Which enterprise wireless solution to choose??

I am evaluating WLAN infrastructure and security solutions for a deployment of about 40 AP's. I have not yet determined whether I will deploy a wireless overlay solution or rely on the built in security of the Airespace or Aruba solutions. It seems there are advantages and disadvantages either way. Can those of you with wireless security experience comment on the need (or lack of ) for an overlay system?

I would also like to here comments from those of you who have used Airespace and/or Aruba. What did you like about one system over the other? What has your overall experience been like?

Reply to
netman1000
Loading thread data ...

I am looking at AirMagnent and AirDefense for overlay.

Reply to
netman1000

Depending on your point of view some of the following may not be important or appropriate but with an overlay you get:-

Typically much easier to manage and maintain than say WPA2

A single security audit point

An overlay is vendor agnostic and you can change the radios or clients at will.

Finding WPA/WPA2 clients for all devices is much harder than say with an overlay solution which could well offer support from DOS, through all Windows, Linux, Palm and Mac.

An overlay will typically be AES256 compared with the AES128 of WPA2.

Depending on whose overlay you choose, it might not be vulnerable to a password guessing denial of service attack such as exists with an 802.1x solution.

An overlay solution could be FIPS140 certified into government/military deployments, WPA2 isn't.

Which overlay solutions where you looking at?

David.

Reply to
David Taylor

Ok, that's a different thing altogether. They provide more radio security than data security which is what I was referring to which was more of a wireless security gateway solution.

One of the problems with the radio overlay is that it only protects the client where the sensors exist, how are you going to provide protection of the clients when they are remote from the organisation?

A gateway based solution with an installed client (depending on which one!) can encrypt all the data to and from the device even when away from base, thus preventing someone setting up a rogue hotspot and having the device connect to what the device thinks is a genuine hotspot. Intruder now has a connection, thanks very much.

Neither will provide an easier set up and still leave you with the configuration/maintenance of certificates, RADIUS, questionable client support, spoofable MAC addresses and so on.

Have you looked at any of the gateway offerings?

David.

Reply to
David Taylor

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.