• United States
Senior Editor

Airespace partnership targets WLAN security

Aug 20, 20042 mins
MobileNetwork SecuritySmall and Medium Business

Airespace has partnered with several companies to introduce two features aimed at simplifying wireless LAN security.

One feature is a way to cache encryption keys to sidestep having to repeatedly authenticate with a RADIUS server. The other feature is the ability to tie in with a pair of third-party applications that check client devices before letting them access the network.

The caching technique, called proactive key caching, is an extension to the IEEE 802.11i standard. The 11i work fixes several weaknesses in the original 802.11 encryption scheme. This technique in effect issues one key to a wireless client device, which can then use that key even when the device moves between WLAN access points.

Without this feature, the device would have to re-authenticate and receive a new key each time it associates with a different access point, according to Allen Cohen, Airespace’s vice president of marketing.

Another advantage, perhaps more important for applications such as voice over WLANs, is that the proactive key caching minimizes delays that might result from repeated re-authentications. Someone using a WLAN phone while walking through a factory or office, using several access points, could run into enough delays that the call would be dropped.

The caching extension was originally developed by Airespace, WLAN chipmaker Atheros Communications, and security software vendor Funk Software. The caching would be part of a software upgrade to implement the recently approved 11i standard.

The second feature is a new API that can tie Airespace access points and switches into network access control applications (NACs), initially Infoexpress’ CyberGatekeeper LAN and Zone Labs’ Integrity Server.

These types of applications, in effect, intercept a client’s attempt to access the net, and then run a series of checks on that device. Based on the policies set for the user site, the software checks such things as the user configurations, anti-virus software updates, whether a personal firewall is present and active, and so on. Only if all these match the enterprise policy, is the client allowed to connect and authenticate.

Airespace with its two partners created the API so that when a WLAN user’s device starts to associate with an Airespace AP it is linked with the NAC. If it passes the checks, the NAC software notifies the access point, which then lets the client associate and complete the authentication process.

Senior Editor

I cover wireless networking and mobile computing, especially for the enterprise; topics include (and these are specific to wireless/mobile): security, network management, mobile device management, smartphones and tablets, mobile operating systems (iOS, Windows Phone, BlackBerry OS and BlackBerry 10), BYOD (bring your own device), Wi-Fi and wireless LANs (WLANs), mobile carrier services for enterprise/business customers, mobile applications including software development and HTML 5, mobile browsers, etc; primary beat companies are Apple, Microsoft for Windows Phone and tablet/mobile Windows 8, and RIM. Preferred contact mode: email.

More from this author