The most recent articles from IT Week

Review : Wireless threats meet their match

Dave Bailey — 2007-10-30T00:00:00.000Z

Dave Bailey, IT Week, Tuesday 30 October 2007 at 00:00:00

AirTight’s updated SpectraGuard Enterprise offers superior location-based protection

AirTight Networks’ SpectraGuard Enterprise (SGE) version 5.5 wireless intrusion prevention system is excellent for testing and maintaining the security of wireless networks.

Among the new features in this latest version is a location-based policy management system, which is designed to make it easier to manage geographically dispersed SGE deployments. This is also intended to help managed security service providers to provide wireless security for different organisations. Another key addition is integrated support for Cisco’s Wireless LAN Controller systems.

The hardware for SGE consists of AirTight’s SpectraGuard wireless sensors and the SGE appliance. We set up a system using an SGE SA-200 appliance and three sensors covering our labs area. Connecting to the appliance for the first time fires up a 12-step initial configuration wizard. This allows users to set up SMTP servers for email alerts, and lets them choose which servers to send syslog messages and Simple Network Management Protocol trap alerts to.

We then set up automated policies to deal with unauthorised access points (APs) trying to connect to the network, unauthorised clients trying to authenticate with authorised APs and authorised clients trying to connect with unauthorised APs.

Initially, we turned the event-generation and intrusion-prevention systems off, so we could monitor what wireless infrastructure was out there. SGE’s web GUI makes it easy for users to see and categorise wireless devices over the air. The system immediately detected our test network’s 3Com AP7250 AP and displayed details of its various settings.

After several days monitoring the environment around our wired network, we logged 36 APs and 213 wireless clients, with over half the APs being Cisco ones. Most of the APs were 802.11b/g devices. Of the remainder, three were 802.11a units, one was a pre-draft 802.11n AP and one was a 802.11b-only type. Sixteen APs were using WEP for security, while four had WPA and four had WPA2 security enabled, with the rest having no security enabled whatsoever.

We then checked to see what kind of events were being generated. We weeded out trivial events and focused on critical ones, like an authorised client trying to connect to an “evil twin” AP.

With AirTight’s intrusion prevention system enabled, SGE 5.5 allowed us to respond to critical security events by either blocking or degrading unwanted communications between authorised and unauthorised devices.

Tested: Bluesocket BlueSecure Controller

Dave Bailey — 2006-08-07T00:00:00.000Z

Dave Bailey, IT Week, Monday 7 August 2006 at 00:00:00

Bluesocket’s suite of Wi-Fi products simplifies roll-out of secure, VoIP-enabled wireless LANs.

Bluesocket’s BlueSecure Controller (BSC) is aimed at enterprises and service providers looking to roll out 802.11-based enterprise wireless networks to users and customers.

We reviewed a BSC 1100 using Bluesocket’s BlueSecure Access Point (AP) 1500. Following a thorough site survey, set-up proved simple. The controller connects to the LAN through a designated ‘protected’ port, while a switch (through which the APs are routed to the LAN connection) is attached via the ‘managed’ port.

After creating user roles and local users, we set up standard features and services like VPNs and remote managed subnets. The web GUI appeared overly complex at first but became fairly intuitive after a couple of hours of use.

We upgraded the controller firmware and AP firmware from version 5.1 to a beta version of 5.2 – scheduled for final release this month – which took around 30 minutes. Updates in 5.2 include an enhanced secure voice capability that allows users to enable Spectralink, Avaya and Cisco Skinny Client Control Protocol (SCCP) and other H323/session initiation protocol (SIP) and VoIP phones.

One feature that may appeal to service providers is the addition of credit card billing, allowing end-users to authenticate and buy time slots for public hotspots or charged guest access. Additionally, Bluesocket now allows 802.1x authentication against LDAP servers rather than requiring firms to have a Radius server.

T-Mobile Multimedia Net Card

Dave Bailey — 2005-11-17T00:00:00.000Z

Dave Bailey, IT Week, Thursday 17 November 2005 at 00:00:00

A configurable PC Card offering 3G, GSM, GPRS and Wi-Fi connections

T-Mobile’s 3G service was launched in July 2004 and a datacard was released for corporate customers in October that year. Now known as the Multimedia Net Card, the latest incarnation uses slightly different hardware.

T-Mobile’s layered network uses GSM for voice and text, GPRS for small data exchanges, 3G for high-speed links and Wi-Fi for broadband access. In the UK, users have access to over 750 Wi-Fi hotspots and worldwide the figure is 13,000.

To install the card took longer than other 3G cards we have reviewed but it offers useful options for corporates. First it prompted us to install the T-Mobile Communications Centre (TMCC) and there is also the option to install T-Mobile’s HotSpot VPN Client.

There are three installation types: Internet, which installs Communications Centre with standard settings and components; Administrator, with options to customise settings and integrate VPN clients; and Deployment, which allows the creation of redistributable installers with custom options and is recommended for IT staff deploying 3G cards throughout their firms with standard configurations.

The standard option is Internet and it gave us no problems though we had to reboot twice before inserting the datacard to complete the install. Our first 3G connection was in central London (W1A). Initially we could not get any service in Tottenham (N17), but half way through the review, carried out over several months, 3G sessions in N17 became possible. We could also link in Nunhead (SE15), West Kilburn (W9), but not Harrow (HA5) or Farnborough, Hampshire (GU14). For 3G links, data rates normally did not drop below 350kbit/s, and if we did not get a connection the card correctly gave us a GPRS link. We had no crashes using the 3G card.

TMCC has useful options for IT staff. For instance, we could set standard profiles for office, home and mobile and create custom ones. We could export and import configuration data; and password-protect configuration data. We could also set thresholds for how much data we could pass over the 3G link.

Many of these options cannot be used during an active connection and we expected them to be “greyed out”. However, TMCC does not immediately show which options are available, preferring to pop up a message instead if a chosen option is unavailable. A pop-up also asked us to download an update to upgrade TMCC from version 2.0.0.40 to 2.3.1.20, but this update process kept failing. Only when we clicked an update option on a toolbar did this download and install properly.

Apart from internet access, we could access email through Lotus Notes without configuration alterations at the server or client ends.

Other useful tools were a download monitor, which plotted a graph of download speed over time and showed time connected, amount of data sent and received, and average data transfer rate. TMCC shows which service is currently being used and the signal strength.