• United States

N+I to mark one-year birthday of many WLAN start-ups

May 03, 20043 mins
Cellular NetworksNetwork Security

* WLAN lessons learned a year after N+I rollouts

Next week’s NetWorld+Interop show in Las Vegas will mark one year since many wireless LAN start-ups first formally unveiled their wares to the buying public.

What have we learned since then?

* Implementers agree to disagree on system architectures.

The battle rages on about where to put the smarts in a WLAN system: the radio access point, a controller (often called a “wireless switch”), or a combination of the two. User implementations persevere for all these configurations. Even Cisco, the diehard “intelligent AP” company, has said that some of its wireless features will soon end up in its Catalyst Ethernet switches.

* Enterprises want network topology flexibility.

Start-ups that initially delivered combined wired/wireless switches learned that companies satisfied with their wired LAN switch vendors were unlikely to replace them. Airespace, for example, added the option of a “wireless appliance” last June for customers that didn’t need both wired and wireless switching capabilities.

And lightweight-AP users do not want to be forced to plug APs directly into their wireless switches, limiting their topology configurations. This point became moot when Trapeze Networks, the last WLAN switch start-up with that requirement, announced a system upgrade in March allowing customers to locate their switches wherever they wish. Also, start-up Chantry Networks brought wireless IP routing to the table for further configuration flexibility when it entered the industry last April.

* Radio-frequency vulnerabilities have been recognized as real threats.

Virtually every WLAN maker can now detect unauthorized APs. Microsoft’s recent adoption of Aruba Wireless probes for rogue AP detection in its 4,500-AP internal WLAN validates the need for such capabilities in a large-scale enterprise.

Opinions still vary as to whether monitoring should be built in to the WLAN system (can you trust transmission devices to also monitor security?) or run in an overlay sensor/server system, such as those offered by AirDefense and AirMagnet.

* Authentication and encryption has tightened, but security is never a done deal.

Wi-Fi Protected Access (WPA), a subset to the emerging 802.11i security standard due to be ratified in the third quarter, adds dynamic encryption key rotation, 802.1X authentication, and other protection in products that were Wi-Fi Certified after August 2003.

Published “war driving” reports still find scads of publicly accessible enterprise APs, though, indicating that enterprises aren’t enabling these security mechanisms.

In addition to enabling the basics, many WLAN systems, such as Airespace’s and Nortel’s, allow you to “hide” service set identifiers so that the existence of the AP isn’t broadcast. And sometimes simply lowering AP power to limit coverage can help. 

Still, the best-practices standard for WLANs is IPSec VPN encryption.

Next time: More notable nuggets from the past year in WLANs.