By Andrew Garcia  |  Posted 2004-10-04 Print this article Print

The latest version of software for Bluesocket Inc.s wireless gateway appliances provides simplified strong authentication, tighter integration with Cisco Systems Inc.s WLAN gear, and an occasionally effective intrusion detection and prevention tool that needs better monitoring capabilities.

Bluesocket and rival wireless LAN gateway vendors Vernier Networks Inc., ReefEdge Networks Inc. and Cranite Systems Inc. have effectively segmented the WLAN from the rest of the network with flexible, user-aware firewalls and stronger encryption capabilities. They are increasingly looking to provide application-layer defenses to staunch the flow of fast-spreading attacks.

eWEEK Labs tested Bluesocket 4.0 software running on a $12,995 WG-2100 wireless gateway appliance, which started shipping in August. The WG-2100, Bluesockets middle-tier appliance, comes with two Gigabit Ethernet adapters (fiber connections are optional) and can support throughput of up to 450M bps of unencrypted traffic or 150M bps of encrypted traffic. Version 4.0 offers strong alternatives for authentication, with easily configurable pass-through to a variety of authentication databases, including RADIUS (Remote Authentication Dial-In User Service), LDAP, Windows Domain and Kerberos. The WG-2100 can act as an 802.1x termination point, authenticating users to local or remote user databases.

We especially liked Version 4.0s Transparent Windows authentication capability, which intercepts domain credentials exchanged between the client and domain controller and automatically provides network access without requiring a second log-on.

Version 4.0 extends Bluesockets support for Cisco access points to intercept and forward CDP (Cisco Discovery Protocol) broadcasts. This allows administrators to get a closer look at the status of Cisco access points.

Unlike Vernier Networks competing products, which mitigate outbreaks using customized filters to detect worms by their payload content, Bluesocket uses a rate-based IDS (intrusion detection system) mechanism that can monitor and block anomalous traffic behavior.

Bluesockets IDS lets administrators limit each users maximum number of concurrent firewall sessions. Users violating an administrator-defined threshold are moved to a premonitoring state that tracks the number of violations in a given period of time. Multiple violators are moved to a monitored or blocked state, with access to the protected network curtailed or blocked and Web traffic redirected to a notification or remediation server. All thresholds and timeouts are configurable .

Bluesocket officials are quick to point out that administrators will need to tweak the default thresholds to customize the IDS to an organizations requirements. Even when tuned, the IDS could not detect our W32.NetSkyC@mm-infected client or block it from propagating the worm to file servers in the protected network. However, the WG-2100 effectively detected and blocked clients performing port scans and vulnerability probes, as well as clients infected with chatty worms such as Sasser.

The Bluesocket software does little to help administrators fine-tune trigger settings. Although the WG-2100 has a traffic-capture feature that can export small packet traces to an external protocol analyzer, there is no real-time reporting of relevant statistics beyond client bandwidth use.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

Check out eWEEK.coms Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis.

Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel