RideWay Station Security Gateway

By Steven J. Vaughan-Nichols

December 30, 2003

Unlike many security solutions for WLANs, this one doesn't build in the access point tying you to one flavor of 802.11 -- and that flexibility, plus incredible ease of use, make it a worth serious consideration.

Price: $695 for offices with less than 20 users.
Pros: Works with wired and Wi-Fi; VPN services built-in
Cons: Limit of 10 wired and 10 Wi-Fi simultaneous users; Windows-centric.

The first thing you'll notice about ITServ's RideWay Station is that there's not an antenna to be seen. That's because unlike such wireless security boxes as SonicWall's SOHO TZW and Watchguard's SOHO 6 Wireless, the RideWay Station is a pure security station and not a dual Access Point (AP)/security system.

ITServ's logic is that if you include an AP, you've locked your users into a given 802.11 standard, such as 802.11a, b or g. Given how quickly proprietary additions pop up for these standards, this approach makes a good deal of sense. For example, if you decide to use APs and NICs that include Atheros's 802.11g chipset's turbo mode, which theoretically can give you 108Mbp, you'd be out of luck if you wanted a combination AP and security system. Since Wi-Fi standards are still in a constant state of flux, having a separate Wi-Fi friendly security device that can work with any standard is a good idea.

RideWay Station is specifically an integrated firewall, VPN and security gateway. For the most part, ITServ relies on 3DES or RC4 128-bit encryption VPN tunnels instead of Wi-Fi security standards such as Wi-Fi Protected Access (WPA) and that old, flawed default wired equivalent privacy (WEP).

This may not suit a Wi-Fi purist, but for all practical purposes, the VPN model works well since it can be used both for workers-to-LAN and WLAN-to-WLAN communications. It also uses a combination of MAC address, host name, user name/password and short-term DHCP IP leases to minimize the danger of a cracker break into any one particular VPN. Of course, if your AP and cards already support WPA or WEP, you can always use those in addition to the RideWay Station's VPN.

RideWay uses Windows' built-in Point-to-Point Tunneling Protocol (PPTP) as a VPN client so it doesn't require separate VPN client software to be installed on most machines. If you're a Linux or Mac user, though, you're out of luck.

The firewall uses packet inspection and filtering and comes with Denial of Service (DoS) protection. You can also use it in conjunction with other firewall programs. In our tests, it worked successfully with a ZoneAlarm Pro 4.5 firewall and a NetScreen-IDP.

There may be easier security appliances to install than RideWay Station, but we haven't seen them. It's about as close to plug and play as you can get with a security device.

In our tests, undertaken over several weeks of constant usage on a wired and Wi-Fi network running 802.11a, 802.11b, and 802.11b+ with Windows 2000, ME and XP Pro workstations, the box worked flawlessly. Even when we pushed traffic up to constant streams of 10 Mbps on the 802.11a-equipped laptops, the RideWay never put the brakes on throughput.

Taken as a whole, the RideWay strikes us as an ideal security solution for small, Windows-centric offices who want a solution they can rely on for both their wired and wireless workstations.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.