As the number of networked wireless devices continues to rise in the enterprise, the challenge of securing them continues to grow as well.
For most IT managers, two basic options exist: Install a VPN or employ 802.1x authentication. Two companies are offering updates to both concepts with new wares that make it easier to secure large numbers of wireless users and devices.
Meru Networks Inc. will introduce this week a WLAN (wireless LAN) VPN module that supports Secure Sockets Layer, allowing a Web browser to handle the key exchange, while Funk Software Inc. rolls out Version 3.0 of its Odyssey Client next week.
Merus solution, the Meru Zero-Config VPN, enables remote users who connect to the network via a wireless handheld to hook up to a VPN automatically, without requiring the VPN to be installed on the handheld.
Regarding a beta tester in Boston, “in the past they used a Check Point [Software Technologies Ltd.] VPN, but they wanted something a little more integrated,” said Mike Pease, a technical systems engineer at TelecomNow, a hardware reseller in Northboro, Mass., that installs WLANs for large enterprises. With the Meru product, Pease said, “they significantly cut down on the roaming time between physical access points.”
The Meru Zero-Config VPN module can terminate more than 2,000 VPNs, said officials at the Sunnyvale, Calif., company, which was founded in 2002 and is venture-funded. The module sits inside the companys Controller, a gateway that centrally controls the security, management and quality-of-service policies of a WLAN.
“Because were terminating the VPNs, we can look at the headers,” said Chris Gilby, a product manager at Meru.
This feature is augmented by Merus Air Traffic Control technology, which allows VPNs to stay connected even when a user roams from one access point to another, officials said.
The Zero-Config VPN module, which was created in conjunction with Cavium Networks Inc., supports Microsoft Corp.s Windows 2000 and Windows XP. Support for handheld platforms, including Pocket PC and Palm OS, is due next quarter. The module is available now for $3,000. The Controller in which it sits costs about $8,000.
Meanwhile, 802.1x security options are available from Funk with its Odyssey Client Version 3.0. The upgrade adds the new Secure Client Provisioning features, which let managers push a preconfigured client to a device without user intervention. Once the device is turned on, it will be connected and authenticated to the network, said officials of the Cambridge, Mass., company.
The operative words for Odyssey are control and choice, said Kevin Walsh, Funks director of product development. Odyssey supports all versions of Windows from Windows 98 on; Pocket PC 2002 and Windows Mobile 2003; and all major authentication methods, including EAP (Extensible Authentication Protocol) variations and encryption protocols.
“The security protocols should not be an end-user choice. The network admin will have to sit down and determine whats best for their organization. If you have deployed a PKI [public-key infrastructure], TLS [Transport Layer Security] makes sense,” Walsh said. “If users attach to an iPlanet subdirectory, then TTLS [Tunneled TLS]. If Active Directory, then LEAP [Lightweight EAP], PEAP [Protected EAP] and TTLS.”
The Bay Area Rapid Transit has used Odyssey for more than two years and was an early beta tester of the first client versions, said Ray Mok, BARTs principal engineer for communications, in Oakland, Calif. According to Mok, Odyssey gives his employees, especially BART police, the flexibility they need and gives administrators the security they need.
BART has deployed wireless access points in about 90 percent of its train stations, Mok said.
“BART management is very concerned about [public safety]. So we do a lot of surveillance,” Mok said. “In some cases, BART police in a patrol car need to get in the network, but we obviously cant wire the police car. The network is also used by maintenance and systems engineers who need to do troubleshooting but dont want to get tied down to a cable.”
Yet the challenge to authenticate users remotely increases as the number of remote users rises. According to Gartner Inc., the number of WLAN hot-spot users will more than triple this year, to 30 million, up from 9.3 million users last year. By the end of this year, more than 50 percent of professional notebooks will have WLAN capability, the Stamford, Conn., company predicts.
The other new feature in Odyssey 3.0 is support for Novell Inc.s Client log-on for Windows, officials said. Its not a single-sign-on solution for all applications, said Walsh, but it will give users access to the network.
Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page: