Tuesday, September 28, 2010
Get Ready for Virtual Wireless LANs
I was recently in Boston to participate in a seminar that was produced by Blue Socket and IBM. The focus of the seminar was virtual wireless LANs. At first blush, the thought of a virtual wireless LAN seems a bit strange. One obvious question is ‘how do you virtualize an access point?” The quick answer is that you don’t. The thrust of the seminar was on the need to separate the control and data plane of a wireless LAN switch in a fashion similar to the Cisco Nexus 1000V. In addition, there is distinct value in virtualizing the controller software and hence creating a virtual wireless LAN. In particular, virtualizing the controller has a number of benefits, including reducing the acquisition cost and making it easier to add capacity as needed.
We are going to follow up the seminar with a Webinar on Sept 30th, at 12pm (EST). Feel free to join us to enjoy an engaging discussion about the benefits of cloud networking, virtualization and virtual wireless LANs.
To sign up go to : http://web06.echomail.com/web02/l.docid=15&mid=948&e=bbe21~ubgznvy.pbz&t=1073
Below is a more formal description of the Webinar:
Whether you're a large enterprise or small to medium business, you'll soon be benefiting from virtualizing your IT organization. Join this discussion to learn how you can consolidate your virtual efforts across the IT organization to build a smarter network that is cost-efficient and future proof. This webinar, moderated by Jim Metzler, will feature Patrick Foy who will talk to us about Virtualizing your WLAN. Expect to hear everything you need to know about Virtual Wireless LANs.
* Recognize what can be virtualized and the advantages of virtualizing them
* Get exposed to the challenges of server virtualization
* Listen and interact with the folks who dare to ask the right questions and develop best practices.
* Understand what is meant by Virtual Wireless LAN and how it can become part of your virtual strategy today
Tuesday, September 28, 2010
Friday, September 10, 2010
Cisco wireless controllers open to attack: Jim Duffy, Network World
Cisco wireless controllers open to attack
Advisory describes seven vulnerabilities with no workarounds
By Jim Duffy on Thu, 09/09/10 - 4:03pm.
Newsletter Signup
Cisco this week issued a security advisory for its wireless LAN controllers, which are susceptible to seven vulnerabilities including denial of service, privilege escalation and access control list bypass. The advisory can be found here.
The affected products include the Cisco 2000, 2100, 4100, 4400 and 5500 series controllers; Wireless Services Modules (WiSMs); wireless LAN controller modules for the Cisco Integrated Services Routers; and integrated controllers for the Catalyst 3750G switch. The products are affected by at least one of the seven vulnerabilities.
There are two DoS vulnerabilities, three privilege vulnerabilities and two ACL bypass holes. The DoS vulnerabilities are an Internet Key Exchange (IKE) DoS Vulnerability and an HTTP DoS Vulnerability.
The IKE glitch allows an attacker with the ability to send a malicious IKE packet to an affected Cisco controller to cause the device to crash and reload. This vulnerability can be exploited from both wired and wireless segments.
IKE is enabled by default in the controllers and cannot be disabled, the Cisco advisory states. Only traffic destined to the Cisco controller could trigger this vulnerability, not transient traffic, according to the advisory.
The IKE DoS vulnerability affects Cisco controller software versions 3.2 and later.
The HTTP hole allows an authenticated attacker with the ability to send a series of malicious HTTP packets to an affected Cisco controller to cause the device to reload. This vulnerability can be exploited from both wired and wireless segments. A TCP three-way handshake is needed in order to exploit this vulnerability, the advisory states.
This vulnerability is also triggered by traffic destined for the controller, not transient traffic.
The HTTP DoS vulnerability affects Cisco controller software versions 4.2 and later.
The three privilege escalation vulnerabilities could allow an authenticated attacker with read-only privileges to modify the device configuration. The privilege escalation vulnerabilities affect Cisco controller software versions 4.2 and later.
The ACL vulnerabilities involve traffic to and from wireless clients or to all traffic destined for the controller CPU. The vulnerabilities could allow an unauthenticated attacker to bypass policies that should be enforced by CPU-based ACLs. No other ACL types are affected by these vulnerabilities, the Cisco advisory states.
One of the two ACL bypass vulnerabilities affects Cisco controller software versions 4.1 and later. The second ACL bypass vulnerability affects Cisco controller software versions 6.0.x.
Cisco says it has released free software updates that address these vulnerabilities. There are no workarounds to mitigate them, the company says. Cisco also says it is not aware of any public announcements or malicious use of the vulnerabilities, which were found during internal testing and troubleshooting of customer service requests.
Advisory describes seven vulnerabilities with no workarounds
By Jim Duffy on Thu, 09/09/10 - 4:03pm.
Newsletter Signup
Cisco this week issued a security advisory for its wireless LAN controllers, which are susceptible to seven vulnerabilities including denial of service, privilege escalation and access control list bypass. The advisory can be found here.
The affected products include the Cisco 2000, 2100, 4100, 4400 and 5500 series controllers; Wireless Services Modules (WiSMs); wireless LAN controller modules for the Cisco Integrated Services Routers; and integrated controllers for the Catalyst 3750G switch. The products are affected by at least one of the seven vulnerabilities.
There are two DoS vulnerabilities, three privilege vulnerabilities and two ACL bypass holes. The DoS vulnerabilities are an Internet Key Exchange (IKE) DoS Vulnerability and an HTTP DoS Vulnerability.
The IKE glitch allows an attacker with the ability to send a malicious IKE packet to an affected Cisco controller to cause the device to crash and reload. This vulnerability can be exploited from both wired and wireless segments.
IKE is enabled by default in the controllers and cannot be disabled, the Cisco advisory states. Only traffic destined to the Cisco controller could trigger this vulnerability, not transient traffic, according to the advisory.
The IKE DoS vulnerability affects Cisco controller software versions 3.2 and later.
The HTTP hole allows an authenticated attacker with the ability to send a series of malicious HTTP packets to an affected Cisco controller to cause the device to reload. This vulnerability can be exploited from both wired and wireless segments. A TCP three-way handshake is needed in order to exploit this vulnerability, the advisory states.
This vulnerability is also triggered by traffic destined for the controller, not transient traffic.
The HTTP DoS vulnerability affects Cisco controller software versions 4.2 and later.
The three privilege escalation vulnerabilities could allow an authenticated attacker with read-only privileges to modify the device configuration. The privilege escalation vulnerabilities affect Cisco controller software versions 4.2 and later.
The ACL vulnerabilities involve traffic to and from wireless clients or to all traffic destined for the controller CPU. The vulnerabilities could allow an unauthenticated attacker to bypass policies that should be enforced by CPU-based ACLs. No other ACL types are affected by these vulnerabilities, the Cisco advisory states.
One of the two ACL bypass vulnerabilities affects Cisco controller software versions 4.1 and later. The second ACL bypass vulnerability affects Cisco controller software versions 6.0.x.
Cisco says it has released free software updates that address these vulnerabilities. There are no workarounds to mitigate them, the company says. Cisco also says it is not aware of any public announcements or malicious use of the vulnerabilities, which were found during internal testing and troubleshooting of customer service requests.
Monday, August 9, 2010
Virtualization allows you to dream big by leveraging unused resources – a Blog by Thomas F. Guevin
Just as the movie, the Matrix, provoked thought around consciousness and reality, the movie, Inception, provokes thought about dreams and leveraging dreams. For spoiler reasons, I won’t go into the details, but suffice to say, it’s a must see and then a must discuss. In this blog, I wanted to discuss leveraging dreaming as a tool to increase productivity.
In interpreting my own dreams, I’ve come to the opinion that one aspect of dreams is that it is your brain’s way of iterating through situations to better prepare you for possible decisions. In a dream, I saw this and did that and then saw the outcome – so if that situation ever comes up in real life, you have a data point to go by.
I’m a multi-tasker, and I’m always trying to do multiple things in parallel (think Dual Core processing). For example, when I eat dinner, I will cook and start eating at the same time, and wash the dishes while chewing and finishing the meal. Needless to say, I’ve been there and done that when it comes to driving and cell phones – driving into work, doing calls to Europe and driving homes with calls to
I have considered the possibility of leveraging dreams as an extra workday. Go to sleep thinking about a problem, and wake up with the problem solved. Consciously I can’t say for certain that it’s helped, but it does seem that I’ve come up with more fixes and ideas in the morning. I read that Billy Corrigan or Smashing Pumpkins fame, wrote most of his songs in morning shortly after waking, as he would have melodies in his head and wasn’t dogged down by the matters of the day.
One of the corner stones of virtualization is leveraging unused resources – specifically memory and disk space that servers don’t need at a given moment. By virtualizing the vWLAN® solution, we’ve enabled administrators to deploy wireless along side other virtualized resources, leveraging resource pools for shared processing, and gaining other benefits of virtualization (like high availability, easy deployment, and maintainability).
vWLAN’s unique distributed data and centralized control model is also efficient in that it leverages the hardware endpoints – the APs to perform all the data plane activities (firewall, QoS,
Thursday, June 24, 2010
Good to Great: Patrick Foy, VP of Engineering
I was sitting in my office looking at a book in my book shelf, Good to Great, by Jim Collins and it reminded me of a discussion I had recently with a long-term healthcare customer and was asking about their network and their plans to upgrade to 11n. This particular customer initially had issues with their legacy wireless deployment because of various complexities; however, after going through training and re-design of their network, they now have a wireless network that they can trust. As part of the discussion, we were talking about moving to an 11n network and what should be considered to have a great network.
The first step in the process to go from a good wireless network to a great wireless network requires customers to take a hard look at their current wireless deployment including their network design and RF environment and determine if their current solution enables them to support the demanding applications that are appearing on the horizon.
As customers are moving to 802.11n networks, they should consider their network topology and design because over the next 5 years, most of the user traffic will be from wireless users/devices. Should all wireless traffic be trunked to the central data center or should traffic remain local? Where should QoS policies such as packet prioritization and bandwidth limitations be enforced? In a large distributed enterprise, should multiple wireless controllers be deployed to support each branch office? A high performance and scalable network requires IT manager to ask these fundamental questions.
Wi-Fi operates on an unlicensed spectrum, so IT managers need to accept the fact that they are subject to RF variations at any time due to new networks or non-802.11n sources. I advocate IT managers buy the appropriate wireless tools and take the necessary training to understand their RF network. These tools are becoming more intuitive and with a few days of training, IT staff can gain valuable insight to the RF network and proactively resolve issues before they turn into help desk calls.
I was recently looking at an RFP where the customer was upgrading from a legacy wireless network to an 802.11n wireless network and I identified a few key goals, which I would say are the right goals to get you to a great wireless network:
- Provide a wireless environment suitable for users to adopt as their primary means to access the network [Scalability]
- Increase system throughput to enable streaming video, advanced graphics, and large data transfers [Performance]
- Create a unified user experience across the campus with a single sign–on capability and the ability to facilitate users roaming from building to building [Seamless Mobility]
- Increase administrative flexibility for campus departments to manage their own private, secure wireless networks virtualized on the centralized solution [Simplicity]
- Increase wireless network security options for guest access, endpoint compliance, and user policies. [Security]
- Ensure compatibility with IPv6 addressing and facilitate the conservation of campus IPv4 address space [Future Proof]
As you can see, customers are demanding a solution where they will be future proof for at least the next 4-5 years with a solution that offers the 3S’s - scalability, security, and simplicity Great wireless will only come with setting the right goals, educating yourself about wireless fundamentals, selecting a WLAN solution that satisfies most of your technical requirements, and finally make a commitment to proactively monitoring your network. Pretty basic stuff.
The first step in the process to go from a good wireless network to a great wireless network requires customers to take a hard look at their current wireless deployment including their network design and RF environment and determine if their current solution enables them to support the demanding applications that are appearing on the horizon.
As customers are moving to 802.11n networks, they should consider their network topology and design because over the next 5 years, most of the user traffic will be from wireless users/devices. Should all wireless traffic be trunked to the central data center or should traffic remain local? Where should QoS policies such as packet prioritization and bandwidth limitations be enforced? In a large distributed enterprise, should multiple wireless controllers be deployed to support each branch office? A high performance and scalable network requires IT manager to ask these fundamental questions.
Wi-Fi operates on an unlicensed spectrum, so IT managers need to accept the fact that they are subject to RF variations at any time due to new networks or non-802.11n sources. I advocate IT managers buy the appropriate wireless tools and take the necessary training to understand their RF network. These tools are becoming more intuitive and with a few days of training, IT staff can gain valuable insight to the RF network and proactively resolve issues before they turn into help desk calls.
I was recently looking at an RFP where the customer was upgrading from a legacy wireless network to an 802.11n wireless network and I identified a few key goals, which I would say are the right goals to get you to a great wireless network:
- Provide a wireless environment suitable for users to adopt as their primary means to access the network [Scalability]
- Increase system throughput to enable streaming video, advanced graphics, and large data transfers [Performance]
- Create a unified user experience across the campus with a single sign–on capability and the ability to facilitate users roaming from building to building [Seamless Mobility]
- Increase administrative flexibility for campus departments to manage their own private, secure wireless networks virtualized on the centralized solution [Simplicity]
- Increase wireless network security options for guest access, endpoint compliance, and user policies. [Security]
- Ensure compatibility with IPv6 addressing and facilitate the conservation of campus IPv4 address space [Future Proof]
As you can see, customers are demanding a solution where they will be future proof for at least the next 4-5 years with a solution that offers the 3S’s - scalability, security, and simplicity Great wireless will only come with setting the right goals, educating yourself about wireless fundamentals, selecting a WLAN solution that satisfies most of your technical requirements, and finally make a commitment to proactively monitoring your network. Pretty basic stuff.
Subscribe to:
Posts (Atom)