Pros: Full protection against ARP
attacks; extensive rogue detection; integrated, lower-cost total solution.
Cons: No wireless denial-of-service protection, limited GUI for making
OptimumPath’s wireless router is heavy on security and contains a great deal
of functionality for both wireless and wired infrastructure networks. The RTC-2000
provides cost savings resulting from the integration of a wide variety of network
functions, making it a component that offers significant value when deploying
enterprise and public wireless LAN solutions.
Since one of the RTC-2000’s strong suits is protection against address
resolution protocol (ARP)
first to define ARP and explain related issues. ARP is an important protocol
that a sending station (network card) uses to discover the physical address
of a destination station.
Before a station can send a packet to another station, the sending station
must obtain the destination’s physical address, which is the same as its Medium
Access Control (MAC) address
first broadcasts an ARP request that announces the IP address of the destination
station. The station having the corresponding IP address will then respond with
its MAC address.
A noteworthy problem with the ARP process is that it offers a significant
security issue resulting from ARP spoofing. All a hacker needs to do to spoof
a user is to independently send an ARP response from a rogue network device
that maps the IP address of a legitimate network device, such as a wireless
access point or router, to the MAC address of the rogue device.
As a result, legitimate stations on the network will automatically update
their ARP tables and send future packets to the rogue device rather than the
legitimate access point or router. With this Man-in-the-Middle attack, a hacker
can easily manipulate user sessions flowing over encrypted links and access
sensitive, password-protected information. Because firewalls are always open
to ARP, attacks can stem from outside the facility — something that should
definitely cause IT managers to lose sleep.
For some credible details on ARP security issues, refer to a University
of Texas paper (not light reading).
By providing a secure tunnel between each client and the router, the RTC-2000
completely protects wireless networks from ARP attacks. OptimumPath’s Secure
ARP (SARP) provides the secure tunnel between the client and the RTC and ignores
all reverse ARP requests not associated with the tunnel.
For example without SARP enabled, we were able to use dsniff to establish a man-in-the-middle
attack and hack into a user logging into an SSL-based Website account (yahoo
e-mail). After activating SARP, it was not possible to replicate this form of
attack. With SARP running, you can certainly rest at ease regarding ARP attacks.
As I’ve mentioned in a previous tutorial,
rogue access points are a big security concern. Employees of a company may inadvertently
connect access points purchased from the local office supply store into the
corporate network without coordinating the action with IT support.
As a result, IT managers should deploy mechanisms that monitor for rogues
before the security hole a rogue provides lets a hacker or even casual snoopers
onto the network. The ability to effectively identify rogues, however, is missing
from most wireless LAN routers on the market. The RTC-2000 shines in this department
by implementing a comprehensive suite of heuristics that identify the presence
of rogue access points.
The RTC-2000 is a complete solution, offering the right mix of functionality
for most enterprise and public wireless LAN systems. The integration of routing,
authentication, bandwidth control, intrusion detection, auditing, self provisioning,
wall garden, virus filtering and spam protection among other valuable tools
into one unit results in lower overall costs compared to purchasing individual
components. This is extremely beneficial, especially for start-ups deploying
Some Downsides to Consider
Denial of service
is a major concern for some wireless LAN applications. The RTC-2000 offers superb
wired side DoS protection. The system uses a flexible and proactive stance against
inbound and outbound datagrams. This allows the system to block intrusion by
unauthorized users. As with other wireless LAN routers on the market, the RTC-2000,
though, doesn’t offer provisions to counter radio-side DoS attacks.
For example, someone could flood the network with 802.11 Clear-to-Send (CTS)
frames and cause other stations to indefinitely hold off transmitting data frames.
OptimumPath engineers are aware of these types of problems, though, and they’re
working on future upgrades to counter wireless DoS attacks.
This is nit picky, but the current version of the RTC-2000 offers somewhat
of a basic graphical user interface (GUI) for configuration. An average IT person
can add the RTC-2000 to a typical network using the GUI to significantly improve
security, but the command line interface (CLI) is necessary (and somewhat difficult
to learn) to optimally tune the router. As a result, you might need services
from OptimumPath to assist with the initial installation and configuration of
All-in-all, the RTC-2000 is a high end, secure wireless LAN router that has
features that stand out among the sea of other routers on the market. Definitely
consider including this product in enterprise and public wireless LAN solutions
to lower risks and liabilities resulting from information flying around on airwaves.
Jim Geier provides independent consulting services to companies
developing and deploying wireless network solutions. He is the author of the
book, Wireless LANs and
offers computer-based training
focusing on wireless LANs.