WiFi grows up

For the outdoors: The Cisco Aironet 1300 AP has a rugged enclosure.

Super Switch:The Aruba 5000 Series includes a firewall, encryption and more.

The latest crop of wireless networking products include the security features government users need

For several years now, wireless local area networks (WLANs) have proven to be a cheap and easy way to set up a home network, or to get on the Web in one of the public hot spots in metropolitan areas, airports and coffee shops. Security concerns scared off many government IT purchasers, but in recent months, with those problems largely addressed through a slew of powerful new standards for user authentication and data encryption, the public sector is hot about wireless.

Government agencies usually get into wireless to provide mobile access to their internal networks and the Internet, but they are increasingly employing WLANs to add wireless voice over IP to their existing telephony infrastructure, according to vendors. That's what Marion County, Fla., did when it installed WLAN hardware from Avaya Inc., an IP telephony vendor, in most of its 67 government offices. The county started out creating hot spots for mobile workers, such as code and building inspectors, and firefighters, to download data from the field rather than going inside to plug into the wired network. The resulting time savings helped avoid hiring five new workers, said Hugh Honts, Marion County's network operations manager. Lately, the county has added VOIP phones in several libraries and offices. 'They work very well,' Honts said.

Since hitting a popular critical mass in the late 1990s, WLANs have been the focus of a succession of specifications to the basic WLAN standard, called 802.11 or WiFi, issued by the Institute of Electrical and Electronics Engineers. The specifications are all designed to improve speed, coverage, reliability and security, while adding support for such new technologies as VOIP and streaming video. One of the newest, expected to be ratified soon by IEEE, is 802.11e, which contains standard specifications for quality-of-service features of WLANs used for delay-sensitive applications. 'If you skip a few beats in a phone call or a video, it's very noticeable,' says Karen Hanley, senior director of marketing for the Wi-Fi Alliance, the wireless interoperability testing association.

Architecture in electrons

When it comes to designing a wireless system, you have two main architectural models to choose from. The oldest and best-established one relies on access points that connect directly to the wired Ethernet network and contain the wireless transmitter and antennas that broadcast a signal picked up by receivers. This so-called 'fat' AP architecture has generally been preferred by Cisco Systems Inc., the networking giant and acknowledged leader in WiFi infrastructure; Cabletron spinoff Enterasys Networks Inc.; Foundry Networks Inc.; and such other major names in wired networks as 3Com Corp. and Nortel Networks Ltd. In a variation, vendors sell 'overlay' appliances designed to bring security and roaming features to existing networks.

But more recently, newer vendors such as Aruba Wireless Networks, Trapeze Networks and Airespace Inc. (the latter acquired by Cisco in March) have staked their claim on a radically different architecture called WLAN switching. It centralizes security and management in a network switch connected to 'dumb' or 'thin' APs that are little more than radio frequency transmitters whose purpose is to extend the network from the switch out to where the users need it. 'The APs don't work without the switch,' explains David Callisch, an Aruba spokesperson.

Securing the airwaves

Even before Sept. 11, 2001, governments were worried about wireless security, especially in the early days of 802.11, when security was basically limited to Wired Equivalent Privacy, a system of static encryption keys that could easily be hacked. Now, several years later, WLAN security has come of age with strong industry standards and sophisticated network software.

WLAN vendors therefore tout their network management and security software as critical components in ensuring that APs and switches are safely fortified. 'There's really not a lot of security embedded within wireless access points,' says Tom Badders, director of wireless networking at Telos Corp., which builds wireless networks for govenment.

Hanley said the Wi-Fi Alliance has noticed an increase in compliance with encryption requirements of the Federal Information Processing Standards (FIPS-140-2) for sensitive-but-unclassified communications as more WLAN hardware supports 802.11i, a new IEEE security standard that includes the Advanced Encryption Standard encryption required by FIPS. 'If you don't have FIPS, you don't have a federal product,' says Andrew Walden, a federal engineer at Aruba.

Who's who?

While encryption is now generally adequate for government work, authentication'the process of electronically verifying the identity of people trying to access the wireless network'is not standardized, according to industry observers. The relevant standards are IEEE 802.1x, and the Extensible Application Protocol, which vendors use in different ways to send authentication-related messages across networks.

In addition to supporting the new security standards, hardware vendors have added technical features that help guard a wireless network against other threats. The most significant is rogue access point detection, the ability to sense when someone'often an employee'has installed an unauthorized AP that could open a security hole. Rogue detection is often built into APs themselves. 'The access points are actually acting as sensors for the networks, and they're looking across all the bands,' Cisco senior manager Ann Sun explained. Then, using network management software, 'I can trace [a rogue AP] to a switch port and shut that port down,' she said.

The growth of robust standards, WiFi interoperability testing and more sophisticated, comprehensive management software have led to a conceptual blurring between old and new technologies. Ac- cording to Ken Dulaney of Gartner Inc., 'Most customers today are just looking at wireless as an extension of their wired LAN.'

David Essex is a freelance technology writer based in Antrim, N.H.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.