[ Readers with triggers or news preferences may be
interested to note we've added 'networking' as a category beginning
with this item. -ed ]
"I met recently with a company that makes a hardware
box that addresses the need for better wireless security.
Bluesocket Inc.'s $6,000 WG-1000 Wireless Gateway sits on a LAN
between wireless access points and the rest of the corporate
network. It acts as an authorization and VPN server. Any wireless
data traffic can reach the device, but unauthorized users can't get
past it. Authorized packets pass across the internal network (which
is presumably secure), unencrypted. That lets any devices you
installed to implement network QoS do the job they were designed
for.
There are a lot of potential pitfalls with a device like this,
but Bluesocket's architects seem to have avoided most of them. You
can have multiple wireless gateways on the network, each one
handling about 100 simultaneous users. (Your mileage may vary.) Two
boxes can be designated as hot failover units for each other. All
gateways on the network can be managed simultaneously from a single
browser-based console using a master/slave hierarchy. Permissions
are granted and denied according to user information defined in
repositories like LDAP or Active Directory; you don't have to
duplicate all your existing user information. And you can set
access policies on a user or role basis.
TODAY, THE ENCRYPTION/decryption algorithms within the box
(which is powered by an 866MHz Pentium III processor and a hardened
version of Linux) run in software. That can impose a slight
performance penalty on highly trafficked networks, where the
bandwidth exceeds 30Mbps."
