Securing work contacts while keeping caller ID 03: iOS with Boxer

I had a week of customer meetings, each (literally!) asking the same question: “How can I prevent WhatsApp from grabbing the corporate contacts on my device?”

In this series of posts we will explore the options of deploying corporate email/contacts/calendars with the goal of maximal work/personal contact separation, while trying to minimally impair the user experience (such as the Caller ID).

Table of contents:

(more…)

Advertisements

Securing work contacts while keeping caller ID 02: Android

I had a week of customer meetings, each (literally!) asking the same question: “How can I prevent WhatsApp from grabbing the corporate contacts on my device?”

In this series of posts we will explore the options of deploying corporate email/contacts/calendars with the goal of maximal work/personal contact separation, while trying to minimally impair the user experience (such as the Caller ID).

Table of contents:

(more…)

Securing work contacts while keeping caller ID 01: Android vs iOS

I had a week of customer meetings, each (literally!) asking the same question: “How can I prevent WhatsApp from grabbing the corporate contacts on my device?” This happens more often than you think – the infamous GetContact collected over 3.5B contacts in just a few months, all of which were officially available for sale! With GDRP in effect, how much could this cost?

Of course, both iOS and Android offer means to securely lock down enterprise data on BYOD devices. But this comes at a price of usability, the most cited problem being the caller it. We know that in the modern day an unhappy and discomforted user is essentially a backdoor waiting to happen. How can we keep this balance between security and productivity?

In this series of posts we will explore the options of deploying corporate email/contacts/calendars with the goal of maximal work/personal contact separation, while trying to minimally impair the user experience (such as the Caller ID).

We will explore several approaches, their limitations and shortcomings for iOS and Android. This post lays the foundations and provides a TL:DR style summary/comparison of my current findings.

Table of contents:

(more…)

Do non-overlapping channels overlap?

We all know the “non-overlapping” channels 1/6/11 in 2.4GHz (5GHz matter is similar). Do they really not overlap? I keep bumping into this in conversations, and would like to create a point of reference (with pictures) instead of having to repeat same old over and over.

BW- 2m away from AP
Your typical “non-overlapping” 1/6/11 setup

Since we a dealing with broadband technology, the signal is in reality not 100% contained within the allocated 20Mhz band – we only see the tip of the iceberg. Here’s the official 802.11 20-Mhz OFDM channel spectral mask. Note that the “20Mz” channel actually goes up to 30Mhz in every direction (60Mhz total width), albeit up to -45dB weaker, than the central 20Mhz flat part.

Wi-Fi Spectral Mask - Single Channel
802.11 OFDM transmit spectral mask. Power levels are relative to the signal strength in the center.

Now, let’s combine the masks for all the “non-overlapping” together and enjoy the view.

Wi-Fi Spectral Mask - 1-6-11
Spectral masks combined together in 2.4GHz space. Can someone draw me picture with three icebergs please?

Of course, if the APs are spaced far enough, the effect of side bands will be negligible: if I already hear the AP’s central frequency at -87dBm, hearing the sidebands at another 20-26dB lower will do well below the sensitivity threshold. However, if this is not adhered to, here’s a spectrum analyzer capture of channels 1 and 11. Can you see the AP in channel one? What chances are for it to be heard?

Spectrum - 24GHz Ch1 Ch11 overlap
“Non-overlapping” channels 1 and 11.

Summary:

  • Even non-overlapping channels overlap
  • Maintain separation. Either calculate using tools or use 3-5m as a rule of thumb (better use tools!)
  • Stacking APs on top of each other to provide triple density seems a good idea but only works if you are Xirrus, but even they stopped doing it, as far as I know.
  • 2.4GHz is dead, move all enterprise networks to 5.

Hope this clarifies the matter enough. If this useful enough to use as a point of reference when explaining the matters to others? Let me know your thoughts!

What 802.11ax is not

I normally do not publish the “link to” posts, preferring to share on LinkedIn, but Devin Akin well deserves it. Matches my perspective 98%+, especially the point on 802.11ac stillborn MU-MIMO.

Preamble: Aerohive has released the first 802.11ax APs (the official 802.11ax standard spec is not final yet) – so expect the marketing race.

TL DR: The only good thing is OFDMA sub-carrier allocation (think sub-channels) similar to what exists in GSM/LTE/WiMAX, but it would not work w/o client support and forget 2.4GHz.

Anyway, enjoy the article: http://divdyn.com/802-11ax-not/ and let me know your thoughts!

Setting a package as Device Administrator with StageNow, reversing the DevAdmin class name

I had to perform a simple task recently: set up the Battery Swap application on out TC51 as a Device Administrator, so that it can do its battery swapping preparations correctly (for some reason it’s not set up as such by default). MX and StageNow allow this via the DevMgr CSP. But that CSP requires Package Name and Class Name. Let’s find out and do some more package dumping for fun and profit!

(more…)