differences between Cisco IOS and [Juniper's] Junos are not significant," Pepelnjak says. But it's helpful to know what to expect, he writes, particularly when you're troubleshooting and you don't understand why you're seeing more (or fewer) labels than you might assume.
Get acquainted with other LDP/MPLS tips from Pelelnjak on his blog.
Reasserting control in era of BYOA
Securing your wireless network