Message-ID: <5466287.1075840772650.JavaMail.evans@thyme> Date: Tue, 8 Jan 2002 16:40:00 -0800 (PST) From: productreview@bdcimail.com To: vkamins@enron.com Subject: Wireless LAN security, Part 1 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-From: NW Product Review of the Week @ENRON X-To: vkamins@enron.com X-cc: X-bcc: X-Folder: \vkamins\Deleted Items X-Origin: KAMINSKI-V X-FileName: vincent kaminski 1-30-02.pst NETWORK WORLD NEWSLETTER: NEAL WEINBERG on PRODUCT REVIEWS 01/08/02 Today's focus: Wireless LAN security, Part 1 Dear Wincenty Kaminski, In this issue: * Cisco gets top marks for wireless LAN security * Links related to Network World product reviews * Featured reader resource ___________________________________________________________ This newsletter sponsored by Lucent CPE-based IP Services Are you ready to transform your business with IP Services? Service Providers and enterprises can tailor their IP services- IP VPN, QoS, mobile IP, bandwidth management-with Lucent's Access Point(R) IP services routers. And these IP services can be delivered with superior price/performance at the lowest operation management costs today. http://syndication.solutioncentral.com/to.asp?id=211 ___________________________________________________________ PRODUCT INFO IN ONE CONVENIENT LOCATION! Heard about a new product launch? Curious to find out if the features and benefits of this new product will meet your critical business needs? Network World Fusion's Product Central section includes all the info you need to make informed decision about new products and also includes a product finder function. Check it out at http://nww1.com/go/ad216.html ____________________________________________________________ Today's focus: Wireless LAN security, Part 1 By Neal Weinberg You may have heard reports that Wired Equivalent Privacy, the protocol designed for wireless security, is flawed. The Reviewmeister heard the same reports, so we decided to test out a bunch of wireless LAN security products that go beyond WEP. We tested the following products for their security, manageability and suitability for enterprise use: 3Com's Access Point 6000, Avaya's Access Server 1, Cisco's Aironet 350 access point and Access Control Server (ACS), and Colubris' CN1000. Our favorite product was the Cisco Aironet 350 and ACS. Cisco's access point is a sleek, dark-gray box with two flip antennas. Instead of a power jack, Cisco uses a "power injector" that sits between your LAN jack and the access point. You will probably want to configure the unit via a browser, but a serial port is available as well. Installing the wireless LAN adapter was quick and easy. When it came to configuring the card, Cisco's voluminous documentation was a little troubling. The wireless access point and the wireless network interface card each have three guides, for a total of 650 pages worth of documentation. You can set the system for three different levels of security: Extensive Authentication Protocol (EAP), Lightweight EAP (LEAP) and none. EAP was developed to support multiple authentication mechanisms. Instead of selecting a specific mechanism, it waits until the authentication phase. This allows the authenticator to request more information before determining the specific mechanism. EAP is a complex standard that's not widely used. LEAP is Cisco's proprietary implementation of EAP that ensures mutual authentication using private and public keys. If you want maximum security, you can set up the access point to accept LEAP-only, but you also can set it up to use both LEAP and 128-bit state WEP connections. Both LEAP and EAP require a Remote Authentication Dial In User Server (RADIUS) for centralized management of users. In our tests, we found that we could crack the 128-bit static WEP in less than 18 hours, but when we switched to a LEAP- enabled RADIUS server, our network security was still intact 48 hours later. * Colubris offers innovation Canadian company Colubris uses embedded VPN technology to enhance 802.11b security. Colubris largely succeeds with its CN1000 Wireless LAN Router. Instead of using a different set of electronics for its access point, the top of the CN1000 is a PC card slot into which you slide one of its wireless network interface cards. The CN1000 includes a built-in network address translation firewall and the ability to act as a gateway for a hard-wired subnet. However, support for security is the most important feature. The product supports VPN pass-through, but the CN1000 is a VPN server. Access control lists can be managed directly on the access point, which provides good flexibility for most corporate networks. The CN1000 comes with a real-time link status, a site survey tool and a monitoring tool that helps system administrators plan for the best layout and coverage of wireless LANs. The Web-based management tool gets a Secure Sockets Layer (SSL) enabled link, allowing remote administrators to securely manage its VPN capabilities through any SSL browser. For the full report, go to http://www.nwfusion.com/reviews/2001/1217rev.html _______________________________________________________________ To contact Neal Weinberg: Neal Weinberg is features editor at Network World, in charge of product reviews, Buyer's Guides, technology primers, how-tos, issue-oriented feature stories and the Technology Insider series. You can reach him at mailto:nweinber@nww.com. _______________________________________________________________ Promote your services and generate qualified leads! Register on Buy IT, NW Fusion's Vendor Directory and RFP Center. It's cost-effective and eliminates the headaches of finding new business. List your company today and access millions of dollars in RFPs posted by active buyers. Go to NW Fusion now! http://www.nwfusion.newmediary.com/091201nwwprovnwltr1 _______________________________________________________________ RELATED LINKS IBM unlocks wireless security services IDG News Service, 10/09/01 http://www.nwfusion.com/news/2001/1009ibm.html Funk extends wireless security software Network World, 06/04/01 http://www.nwfusion.com/archive/2001/121375_06-04-2001.html The archive for Reviews is: http://www.nwfusion.com/reviews/index.html ______________________________________________________________ FEATURED READER RESOURCE Network World Fusion's Net.Worker site Whether your company is growing larger or scaling back, corporate managers are looking for ways to cut costs while retaining and recruiting star employees. One smart solution - at least on paper - is to let some employees work from home. Network World's Net.Worker Web site bridges the gap between the telework concept and the hardware, software and services needed to make it happen. We bring you news and reviews, sound advice and keen insight into the technologies and solutions you need to manage a remote and mobile workforce. Visit http://www.nwfusion.com/net.worker/index.html _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl ______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Director of Online Sales, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2002 ------------------------ This message was sent to: vkamins@enron.com