Trapeze, AirDefense raise the bar on enterprise wireless security
Combination of WLAN monitoring and network access policies proves a potent security toolFollow @infoworld
Because both Trapeze and Aruba are switch-based Wi-Fi technologies, their thin APs use encrypted tunnels to traverse foreign subnets and return to their control switch. Once there, each SSID is bonded to a VLAN and a security profile is applied to set network use privileges. For example, guests might have access to an open network that only connects to the Internet, whereas engineering must use WPA2 (Wi-Fi Protected Access) with Radius authentication dropped directly onto the engineering VLAN, and sales folks might be required to use WPA-TKIP (Temporal Key Integrity Protocol) on the sales VLAN.
Missing here is what the Wi-Fi Alliance is now calling WPS (Wi-Fi Protected Setup), which sounds suspiciously similar to what Microsoft has been doing with XML configuration pushes since Windows XP SP2. It would be a useful addition: WPS provides a standard for a Diffie-Hellman key exchange, dramatically reducing the pain of setting up advanced encryption technologies such as WPA2 with Radius authentication.
Smart alert systems
After a couple months of running the AirDefense-Trapeze combo pack, I’ve noticed a bit of alert overload from Wi-Fi devices in other, nearby research labs. Working through the AirDefense console, I gradually examined the surrounding rogues to further identify which units were benign and which units deserved closer scrutiny.
Click for larger view.
The tight integration between Trapeze RingMaster and AirDefense 7.0 gives you a best-of-both-worlds product: wireless network management plus security and access monitoring. Clear information displays and trigger settings make it easy to quickly address any problem that crops up, whether it's a rogue AP or a wireless user trying to hop onto a restricted network segment.
Infrastructurewise, you're able to use just about any type of existing Trapeze AP, and swap between Trapeze and AirDefense APs on demand. The solution is also quite scalable, with multiple server models, load-balancing features, and some nice predefined roles for hotspots and other connection points. Based on what I've seen, this is a strong combination product that will likely get better as AirDefense and Trapeze add more automation to upcoming releases.
Read more about networking in InfoWorld's Networking Channel.