The words "wireless" and "security" usually don't fit into a sentence without a wry chuckle added in there. A new generation of wireless security devices aims to change all that.
If you haven't yet deployed wireless networking in your company, chances are you're being held back by WLAN's questionable security. Wireless data transmissions are as subject to interception as wireless phone calls, and the Wireless Equivalent Privacy (WEP) encryption built into the 802.11b wireless specification has proven to be easier to crack than it should be.
While casual -war drivers"â€"individuals who hang around outside companies and look for untended wireless connectionsâ€"may not get to see your WEP-encrypted data, anyone bent on corporate espionage probably can.
The tried and true methods for securing wired LANs can also work for wireless networks. RADIUS, Kerberos, and LDAP authentication and PPTP, L2TP, and IPsec VPNs have a much better record of keeping your private data private. PPTP and L2TP have the added advantage of being bundled as part of Windows. But all these alternatives are less suited for wireless. They require central servers to maintain user security records, while wireless is inherently a decentralised medium. And, because they encrypt the packets passing over the network, they defeat quality of service (QoS) software designed to read packet header information and prioritise traffic based on pre-set priorities.
Bluesocket makes a $12,596 WG-1000 Wireless Gateway that sits on a LAN between wireless access points and the rest of the corporate network. It acts as an authorisation and VPN server. Any wireless data traffic can reach the device, but unauthorised users can't get past it. Authorised packets pass across the internal network (which is presumably secure), unencrypted. That lets any devices you installed to implement network QoS do the job they were designed for.
There are a lot of potential pitfalls with a device like this, but Bluesocket's architects seem to have avoided most of them. You can have multiple wireless gateways on the network, each one handling about 100 simultaneous users. Two boxes can be designated as hot failover units for each other. All gateways on the network can be managed simultaneously from a single browser-based console using a master/slave hierarchy. Permissions are granted and denied according to user information defined in repositories like LDAP or Active Directory; you don't have to duplicate all your existing user information, and you can set access policies on a user or role basis.
Today, the encryption/decryption algorithms within the box (which is powered by an 866MHz Pentium III processor and a hardened version of Linux) run in software. That can impose a slight performance penalty on highly trafficked networks, where the bandwidth exceeds 30Mbps.
To us, wireless security gateways seem like the right product at the right time. There's little doubt they're coming to your office, to airports, and probably to your home and your local coffee shop, too. If your mobile users are taking corporatenotebooks into settings you can't secure, you need to at least secure the traffic they send when they're away from the LAN. A wireless gateway that supports strong encryption is a sensible way to go.
At press time, Bluesocket was about to announce version 2.0 of the gateway. We'll update you on the new features in next month's issue.
| Product: | Bluesocket WG 1000 Wireless Gateway |
|
|
|
| Price: | AU$12,596 |
|
|
|
| Vendor: | Integrity Data Systems |
|
|
|
| Phone: | 02 9889 3300 |
|
|
|
| Web: | www.integritydata.com.au |
|
|
|
| Interoperability: |
Works with access points and network interfaces from all major vendors, supports Bluetooth access points, compatible with existing VPN clients and servers from most vendors. |
|
|
|
| Futureproofing: |
Though it's difficult to predict where wireless standards will end up, this should do for the near future. |
|
|
|
| ROI: |
A good investment for security conscious companies. |
|
|
|
| Service: |
1-year hardware, 3-year software warranty. |
|
|
|
| Rating: |
|
|
|
|
1%
1%
