Plugging RF leaks

Meru prepares to halt Wi-Fi signal seepage from corporate perimeter

Industry analysis by expert Joanie Wexler, plus links to the day's wireless news headlines

Have you considered wrapping your building in tinfoil or slathering the walls with metal-impregnated paint to keep RF signals from leaking out? If so, you might want to hold off till September, when a simpler alternative is expected to arrive.

Meru Networks says its forthcoming RF Barrier product will keep your corporate WLAN signals from seeping through building walls into parking lots and other public areas where nefarious eavesdroppers might lurk. The product comprises a Meru AP-200 802.11a/b/g access point with special packet-inspection software plus a 180-degree directional antenna. You mount it outside the building – at least one AP/antenna pair per outside wall per channel in use – and the device corrupts 11a/b/g signals emanating from authorized MAC addresses, rendering them gibberish to hackers and war-drivers.

Start-up Xirrus offers a similar capability with the Sharp Cell technology in its Wi-Fi radio arrays that helps enterprises sharply define the edge of a coverage area and limit RF bleed.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Have you considered wrapping your building in tinfoil or slathering the walls with metal-impregnated paint to keep RF signals from leaking out? If so, you might want to hold off till September, when a simpler alternative is expected to arrive.

Meru Networks says its forthcoming RF Barrier product will keep your corporate WLAN signals from seeping through building walls into parking lots and other public areas where nefarious eavesdroppers might lurk. The product comprises a Meru AP-200 802.11a/b/g access point with special packet-inspection software plus a 180-degree directional antenna. You mount it outside the building – at least one AP/antenna pair per outside wall per channel in use – and the device corrupts 11a/b/g signals emanating from authorized MAC addresses, rendering them gibberish to hackers and war-drivers.

Start-up Xirrus offers a similar capability with the Sharp Cell technology in its Wi-Fi radio arrays that helps enterprises sharply define the edge of a coverage area and limit RF bleed.

Burton Group analyst Paul DeBeasi’s impression is that the Meru setup “addresses a common criticism about rolling out wireless in general: that it’s just not that secure,” he says.

At issue: Wi-Fi devices in promiscuous mode can “listen” to all network packets passing by, regardless of destination address, which is a greater threat when signals travel outside the corporate perimeter to places where hackers might remain undetected. Users of promiscuous devices can gather sensitive information such as user credentials or credit card information if the data hasn’t been properly encrypted. Wi-Fi devices do this passively – without emitting any signal of their own – making them undetectable to wireless intrusion detection/prevention systems (Compare IPS and IDS products).

RF Barrier, then, sounds like a panacea, but there are a couple of potential gotchas:

* RF Barrier isn’t available for 11n networks, though the company is considering it. On the one hand, 11n beams at more extensive ranges, making off-premises bleed-through even more likely. Then again, Wi-Fi-certified11n networks must support WPA2/802.11i authentication/encryption, making it more difficult to sniff information from these networks.

* You need at least one AP/antenna combo per channel in use. Meru promotes its single-channel architecture; however, if you layer on additional channels to gain capacity, you’ll up the number of barriers you need. A starter kit with four APs and four antennas, software licenses, and required cabling costs $3,995. For each additional barrier needed, either to cover a greater area or accommodate extra channels, you’ll spend an additional $995.

* If you’re in a multitenant building, blocking your signals - and only your own signals – might prove challenging. You can mount RF Barrier on outside walls and in your own drop ceilings. But for downstairs protection, you need to have a “friendly relationship with your neighbor tenant and mount your RF Barrier in his drop ceiling,” says Rachna Ahlawat, Meru head of strategic marketing.

Joanie Wexler is an independent networking technology writer/editor in Silicon Valley.