STAY IN CONTACT
SOCIAL
  • White Facebook Icon
  • linkdin-01
  • White Twitter Icon
  • White Instagram Icon

WifiWall Channel Partner Welcome Document

 

This document is a live content and is provided for a signed WifiWall Channel partner or a soon to become one. It includes information and data regarding aspects of the market, the problem and need, pre-sales and post-sales information and tools, marketing materials, technical information, and Channel Partner resources and Q&A.

 

Please come and visit this area regularly as we keep update and add content to share with our partners. 

 

We see you as an integrated part of WifiWall team and success, please do not hesitate to contact us for any question or need,

 

Yours,
Shlomo Touboul
Founder & CEO

Don’t Wifi without WifiWall!

 

WifiWall Partner Program

WifiWall Partner Program is provided to support and enhance the work of our Signed Partners.  A Company needs to be an Authorized WifiWall Reseller (mostly Value Added Distributor) to join the program, which enables approved reseller to immediately service their clients. Our Partner Portal is a platform that will be extended over time providing news, sales tools, support, training, pricing, promotions, marketing, forums and many other features to enable and collaborate with our partners.

Partners Advantages

  • An Account Manager

  • Dedicated support

  • WifiWall discounted pricing

  • NFR Discounts

  • Special Reseller Promotions

  • Marketing Support

  • Graduated Discounts Based on Sales Volume

  • Training through one-on-one sessions and webinars

  • TBD: Reseller Newsletter

  • Special Enterprise Registration and Pricing

  • Special Government/Non-profit/School Pricing

 

TOC

 

WifiWall Channel Partner Welcome Document

Preface

Program Introduction

WifiWall Partner Program

Partners Advantages

TOC

The Market

The problem

Why is Wifi higher risk than wired network?

Why are existing Cybersecurity solutions not enough?

Why using a VPN on a Wifi network is not enough?

IoT Wifi network challenge


 

Competition and substitutes (for SMB and Enterprise)

WifiWall products

WifiWall 2.4GHz for the traveler

WifiWall for Office

Customer Q$A

Why WifiWall only works on 2.4GHz networks? What about 5GHz?

If I have a VPN, why do I need WifiWall?

Why is WifiWall a hardware device and not a software on my phone/laptop…?

Why WifiWall protects only 2 devices. I have 4?

How do we know WifiWall is protecting us when it doesn’t show the network name on the main screen?

How is WifiWall connected to my device or the WiFi network?

Does the device cause Latency/slowness to my network?

Sales Pitches and Sales information

Elevator pitch

Customer Qualification

 

WifiWall Reseller Kit

Reseller Kit, What and Why it is?

Reseller Kit Content

Rogue AP kit

How to demonstrate WifiWall using the Demo Rogue AP

Other Attacks Demonstration

1. Option 1: for Linux, MAC, and Windows: aircrack-ng tools.

2. Option 2: A MAC OS GUI based Application: JamWifi

Interfacing WifiWall Support

WifiWall Price List and Product Ordering

WifiWall Price List

WifiWall Purchase Order

The Market

The problem

Public and Private WiFi networks are everywhere today enabling connectivity to travelers and offices, IoT networks, smart homes, etc. They become a critical part of doing business and standard de-facto for ad-hoc connections.

 

While a few legacy Wifi security products exist, there are none available today for:

  • The traveling person that connects to public Wifi.

  • Satellite, remote offices, and SMB.

  • IoT Wifi deployments, including smart home, smart car, Wifi cameras, etc
     

Why is Wifi higher risk than wired network?

While traditional wired networks are difficult to tap (traffic monitoring) by the attacker, Wifi networks are wide open for any attacker’s Wifi tools. Wifi traffic is managed and controlled via 802.11 frames which are not encrypted, even when using WPA2 encryption or VPN clients.

Also, the 802.11 protocol allows any unassociated Station or any Rogue AP to send and receive packets from and to any other associated Wifi Station or AP.

 

This makes Wifi vulnerable to 802.11 attacks. 

We call it : “the missing layer 2 and 3 security in WiFi networks.”

 

Why are existing Cybersecurity solutions not enough?

Every corporate network comes with Firewall, VPN server, Intrusion Detection and Prevention systems, etc.  However, these tools are operating on top of TCP/IP connections and UDP broadcast. While this provides adequate security in wired networks, it’s not enough for the 802.11 networks.

 

802.11 frames are part of layers 2 and 3 in the OSI model, while TCP/IP starts on level 4 continue to layer 7 (SMTP, HTTP, etc.).  All the existing cybersecurity solutions are active on top of TCP/IP (layer 4 and higher), leaving Wifi layers 2 and 3 unprotected and wide open for the WiFi attacker.

 

There are very few Legacy systems for enterprises that are capable of monitoring 802.11 frames. However, they are limited, outdated and costly. When considering Public Wifi networks, they do not exist at all.

 

An additional aspect that make 802.11 attractive for attackers is the fact that there is no logging for 802.11 activity. While on TCP/IP every request and every transaction is logged and stored for forensics and investigations and monitoring by the SOC team, these abilities mostly not exist for WiFi.

 

Hence, Wifi attacker today has an advantage over the defenders when it comes to WiFi Attacks. Also, the probability for an investigation and forensics post attack is very low due to lack of WiFi logging. 

 

Many attacks started in the Wifi network, allowing the attacker to harvest supervisor credentials through one of the WiFi attacks described in this document and continue into the traditional wired network with a single step attack, creating a devastating light speed attack that leaves no trace behind. 

 

Why using a VPN on a Wifi network is not enough?

VPN is a great solution to create a protected “tunnel” between the station (phone, laptop, tablet, etc.) to the destination server (bank website, corporate database, email, etc.). 

 

When the VPN tunnel is established, all the information on top of Wifi is encrypted and therefore not visible to the attacker, even during Man-In-The-Middle-Attack (MIMA). However, 802.11 management and control frames are still not encrypted. 

An attacker can “shake the tree” and create an opportunity to attack even when the tunnel is active and whenever needed. 

 

This is done by terminating the 802.11 association between the victim’s station )sending DeAUTH frame or instructions to change communication channel, etc.)

and the Access Point (AP).

 

DeAUTH terminates TCP/IP and VPN is no longer valid (operates on top of TCP/IP which is not valid ). When the station tries to reconnect to the original AP the attacker hijacks the connection with a Rogue AP tool. 

 

Now the Station has connected to the Attacker’s Rogue AP the attacker sends a spoof  AP’s splash screen (the first screen that the AP delivers for approving the terms or requesting credentials as frequently used in Hotels and Airports WiFi)  much before VPN is active again.  

 

Here the attacker has many options, for example, injecting a malicious code in the spoofed splash screen  (looks exactly like the original splash screen). By the time the victim’s station connects to the internet and starts VPN, it is contaminated by a malicious code that “ see” all content unencrypted.  

 

IoT Wifi network challenge

There are many Startups and mature vendors that are releasing different IoT solutions.  Most solutions deliver end-to-end encryption that can fit the small footprint of the IoT sensor or device. Others provide device management including secure boot, secure updating, etc. 

 

However, the fast-growing IoT network are mostly based on WiFi and therefore suffer from the same weaknesses of the 802.11 security. The ultra-fast adaptation and deployments of IoT projects creates an attractive target for Wifi attackers. 

 

Competition and substitutes (for SMB and Enterprise)

As mentioned before, the solution for the WiFi security problem exists for large enterprise office. It’s expensive and mandate single vendor equipment (for example only Cisco Access Points).There is no Wifi security solution for multi-vendor equipment, for example, Cisco AP,  Qualcomm AP, etc.

 

While WifiWall supports multi-vendor deployments for any business size, it initially focuses on three untouched market segments:

The traveling businessmen/women connecting to public Wifi

Satellite, remote offices, SMB  and home Wifi.

IoT Wifi networks.

 

In those market segments and multi-vendor environment, there is no direct competition or alternative for WiFi security. 

 

As explained earlier, while VPN perceived as a solution for those market segments, it’s not immune from 802.11 attacks, and this requires explaining, demonstrating and educating your customers.  

 

If you are selling VPN solution, you may consider bundling deals with WifiWall for travelers, providing a complete solution.

 

WifiWall products

WifiWall 2.4GHz for the traveler

 

WifiWall is a miniature hardware device which acts as a protocol analyzer which is doing packet inspection on the 802.11 level- The WiFi level.

Once you turn it on, it constantly monitors ALL the WiFi traffic in the area, designated on the user’s devices (Laptop,phone, tablet- whatever that they want to connect to WiFi with)
It monitors ALL the data packets in the area looking for data packets that are coming in or out of your device. Once it finds data packets relating to you, it performs a behavioral inspection to check for anything malicious. Any WiFi based attack. It could be someone is trying to constitute a Man in the middle attack, deauth attack, KRACK attack, Rogue access point, evil twin, etc… in short, someone is trying to hijack your WiFi connection.

Once WifiWall identifies someone is trying to attack you on the WiFi level, it will send a deauthentication frame to the user’s device to immediately disconnect him from the WiFi network.

So the Solution is completely automatic. Once you turn it on, it constantly monitors all the WiFi traffic in the area, and when you are attacked, WifiWall will immediately pull you out of the WiFi network before any damage can be done. 

Now, WifiWall is not acting as a proxy, It is not “standing” in the middle of the flow of information- the data is not flowing from the access point to WifiWall and in a bottle neck to the user’s phone (or other device) Instead WifiWall is an independent sniffer. It is “standing” outside of the data flow, and only “sniffing” all the data and not touching it. And if it finds an attack, is severs the WiFi connection. Therefore, there is absolutely zero impact on user’s performance and no data manipulation at all.

 

In conclusion, the solution is:

  • Automatic - as explained above.

  • Non-intrusive - No need to install anything on user’s device, no latency or data manipulation is inflicted.

  • User friendly for non-technical as well - All user needs to do is turn it on and that’s it.

 

WifiWall for Office

 

WifiWall Office is actually two WifiWall units, each with its own functionality, working in concert. The first unit- dubbed WifiWall in-Office - is protecting specifically the Office WiFi network. IF the  Office WiFi is called “Homer’s WiFi”, so WifiWall in-Office is protecting specifically “Homer’s WiFi”, checking for inside WiFi based attacks- if someone is trying to decrypt the network, put a Man in the middle attack, KRACK and so on.

The second unit - Dubbed WifiWall Office-out - is actually monitoring all the WiFi traffic outside of “Homer’s network” checking to see if anyone is trying to lure your WiFi users to their malicious network with rogue access points. Someone could publish another rogue “Homer’s WiFi’ network and entrap your office WiFi users to connect to the malicious network, so they will be diverted to captive portal for their data to be stolen. 

 

WifiWall Office out is also publishing 20 deceptive WiFi network with SSID variation of your Office WiFi. So it will create a “homer WiFi1” network”, “Homer finnacing”, “Homer’s office WiFi” and etc. When the attackers will try to attack or log in to these deceptive networks, the office admin will receive notification with information on attackers.

ragraph. Click here to add your own text and edit me. It's easy.

Customer Q$A

Why WifiWall only works on 2.4GHz networks ?What about 5GHz?

This is a frequent question received from customers. While we are working on the “WifiWall Janus” - 2.4GHz/5GHz version (currently there is no 5GHz hardware small enough) there is a great value in the 2.4GHz version today. 

 

  • Most of the attackers’ Wifi attack tools operates today on 2.4GHz and equally to us, they are in transition to 2.4GHz/5GHz devices.   Therefore over 90% of all WiFi attacks happen on 2.4GHz.

  • When traveling to 3rd world countries, the 2.4GHz networks are most common as the WiFi attacks are.

  • When using 2.4GHz/5GHz networks, user’s devices will use the 2.4GHz whenever the distance from the AP increase.

     

The dilemma of not use Wifi security until 5GHz is released leaves the customer at a highly exposed to the majority of Wifi attacks. 

We will propose a special upgrade offer to all our customers that bought WifiWall 2.4GHz until WifiWall Janus 5GHz will be available. This provides them with the best possible Wifi Security today and getting better when upgrading to WifiWall Janus.

 

If I have a VPN, why do I need WifiWall?

Refer to section :“Why using a VPN on a Wifi network is not enough?”

 

Why is WifiWall a hardware device and not a software on my phone/laptop…?

That’s a very good and important question. At WifiWall we make both the software and the hardware ourselves, so to integrate the software on an existing device was a possibility. But what actually seems like a disadvantage (having an extra device to carry with you) is actually one of its biggest advantages. If we would put WifiWall software on a phone, it will paralyze the WiFi on the phone, to perform deep packet inspection on all the WiFi traffic in the area, analyze and detect malicious behavior and be quick enough to DeAUTH your device to disconnect him from the network before any damage can be caused takes a heavy toll on the device. The software will just kill your phone. By making WifiWall a hardware device we actually provided him with a huge upside- He is completely non-intrusive. He does not cause any slowness or content manipulation (as most cyber security devices tend to do, including  VPN) since he is outside your devices and not connected to it. 

And to completely cover the disadvantage, we made it very small (so it can easily fits in your pocket or in your bag), we made it completely automatic (so user is passive) and very user friendly (you only need to turn it on and that’s it). You don’t need to install or register to anything. So even though it is a hardware device, it has as minimal effort as possible to use.

 

Why WifiWall protects only 2 devices. I have 4?

As advised before, to perform DPI (deep packet inspection) is a very exhausting action. To perform deep packet inspection on all the WiFi traffic in the area, analyze and detect malicious behavior and be quick enough to DeAUTH your device to disconnect him from the network before any damage can be caused takes a heavy toll on the device. Therefore we have limited the WifiWall to monitor two device. We started from one and have made the improvements to protect two. When WifiWall Janus will arrive, we will make all the efforts to improve even more.

 

How do we know WifiWall is protecting us when it doesn’t show the network name on the main screen?

As long as WifiWall has your MAC address it will protect you. The reason it doesn’t show your connected network name all the time is that sometimes our devices go to sleep mode for their WiFi activity (like when your put your phone on a screen saver mode). WifiWall is all the time monitoring all the WiFi traffic on all WiFi channels looking for your device’s MAC address. When you are on sleep WiFi mode, then your device does not actually transmit or receiving anything (even though you are still listed as connected to the network) and therefore WifiWall is not showing any network. because WifiWall is monitoring for data packets in the WiFi traffic that are related to you, but you are not actively doing anything on the network. 

 

But !!!even if you are on sleep mode and suddenly someone will send a malicious packet to you, WifiWall will intercept and immediately take you out of the WiFi network.

 

How is WifiWall connected to my device or the WiFi network?

That’s the beauty… It’s not. WifiWall is not connected to the user’s device (phone/laptop/etc).
and not to the WiFi network itself. Only at first time use user will need to make one-time synchronization which takes around 10 seconds and all that happens in the process is that WifiWall gets the user device’s MAC address. That’s it. From that moment on it only acts as an independent sniffer and only monitors the data from the outside. 

 

Does the device cause Latency/slowness to my network?

Absolutely not. The device is completely non-intrusive.see above. (see above)

 

Sales Pitches and Sales information

Elevator pitch

 

WifiWall product line (can be found at www.wifiwall.com -> products) is unique and first to address the WiFi Layer 2 and Layer 3 security issues. While today the dominant cyber product for those connecting to WiFi networks (especially public WiFi) is a VPN, which is a great solution, but it is only securing from Layer 4 and above. For WiFi Layer 2 and 3, the solutions exist only in legacy Enterprise networks. That leaves three very big untouched markets: The business travelers connecting from Public Wifi, offices outside the large enterprises- Satellite/Remote offices or SMB offices which are both left wildly unsecured and the fast growing IoT networks such as home, cars smart city etc. WifiWall securing WiFi connections (a) Automatic, (b) Non-intrusive mode and (c) very User friendly.

 

Customer Qualification

 

Identify your customer by the problem location and staff by the following characteristics:

 

Traveller segment:

Does the customer have many people on the move, such as:

Sales teams

Service teams

Senior management with multi geo locations

Deployment and installation teams and other technical teams

Home based workers

Workers at shared offices

 

Satellite and Remote Offices:

Companies with branch offices where little to no technical team exist on prem.

Remote offices that may be or not connected to headquarters network via WAN

SMB:

Small to Medium business with 50-500 devices connected over WiFi.

Guest networks and Lobbies

 

Special segments:

Legal companies

Accountants

Banks and Financial institutions branches

 

Special locations: the following list by risk level locations highly exposed to WiFi Attacks:

trade shows and conferences

Airports

Office Lobby

Hotels

Coffee shops

Universities

 

WifiWall Reseller Kit

 

Reseller Kit, What and Why it is?

WifiWall Reseller kit provides resellers and distributors (hereafter “Partner“) with the means to demonstrate WifiWall’s capabilities, carry POC (Proof of Concept) and Pilots for their customers.

 

Reseller Kit Content

Each Reseller kit comes with products and tools as following:

Three WifiWall 2.4GHz NFR (Not For Resell) units.

WifiWall Office NFR. (including WifiWall In-Office and WifiWall Office OUT units) and two Docking Stations.

Access Point and Rogue AP  -  a set of two WifiWall hardware devices running Regular AP and its Evil Twin Rogue AP.

 

The NFR units are available for the Partner sales team when they need to demonstrate the products.

The Rogue AP set is used to demonstrate attacks.

 

Further instructions on how to demonstrate DeAUTH and Hijacking attacks may be found in this document.

 

Rogue AP kit

The rogue AP kit simulates one of the most common WiFi attacks out there- the Rogue Access Point (RAP).

 

It simulates the situation where an attacker will go to a crowded location with “big fish”  - attractive targets such as airport, hotel, Cafeteria/cafe, conference, trade shows, train station, etc. 

 

The attacker will study the current AP (the Regular AP in the Reseller Kit) and set up an Evil Twin Access Point  )the Rogue AP in the kit(.

 

The Evil Twin has the same SSID of the Public WiFi network (“NYC Free” in the kit) located at the site. 

 

The kit consists of two WifiWall hardware units running Regular AP and Rogue AP software
(not our WifiWall 2.4GHz).

 

The Regular AP implements a good AP with SSID “NYC Free”.  Its screen in the color green. You may connect to this AP from your devices) while there will be no internet of course .( When viewing this SSID in the Network Screen of WifiWall 2.4GHz, it will show one blue shield only, representing WPA encryption. This represents the good AP in a public area.

 

The second unit, the Rogue AP, implements a rogue access point with the same SSID  “NYC Free” .Its screen in the color red. Differently, from the good AP, this unit has a DNS server that diverts any name request into a single HTML based splash screen, much similar to the way Hotel and Airports Wifi does .This force the connected station into a splash screen requiring the user email and password to connect to the internet. 

 

While we do not do it, in many cases this splash screen, which is build using HTML and PHP code, will include malware, ransomware, trojan horses, etc .This is a common way for the attacker to infect the station; you may want to explain this to your customer.

 

How to demonstrate WifiWall using the Demo Rogue AP 

You need both the Rogue AP and Regular AP (Red and Green) to demonstrate detections by WifiWall 2.4GHz. 

 

Follow the steps below for a demonstration:

1. Turn on the Regular AP (green screen). You may connect to it with your phone (not necessary for the demo).

2. Turn on the Rogue AP (red screen).

3. Turn on WifiWall 2.4Ghz. Within a minute or two, WifiWall 2.4GHz will generate a “Rogue AP Found”. WifiWall 2.4GHz scan and detects all SSID in the vicinity, investigate each to discover Rogue AP and when found, issue this alert. 

4. Now, connect your phone (or laptop, tablet and any station that was previously paired to your WifiWall 2.4GHz) to the Rogue AP “NYC Free”.  Make sure you are connecting the SSID that doesn’t require any password (no encryption). WifiWall will report the alert “Rogue AP Attack” .Note: this is different from the previous message. Your station will display a splash screen” WIFI PORTAL 24 hours Free internet access “requesting your user name and password. Of course, do not enter that data and make sure your station disconnects from the Rogue AP.

 

Other Attacks Demonstration

 

You may use publicly available tools to demonstrate the variation of Wifi Attacks on a protected station. Such tools are:

 

1.  Option 1: for Linux, MAC, and Windows: aircrack-ng tools.

This is a set of tools allowing cracking, attacking Wifi targets.

You may also use a Kali Linux distribution that comes with aircrack-ng tools built in.

Follow the DeAUTH Attack instructions here:

https://www.aircrack-ng.org/doku.php?id=deauthentication

For Kali Linux distribution check:

https://tools.kali.org/wireless-attacks/aireplay-ng

Note: it is best to let WifiWall 2.4GHz in sleep mode during the demo .This saves CPU cycles from display work and increases the sensitivity of WifiWall 2.4GHz. 

Note 2: WifiWall will wake up when the attack happens. 

 

2. Option 2: A MAC OS GUI based Application: JamWifi

1. Install JamWifi on a MAC computer, download here:http://macheads101.com/pages/downloads/mac/JamWiFi.app.zip 

2. Connect the MAC computer to the same 2.4GHz WiFi SSID as your phone (victim station) is connected.

3. Turn on your WifiWall 2.4GHz that is paired with the victim station.

4. Scan WiFi using JanWifi tool. Select the above 2,4GHz WiFi. Press the “JAM” button, select the MAC Address of the victim station and press “Do It!”

This will send a DeAUTH attack on the victim station, and WifiWall will generate a DeAUTH attack alert. 

 

Interfacing WifiWall Support

 

To open a ticket on our support system simply send a mail to: support@wifiwall.com. This will open a ticket (auto replay will be generated with ticker id number).

 

Please make sure you registered to our website and that we flagged you are a partner user. 

 

WifiWall Price List and Product Ordering

 

WifiWall Price List

Our price list is getting update every quarter.  The updated price list is published during the last week of the calanderay quarter.  A major price change is announced via direct message to the partner 60 days before it is valid. 

 

WifiWall Purchase Order

The order quantity of WifiWall products is multiple of  100 units. 

The following is a PO sample when you order products with WifiWall: