Thoughts on Cybersecurity, Wi-Fi and some other stuff
This post is kind of a sequel to the previous post The need for better Hotel Wi-Fi. Whenever you do a wireless survey, you need a floor plan. If you don’t have one, Ekahau users have the luxury of doing a Just-Go survey, where the floor plan is dynamically generated
Yes, I am one of the people who enter a building and look up to spot the Access-Points. As a wireless engineer you can: And sometimes a 3) turns into a 1) “Ahh, that’s the reason; now it makes sense!” And part of this crazy notion is to evaluate the
This year, I presented the topic WPA3-192-bit mode at the WLAN Klassentreffen (in German) and WLPC in Prague as a 10Talk. This is the video recording from WLPC: Here is the presentation from WLPC 2024 in Prague: And the German version from the WLAN Klassentreffen 2024 in Hamburg: Some more
Well, of course a Block cipher is always a Block cipher. But sometimes it might not be used as expected and this can cause some misunderstanding of how things work. If you implement IPsec VPNs, you likely know ESP, the Encapsulating Security Payload and it’s packet format: The Encapsulating Security
This blog post is for the paranoids among us Many companies use BYOD (Bring Your Own Device) processes to securely connect personal devices to the enterprise network. Typically, Enterprise Authentication with EAP-TLS ensures a good user experience without any struggles when Domain credentials are changed. But how do we connect
“Why did no one tell me before???” This July, I visited the Wi-Co (Wireless Community) event in Manchester and learned about a device that ideally fits my use case. Problem Statement When traveling, in meeting rooms, or in hotel rooms, I not only look above me to spot the APs,
Transition Disable is a mechanism to protect a WPA3 network against downgrade attacks and is described in Chapter 8 of the WPA3 Specification 3.3. When this feature is enabled, a station should configure it’s network profile to not connect to the SSID with AKMs that are not allowed in WPA3-only
In a previous blog post, I described connecting the Meraki MX to the internal network. In this blog post, I go through different ways to connect to the internet. The internal connection is not detailed here; this is independent of the external connection to the ISP. Option 1: One MX,
On the Cisco ISE, we can use Downloadable ACLs (DACLs) as an enforcement method to control what our endpoints are allowed to do in the network. These DACLs can be used with Catalyst switches and also with the Catalyst 9800 WLC starting with version 17.10.1 Compared to named ACLs, the
In Part 1 of this Blog post, I described the hardware setup of my LoRaWAN Lab. But the End Nodes and the Gateway is only one-half of a complete LoRaWAN setup. The Things Network shows the whole architecture: Image from https://www.thethingsnetwork.org/docs/lorawan/architecture/ This post is not meant to provide detailed setup