Wireless laptops get new defense

Network Chemistry is extending its security software to cover laptops running various kinds of wireless connections.

The new product, called RFprotect Endpoint, will include an agent that runs on laptops and enforces wireless security policies. The idea is to protect users when they're outside the corporate perimeter and connecting to hot spots, cellular networks or Bluetooth smartphones, where laptops are more exposed to network threats than on corporate wireless LANs (WLAN ).

The product is about to enter beta tests and is scheduled to be released during the first quarter of 2006. Pricing starts at $29 per laptop.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Network Chemistry is extending its security software to cover laptops running various kinds of wireless connections.

The new product, called RFprotect Endpoint, will include an agent that runs on laptops and enforces wireless security policies. The idea is to protect users when they're outside the corporate perimeter and connecting to hot spots, cellular networks or Bluetooth smartphones, where laptops are more exposed to network threats than on corporate wireless LANs (WLAN ).

The product is about to enter beta tests and is scheduled to be released during the first quarter of 2006. Pricing starts at $29 per laptop.

RFprotect Endpoint is focused on the wireless interfaces in a laptop. It can apply enterprise security policies to 802.11 WLAN adapters, cellular data cards and Bluetooth connections. The agent runs on all the common Windows operating systems and doesn't interfere with VPN clients, the company says.

"An agent can monitor and regulate and limit how much the user can change the configurations and properties of their wireless [network interface card]," says Skip Bayro, senior IT security consultant with OpTech.

Bayro has deployed for several clients Network Chemistry's RFprotect Distributed, a combination of software and dedicated wireless sensors for detecting and blocking WLAN intrusions. One client, an energy company with more than 400 laptops, will be a beta site for the new Endpoint product.

"This will be an agent that can be 'cookie-cuttered,' configured at a central console, and pushed out to users anywhere," Bayro says. "For example, users won't be able to change the [Service Set Identifier], or change the 802.1X authentication supplicant, or make any of the other changes to their wireless connectivity that would compromise information security."

The basic approach is similar to that of other companies, which use an agent architecture to secure various parts of a client device. Safend's Protect product controls peripheral interfaces, including those used by WLAN cards. Other companies in this market include Centennial Software, McAfee and Senforce Technologies.

The Endpoint agent can be downloaded to any number of laptops using Microsoft Systems Management Server, Macrovision's Flexnet and other tools. Once a laptop powers up, the agent contacts the Endpoint server software, which downloads updated configurations and policies to the laptop.

Administrators work with the server program to create, save, download and activate wireless security policies for Endpoint. Examples include requiring a corporate VPN client to be active, prohibiting the use of ad hoc WLAN connections between two laptops and using only specified access points.

Read more about security in Network World's Security section.