PDA, wireless security in RSA spotlight

Array of companies show off tools to secure mobile devices

The Odyssey v1.1 server costs US $2,500, a price that includes Odyssey Server and 25 Odyssey Client licenses.

Steel-Belted Radius v4.0 is for enterprises that use non-Windows authentication schemes or that need user management and support for remote access. Version 4.0 adds support for two protocols that enable the product to authenticate wireless LAN users against existing authentication databases and communicate within wireless networks that have deployed a PKI infrastructure.

Steel-Belted Radius for enterprises costs $4,000. The Steel-Belted Radius/Global Enterprise Edition, for organizations with larger and more complex networks, costs $10,000.

Fortress Technologies took an appliance approach to WLAN security and displayed its AirFortress hardware products for securing wireless networks. The Oldsmar, Fla., company makes two security gateways for wireless networks: the AF1100, for remote offices, and the enterprise-class AF6500. When coupled with a software client, both products can secure communications between a company's wired LAN and mobile devices such as PDAs and laptops connected to wireless access points.

The AirFortress gateways act as a bridge, decrypting and passing on wireless communications from devices connected to the wireless LAN to resources on the wired LAN. Both devices support wireless LANs using the 802.11 and 802.16 standards and are FIPS (Federal Information Processing Standards) certified, Fortress said.

Interest in wireless security products is being driven by increased attention to domestic security within government, as well as a host of regulatory changes that affect companies in financial services and health-care where use of such devices is common, said Ken Evans, vice president of marketing at Fortress.

The federal government accounts for a good deal of Fortress's customers, he said.

In the private sector, the federal Health Information Portability and Accountability Act (HIPAA) of 1996 and the Sarbanes-Oxley Act of 2002, which affects corporate governance and financial disclosure, are forcing companies to look for ways to better encrypt and protect the data that is stored on and passed from PDAs and wireless devices, Evans said.

"You can't stop wireless even if you think you can," said Pete Lindstrom, research director at Spire Security in Malvern, Penn.

For example, inexpensive hardware and demand within organizations has made the spread of WLANs within the corporate environment similar to the adoption of file server technology on networks in the 1980s, Lindstrom said.

Rogue wireless access points that provide attackers points of entry to corporate LANs behind the firewall are a chief concern among IT administrators, Lindstrom said.

In time, the increased use of portable devices and WLAN technology will make such devices just another part of a company's IT security profile, rather than a special case, Lindstrom said.