CradlePoint Blog

How Do You Guarantee Network Performance and Security at the Edge?

Posted by Michael Rotchford on July 23, 2014

Let's face it. For distributed enterprises, establishing and maintaining fast and secure networks at the edge is no easy task, especially in a world where hackers are more sophisticated than ever, and greater demands are being placed on the network for high performance and bandwidth. Today's branch locations process highly sensitive data but don't have onsite IT to perform hands on system monitoring to watch for attacks or connectivty outages. With customers, 3rd party vendors, cloud-based business solutions, and mission critical applications all requiring network access, the potential for a breach or network failure is higher than ever. So how can you increase network reliability and mitigate security threats?

Watch Gartner Vice President & Research Fellow Tim Zimmerman, CradlePoint CEO & Chairman of the Board and George Mulhern, as they lay out key steps distributed enterprises should take to safegaurd their networks at the edge while increasing performance to accomodate even the most challenging connectivity demands.

Guarantee Network Performance and Security at the Edge Splash Screen

Constant Improvement; Constant Innovation

Posted by John McVey on July 15, 2014

I talked in an earlier post (Creating More and Better Customer Connectivity Options) about how CradlePoint works hard to give our customers numerous connectivity choices. We’re also making improvements to the physical router hardware to make sure our products deliver durable, business-class performance. These improvements include metal construction, shock and vibe ratings, extended temperature and humidity ranges and rack mount kits.

We’ve combined these improvements with the ability to centrally control our devices through Enterprise Cloud Manager. The result has been the ability of organizations like New York City’s Metropolitan Transit Authority and San Francisco’s Golden Gate Bridge, Highway and Transportation District to be able to provide wireless connectivity to millions of commuters.

We’re always working to make our product more robust in challenging installations like school buses and commercial coaches. We’ve written a whitepaper on best practices to help assure reliable operation.  We also realize that various circumstances may lead to non-optimal installations and we work to anticipate those situations and be as “fool proof” as possible.

You might wonder if CradlePoint is targeting these kinds of niche applications or specifically the transportation industry.  The fact is that as public and private transportation companies hear about what our solutions can do for them, they seek us out, do trial testing and then move forward with a roll-out. So we’re being pulled by force of gravity into more and more industry sectors.  Our robust and versatile products will continue to make inroads into new markets by virtue of our product design intent.

Regardless of what industry is using our products, we will continue to build solutions that operate beyond our specifications. The fact is that we tend to spec things conservatively: our products continue to operate beyond our specs—typically better than a competitor with a wider specification than ours.  We make sure we outperform our own specs because when we tell a customer that our product is going to work, we know it will exceed their expectations.

Enterprise Cloud Manager + Universal Modems Means Fewer Truck Rolls

Posted by John McVey on July 07, 2014

CradlePoint has led the industry by making it very easy for our customers to choose their cellular carrier by virtue of our routers supporting “plug-n-play” modem technology.  Customers can also change their modem (and carrier) to reduce their data costs or improve their connection or service level.  This flexibility allows companies to take advantage of the competitive swings in the cellular market and change carriers when necessary to obtain the best combination of price and signal strength for each of their office locations.

As easy as it’s been for CradlePoint customers to change their modem or carrier on our products, it was still challenging for locations without on-premise IT staff (and for many companies that means just about every remote location).  Remote offices without technical staff would require dispatch of a service truck to physically change their modem.  These “truck rolls” are costly, and difficult to schedule during the slow times (evenings and weekends) when they would be least impactful to ongoing business.

CradlePoint MC400 Modem

Now, with the introduction of our new MC400 universal modems, customers have even more flexibility in their choice of carriers and can future-proof their network solution—while avoiding those painful truck rolls.

Suppose, for example, that your company has been using Carrier X but then realizes it could lower data costs or get better connectivity by switching to Carrier Y.  With the MC400 modem, you won’t need to go out and buy another piece of hardware to accommodate the new carrier because the ability to handle multiple carriers is built right in!

In a sense, our new MC400 is analogous to the ability to unlock a cell phone so that is can be used with any carrier. The net effect is to give our customers more choice and lower their network operating expenses.

Companies that use cellular data services may have felt “locked in” to a given carrier after their initial equipment deployment.  That’s because they knew the cost of a service visit for each remote location would consume most of the savings of a carrier switch.  Now, the MC400 removes these roadblocks and enables remote selection of your distributed locations’ cellular carriers.

Our relationship with the carriers has been symbiotic.  CradlePoint was first to bring low-cost, reliable cellular data to mainstream businesses.  We work very closely with the carriers to get our products certified on their networks.  As a result, the carriers know how well our devices work.  One of the things we hear all the time from new customers is that they chose CradlePoint because their cellular carrier recommended our products.

By removing the “lock” on data services, our “universal” MC400 modem might be said to be an industry disruptor. We’re confident the net effect will be good for our customers and the carriers. Our solution will give our customers more flexibility, which can lead to lower costs that over time will enable more businesses to use cellular data.  This brings more customers to our carrier partners, enabling them to continue to grow their networks and drive the technology forward.  We really like these win-win solutions.

Creating More and Better Connectivity Options

Posted by John McVey on July 02, 2014

I work on CradlePoint’s hardware side and one of the trends we’re working on is to expand the number of ways our devices can provide customers with broader networking solutions. One example is the way we’ve improved our Wi-Fi performance. We now cover both spectrum bands (2.4GHz and 5GHz) with higher transmit power and “11ac” speeds.  We also do quite a bit of work to make sure our Wi-Fi and embedded 3G/4G capabilities perform well without interfering with each other.

We’re also using more powerful processors with additional memory so we can provide higher throughput and greater security.  While a lot of companies are moving to the Cloud, some continue to express concern about the availability and security of Cloud connections.  If, heaven forbid, their cloud service were unavailable, perhaps due to an attack, these companies still need secure networking to maintain their business.  Our strategy is to provide persistent Internet connectivity with a sufficient level of security built into our routers.  For example, they can use any combination of wired, cellular or even Wi-Fi as their WAN source.  And if their Wi-Fi is unsecured, their CradlePoint router will make it secure.  Customers can share bandwidth across these various WAN connections, or use just one and, if it is interrupted, automatically and quickly switch to another.  Customers can prioritize their connection choices to minimize their data costs and get much higher up time with much lower cost of service.

Things never sit still in the world of network technology. By constantly innovating and building strong relationships with our industry partners, vendors, and the carriers, CradlePoint enables our customers to solve problems now—and future proof their network connectivity.

4G Creates a Firm Foundation for a Secure and Agile Network

Posted by Lindsay Notwell on June 26, 2014

Originally on the Internet World Blog, 06-11-2014

Common among today’s business leaders is the topic of agility and the need to stay ahead of the competition.  But naturally, as the conversation moves from C-level executives to the ones responsible for implementing so called “agility” the conversation shifts.  It shifts from discussing the benefits that include cost savings, greater return on investment and greater efficiencies to the challenges of bringing those benefits to fruition.  Regardless of market sector, the challenges typically relate back to the foundational technology, its ability to adapt, and for today’s IT professional, a myriad of security concerns.

2014 will be recognized as the year of the Internet of Things (IoT).  The evolving concept and benefits of the IoT movement are the catalyst for much of this conversation and the angst of most IT professionals.  How do companies that service a vast clientele and collect personal information support the Internet of Things in a way that improves the customer experience in a secure manner?  Most companies want to gain the agility and benefits of a connected environment, however their legacy technology infrastructure can’t keep up with today’s hackers, making it tough to deploy a scalable network that is secure.

Continued reading here.

As Networking Demands Grow, So Must Your Network Agility: CradlePoint MC400

Posted by Michael Rotchford on June 19, 2014

Here at CradlePoint, we pride ourselves at being in close touch with our customers and in providing them with solutions that meet their evolving needs. Lately, customers have been telling us that they want solutions that provide high bandwidth and agility to meet growing consumer demand for the “connected retail experience.”

In early January 2014, we launched our AER 2100 cloud-managed solution to enable our customers to meet this demand. Moore’s Law states that processor speeds will double every two years. That’s a good thing, but it also means consumers will begin to use more and more data hungry apps, creating greater demands for bandwidth. That’s why this month we’ve introduced the new CradlePoint MC400.

The MC400 allows two enterprise grade modems to be embedded within the CradlePoint AER 2100. That means greater bandwidth for today’s data-intensive applications and WAN Diversity™ for 99.999% reliability.

It also gives enterprise organizations the capability to support up to four SIM cards within a single router, giving them the flexibility to use whatever carrier offers the best service at any given location.

Compared to consumer grade USB modems, the MC400 is enterprise tested for 24x7 use, includes high-gain external antennas, and comes with world-class support.

Are you ready to keep up with your end users? Learn more about how the CradlePoint MC400 lets you take full advantage of the speed and dependability of 4G LTE.

In the Wake of Heartbleed Part 3: How Enterprise Cloud Manager Gave Customers an Advantage over Heartbleed

Posted by Chris Rorris on May 22, 2014

As the old saying goes, when you’re being chased by a bear, you don’t have to run faster than the bear. You just have to run faster than the people you’re with. The same is true when it comes to data security.

With any malware or virus or bug, there are always exploits intruders can string together to defeat even the highest levels of security. But the fact of the matter is that if you erect decent security measures, intruders are typically going to move on in search of easier targets.

Hackers are out there scanning IP addresses for listening and responding ports, thereby potentially exposing weaknesses. CradlePoint uses and recommends Five Strategies to protect your servers and devices from intruders:

  • Strategy 1: Default Configuration. On each of our router devices is a configuration setting to enable or disable remote web-based administration. We disable that setting by default. It would have to be turned “On” for an intruder to be able to even attempt to log in and administer the device from the Internet.
  • Strategy 2: Access Control Lists. If a customer does enable web-based administration, the second strategy is an access control list. This list specifies what other systems and IP addresses should be granted access to do remote web-based administration. Both of these things would effectively prevent someone from using the Heartbleed vulnerability.
  • Strategy 3: Non-standard Web Ports. Our security strategy for Enterprise Cloud Manager is to not use standard web port 80 or 443. It uses different ports.
  • Strategy 4: Bypass Web-Based Admin. If you are using the Enterprise Cloud Manager, you don't need to have the remote web-based administration turned on or enabled to be able to remotely manage the device. Enterprise Cloud Manager provides an interface that looks almost exactly like what you would see if you were on one of our router’s web interfaces. All of the configurations you create are inside the Enterprise Cloud Manager environment and are then automatically pushed down to the actual router device when you hit apply.
  • Strategy 5: TLS. There are a number of different encryption and communication protocols in the background of Enterprise Cloud Manager that push configurations and pull data from the CradlePoint to the Enterprise Cloud Manager server.  We use TLS (transport layered security) for that encryption. The way Enterprise Cloud Manager works is it is only administers the CradlePoint, so none of the customer data that flows through the device is ever seen by Enterprise Cloud Manager.

I know from personal experience what it’s like trying to manage technology in thousands of locations at the same time. Without something like Enterprise Cloud Manager, you have to remotely go into each router through the web interface (assuming you have that turned on) or through a telnet/ssh session. In either scenario, you’d have to determine the correct firmware, download it, and only then execute the upgrade.

Needless to say, if you wanted to upload new firmware to neutralize Heartbleed—and if you have 100's or 1000's of devices to upgrade – that could take a significant amount of time and resources. With Enterprise Cloud Manager, devices are grouped together for configuration and firmware upgrades. You simply select the new firmware version from a drop-down box in the group configuration. Enterprise Cloud Manager then automatically pushes the firmware down to the group, without having to go into each device individually. It’s as simple as that.

Enterprise Cloud Manager also gives you status and reporting updates so you know what firmware version all your devices are on, and what devices may still need an upgrade. If a device was offline when you initiated the firmware upgrade, as soon as it comes back up, Enterprise Cloud Manager senses that device and automatically pushes down the firmware upgrade.

Finally, I just wanted to point out while Enterprise Cloud Manager is a paid service, we gave customers who don’t pay for this service the opportunity to get a 30-day Enterprise Cloud Manager account for no charge so they could use it to update their devices as quickly as possible. I guess you could call that Strategy #6.

In the Wake of Heartbleed Series:

Part 1: Three Observations
Part 2: All Hands on Deck
Part 3: How Enterprise Cloud Manager Gave Customers an Advantage Over Heartbleed

Guest Blog Post from Kent Woodruff on Internet World

Posted by Kent Woodruff on May 20, 2014

Original Post on May 20, 2014 -

Written by Kent Woodruff, Chief Secuirty Officer at CradlePoint

Post Heartbleed, those of us involved in network security could take a lesson from the CDC. One of the biggest barriers to stopping the repeated threats of an Avian Flu pandemic is the resistance on the part of many nations to share information when the flu takes hold in their country. We saw this in May 2013 when China refused to release English-language versions of relevant statistics and facts about an outbreak in their country of a new bird flu called H7N9.

Similarly, when the Heartbleed bug and other incursions strike, there is great reluctance on the part of affected companies to share information about their own internal pandemics. You can speculate on why they don’t want to share this crucial information (and there are still significant barriers to privacy and intellectual property protection that understandably causes companies pause to engage in security collaboration). The net effect, however, is to slow down or prevent other efforts to find a “cure.”

In the wake of the Target breach, for example, none of the exposed companies have released their “relevant facts and statistics.” We’ve heard rumors and conjectures. IT security luminaries, forensics experts, and even the FBI have tried to cobble together known facts into a plausible narrative. But it is all speculation—if very educated speculation.

What we need are hard facts: Did the breach go through vendor credentials? Was it through some misconfigured device? How did the attackers get into the core network—or was it just wide open? Do we all need to rush out and check our routers to make sure the ACLs are configured properly?

Click here to continue reading.

In the Wake of Heartbleed Part 2: All Hands on Deck

Posted by Chris Rorris on May 14, 2014

I talked last week about how the Heartbleed bug was unique in how long it went undiscovered, how many things it affected, and how hard it was to tell if anyone had used it to access data. Today I’d like to talk about what CradlePoint did to reestablish protections for our customers.

As I said in Part 1: Three Observations, our router devices—like almost every other companies’ devices that are connected to the Internet—were vulnerable to the Heartbleed exploit because we use the OpenSSL encryption. (If you’re going to configure or administer a device remotely over the public internet, you would normally use an SSL connection through your web browser. We use SSL to encrypt management communications between end users and their router devices.)

In order to fix the vulnerability, we had to do a firmware update. We created a new version of our firmware (available here) using the new 1.01G SSL version that closed the open door left by Heartbleed. This page lists the affected CradlePoint products that will require this new firmware. We encourage all CradlePoint customers with these products to update their firmware as soon as possible.

The other area we had to address was Enterprise Cloud Manager, our cloud-based management platform that customers use to remotely manage their devices in real-time. The OpenSSL on our stream servers had to be updated while the web servers that host Enterprise Cloud Manager weren’t affected. This meant username and passwords were not at risk.

Given that we were in the same boat as just about every other company, the best thing we could do was to move as quickly as possible to remove the vulnerability. As I said in Part 1, it took two years for the world to discover Heartbleed. It took CradlePoint a matter of days to patch it. In fact, after being informed of the bug on April 7, we had our Enterprise Cloud Manager servers patched by April 9, and released our firmware updates for our entire line of products by April 14.

To say that we had to reallocate a lot of our internal resources would be an understatement. We had to pull people off things like new product enhancements and version upgrades, and rededicate them to addressing this vulnerability. We wanted to do all we could so that our customers would feel safe and confident in the security of our devices and our management platform.

In the meantime, we had a lot of customers ask, “Does Heartbleed affect us?” In order to answer the question that was on everyone’s lips, we worked with our customers to focus on the settings they were using on their CradlePoint devices.

In my next post I’ll talk about these settings and how Enterprise Cloud Manager enabled customers to quickly eliminate the Heartbleed bug from their CradlePoint solutions.

In the Wake of Heartbleed Series:

Part 1: Three Observations
Part 2: All Hands on Deck
Part 3: How Enterprise Cloud Manager Gave Customers an Advantage Over Heartbleed

In the Wake of Heartbleed Part 1: Three Observations

Posted by Chris Rorris on May 07, 2014

Now that the dust has settled in the aftermath of the Heartbleed bug, I thought it might be useful to summarize some of the things CradlePoint learned and did that will help us better protect our clients in the future.  Let me be clear that CradlePoint acted swiftly to resolve the issues created by Heartbleed as soon as the vulnerability was discovered. I’ll talk about the remediation steps we took in my next post.

In a previous life I spent 13 years managing LAN, WAN, and wireless for top-brand stores with thousands of locations. I know the implications of having to patch thousands of devices out in the field: how hard it can be, how long it can take, and how stressed out you become until you’re sure your network is protected again.

As you may know, the Heartbleed bug took advantage of a vulnerability in the open source standard of OpenSSL that everyone uses for their SSL encryption. It showed up in specific versions of OpenSSL, from 1.01 through 1.01F.

There are three particularly interesting things about Heartbleed.

  1. It was out there for a long time: It’s amazing how long the vulnerability existed before anyone knew about it. Heartbleed was introduced into SSL with the release of version 1.01 on March 14, 2012. It wasn’t until about April 7, 2014—more than two years later!—that news of it became public. (Some people found it a little sooner than that. But it wasn’t widely known until the 7th of April.)  At that point, version 1.01G was released to patch devices, applications, operating systems, and so forth.
  2. It affected so many things: Heartbleed created problems in so many different areas. It wasn't just a problem for web applications. It also affected websites, servers, routers, switches, and network storage devices. Typically, malware or viruses affect a limited number of things. Heartbleed went across all these different platforms.
  3. It was virtually transparent: Heartbleed didn’t leave any clear tracks or abnormal entries in logs or records. It was very hard to tell if somebody actually used it, got in, and did something. That's the scary part of it: it’s difficult to know for sure how many systems were compromised and what data was taken because the bug was so transparent. Heartbleed created an open door. Short of looking for access floods, there’s no way of knowing if somebody came through that door.

Heartbleed worked by allowing hackers to compromise the certificates that are used to encrypt data. This meant they would be able to read traffic that would normally be encrypted—such as from a PC to an online shopping site. Heartbleed enabled hackers to get a hold of those encryption keys and use them to view the data that was going back and forth.

That could be credit card data. It could be user log-ins, passwords, and other data from a websites cache. It could be propriety information such as trade secrets or stock market trading. Anything that was going over the public internet that could be accessed normally over HTTPS or SSL could potentially have been compromised.

For all these reasons, Heartbleed was a very challenging bug. In my next post, I’ll talk about what CradlePoint did to protect our clients as quickly and effectively as possible. Later on, I’ll talk about how companies that have CradlePoint’s Enterprise Cloud Manager had a much easier time dealing with Heartbleed.

In the Wake of Heartbleed Series:

Part 1: Three Observations
Part 2: All Hands on Deck
Part 3: How Enterprise Cloud Manager Gave Customers an Advantage Over Heartbleed