Shields Up: Meru Redefines WLAN Security

One of the most interesting (and perhaps even possible) elements of the Star Trek franchise was the shield. A hostile ship appears, the captain barks "shields up!", and voilá, an energy barrier impervious to most everything appears. This is electromagnetic physical security at its best.

So wouldn't it be nice if such were possible in the wireless LAN world? We most certainly have excellent Layer-2-and-above security today, with a combination of WPA2 plus a VPN plus strong (ideally, two-factor) authentication plus IDS/IPS the basic gold standard. But, as I've noted before, when it comes to security, you're never done. The biggest threat to the security of a wired network is at Layer-1; someone gets access to the wire and all bets are off unless upper-layer security along the lines of what I outlined above is employed, and that's not all that common on wire.

Until today, Layer-1 security of WLANs was a good idea that no one had brought to market. I've worked on two such projects over the years; it's, um, difficult at best. But the idea of a shields-up approach to WLAN security - making a WLAN inside a building invisible outside the building - has now been realized by Meru Networks with their RF Barrier "AirFirewall" product, just announced today.

Meru didn't tell me exactly how their implementation works; there are patents in the works. But the basic idea is to install an outdoor antenna on each side of the building to be protected, and the remaining logic in the system (which is integrated with Meru's management console) jams "indoor" traffic when it tries to go outdoors. Someone outside the building would thus see nothing - no frames to sniff, no network to hack. Quite literally, this is a shield (or "cloak") that there's no getting around. Note this solution requires some installation, but it's basically hands-off in operation apart from checking the logs every now and then. It is, however, Meru-specific, at least at present, although it could conceivably be adapted to other architectures and implementations. But best of all, it's incredibly inexpensive - I would even call it cheap for what it does, with a starter kit running around US$4,000.

Meru has rapidly become one of the most visible and innovative WLAN suppliers. They got started, of course, with the idea of the "horizontal" allocation of WLAN channels, as opposed to the "vertical" cellular model used by all but one of their competitors. While the WLAN architecture wars will continue for some time, Meru has won a number of big deals. But what's really interesting about their strategy is the announcement of add-ons, like their "virtual reality" coverage analysis tool, and now the AirFirewall. This is smart marketing - as the WLAN market commoditizes (and such is inevitable as all suppliers have .11n and the rest of the basics, no matter as to specific channel allocations and such), differentiation will come from higher-level software, adjunct products that enhance the value of the basic required functionality, and having the right channels to move and support the gear. A little outside-the-box thinking and technological innovation can go a long way, and Meru can now claim the most comprehensive security solution available from any vendor.

I can wait to take this product out for a spin. In the meantime, I'm impressed - very impressed, and I don't say that often.

• Wireless / Mobile
• AirFirewall
• Meru Networks
• RF cloak
• RF shield
• wireless physical-layer security