Wired Security Mentality for WLANs

Latis Networks, a company known more for its wireline network security
applications, is taking its wired mentality into the Wi-Fi realm with the
release of its StillSecure Border Guard Wireless application Monday.

What makes his product more effective than intrusion detection systems
(IDS), said Rajat Bhargava, Latis Networks president and chief executive
officer, is the fact Border Guard won’t let unauthorized users on the
wireless local area network (WLAN) in the first place.

“(IDSs) fail because there’s a huge amount of false positives; the function
of an IDS is just to alert you, not take any action,” he said. “We spent a
lot of time trying to figure out how to make the next generation of IDS
more powerful and useful.”

What Latis technicians learned was they didn’t need to stray far from the
security features they already had available in existing Border Guard
applications. Using a dual authentication procedure– setting up policies
to allow only certain machines into the network and user authentication
(login/password) — Border Guard Wireless is able to add another layer of
security to the WLAN.

Wi-fi certainly needs protection: last month, 200 WorldWide WarDrive
participants found 70 percent of the access points they
scanned
throughout the U.S. were running without encryption and/or had
default authentication passwords.

And even if users do take the precaution of changing the service set
identifier (SSID) password and enabling encryption, the technology in
itself is not very robust. According to the National Institute of
Standards and Technology (NIST), the wired equivalent privacy (WEP)
technology that’s the de facto standard for many WLAN manufacturers
is broke. The agency’s July draft report concludes WEP’s 24-bit key, as
well as a lack of key management provisions, makes it too easy for hackers
to decrypt.

Latis Network’s workaround to Wi-fi’s inherent insecurity is the addition
of another layer of authentication to the WLAN network, with network
administrators setting policies for how accessible the network remains.

Since the company caters specifically to the mid-tier corporation, and not
a public “hotspot,” its engineers don’t have to worry about a constant
stream of new users and devices on its WLAN. Instead, when a new device
enters the Wi-Fi perimeter, it’s flagged and tagged by the Border Guard
application. Whether that device, even though it might be in use by an
employee that’s logged into the network, is dependent on the policies
created by the administrator.

Keeping wireless security at the highest levels, though, is what many
administrators are looking for in the first place. The trouble with
wireless devices is the relative ease of the media access control (MAC)
address to be spoofed by a hacker, giving them access as an authorized user.

Bhargava said policies can be set up that in the event where two MAC
addresses pop up on the network, the application will boot both of the
devices off the WLAN, requiring the users to contact the IT department to
get it re-established.

Al Maxey, vice president of wireless communications application development
company MDA Technologies, said his company has been field-testing the
Border Guard Wireless and is impressed.

“Up until now wireless security has largely been ignored,” he said. “In
truth, Border Guard Wireless has all the features that I never thought I
would find in one product — how to deal with unknown devices, controlling
access to network resources, plus the layered protection of firewall and
intrusion prevention.”

The Border Guard Wireless application costs $9,995 for the first network
server and $2,495 for subsequent instances. Customers can opt to buy the
software alone, or have it bundled with a Linux server for an additional
charge.

News Around the Web