Wireless LANs are getting faster, with better interoperability and more cost effective connectivity for mobile users. However, current 802.11x wireless standards offer limited security measures, as recently discovered vulnerabilities in the Wire Equivalent Privacy protocol demonstrate. IT managers need better products to secure their WLANs from eavesdroppers and unauthorized access, and to enable centralized management in enterprise environments.
Toward that end, companies including ReefEdge and SMC Networks are working on new lines of appliances designed specifically to secure WLANs. These products protect wireless communications by offering robust authentication, stronger encryption methods and simplified WLAN access control management.
The new breed of appliances can be integrated into current WLAN infrastructures using the IEEE 802.11x and Bluetooth wireless standards. Wireless users gain access to the network by authenticating with the security appliances via SSL and certificates. The appliances have their own databases but can also integrate with LDAP, RADIUS, or Windows Domain authentication servers.
The appliances use VPN technologies to provide secured communications between the wireless clients and the WLAN security appliance through the access points. The appliances use several types of encryption, including DES, 3DES and Blowfish, to secure network data.
SMCs EliteConnect appliance supports Point-to-Point Tunneling Protocol, Layer 2 Tunneling Protocol/IPSec, and IPSec VPN connections. ReefEdges Connect System appliance supports IPSec tunnels only.
In order to maintain the VPN tunnels for clients roaming across different wireless subnets, both the EliteConnect and Connect System have roaming capabilities to ensure that clients neednt re-establish the VPN tunnel or lose connectivity when using different access points on the network.
The ReefEdge Connect System appliances also offer WLAN traffic optimization features such as Class of Service and Quality of Service. Using QoS allows administrators to regulate user- or group-level bandwidth usage and provides more granular access control. Although implementing these new products will require a large initial investment, the ability to secure and manage an entire WLAN with several appliances may be money well spent in the future--especially in heterogeneous environments.
Technical Analyst Francis Chu can be reached at email@example.com.