Colubris CN1050 wireless LAN router
Secure your wireless infrastructure once and for all.
 
|
|||
 | |||
|
|
|
|||
| |||
|
(Editor's Note: Network World's Dec. 17, 2001 review of wireless LAN security options included Colubris' CN1000. The newer CN1050 adds additional features worth considering in your corporate and branch office environments.)
|
If you've forfeited large chunks of your budget on your wireless infrastructure, or are merely considering it, consider this, first: anyone with a laptop, the right hardware and software and a bit of savvy can pierce your electronic corporate veil and grab your data. Your users may want wireless connectivity, but unless you take the right steps, the security risks are too high.
Enter the Colubris CN1050 Wireless LAN Router. It's perfect for everything from small branch offices to multi-billion dollar campus-wide corporate headquarters. The CN1050's embedded VPN secures both your wireless and wired infrastructures, even between geographically distant locations, while letting you keep your users' current 802.11b wireless PC Cards.
The CN1050 wireless access points are less expensive than many alternatives, including Bluesocket's WG-1000 Wireless Gateway (See our review of Bluesocket's Wireless Gateway). Since the CN1050 runs Layer 2 Tunneling Protocol (L2TP) over IPSec, the access points provide the strongest VPN security available.
Assuming both units do what you want, the break even point is 4.6 CN1050s to 1 WG-1000. That is, if you need 5 or more CN1050s, you might wish to consider the WG-1000. On the other hand, the CN1050 provides better security (3DES IPSec over L2TP), and are easier to configure. Furthermore, they're more suited to branch offices, since the CN1050's built-in VPN connects the branch office to another CN1050 at the main office. Thus, even if you need a dozen or more CN1050s to cover your main office, that may be your better option.
The CN1050's outstanding security, features, and value earned it a World Class Award.
How we did it
Scorecard and NetResults
Archive of Network World reviews
Subscribe to the Product Review newsletter
CN1050's Shotgun Security
The main reason you'll want the CN1050 is because it nails the lid shut on 802.11b wireless security through its multiple, built-in VPN options. A VPN is mandatory, as it provides both the authentication and encryption you need in a wireless environment. You can manually enter users into each CN1050's built-in VPN (it holds 30 users) using shared keys and managed via Windows 2000/XP's policies. Or, you can accept our recommendation and use 3DES IPSec over L2TP with an external X.509 PKI certificate server for maximum security. Combining IPSec's outstanding packet encryption and third-party key management with L2TP's extensible tunneling protocol results in a winning, industry-recognized combination the CN1050 uses to secure both your wireless and wired networks.
If you're short on X.509 certificates, consider using Point-to-point Tunneling Protocol (PPTP) or an external VPN/RADIUS server (MSCHAPver2 is best for security). The CN1050's on-board Hifn chipset maximizes performance by handling all encryption/decryption tasks, and Point-to-Point Protocol over Ethernet (PPPoE) support makes quick work of ADSL connections.
Configuring security options via the management tool was straightforward. However, take the time to thoroughly review the manual and carefully plan your infrastructure layout, especially when using multiple CN1050s to support either roaming users or very large floor plans. Your options are many, ranging from a wireless hub to multiple, roaming access points to an Internet-wide multi-celled wireless VPN with distributed nodes connecting all your branch offices with the corporate LAN. Top-notch frequency and transceiver power management minimizes interference while maximizing your wireless performance. If you inadvertently lock yourself out during configuration, a paper clip lets you reset to the factory default, so keep the CN1050 units locked away as you would any other critical network security device.
Installing the supplied Orinoco Gold PC Cards (802.11b) on our Windows XP laptop was an 11-second, hands-off experience. After entering the default SSID under Network Connections properties, the card established connection with the CN1050, which does not broadcast an 802.11b beacon and so prevents casual eavesdropping. Make sure you change the default SSID to something fairly anonymous.
The CN1050's 128-bit SSL-protected management tool was every bit as powerful and secure as anything you will find from big-name router and firewall vendors. I was delighted to work with it. The customizable firewall lets you control incoming and outgoing traffic for source and destination IP addresses, by port number, and by protocol. Its RIPv1/RIPv2 router can be set for both active and passive routing on both network ports, employs both static and dynamic tables, and includes basic Network Address Translation (NAT) with port forwarding for users, and static NAT for Web or FTP servers accessed by external users. Dynamic Host Configuration Protocol (DHCP) with static and pass-through DNS/WINS service completes the picture, although security-conscious administrators will use static IP addresses for their wireless clients, as well as a different classless subnet than the default 192.168.1.1 subnet. The management tool includes very comprehensive reports and logs, giving you full insight into every aspect of your network.
The CN1050 is a world-class product for secure wireless connectivity that includes numerous VPN options. Before you invest another dime in either VPN or wireless connectivity, take a very close look at what Colubris can do for your company.
|
We connected the CN1050's 10Base-T Internet port to a cable modem and its 100Base-T LAN port to our 100Base-T LAN, bridging both networks in accordance with IEEE's 802.11d LAN-MAN systems connection requirements. Orinoco Gold PC Cards (802.11b) were installed in both the CN1050 wireless access point and a Sony VAIO PCG-FX370 laptop running Windows XP. After downloading the latest firmware from Colubris, we managed the CN1050 via Internet Explorer 6.0 installed on a Pentium III Windows 2000 Pro workstation connected to our LAN. We measured throughput between the Pentium III and the Sony laptop by copying Microsoft's 105 MB Service Pak 2 to Windows 2000 Professional.
 |
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||
Company:
Colubris Networks, Inc., Laval, (Quebec) Canada (866) 241-8324 
RELATED LINKS
Janss is the president of Jansys Information Systems, a consulting firm specializing in IS technologies for small businesses. He can be reached at bizcom@jansys.com.
