Bluesocket WG-2100: if you're looking to gain control over your wireless LAN segments, this might be the device for you.In the May issue of MOBILE BUSINESS ADVISOR, I evaluated the ReefEdge ReefSwitch 50 Wi-Fi security product. In this issue, I turn my attention to one of its competitors: the Bluesocket WG-2100 Wireless Gateway (WG). The WG-2100 supports unlimited users, 400Mbps unencryptcd data throughput, and 150Mbps encrypted data throughput. The Bluesocket's 2U rack-mountable form factor is attractive and sleek looking. The chassis measures 17.5" wide, 3.5" tall, and 14" deep. Perhaps the only drawback to the form factor is the relatively noisy fan. However, because most deployments will likely place this unit in a server room, the fan probably isn't a problem. However, if for some reason you plan to place this device in an occupied office, you may find the noise level to be unacceptable. A quick peek at the back panel reveals an RJ-45 jack for connecting to your "protected" network (the wired side), as well as an RJ-45 jack for connecting to your "managed" network (the wireless side). Interestingly, the Bluesocket device has an RJ-45 jack labeled "Fail Over." You can use this port to connect to an optional, redundant Bluesocket device. In the event of a failure, Bluesocket automatically switches over to the back-up device. When the original device recovers, Bluesocket automatically switches back to the original unit. No user intervention is required during the fail-over and recovery process. The front panel of the WG-2100 has a convenient Power button and Reset button, as well as Power and Disk LEDs. However, perhaps the most noteworthy feature of the WG-2100 is the two-line (16 characters per line) Liquid Crystal Display liquid crystal display (LCD) Optoelectronic device used in displays for watches, calculators, notebook computers, and other electronic devices. Current passed through specific portions of the liquid crystal solution causes the crystals to align, blocking the passage of light. (LCD) interface on the front panel. This interface reports device status (e.g., "Initializing," "Getting IP," "No DHCP server," and "Stopping"). The best part of the LCD screen is that it displays the IP address of the device. This is a simple feature, but it comes in handy during the installation process. Although the back panel has a console port (DB-9 serial), the use of this port is unnecessary because the IP address is clearly visible on the front-panel LCD. All you have to do is open a browser from any connected PC and navigate to the WG-2100's IP address. Of course, the serial port does come in handy Verb 1. come in handy - be useful for a certain purpose be - have the quality of being; (copula, used with an adjective or a predicate noun); "John is rich"; "This is not a good answer" if you need to reset the database to recover a lost password. In the lab For my lab environment, I'm connecting a wired laptop to the access controller using a cross-over cable. The laptop is able to instantly lease an IP address and receive gateway, DNS (Domain Name System) A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the , and other configuration details using DHCP (Dynamic Host Configuration Protocol) Software that automatically assigns temporary IP addresses to client stations logging into an IP network. It eliminates having to manually assign permanent "static" IP addresses. DHCP software runs in servers and routers. . Opening a browser window automatically redirects me to a portal page where I can enter my username and password. In addition to the typical username/password fields, there's a separate textbox on the login page where guests can log in by entering their e-mail address (and no password). You can disable guest access altogether or limit it to specific activities. For example, by default, guest access is limited to port 80 for Web surfing. After you're inside the administrative Web interface, the user controls are intuitive and straightforward. I never have to search far to find an item I'm looking for, and navigating the menu system is a breeze. When setting up roles, it's extremely easy to configure a variety of options. You can specify a particular bandwidth limit (such as 100Kbps) per user or per group. In addition, you can configure network policies based on service (port number), destination (IP Address), time/date, and location. Another particularly nice feature is the ability to limit the number of active sessions per username/authentication type. This is a great feature if you're concerned about users sharing their credentials with other people for simultaneous logons. Also, if you're using your Bluesocket device to enable public access, there's an option for SMTP (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. port redirection. So, users who try to send e-mail can get their messages through without reconfiguring their e-mail clients! From the Active Connections tab, you can also disconnect an active user. Once disconnected, all user connections (including pings and SSH tunnels) are ended. One the other hand, there are a couple of Bluesocket downsides. First, creating or modifying roles requires a restart of system services. Because this procedure isn't a full system reboot, it doesn't take very long (about 10 seconds). However, the restart drops all connections and IPSec users must reauthenticate. You can schedule restarts for a particular time, but nevertheless, this can be inconvenient. Second, Bluesocket is light on reporting features. You can view a list of who is authenticated (and how much bandwidth they're using), as well as a summary of user and system statistics. But, it would be nice to have more ways to "slice and dice Refers to rearranging data so that it can be viewed from different perspectives. The term is typically used with OLAP databases that present information to the user in the form of multidimensional cubes similar to a 3D spreadsheet. See OLAP. " the data. UpShot BlueSocket provides an all-in-one integrated device for managing and securing wireless LANs. First-time configuration for the WG-2100 is simple and straightforward. If you need granular control over your wireless LAN segments, the BlueSocket device will help you manage your wireless network quickly and easily. ADVISOR ADVISORY[R] EVAL[TM] BUSINESS BENEFITS Granular control and an easy-to-use interface make this a product worth looking at. (+) Good support for most authentication methods and security protocols (+) Practically configures itself (+) Management interface is clean and intuitive. (-) Reporting features fall short Bluesocket http://www.bluesockeet.com Bluesocket WG-2100 Call for prices. AUTHENTICATION OPTIONS: Built-in database, LDAP (Lightweight Directory Access Protocol) A protocol used to access a directory listing. LDAP support is implemented in Web browsers and e-mail programs, which can query an LDAP-compliant directory. , RADIUS, Windows XP/2000/NT-domain login interface, Windows Active Directory, 802.1x, secure tokens, MAC Address. SECURITY OPTIONS: IPSec, L2TP/IPSec, PPTP (Point-to-Point Tunneling Protocol) A protocol from Microsoft that is used to create a virtual private network (VPN) over the Internet. Remote users can access their corporate networks via any ISP that supports PPTP on its servers. , AES, DES, 3DES, SSH VPN COMPATIBILITY: Microsoft (PPTP, L2TP/IPSec), Macintosh (OS10.2), Certicom Movian, PGPNet, SafeNet, Funk AdmitOne ACCESS CONTROL MANAGEMENT OPTIONS: Rights based on role, location, time/date, VLAN See virtual LAN. VLAN - Virtual Local Area Network (location), TCP/UDP TCP/UDP Transmission Control Protocol/User Datagram Protocol port, protocol, destination Lee Barken, CISSP (Certified Information Systems Security Professional) The award for successful completion of an examination in computer security administered by the International Information Systems Security Certification Consortium (ISC)2. , CCNA See Cisco certification. , MCP (1) See Microsoft certification. (2) (MultiChip Package) A chip package that contains two or more chips. It is essentially a multichip module (MCM) that uses a laminated, printed-circuit-board-like substrate (MCM-L) rather than ceramic (MCM-C). , CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. , is the co-director of the Strategic Technologies And Research (STAR) Center at San Diego State University San Diego State University (SDSU), founded in 1897 as San Diego Normal School, is the largest and oldest higher education facility in the greater San Diego area (generally the City and County of San Diego), and is part of the California State University system. . He has worked as an IT consultant and network security specialist for Ernst & Young's Information Technology Risk Management (OTRM) practice and KPMG's Risk and Advisory Services (RAS (1) See network access server. (2) (Remote Access Service) A Windows NT/2000 Server feature that allows remote users access to the network from their Windows laptops or desktops via modem. See RRAS and network access server. ) practice. Lee is the president of the San Diego Wireless Users Group and writes and speaks on the topic of wireless LAN technology and security. He is the technical editor for MOBILE BUSINESS ADVISOR magazine, and the author of How Secure Is Your Wireless Network? Safeguarding Your Wi-Fi LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. (ISBN 0-13-140206-4), barken@mail.com, http://www.sandiegowirelesstraining.com. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion