Skating to Where The Puck Will Be

By Mike Kouri, Aerohive Networks.

The apocryphal quote from Wayne Gretsky that formed the title illustrates his winning strategy, which Aerohive shares. Customers choose Aerohive products because they solve today’s problems today, and because they have observed and continue to trust that Aerohive will have solutions for tomorrow’s problems before they encounter them.

We understand that wireless connectivity is now a business continuity requirement from most of our customers and that Wi-Fi networks are an integral part of their own businesses instead of just a convenience for conference rooms. As such, the wireless networks of today and tomorrow must be as robust and secure as the wired networks used by many people who are now approaching retirement age.

The latest such innovation from Aerohive is support for the new WPA3 protocol suite. This exciting enhancement to the Wi-Fi Alliance standards, while remaining backwards compatible, makes many previously-optional things (such as Protected Management Frames) mandatory. Collectively, these aid in securing against eavesdropping and man-in-the-middle type of attacks and provide resistance against both offline dictionary attacks and against key recovery. Because WPA3 is resistant against offline dictionary attacks, users can choose (or admins can assign) passwords that are simpler, easier to remember and easier to enter while retaining high security.

The beauty of all this is that in many cases, no changes will be needed in customer configurations to take advantage of all this. Update to the newer version of HiveOS, then purchase new wireless clients capable of supporting WPA3, and the miracles of modern networking will just happen.

WPA3 will be optional for existing networks but will be mandatory for the upcoming 802.11ax standard so anything claiming support for 802.11ax will support it. We expect software updates to Wi-Fi drivers and/or client operating systems in the latter half of 2018 and during 2019 to allow most modern client devices to take advantage of this. As I type this, WPA3 testing is just starting so few if any WPA3 clients currently exist, however as previously mentioned 802.11ax has mandated WPA3 as a prerequisite. So depending  if you see this as a good best practice or a clever way to drive certification, in either case the end result will be a far greater and faster integration of WPA3 into production networks.

Keep in mind that very few networks are built and continue to operate with all-new technology and different parts of networks evolve at different rates. Anyone working in warehouse or manufacturing environments commonly see 10 year old wireless barcode scanners running legacy protocols while their executive floor is populated with the latest offerings from Apple, Google, and Microsoft. Customers can begin replacing or relocating devices in areas of expected need (such as the executive floor mentioned earlier) with future-proofed Aerohive access points, and be assured that when that first 802.11ax client arrives, it will receive it’s expected performance and security levels. Additionally, the ability for our APs to support and offer the highest level of security supported by the client devices allows Aerohive to provide the latest levels of security, yet still support  legacy technologies while providing isolation between the two groups. Aerohive is fully committed to access network security outside the WPA3 realm as well with features like integrated TPM chips, dedicated firewalls, Private Client Groups, Secure Access Management (A3), flexible identity-based security, and policy enforcement at the edge of the network.