OptimumPath Secure Wireless Router
August 28, 2003
OptimumPath's wireless router is heavy on security and contains a great deal of functionality for both wireless and wired infrastructure networks
Price: $12,000 MSRP
Pros: Full protection against ARP attacks; extensive rogue detection; integrated, lower-cost total solution.
Cons: No wireless denial-of-service protection, limited GUI for making configurations.
OptimumPath's wireless router is heavy on security and contains a great deal of functionality for both wireless and wired infrastructure networks. The RTC-2000 provides cost savings resulting from the integration of a wide variety of network functions, making it a component that offers significant value when deploying enterprise and public wireless LAN solutions.
Since one of the RTC-2000's strong suits is protection against address
resolution protocol (ARP)
A noteworthy problem with the ARP process is that it offers a significant security issue resulting from ARP spoofing. All a hacker needs to do to spoof a user is to independently send an ARP response from a rogue network device that maps the IP address of a legitimate network device, such as a wireless access point or router, to the MAC address of the rogue device.
As a result, legitimate stations on the network will automatically update their ARP tables and send future packets to the rogue device rather than the legitimate access point or router. With this Man-in-the-Middle attack, a hacker can easily manipulate user sessions flowing over encrypted links and access sensitive, password-protected information. Because firewalls are always open to ARP, attacks can stem from outside the facility -- something that should definitely cause IT managers to lose sleep.
For some credible details on ARP security issues, refer to a University of Texas paper (not light reading).By providing a secure tunnel between each client and the router, the RTC-2000 completely protects wireless networks from ARP attacks. OptimumPath's Secure ARP (SARP) provides the secure tunnel between the client and the RTC and ignores all reverse ARP requests not associated with the tunnel.
For example without SARP enabled, we were able to use dsniff to establish a man-in-the-middle attack and hack into a user logging into an SSL-based Website account (yahoo e-mail). After activating SARP, it was not possible to replicate this form of attack. With SARP running, you can certainly rest at ease regarding ARP attacks.
As I've mentioned in a previous tutorial, rogue access points are a big security concern. Employees of a company may inadvertently connect access points purchased from the local office supply store into the corporate network without coordinating the action with IT support.
As a result, IT managers should deploy mechanisms that monitor for rogues before the security hole a rogue provides lets a hacker or even casual snoopers onto the network. The ability to effectively identify rogues, however, is missing from most wireless LAN routers on the market. The RTC-2000 shines in this department by implementing a comprehensive suite of heuristics that identify the presence of rogue access points.
The RTC-2000 is a complete solution, offering the right mix of functionality for most enterprise and public wireless LAN systems. The integration of routing, authentication, bandwidth control, intrusion detection, auditing, self provisioning, wall garden, virus filtering and spam protection among other valuable tools into one unit results in lower overall costs compared to purchasing individual components. This is extremely beneficial, especially for start-ups deploying public wireless LANs.
Some Downsides to Consider
Denial of service is a major concern for some wireless LAN applications. The RTC-2000 offers superb wired side DoS protection. The system uses a flexible and proactive stance against inbound and outbound datagrams. This allows the system to block intrusion by unauthorized users. As with other wireless LAN routers on the market, the RTC-2000, though, doesn't offer provisions to counter radio-side DoS attacks.
For example, someone could flood the network with 802.11 Clear-to-Send (CTS) frames and cause other stations to indefinitely hold off transmitting data frames. OptimumPath engineers are aware of these types of problems, though, and they're working on future upgrades to counter wireless DoS attacks.
This is nit picky, but the current version of the RTC-2000 offers somewhat of a basic graphical user interface (GUI) for configuration. An average IT person can add the RTC-2000 to a typical network using the GUI to significantly improve security, but the command line interface (CLI) is necessary (and somewhat difficult to learn) to optimally tune the router. As a result, you might need services from OptimumPath to assist with the initial installation and configuration of the router.
All-in-all, the RTC-2000 is a high end, secure wireless LAN router that has features that stand out among the sea of other routers on the market. Definitely consider including this product in enterprise and public wireless LAN solutions to lower risks and liabilities resulting from information flying around on airwaves.
Jim Geier provides independent consulting services to companies developing and deploying wireless network solutions. He is the author of the book, Wireless LANs and offers computer-based training focusing on wireless LANs.