Secure Wireless Networking at Last?

With sole responsibility for moving the U.S. military through the air, the Air Force Mobility Command isn't exactly known for skimping on security. So the command's decision in early October to deploy wireless local area networks, or WLANs, may seem to be at odds with earlier news about the multiple security holes riddling the WLAN standard, known as 802.11.But ReefEdge Inc., Fort Lee, N.J., the company supplying network security for the Air Force Global Air Transportation Execution System, is just one of a handful of newly formed companies confident they have found a way to keep wireless network transmissions free from unwanted intrusion. Other companies on this track include Columbitech AB of Stockholm, Sweden, and BlueSocket Inc. of Burlington, Mass.Their secret weapon: a few security techniques borrowed from the field of virtual private networks."We decided to use VPN technologies, because they already solved the problem we needed to solve," said Joost de Jong, vice president of sales for BlueSocket.Wireless local area networks essentially allow computers to operate like wireless phones. Employees of a business or organization can connect to the company's central servers and mainframe through a wireless connection rather than relying on cabling. IT market research firm International Data Corp., Framingham, Mass., predicts WLAN products will be a $5 billion market by 2005, up from $1 billion in sales in 2000.The 802.11 standard, developed by a working group of the Institute of Electrical and Electronics Engineers, provides vendor-neutral specifications for component interoperability, allowing equipment providers such as Cisco Systems Inc., Lucent Technologies Inc. and 3Com Corp. to create compatible hardware. But as valuable as 802.11 is as a common platform, the standard has an Achilles' heel in its security specs, according to industry observers, which many feel are insufficient to protect networks. "There is no confidence in [802.11 security protocols,] because they don't work," said ReefEdge chief operating officer Ajei Gopal.The popular press abounds with reports of malicious hackers driving around urban areas, scanning for unsecured corporate wireless networks, potentially gaining access to financial and business records stored online. Last April, for instance, a MSNBC reporter followed two individuals around Silicon Valley who, within 90 minutes, tapped into 40 corporate wireless networks where basic security measures weren't in place, including one at a Nortel Networks Corp. office. While proprietary solutions offer adequate protection, Gartner Inc. analyst John Pescatore said, organizations are wary of being locked into an enterprisewide deployment that must use one company's hardware. And while the IEEE has a 802.11 working body to develop a set of open vendor-neutral standards for more robust security, results are still 18 months away ? far too long for companies eager to jump on the wireless bandwagon. The good news is innovation is coming from a wealth of smaller companies that have recently released WLAN security offerings. Besides ReefEdge, Columbitech and BlueSocket, others working on this problem include Certicom Corp., Hayward, Calif., and Enterasys Networks Inc., Rochester, N.H. "They're all doing variations of the same thing," Pescatore said. Specifically, they are borrowing security techniques used to keep virtual private networks private, mature technologies such as secure sockets layers and the IP security protocol, commonly known as IPsec. "VPN access is a rational compromise to creating private access. We already know the technologies: They're standard, and you can run them from any PC," said Pescatore. Organizations can be assured their VPN-based security solutions will not only be robust, but will continue to be compatible with WLAN hardware releases.ReefEdge was founded in May 2000 with this idea in mind. The company secured $20 million in venture capital funding and a management team with experience at companies such as AT&T Corp., Hewlett-Packard Co. and IBM Corp. The company released its wireless connectivity solution in September. The system consists of the ReefEdge Connect Server, which centrally manages the system, and ReefEdge Connect Bridges, which act as "microfirewalls" at the edge of the network. The system implements an authentication scheme like those found at large organizations, where visitors get different types of passes depending on whether they are a contractor, visitor or employee. "We're able to do the electronic equivalent of that," said Gopal. "When you sign on, you're given a set of credentials that allow you only to go to that part of a network that you're permitted to access."ReefEdge's marketing strategy, said Douglas Mazlish, ReefEdge's vice president of business development, is to "get the product out the door.""We're not developing a services organization," Mazlish said. Instead, the company will work on developing partnerships with resellers and integrators. "We are rolling out a complete integrator package, from sales and technical training to demonstrations systems, to ongoing tech support, maintenance and market intelligence," he said. Gopal said he couldn't reveal the scope of the Air Force deployment, citing the command's sensitive mission. But he said the ReefEdge package would be deployed in "multiple" transportation centers that manage logistical information, generate reports and provide message routing and delivery services for all airlift data.Like ReefEdge, BlueSocket also released its WLAN security solution last month, a VPN-based wireless gateway."We've been seeing significant interest from the [Defense Department] and, surprisingly, from a lot of educational institutions," said Eric Janszen, chief executive officer of BlueSocket. Among the initial customers was the University of Texas, which ordered a set of gateways once someone realized that a dormitory being built on its Dallas campus wasn't provisioned for network cables. BlueSocket also sold four gateways to KPMG Consulting Inc., McLean, Va., where they will be used to demonstrate wireless solutions at KPMG's Enterprise Technology Centre in Watford, England. Just as 802.11-focused companies have been using VPN techniques, VPN providers have been eyeing wireless technologies for growth as well. "WLANs are a pretty hot topic in the VPN industry," said Rob Macintosh, VPN product manager for Paris telecommunication provider Alcatel, which is looking at wireless solutions to complement VPN coverage. "People are taking a hard look at extending the VPN to mobile and wireless technologies."The privately held Ecutel Inc. of Alexandria, Va., is ahead of the curve in this market. Formed in 1996, Ecutel was hired by the Department of Defense to provide secure roaming technologies for NATO that would allow military personnel to have equipment that could connect to different networks. From this work, the company produced a commercial offering, the Viatores Mobile VPN, which allows wireless devices to hook into VPNs using a variety of wireless protocols, including general packet radio service and code division multiple access. From there, it was a short leap to incorporating 802.11 compatibility in Viatores, and in September, the company released a WLAN version of Viatores. Hewlett-Packard used Viatores as a basis of its enterprisewide mobile VPN solution and has deployed it at the IT Fornebu research center in Oslo, Norway. Ecutel has forged other partnerships with Roam Secure Inc. of Arlington, Va., a mobile VPN software provider, and Matsushita Electric Industrial Co. Ltd. of Kadoma, Japan, a consumer electronics giant that has an integration division."We expect 802.11 to be a pretty big portion of our sales," said Ali Ershied, director of product marketing for Ecutel.XXXSPLITXXX-It doesn't have the most memorable name, but the 802.11 standard for wireless local area networks, or WLANs, promises to make life easier for systems administrators, integrators and workers alike. Using radios transmitters on PC cards conforming to 802.11 specifications, computers within approximately 500 feet of a wireless base station can tap into a wireless network, as can personal digital assistants and other mobile platforms. No cable required. Not only will wireless networks eliminate all those computer-linking cables snaking through the walls, they also will allow headache-free shuffling of offices. They will also allow mobile devices to effortlessly tap into office networks. The road warrior can connect his laptop to the central system upon return, and the info-hungry manager can draw data from her desktop computer while in a meeting down the hall.The 802.11 specifications were developed by the Institute of Electrical and Electronics Engineers. Although certain vertical markets, such as logistics and manufacturing have long used proprietary wireless data systems, when IEEE published this open standard in 1997, it set the stage for enterprisewide deployments. "Now there is interoperability," said Ajei Gopal, chief operating officer of ReefEdge Inc. "A PC card from Cisco can connect with a base station from Symbian. That interoperability makes its possible to expand the business beyond a single vendor environment. That's why the business is taking off dramatically."There are many benefits to 802.11. One is ease of use: the wireless communications card in the computer is indistinguishable from a regular Ethernet card to applications, easing installation considerably, according to Rob Macintosh, VPN product manager for Alcatel.Another advantage is that 802.11 uses free public airwaves (the 2.4 gigahertz region of the radio spectrum), so there are no service provider fees. "You're not paying a per-byte, per-minute charge to a carrier," Gopal said. Also, WLAN throughput is much higher than wide-area wireless solutions. In fact, 802.11 throughput approaches that of cabled Ethernet; the current iteration, 802.11b, offers 11 megabits per second, and the next generation, 802.11a, is expected to offer up 50 megabits per second. "That kind of throughput is unheard of in a cellular environment," said Gopal.