|  |
Airespace Hardens Perimeter Security for Wireless LANS
Airespace, Inc.®, announced the expansion of its Wireless LAN (WLAN) System to include new Network Access Control security features that protect all aspects of wireless networking, from client to core. Through partnerships with both InfoExpress and Zone Labs®, a Check Point® company, Airespace has extended its wireless security capabilities to include client integrity checking and application-based Network Access Control (NAC). The Airespace WLAN System is a market leader in WLAN security with support for -- and innovation to -- the recently ratified IEEE 802.11i specification (see today's release, "Airespace Accelerate 802.11i for Real-Time Applications"), in addition to other common authentication and encryption standards.
The Airespace Wireless Enterprise Platform provides the most complete solution for the detection and protection against RF-related attacks, including the recently publicized Denial of Service attack discovered by the Australian Computer Emergency Response Team (AusCERT). These features build upon Airespace's already robust Wireless Protection System (WPS) to deliver a complete arsenal for the prevention of unauthorized wireless activity and the protection of business critical applications running over an enterprise wireless network.
Bullet-Proofing the Edge of WLANs
WLAN security demands proactive monitoring of wireless clients, including real-time Network Access Control to eliminate security threats and to clamp down on undesirable wireless user activity. Airespace enhances these capabilities with InfoExpress' CyberGatekeeper product and Integrity from Check Point's Zone Labs division. Airespace is working with these partners to integrate this functionality into the Airespace Wireless Enterprise Platform via a robust set of Application Programming Interfaces (APIs). This integration ensures that only wireless users running up-to-date security software (such as current anti-virus software, latest OS security patches, personal firewalls, VPNs, etc.) are allowed to access the wireless network. Client devices that violate IT security policies, or are detected with a security threat while attempting to authenticate to the WLAN (e.g., an email-borne attack, virus, Trojan, web browser vulnerability, or unsanctioned application) can be "quarantined" until appropriate remediation can take place.
"Airespace developed a rich set of APIs to ensure easy interaction with complementary, state-of-the-art software applications," said Alan Cohen, vice president of marketing at Airespace. "In the case of WLAN security, these APIs have created a unique strategic advantage for Airespace, enabling us to provide network access control regardless of the authentication method used by the wireless client. Unlike other WLAN systems that are tied to a single authentication method, such as 802.1X, Airespace can seamlessly be integrated into any enterprise environment."
"Integrity protects wireless networks at the most vulnerable point -- the client machine," said Paul Weinstein, vice president of strategic alliances at Check Point's Zone Labs division. "By working with Airespace, we are able to extend WLAN security from the core of the wireless network all the way out to the very edge, managing all layers of WLAN security so that IT staff can deploy business applications over wireless networks."
"CyberGatekeeper quarantines non-compliant endpoints before they connect to the network," said Todd Nakano, EVP of sales and marketing at InfoExpress. "By teaming with Airespace, InfoExpress extends network integrity to wireless environments to stop harmful endpoints in their tracks, remediate misconfigured systems, and provide seamless access for systems that are policy compliant."
Doveryay, No Proveryay (Trust But Verify)
In addition to client security threats, the Airespace WLAN System can detect a multitude of intrusion detection events that are specific to wireless networking and take proactive measure to prevent them from harming network security. Some of the attacks detected by Airespace include FAKE AP, Rogue Access Points, ad-hoc networks, Man in the Middle (MiM), AP impersonation, Netstumbler, Wellenreiter, Airjack, Honeypot AP, and asleap. Most recently, Airespace also delivered support for the Denial of Service (DoS) attack publicized by the Australian Computer Emergency Response Team (AusCERT). With its unique real-time RF management capabilities, Airespace is the only WLAN system that can dynamically detect the AusCERT attack and automatically move all nearby APs to a safe channel to ensure that WLAN performance remains unaffected.
Other features that distinguish Airespace's security capabilities from alternative WLAN infrastructure solutions include:
* The only WLAN System that can provides real-time monitoring for security threats in conjunction with simultaneous traffic delivery -- no separate air monitors or overlay equipment are required. This enables enterprises to keep hardware costs to a minimum while ensuring 100% network coverage -- i.e. avoiding "hidden nodes" that cannot be detected by overlay devices that are responsible for protecting multiple APs simultaneously.
* Complete rogue security, covering everything from rogue AP (and ad-hoc) detection, accurate device location, containment of numerous devices simultaneously, and detailed trend reporting.
* Support for up to 16 distinct SSIDs per AP, each with its own security policy. Airespace supports various standard security protocols, including WEP, WPA, 802.1X, Web Authentication, and IPsec.
* Support for the recently ratified 802.11i standard (also known as WPA2) specification, including extensions to support Proactive Key Caching (for more information, see today's accompanying release entitled, "Airespace Accelerates 802.11i for Real-Time Applications"). No hardware upgrades are required to enable this new protocol in an Airespace wireless network.
* Follow Me VPNs -- Airespace supports mobile IPsec and L2TP sessions that follow users as they roam.
* The only next generation WLAN system to complete FIPS 140-2 level 2 certification, a security requirement for deployment in U.S. and Canadian government installations.
"Wireless enterprises require an end-to-end security solution that is tightly integrated with applications and the network infrastructure being used to support them," said David Willis, Vice President Technology Research Services at Meta Group. "Airespace is helping to address this requirement through solid technology partnerships, industry standards, and a solid understanding of RF technology." 10.08.2004, Airespace, Inc.
Subscribe to the newsletter | | |
| | | |
