NETWORK WORLD NEWSLETTER: NEAL WEINBERG on
PRODUCT REVIEWS
01/08/02
Today's focus: Wireless LAN security, Part 1

Dear Wincenty Kaminski,

In this issue:

* Cisco gets top marks for wireless LAN security
* Links related to Network World product reviews
* Featured reader resource
___________________________________________________________
This newsletter sponsored by
Lucent

CPE-based IP Services
Are you ready to transform your business with IP Services?
Service Providers and enterprises can tailor their IP services-
IP VPN, QoS, mobile IP, bandwidth management-with Lucent's
Access Point(R) IP services routers.  And these IP services can be
delivered with superior price/performance at the lowest
operation management costs today.
http://syndication.solutioncentral.com/to.asp?id=211
___________________________________________________________
PRODUCT INFO IN ONE CONVENIENT LOCATION!

Heard about a new product launch? Curious to find out if the
features and benefits of this new product will meet your
critical business needs? Network World Fusion's Product Central
section includes all the info you need to make informed
decision about new products and also includes a product finder
function. Check it out at http://nww1.com/go/ad216.html

____________________________________________________________
Today's focus: Wireless LAN security, Part 1

By Neal Weinberg

You may have heard reports that Wired Equivalent Privacy, the
protocol designed for wireless security, is flawed. The
Reviewmeister heard the same reports, so we decided to test out
a bunch of wireless LAN security products that go beyond WEP.

We tested the following products for their security,
manageability and suitability for enterprise use: 3Com's Access
Point 6000, Avaya's Access Server 1, Cisco's Aironet 350 access
point and Access Control Server (ACS), and Colubris' CN1000.

Our favorite product was the Cisco Aironet 350 and ACS. Cisco's
access point is a sleek, dark-gray box with two flip antennas.
Instead of a power jack, Cisco uses a "power injector" that
sits between your LAN jack and the access point.

You will probably want to configure the unit via a browser, but
a serial port is available as well. Installing the wireless LAN
adapter was quick and easy.

When it came to configuring the card, Cisco's voluminous
documentation was a little troubling. The wireless access point
and the wireless network interface card each have three guides,
for a total of 650 pages worth of documentation.

You can set the system for three different levels of security:
Extensive Authentication Protocol (EAP), Lightweight EAP (LEAP)
and none.

EAP was developed to support multiple authentication
mechanisms. Instead of selecting a specific mechanism, it waits
until the authentication phase. This allows the authenticator
to request more information before determining the specific
mechanism. EAP is a complex standard that's not widely used.
LEAP is Cisco's proprietary implementation of EAP that ensures
mutual authentication using private and public keys.

If you want maximum security, you can set up the access point
to accept LEAP-only, but you also can set it up to use both
LEAP and 128-bit state WEP connections. Both LEAP and EAP
require a Remote Authentication Dial In User Server (RADIUS)
for centralized management of users.

In our tests, we found that we could crack the 128-bit static
WEP in less than 18 hours, but when we switched to a LEAP-
enabled RADIUS server, our network security was still intact 48
hours later.

* Colubris offers innovation

Canadian company Colubris uses embedded VPN technology to
enhance 802.11b security. Colubris largely succeeds with its
CN1000 Wireless LAN Router.

Instead of using a different set of electronics for its access
point, the top of the CN1000 is a PC card slot into which you
slide one of its wireless network interface cards.

The CN1000 includes a built-in network address translation
firewall and the ability to act as a gateway for a hard-wired
subnet. However, support for security is the most important
feature. The product supports VPN pass-through, but the CN1000
is a VPN server. Access control lists can be managed directly
on the access point, which provides good flexibility for most
corporate networks.

The CN1000 comes with a real-time link status, a site survey
tool and a monitoring tool that helps system administrators
plan for the best layout and coverage of wireless LANs.

The Web-based management tool gets a Secure Sockets Layer (SSL)
enabled link, allowing remote administrators to securely manage
its VPN capabilities through any SSL browser.

For the full report, go to
http://www.nwfusion.com/reviews/2001/1217rev.html
_______________________________________________________________
To contact Neal Weinberg:

Neal Weinberg is features editor at Network World, in charge
of product reviews, Buyer's Guides, technology primers,
how-tos, issue-oriented feature stories and the Technology
Insider series. You can reach him at mailto:nweinber@nww.com.
_______________________________________________________________
Promote your services and generate qualified leads!  Register
on Buy IT, NW Fusion's Vendor Directory and RFP Center.  It's
cost-effective and eliminates the headaches of finding new
business.  List your company today and access millions of
dollars in RFPs posted by active buyers.  Go to NW Fusion now!
http://www.nwfusion.newmediary.com/091201nwwprovnwltr1
_______________________________________________________________
RELATED LINKS

IBM unlocks wireless security services
IDG News Service, 10/09/01
http://www.nwfusion.com/news/2001/1009ibm.html

Funk extends wireless security software
Network World, 06/04/01
http://www.nwfusion.com/archive/2001/121375_06-04-2001.html

The archive for Reviews is:
http://www.nwfusion.com/reviews/index.html
______________________________________________________________
FEATURED READER RESOURCE

Network World Fusion's Net.Worker site

Whether your company is growing larger or scaling back,
corporate managers are looking for ways to cut costs while
retaining and recruiting star employees. One smart solution -
at least on paper - is to let some employees work from home.
Network World's Net.Worker Web site bridges the gap between the
telework concept and the hardware, software and services needed
to make it happen. We bring you news and reviews, sound advice
and keen insight into the technologies and solutions you need
to manage a remote and mobile workforce.
Visit http://www.nwfusion.com/net.worker/index.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.nwwsubscribe.com/nl
______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp

To unsubscribe from promotional e-mail go to:
http://www.nwwsubscribe.com/ep

To change your e-mail address, go to:
http://www.nwwsubscribe.com/news/scripts/changeemail.asp

Subscription questions? Contact Customer Service by replying to
this message.

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: mailto:jcaruso@nww.com

For advertising information, write Jamie Kalbach, Director of
Online Sales, at: mailto:jkalbach@nww.com

Copyright Network World, Inc., 2002

------------------------
This message was sent to:  vkamins@enron.com