ESS is now officially available for macOS, including simultaneous passive and active / throughput testing as well as spectrum analysis. Sidekick is the only supported external “adapter” for macOS, and GPS assisted surveys is still missing.
It’s been long, long, LONG time coming but it’s finally here! Ekahau Site Survey for macOS is now finally out of beta. “Out of beta” in this case means that macOS version is now feature complete and up to par* with its Windows counterpart. This in turn means that survey parts on macOS have been beefed up considerably and endless number of creases and wrinkles have been ironed out by our dev team.
The most worthwhile new features on the macOS version are the ability to do comprehensive passive surveys with the new Ekahau Sidekick™ and active surveys with the internal Wi-Fi adapter. No longer you need to attempt to do passive surveys with only the internal adapter and squint your eyes at the results while thinking “Maybe this’ll do?”.
Active surveying is also another critical growth spurt ESS macOS version had to take to measure up to its Windows version big brother. This covers both methods of active surveying: Ping and iPerf**. These features work exactly the same way as on Windows with all the usual functionalities and settings. However, we don’t have our iPerf server component (Ekahau Edition) yet properly converted to macOS version, so you might still want to set up the iPerf server on a Windows computer (at least if you’re using our Ekahau solution).
While Ekahau Sidekick™ is fully supported on macOS, unfortunately you cannot use the other external adapters (NIC-300 or SA-1) for passive surveys on that platform.
If you wish to experience the wonders of the macOS version for yourself, you can find it here: www.ekahau.com/download/ess
*”Remember when I said ‘up to par’ – I lied!” – GPS Survey is not supported on macOS
**Iperf support on macOS is this month’s bonus feature for you, our friends! However, the iperf implementation isn’t yet completely fine-tuned and doesn’t necessarily work on all macOS setups. We’ll be sure to work on it some more in the future releases!
Ekahau Sidekick is the first ever Wi-Fi site survey device, and houses 2x enterprise-grade Wi-Fi adapters and an outstanding spectrum analyzer. It’s what we highly recommend for site surveys and troubleshooting – whether on macOS or Windows.
Ekahau Sidekick™ is our brand spanking new device for all your site survey and troubleshooting needs and a perfect companion for ESS. This lovely rectangle of a device boasts two high-quality 802.11ac Wi-Fi adapters, which allows you to perform high-quality passive surveys. This square-shaped powerhouse also houses a state-of-the-art dual-band spectrum analyzer, which offers spectrum results with unparalleled speed and resolution.
Ekahau Sidekick™ packs all these capabilities into one conveniently sized and easy-to-carry solution. You no longer need to turn your computer into a sci-fi movie prop with multiple different adapters and dongles sticking out of it, but instead you can just plug in one single device with all the needed functionalities. This is Plug & Play at its simplest and most refined form.
Ekahau Sidekick™ also finally allows you to do full passive and spectrum surveys on Mac as well, if that would be your platform of choice.
If this piqued your interest, you can find more about Ekahau Sidekick™ and its features from here: https://www.ekahau.com/products/sidekick/overview/
In addition to other heavy hitters, we’ve also given our Real-Time Frequency Monitor a substantial upgrade. Part of upgrades are about making this feature optimized for the AWESOME POWER of Ekahau Sidekick™ – all the awesomeness does take its toll on the computer. However, some of the upgrades are readily visible for the users.
Frequency Spectrum view has been now equipped with various new settings to let you decide what you want to see in this view and how you want to see it. Want to see spectrum in all its glory without Wi-Fi lines scribbled all over it. Done. Spectrum sweep averages with point density? Can do.
With the introduction of Ekahau Sidekick™, the spectrum scans are now much more detailed and higher resolution. This means that the finer details of results can get lost when viewed across the entire Wi-Fi spectrum. That’s why we have now also implemented zooming for Frequency Spectrum view, so you can drill down to finer details more easily. 2.4Ghz band has two zoom levels and 5Ghz band has three zoom levels.
If you’re using multiple screens with ESS or you are just tired of RTFM hogging half of the space on your main window, you’ve probably already discovered detaching RTFM into its own window. If this is a new feature for you, just click the odd icon next to the black arrows on the right side of the screen to make it happen.
In ESS 9.1.0 we have given this separate RTFM window a complete overhaul and added a fistful of customizability into the mix! You can now freely select which views you want to use on the detached RTFM window – just click the dots in the corner of the view to start!
Last but not least – well, maybe in this tough crowd – we’ve also given ESS user interface a proper dusting and a new paint job. As part of our changes, we also aimed to modernize and streamline the UI look and feel. Additionally, we’ve also made an effort to make Windows and Mac versions feel and look as similar as possible for consistent experience.
Don’t worry, we’ve not maimed ESS so it’s unrecognizable or anything. You’ll be able to find all the features in more or less in their familiar places, but the presentation is now less 2004 and more 2018.
That wraps up the new stuff in ESS 9.1.0! You can find more details in our release notes, if you wish to delve deeper in what we’ve been up to.
The New Product Guy
For over 20 years Secure Sockets Layer (SSL) has been in the market as one of the most widely-used encryption protocols ever released, and remains in widespread use today despite various security vulnerabilities exposed in the protocol. SSL/early TLS was removed as an example of strong cryptography in PCI DSS v3.1 (April 2015).
SSL v3.0 was superseded in 1999 by TLS v1.0, which has since been superseded by TLS v1.1 and v1.2. Now SSL & early TLS no longer meet minimum security standards due to security vulnerabilities in the protocol for which there are no fixes. It is critically important that entities upgrade to a secure alternative as soon as possible, and disable any fallback to both SSL and early TLS.
The best response is to disable SSL entirely and migrate to a more modern encryption protocol, which at the time of publication is a minimum of TLS v1.1, although entities are strongly encouraged to consider TLS v1.2 as not all implementations of TLS v1.1 are considered secure.
Yes but PCI DSS compliance scans from Approved Scanning Vendors check more than just SSLv3. After June 30, 2018, all entities MUST have stopped use of SSL & early TLS as a security control, and use only secure versions of the protocol. Failure to comply with this instruction will impact ASV scan results and will ultimately negatively impact on PCI compliance. A document on the PCI DSS requirements regarding SSL & early TLS can be read here.
For the convenience of LANCOM resellers looking to future proof their customer’s SSL/TLS settings, as well as pass PCI DSS testing now and into the future, we have formulated a script that will disable every instance of SSL v3.0, TLS v1.0 and TLS v1.1 leaving only the latest TLS v1.2 enabled. This script also locks down other security algorithm settings to ensure LANCOM routers will pass PCI DSS compliance scans.
*Note HTTPS WAN remote access can be enabled if a valid SSL certificate from a trusted Certificate Authority is loaded into the router. Even with HTTPS disabled you can still fully manage a LANCOM router over SSH Port 22 using the latest version of LANconfig and the CLI.
When a new PC running Windows 10 is going through its initial setup routine, also known as the Out Of Box Experience (OOBE), it is susceptible to to corruption of the routine it the unlikely event of a power interruption.
If a power interruption does occur during OOBE then there is a likelihood of the following on screen message being displayed during the next boot. Pressing OK at this state causes the PC reboot but it will show the same error message and so on in a loop.
The problem can be easily fixed by making a small change to a registry key.
The procedure is as follows.
The security loophole named KRACK is a vulnerability in the WPA2-key handshake used for secure communication in Wi-Fi networks. This vulnerability is a man-in-the-middle attack, whereby the key negotiation between a client and an access point is manipulated in such a way that an attacker can intercept the data communication.
There are three possible attack scenarios:
LANCOM are currently working on a security update for fast roaming (802.11r) and it will be released as soon as possible. The following describes where you can check to see if you are using fast roaming (802.11r) and, if applicable, how you disable it.
You can adjust this setting in LANconfig under:
“Wireless LAN -> Encryption -> WLAN encryption settings -> Wireless network X”
on the tab “Advanced -> WPA2 key management”
You can adjust this setting in LANconfig under:
“WLAN controller -> Profiles -> Logical WLAN networks (SSIDs)… -> Name of the SSID -> WPA2 key management”.
For more information on the KRACK attack please see the website related to the discovery below.