Trapeze, AirDefense raise the bar on enterprise wireless security
Combination of WLAN monitoring and network access policies proves a potent security toolFollow @infoworld
Gone are the days of being able to ignore security and role separation for enterprise wireless systems. Regardless of whether you go with a thick access point (Cisco or Symbol) or a thin access point (Trapeze or Aruba), your wireless infrastructure must be able to support role separation through using multiple SSIDs (service set identifiers) and dropping these onto the appropriate VLAN.
With the recent ratification of the 802.11n enhancements, enterprises that want to set up secure wireless networks are looking at services such as wireless defense (Wireless IDS), easier advanced encryption and role separation setup, and multimedia support for Wi-Fi VoIP as differentiators in today's Wi-Fi marketplace.
Enter Trapeze Networks and its new entry-level RingMaster 5.0-AirDefense 7.0 solution. Sold by both Trapeze and AirDefense in configurations ranging from entry-level 1U appliances to monster multiserver arrays, this tightly woven package leverages existing Trapeze APs as AirDefense sensors for both monitoring and security tasks. The AirDefense firmware also takes the place of the standard Trapeze backup firmware image. With both images now coexisting on the hardware, you can change from a sensor to an AP through a simple click in Trapeze RingMaster. (RingMaster's UI handles much of the wireless configuration, with a little overlap by the AirDefense UI.) The benefit of this tag-team packaging? IDS and system monitoring are tightly tied together so that IDS alerts can trigger management actions, and vice versa.
The Trapeze RingMaster and AirDefense consoles are currently separate applications tied together at various menus, but the AirDefense-Trapeze integration will become quite a bit tighter in future releases, with a richer set of scripts and action items for the IDS to execute — including the ability to switch over additional access points into IDS sensors. Future APs will also have expanded flash storage to save backup images of both the Trapeze and AirDefense firmware.
Watching over network access
I added the AirDefense-Trapeze box to our existing Trapeze MX-8 small office Wi-Fi switch at the Advanced Network Computing Lab at the University of Hawaii. Soup to nuts, the integration took perhaps one hour total, including downloading the new AirDefense firmware onto my access points.
Click for larger view.