Find White Papers
Home About Contact Help
Free Membership Member Login
Jul 4, 2009
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

Who Leads in WLAN Security? Comparative Evaluation of Vendor Offerings and Positioning

Trapeze Networks
By : Trapeze Networks
INFORMATION
Published : Jan 12, 2007
Length : 20
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

Today’s WLAN Security landscape is confusing! Stopgap solutions are shipping in lieu of finished standards-based products, there is a lack of interoperability across vendor brands, management requires multiple consoles, and manufacturer partnerships have been formed to fill the gaps.

For WLAN deployments today, what are the key considerations for wireless network security, and which products will deliver the most secure WLAN solution?  ABI Research recently published a report titled: Who Leads in WLAN Security? Comparative Evaluation of Vendor Offerings and Positioning.

View All Items By This Company
Browse Related Categories :

Authentication

,

Encryption

,

WLAN

,

Wireless

,

Wireless Security
 
1.1 Trapeze Networks Company Profile

Trapeze Networks has developed a hybrid architecture that very well might be the direction most vendors will move over the next few years in order to handle the bandwidth demands of 802.11n traffic. It centralizes many control functions in its switch/controller but has its access points handle encryption and facilitate QoS and roaming. Trapeze offers firewall-type filtering for its very fine-grained Authentication functionality, which is role-based and includes guest access options. Its Endpoint security is based on Symantec software, and it is a Microsoft NAP partner as well as a member of the Trusted Computer Group.

Trapeze Networks has developed a hybrid architecture that very well might be the direction most vendors will move over the next few years in order to handle the bandwidth demands of 802.11n traffic. It centralizes many control functions in its switch/controller but has its access points handle encryption and facilitate QoS and roaming. Trapeze offers firewall-type filtering for its very fine-grained Authentication functionality, which is role-based and includes guest access options. Its Endpoint security is based on Symantec software, and it is a Microsoft NAP partner as well as a member of the Trusted Computer Group. Trapeze is very supportive of open standards, and already incorporates many parts of not quite completed specifications including those for load balancing (802.11k), roaming (80211r), and management (802.11d). Trapeze does not terminate IPSec or SSL clients and argues that customers do not really rely on VPNs as much as they once did. Still, it is a check-off item for some companies whose policies require that type of security. The company does use proprietary technology to encrypt management frames but will move to standards-based 802.11w when it is completed.

2.1 The Evolution of WLAN Security

IEEE 802.11 WLAN security originally was based on Wired Equivalent Privacy (WEP), which proved to be totally inadequate. WEP authentication was strictly one-way and was easily compromised by hackers. While waiting for the final 802.11i security specification, the Wi-Fi Alliance took the authentication portion of this specification (802.1x) which required a two-way authentication process and incorporated it in an interim Wi-Fi Protected Access (WPA) specification. Other changes included lengthening the encryption key. A later version, WPA2, added Advanced Encryption Standard (AES). Early WLANs did not have any intrusion detection or protection but products from AirMagnet and AirDefense demonstrated the need for such functionality. These products evolved from mobile products used for site surveys to full-fledged protection systems capable of quarantining suspicious access points and clients.

2.2 Architectural Approaches and Their Impact on Security

Early WLAN equipment, sold primarily by specialized vendors, was an overlay to existing wired networks with no real effort to integrate the two networks. Generally, the wired network was viewed as secure and the wireless network as inherently insecure. Switching vendors began the process of integrating the two environments. Virtual Private Networks (VPN) gave way in many cases to firewalls built into wireless equipment. WLAN equipment initially was composed of intelligent or ?fat? access points using a distributed architecture. Cisco?spurchase of Airespace, a company that sold WLAN equipment that utilized a centralized architecture, legitimized that architecture which since has become dominant. The advantages of centralized architecture include more control over such processes as authentication, encryption, load balancing, and roaming and the ability to manage a WLAN from a system-wide perspective rather than on an access point by access point basis. Trapeze has now moved to a hybrid architecture in which control is maintained in a centralized switch while encryption takes place on distributed access points. This type of approach might be able to handle the increasing bandwidth demands that widespread adoption of IEEE 802.11n will bring.

2.3 Resiliency and High Availability

To ensure that a WLAN never fails, there are a number of components that must be able to failover. These components include access points, switches, and intrusion detection systems. Network resiliency means that there is low enough latency so that applications never fail. That means rapid hand-offs for roaming clients and load balancing between access points that, if possible, are based not only on access point available bandwidth but also on the bandwidth demands of individuals and specific applications.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map