Cadets Scale the WirelessWall
December 03, 2002
Cranite Systems announces version 2.0 of its WirelessWall security suite and has deployed the software in the classrooms of the West Point military academy.
Cranite Systems of San Jose, CA, today announced that it is shipping WirelessWall 2.0, the new version of its security suite for wireless LANs. The software is now fully FIPS 140-2 compliant and, what's more, the company has scored a high-profile deployment by becoming the WLAN security tool of choice at the 200+-year-old U.S. Military Academy at West Point in New York.
FIPS is short for Federal Information Processing Standards; the 140 cryptographic standard was created by the National Institute of Standards and Technology (NIST). The standard has four levels of security - Level 1, Level 2, Level 3, and Level 4 -- that increase in quality as they go up. FIPS 140-1, the first level, only supports DES and 3DES encryption. The various levels are suitable for a wide array of areas in which cryptographic modules could be used.
Cranite System's implementation of FIPS 140-2 features Advanced Encryption Standard (AES) and Extensible Authentication Protocol (EAP-TTLS) for authentication and tunneling.
WirelessWall was recently picked by Symbol Technologies to provide the security for its new MobiusGuard wireless security portfolio, part of the Mobius Wireless System recently announced by Symbol, due to its then-impending FIPS approval. However, Scott Lucas, Vice President of Marketing at Cranite Systems, says "FIPS 140-2 was not a requirement for West Point -- we were picked despite it, not just because of it."
The 2.0 version has the same architecture as the original WirelessWall with main three components -- the policy server where administrators create the policies (which integrates with the existing network user directory system), the access controllers that act like a firewall to the protected part of the network, and the client software installed on all wireless devices.Additions to the suite make it "enterprise class" according to Lucas. IP Mobility options are key. WirelessWall will automatically reassign IP addresses to users and reauthenticates them without needing a password as they roam to other parts of the network. Users are assigned a "home subnet" as a user at the beginning of a session. "They'll lose the connections they had before the roam, but usually those connections are not stateful so it's not a big deal," says Lucas.
The product also adds fail over features so that if an access controller dies another one will take its place.
According to Lucas, West Point has an "attack lab" where they exercise security products and try to break them -- from those tests the academy choose Cranite System's solution over solutions with virtual private networks (VPN) or wired equivalent privacy (WEP) and many proprietary solutions.
The West Point professors got the ball rolling -- they wanted the benefits of a real-time connection with students in the classroom and developed a curriculum around it. Wiring the classrooms would have been to costly, so secured Wi-Fi was the way to go.
The wireless classrooms are part of a program for the current freshman class of over 1000 students, all of whom were provided with 5GHz 802.11a capable laptops, all configured with the WirelessWall client software. The deployment has gone so well that Cranite CEO Greg McNulty says it will soon go campus wide, and added that "Upper class man are ticked that the plebes have laptops."
"We're proud of this installation and feel it validates the perspective we've taken. Everyone's heard of West Point and knows it's a premiere military training facility," says Lucas.