Client fingerprinting, in my opinion, is one of those features that many people don’t think about until they either need it, want it, or it’s broken. It’s not as sexy as other Wi-Fi security related topics such as 802.1X or micro segmentation and it’s certainly not going to prevent a client from operating correctly on the network if it’s not available (or can it?). However, it does help provide insight into your Wi-Fi client base which can be valuable in terms of knowing what device or devices are popular and making sure your Wi-Fi supports them well. Additionally, it is possible to tie access controls to clients by their device type which can affect what they are able to do on the network. With that said, it’s probably worth knowing how client devices are identified from their manufacturer down to the OS version and more importantly, the methods your Wi-Fi vendor uses to identify them. In this post, I’m going to discuss how client fingerprinting is done in general, how RUCKUS does it, and how one method of fingerprinting that we use today is changing due to security concerns.
“Say my name, say my name” ain’t just for Destiny’s Child
No, I’m not quitting my career as an IT professional to start a R&B group, but hopefully the title of my blog post captured your attention enough to get you here. Now let me explain.
Earlier this year, RUCKUS released SmartZone (SZ) 6.0. There were many new features and improvements like a completely redesigned web UI for example, but another minor feature made the cut as well: AP Hostname Advertisement
Clickable HTML network diagrams with draw.io
1 Reply
John Herbert (@mrtugs) over at https://movingpackets.net just recently published a blog article that I felt was extremely clever and helpful. He created a clickable HTML diagram for his home network so that he could both illustrate to his wife how good of a network admin he really is and make it easier to manage the devices on his network. The only problem I saw with John’s post is that you must own Omnigraffe, a diagramming tool only supported on macOS and iOS. If you visit their website, there is a free 14-day trial to give it a spin, but it is pay-to-play software. Enter draw.io from JGraph Ltd.:
Ghosts in the network
It all started with an e-mail from a co-worker on a recent Saturday afternoon, shortly after we finished performing Windows updates on all of our servers. It read something like this:
“Syslog server’s C: drive ran out of space so I created an additional drive with 20GB of space and moved all of the logs to it.”
Now I’ve only been with this new company for 4 months now, but one of the first things I did when I began learning the network was to take a look at our syslog server to see how it was configured and for baselining how many logs in an hour and day were normal for our network. So when I saw that the drive ran out of space with the amount of syslogs normally generated per day, it immediately raised an alarm.
Continue readingSolarWinds Ambassador
In January, I was honored with the offer to become a SolarWinds “Geek Speak” Ambassador for the month of February. Being a SolarWinds Ambassador consists of writing 4 blog posts (1 per week) about topics that interest you, in relation to IT as a whole. My particular interests that I chose to write about revolved around networking monitoring. Although my schedule was slated to be very hectic that month, I decided to take on the challenge as it was something I had never done before and the opportunity wasn’t guaranteed in the future. I’m so glad I did it. If you’re interested, the four posts are below:
What’s most important to you when choosing an NMS?
Get with the flow… with NetFlow!
Configuration management… More than meets the eye
Network Discovery: Manual vs Automated
Disclaimer: While I was paid for the content I wrote, I was not swayed in any manner to write content that was favorable for SolarWinds or it’s products.