Cranite Systems of San Jose, CA, today announced that it is shipping WirelessWall
2.0, the new version of its security suite for wireless LANs. The software is
now fully FIPS 140-2 compliant and, what’s more, the company has scored a high-profile
deployment by becoming the WLAN security tool of choice at the 200+-year-old
U.S. Military Academy at West Point in New York.
FIPS is short for Federal Information
Processing Standards; the 140 cryptographic standard was created by the
National Institute of Standards and Technology (NIST). The standard has four
levels of security – Level 1, Level 2, Level 3, and Level 4 — that increase
in quality as they go up. FIPS 140-1, the first level, only supports DES and
3DES encryption. The various levels are suitable for a wide array of areas in
which cryptographic modules could be used.
Cranite System’s implementation of FIPS 140-2 features Advanced Encryption
Standard (AES) and Extensible Authentication Protocol (EAP-TTLS) for authentication
and tunneling.
WirelessWall was recently picked by Symbol Technologies to provide the security
for its new MobiusGuard wireless security portfolio, part of the Mobius
Wireless System recently announced by Symbol, due to its then-impending
FIPS approval. However, Scott Lucas, Vice President of Marketing at Cranite
Systems, says "FIPS 140-2 was not a requirement for West Point — we were
picked despite it, not just because of it."
The 2.0 version has the same architecture as the original WirelessWall with
main three components — the policy server where administrators create the policies
(which integrates with the existing network user directory system), the access
controllers that act like a firewall to the protected part of the network, and
the client software installed on all wireless devices.
Additions to the suite make it "enterprise class" according to Lucas.
IP Mobility options are key. WirelessWall will automatically reassign IP addresses
to users and reauthenticates them without needing a password as they roam to
other parts of the network. Users are assigned a "home subnet" as
a user at the beginning of a session. "They’ll lose the connections they
had before the roam, but usually those connections are not stateful so it’s
not a big deal," says Lucas.
The product also adds fail over features so that if an access controller dies
another one will take its place.
According to Lucas, West Point has an "attack lab" where they exercise
security products and try to break them — from those tests the academy choose
Cranite System’s solution over solutions with virtual private networks (VPN)
or wired equivalent privacy (WEP) and many proprietary solutions.
The West Point professors got the ball rolling — they wanted the benefits
of a real-time connection with students in the classroom and developed a curriculum
around it. Wiring the classrooms would have been to costly, so secured Wi-Fi
was the way to go.
The wireless classrooms are part of a program for the current freshman class
of over 1000 students, all of whom were provided with 5GHz 802.11a capable laptops,
all configured with the WirelessWall client software. The deployment has gone
so well that Cranite CEO Greg McNulty says it will soon go campus wide, and
added that "Upper class man are ticked that the plebes have
laptops."
"We’re proud of this installation and feel it validates the perspective
we’ve taken. Everyone’s heard of West Point and knows it’s a premiere military
training facility," says Lucas.
