Airespace 4024 locks up wireless links

Security, or lack thereof, has kept wireless networks from enjoying corporate acceptance. Many IT executives have opted to wait to deploy such a network rather than risk crucial corporate information. Now Airespace has built a system that brings true enterprise-class security to wireless networks with multiple authentication plans, encryption schemes, and radio-control methods.

The Airespace 4024 is a 24-port 10/100 Ethernet switch with two out-of-band management ports, serial and Ethernet. The Airespace APs (access points) are 802.11a/b units that can be powered over Ethernet or through auxiliary power. The 4024 can act as a switch for APs from other vendors, but the full security and QoS features of the system only operate when the switch and APs are deployed together, making Airespace a more economical choice for clean-sheet rollout than for a wireless-system upgrade.

Airespace isn't the first company to address wireless security concerns. Companies such as BlueSocket and NetMotion have used network-appliance and software approaches to wireless-network security. These have succeed in providing a much higher level of security than is available through WEP (Wired Equivalent Privacy) or client authentication strings sent without encryption. But Airespace goes beyond these products in its combination of security features and with the addition of QoS functionality in a wireless network.

The first thing an administrator will notice about the Airespace 4024 is that all security features default to "on." Encryption, authentication, and VPNs are all enabled when the unit is unpacked. Turning off features isn't difficult, nor is it turning them back on.

The net result is a box that turns on as a secure device the first time. While this means that administrators will need to think about various layers of security before Airespace is installed, rather than waiting to figure it out and add security layers as they go. Still, it's good to see a product that has high security as its default mode.

Setting up security is a straightforward, though time-consuming, process. An administrator must run through a number of menus, choosing from a wealth of options. Fortunately, the presentation is quite clear. Airespace has resisted the temptation to come up with its own cute labels for capabilities and features, so an administrator who has experience with other wireless networks should be able to move through the process without need for a translator.

The Airespace 4024 enables administrators to establish a VPN for each client, which means that an end-user can remain connected to the network, even as he or she roams between multiple access points and subnets. Administrators can limit how long connections are maintained as a user moves through areas without coverage, allowing admins to balance the need for security against the prospect of making executives sprint from one coverage area to another.

The unit's capability of dividing users into groups or dealing with them on an individual basis has useful applications. As wireless hotspots become more common, more administrators can create a user class called "visitor" for users who are routed straight to the Internet rather than the company network. Trading lessened client security for reduced network access makes sense when customers, vendors, and partners may be bringing laptop computers on visits to the main office.