Wireless LAN vendors attack security issues
Connecting state and local government leaders
When the Pentagon'no small potential customer'cracked down recently on the installation of wireless LANs, the industry sat up and took notice.
When the Pentagon'no small potential customer'cracked down recently on the installation of wireless LANs, the industry sat up and took notice.
Why? The inherent vulnerabilities of the technology. If you simply go to the nearest computer dealer and buy a $99 access point and plug it in, your wireless link will be insecure.
But vendors are bringing out commercial equipment to make it easier to overcome the security problems that plague wireless LANs. They are splitting access points into two parts so that the 2.4- and 5.0-Gigahertz radio signals can be showered anywhere, but a second component behind the corporate firewall will arbitrate the access or movement of data.
'That's how the 802.11 standard was set up in the first place,' said Graham Melville, director of wireless technical marketing for Symbol Technologies Inc. The Holtsville, N.Y., company recently introduced Mobius, a wireless system 'that goes back to the original wired specification,' he said.
With Mobius, Symbol has put the intelligence and access controls into a rack-mountable switch controlled from behind a firewall. Access ports containing only an antenna connect to the switch using Ethernet cabling, over which they also get power. The ports resemble flying saucers.
'This gives extensive security improvement,' Melville said. There are no traditional access points at the edge of the network, and policies can be set to examine individual data packets, he said.
SMC Networks Inc. of Irvine, Calif., has taken a similar approach with its 2504W EliteConnect, a rack-mounted WLAN server that combines Layer 3 intelligence and management in the wiring closet.
Chief executive officer Sean Keohane said one federal reseller is testing the machine for the Navy and Veterans Affairs Department.
With the intelligence and control separate from the access points, an administrator can ensure unauthorized users 'can't get network access without authentication. It bypasses Wired Equivalent Privacy with virtual LAN technology,' Keohane said.
Keohane predicted the next generation of WLAN products would have more features for security and management, such as variable antenna output to limit the area of coverage and prevent signals from heading outside to the streets. Also coming, he said, would be access points with Simple Network Management Protocol agents for remote management, and broadband modems and access points integrated into single boxes.