- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Industry analysis by expert Joanie Wexler, plus links to the day's wireless news headlines
Check Point Software's recent launch of a security appliance bundled with a wireless LAN access point brought to mind an old question: with product integration all the rage, which core competency do you focus on when purchasing a multifunction product?
This question has surfaced before in this newsletter, when WLAN maker Aruba Wireless Networks made sweeping network security announcements that seemed to spill outside its primary area of expertise. At the time, Aruba feared that people would start thinking of it as a security company, rather than as the wireless-centric company that it is. But, in fact, all the WLAN vendors have had to focus so hard on solving security problems over the past few years that they've almost become default security experts out of necessity.
I don't, however, believe that the reverse is true - that it can be assumed that security companies can necessarily claim strong wireless expertise. Given that security and wireless both rank very high on enterprise strategic agendas, the question emerges: for small and midsize shops, do you purchase an integrated security appliance with wireless AP or do you go best of breed on each and purchase separate product lines, albeit at a higher total cost of ownership?
I don't think there's a one-size-fits-all answer. First, chat up the security appliance vendors and see if any seem to have the wireless expertise, architecture, features and vision that satisfy you. Are you buying the product first and foremost for a strong WLAN platform from a company steeped in RF expertise? Or are you primarily seeking a multilayered, centrally managed enterprise-wide network security platform, with wireless access as a "nice to have?"
If the wireless component is secondary and if the site you are trying to wirelessly enable isn't likely to grow beyond a few APs, consider the following hybrids:
* Check Point's VPN-1 Edge W series of wireless appliances, announced last week, which combine 802.11b/g/SuperG (108M bit/sec)-capable APs with firewall and VPN (IPSec encryption) capabilities, WAN links and hot failover between redundant boxes or between two ISP connections on one box.
* Fortinet's FortiWiFi-60, which combines network-based anti-virus, firewall, content filtering, VPN, intrusion detection and prevention, traffic shaping and dual WAN links. The appliance conducts full content reassembly by first buffering fragments of sessions, in case a hacker attempts to send malicious signatures in segments, says Fortinet's director of product management Phil Kwan. It also checks HTTP port 80, FTP and e-mail protocols (POP3, SMTP, and IMAP) for IEEE behavior compliance to make sure infections are not being tunneled through these ports, Kwan says.
* SonicWall's TZ170 and SOHO TZ line of hybrid VPN encryptors, firewalls and 802.11b and 802.11b/g access points, which also support intrusion detection and prevention. The products also monitor for rogue access points, something the other two companies' products don't do, requiring you to purchase a separate sensor network for this function.
Joanie Wexler is an independent networking technology writer/editor in Silicon Valley.