LAS VEGAS — When Bob Cochran launches a wireless local-area network (WLAN), one of the first things he thinks about is security.
Cochran, a civilian network engineer with the United States Air Force, said the military
medical system relies heavily on wireless technology in supply warehouses, where workers use wands with wireless transmitters to collect data on inventory.
Cochran spoke with ITBusiness.ca at Networld + Interop, which wraps up Friday. He attended the trade show in order to learn more about technologies such as WLAN and networks that combine voice, video and data traffic.
He said the biggest security concern he has is the “”back door”” — making sure all paths into the networks are secure.
Several vendors at N+I introduced products in order to address security concerns.
For example, Ranch Networks Inc. of Morganville, N.J. introduced the RN5 Integrated Security Switch, which is designed to segment LANs into zones with their own security policies. It can isolate portions of LANs that belong to separate companies and prevent users in conference rooms or guest cubicles from accessing certain parts of the network.
Meanwhile, Santa Clara, Calif.-based Netgear Inc. launched the ProSafe Dual-Band Wireless virtual private networking firewall, which is scheduled to ship next month and supports the Institute of Electrical and Electronics Engineers (IEEE) 802.11a, 802.11 b and 802.11g WLAN standards.
In another initiative designed to increase WLAN security, the WiFi Alliance launched WiFi Protected Access (WPA), which is available as a software upgrade to existing 802.11 products. It is a subset of the 802.11i standard, which has not been finalized, and is designed to make some features of 802.11i available now.
Although demand is strong among consumers and small office operators for 802.11 products, enterprise users have been taking a “”wait and see”” approach because they are concerned about security, said David Cohen, chairman of the WiFi Alliance’s security task group.
WPA is designed to address some of the problems of wired equivalent privacy (WEP), which is included as an optional feature on current 802.11 products. WEP-enabled installations can allow users to log on without authenticating, and it’s difficult to manage at large organizations because keys have to be distributed manually, Cohen said during a briefing Tuesday.
Bruce Comeau, a business network specialist for 3Com Canada Inc., said in a separate interview that corporate WLAN users should not rely on WEP alone to secure their networks. At the very least, Comeau said, they should use WEP in combination with another technology, such as virtual private networking (VPN).
WPA allows authentication (in networks with servers using protocols such as RADIUS) and dynamic key allocation. Elements of 802.11I available in WPA include Extensible Authentication Protocol (EAP) and Temporal Key Integrity Protocol, or TKIP.
Future 802.11 products will need to have WPA capability in order to get the “”WiFi compatible”” logo. Cohen warned users to check carefully for this logo, adding statements like “”works well with WiFi”” or “”WiFi friendly”” won’t necessarily have WPA.
Anyone wanting to upgrade to WPA can do so with a software package, although the WiFi alliance recommends organizations also use a RADIUS server.
The security and management issues surrounding WLANs were a common theme at N+I events.
Gordon Stitt, chief executive officer of Santa Clara, Calif.-based Extreme Networks Inc., said the issue is one of perspective.
During a keynote address Wednesday, Stitt said users need to “”re-define access”” and not view wireless simply as an add-on to the network. He added that organizations need networks that are both wired and wireless, and scalable enough to accommodate all types of access.
Stitt addressed what he sees as a commonly-held perception in the industry that everything that users need has been invented.
He said many users are asking for small improvements from vendors, rather than for broad visions. For example, he said, some users want 48-port switches for the same price as 24-port switches, and are happy when their vendors can deliver.
“”That’s an improvement, but it’s hardly innovation,”” he said.
Stitt added vendors should continue to spend on research and development, even when revenues are dropping.
“”The people with the bean counter mentality don’t realize that R&D takes time,”” Stitt said. “”You can’t just turn it on like a spigot when the economy recovers.””
New products announced at N+I include the 5842 and 5844 wide-area networking routers from Sunnyvale Calif.-based Quick Eagle Networks Inc.
The 5842 router includes two T1 ports, while the 5844 has four T1 ports.
The routers, which are scheduled to ship next month, are designed to connect branch offices over Frame Relay and other wide-area data networks.
Alan Rice, Quick Eagle’s senior vice-president for marketing, said the routers include technologies that aren’t always combined in one appliance, such as RMON remote monitoring and the ability to monitor telecommunications carriers’ compliance with service level agreements.
Comment: [email protected]