Trapeze Unveils Patented New RF Firewall

By Naomi Graychase

June 29, 2009

Using technology from Newbury, acquired in late 2008, Trapeze Networks has released a patented new RF Firewall that works with its upgraded location appliance to prevent parking lot attacks like the notorious TJX breach.

Trapeze Networks today announced the availability of its new—and newly patented—Trapeze RF Firewall, a location-based firewall for use with Wi-Fi LAN networks. The Trapeze RF Firewall is the first application available on the new Trapeze LA-200E Location Appliance, also announced today.

Trapeze was awarded the patent (United States Patent  7,551,574) for its location-based RF Firewall on Tuesday.

Keeping out the riff raff

The new Trapeze RF Firewall is a tactical, location-based approach to enterprise network security that specifically seeks to prevent intrusions like the type of parking lot attack that so famously breached the TJX networks in 2005-2006 and compromised 45 million customer payment cards. The firewall is a perimeter security application that works in conjunction with the new Trapeze LA-200E Location Appliance ($15,995), a system that continuously locates (with “a high degree of accuracy”) and tracks in real time any device within range that is broadcasting a Wi-Fi signal. An IT team can use that information to deny network access to anyone located outside the building—or present in certain areas. In this way, even if user identities and authentication are compromised, access is denied based on location.

“What we’re talking about is really a first line of defense for preventing those threats from the outside, both wireless LAN and the wireside network, from wireless attacks,” says Chuck Conley, VP of marketing for Newbury products at Trapeze. “We bring location in as an extra layer of authentication mechanism to create a secure perimeter around your facility, including the Wi-Fi infrastructure. We can do a host of things defining and managing policies based on location. We can give access only in private areas, like employee zones, deny access in public spaces, like hallways. We can track user device movements to get deep data mining and analytical information to tell where trouble spots exist.”

In addition to enabling location-based perimeter security and  socation-based policy enforcement, RF Firewall provides actionable alerts and authentication history by identifying the precise location of the potential security breach. It also tracks user and Wi-Fi device movements based on authentication requests to access the wireless network. A complete, detailed device list and the history of all devices on the network, including attempts to connect to the network, are displayed in real time.

“We’re introducing location as another method of authentication for a tighter level of perimeter security,” says Conley.

Location appliance

RF Firewall runs on the Trapeze LA-200E ($21,995 together) location appliance. The Trapeze LA-200E supports up to 200 access points, supports and locates 802.11n clients, and can simultaneously track up to 4,000 Wi-Fi devices. It works in concert with Wi-Fi equipment from a wide variety of WLAN infrastructure providers, in addition to Trapeze's own NonStop Wireless infrastructure.

“The location appliance is a hardware appliance that integrates with APs and controllers,” says Brian Wangerien, VP of product management and business development Newbury products for Trapeze. “It is the first location appliance that will track 802.11n clients, as well, without any special changes; the same appliance will track legacy a/b/g plus n. It has improved algorithms and capacity to track up to 4,000 devices, while the previous version supported up to 2,000. So, we’ve doubled the capacity and the number of APs to a particular box.”

The LA200E provides a graphical dashboard (below) that shows every Wi-Fi device and AP so that IT can monitor the physical movement of all devices in the physical space in real time.

RF Firewall_Dashboard Photo_sm.PNG

RF Firewall dashboard. Click to enlarge.

“What it enables is an IT and security shop that can easily define which areas to allow and deny access in. The location tracking works in real time in physical space; we allow IT to build a perimeter around their physical space. You can start to define all the areas that are inside an enterprise’s organization. Those areas that IT is responsible for, you can distinguish that from all the areas outside of that space…What the RF Firewall does is it uses the notion of physical location with high accuracy to associate security policies with that,” says Wangerien.

“It also exposes its software development kit so that people can build location-enabled apps. The RF Firewall is software already loaded on the physical box, you just add a license to turn it on,” he says.

The doctor is in

One of Trapeze’s key markets for its location-based solutions is health care.

“With content delivery, for instance, you can push important data, such as medical information and medical records, to a doctor when she walks into the patient’s room. It’s relevant location-aware content,” says Conley.

Conley says the Trapeze solution can track devices—either tagged assets or Wi-Fi clients—to within three meters with 95% accuracy and to within ten meters with 99% accuracy.

Other key verticals, include education, manufacturing, and retail.

“It’s a fundamental value proposition,” says Conley. “With our firewall application being added with the LA200E, we are providing a secure platform for tracking assets and people. Location can add value in health care with location tracking for personnel, patients, assets—all the way down to location-based security and how it supports even high-risk data centers in the federal DoD market.”

Naomi Graychase is Managing Editor at Wi-Fi Planet. Follow her on Twitter @WiFiPlanet.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.