A security device designed to secure wireless LANs has caught the eye of one of the country’s biggest wireless sites.
The system administrator at St Kentigern College in Auckland, Nandini Doreswamy, says the school’s wireless network of 1100 students and staff has never been compromised. But with the “vulnerabilities seen on wireless LANs”, the school is not being complacent.
Doreswamy says a network gateway from US company Bluesocket looks to be a good “composite” approach to security and bandwidth management. She says Bluesocket’s New Zealand partner, Kalooma, is assessing how many of the $18,000 WG-1000 devices the school would need to secure its 30 or so wireless access points.
The Bluesocket server lets administrators allot bandwidth to particular groups, Doreswamy says. That would allow her to provision appropriate bandwidth for a class using the internet while sharing an access point with users running administrative applications.
Bluesocket touts the gateway’s security features, saying it enables layer 3 level security based on IPSec; and that it provides multiple authentication methods and “role-based” access to services.
According to US-based sales head Joost de Jong, who briefed potential New Zealand customers and dealers on the device earlier this month, comparable wireless LAN management features are only available in multiple devices.
De Jong says although Bluesocket is not a member of the Wireless Ethernet Compatibility Alliance (WECA), which administers the “WiFi” label showing product interoperability, its gateway works with products from vendors including Cisco, Microsoft, IBM, Intel and numerous others.
Cisco compatibility is important to St Kentigern, says Doreswamy, because the school is one of that vendor’s reference sites. She says Kalooma and Cisco are together evaluating the school’s requirements. “We would like progress as soon as possible; a question of months, rather than next year.”
In the meantime security of the school’s LAN relies on tying IP addresses to user names and passwords, and on Cisco’s implementation of the 802.1x IEEE wireless LAN standard. That was created as a more secure standard than 802.11, which was last year shown to be insecure.
But 802.1x has also reportedly been breached, by a University of Maryland professor and his graduate student.
Professor William Arbaugh and his graduate assistant Arunesh Mishra have written a paper outlining two separate scenarios that nullify the benefits of the new standard.
A standard due in the second quarter of this year, TKIP (temporal key integrity protocol), will improve wireless security, but longer term the IEEE reportedly intends to adopt AES [advanced encryption standard], the same security protocol sponsored by the National Institute of Standards.
AES requires hardware acceleration using a co-processor to off-load encryption and decryption.
Bluesocket’s de Jong says the WG-1000 is AES-capable.
An example is running in the wireless LAN at Vodafone’s WOWspace Auckland showroom.