By Galen Gruman, editorial director, IT Wireless
A free newsletter to all IT Wireless subscribers.
This issue's sponsor: Bridgewater Systems
Note to readers: Some email clients, such as Lotus Notes, do not properly handle links within an email, such as those above to specific stories. If your email client cannot properly use these links, simply scroll down for the stories. Links to Web sites outside this email should work in any email client.
SPONSOR: BRIDGEWATER SYSTEMS
Looking to Secure, Control Access to & Track Usage on Your Enterprise WLAN?
Bridgewater Systems' Wi-Fi AAA provides
Authentication, Authorization, and Accounting for Secure Enterprise WLANs
using 802.1x and WPA. A 30-day trial of Wi-Fi AAA is now available for
download. For more information, please visit: www.bridgewatersystems.com/offers/WiFiAAA
Campus Blocks Viruses in Vulnerable Wireless LANs
IT departments have spent countless hours in recent months blocking viruses and worms that cascade through their systems, threatening to shut down their vital data communications systems. And many enterprises have installed antivirus tools at firewalls, routers, and other key relay points throughout their networks. But they may need to consider doing the same within their wireless LANs, as the University of California at Berkeley found it had to do this fall.
What UC Berkeley found was that the current crop of worms "propagated so quickly that they began to saturate the wireless connections, which are less robust with just 2 to 10Mbps of shared bandwidth versus 10 to 100 Mbps of switched bandwidth on a wired segment," says Christopher Chin, the network exorcist (his real title) at the university's Communications and Network Services Department. Simply put: Wireless LANs get overwhelmed more quickly than wired LANs because of their smaller bandwidth. That meant putting antivirus tools directly in the wireless segment, at the network edge, rather than relying on the core network's antivirus tools to quell worm and virus activity in time.
UC Berkeley was able to set up virus filters in its wireless control server, which manages the wireless access managers that in turn control the access points. The wireless control server is essentially the policy manager for the wireless network and sits at the gateway location between the wireless and wired LANs, so the control server can propagate the antivirus filters and rules to the wireless hardware. The university's core network doesn't have the ability to manage the wireless hardware, so the antivirus tools in place at the core couldn't block worms within the wireless segments, Chin notes.
Fortunately, UC Berkeley's wireless hardware, from Vernier Networks, supports local antivirus filtering. "It was fairly painless — finding the fingerprint and implementing it was the hardest part. It took just a few hours," Chin says. "It was rather astounding how quickly traffic dropped off" once the filtering was enabled, he adds.
The university hadn't given much thought to this capability when it first chose the Vernier hardware. "The antivirus filter comes packaged with the wireless gateway server," Chin says. "It was just a nice thing to have." Only with the fall wave of worm did its true value become evident. "Vernier uses FreeBSD, which helps pick things apart [during traffic filtering] to manage traffic," Chin says. IT Wireless checked with several other major wireless hardware makers, and only Cranite Systems offered a comparable antivirus capability, although several others such as ReefEdge detect denial-of-service attacks and MAC address spoofing.
Chin notes that the Vernier filters aren't effective for viruses and worms that use legal Microsoft ports and requests, so the Vernier filtering tools augment other security tools, not replace them. And, he further notes, "all vendors handle filtering differently because of how they handle traffic through the backplane. There are switches and routers also manage traffic differently." That means that UC Berkeley's implementation may not map to those of other organizations, so other IT departments might need to use a different approach to protect their more easily overwhelmed wireless segments. The key, Chin says, is that network administrators understand that wireless LANs can be more easily overwhelmed and thus should be protected more strongly than the wired segments in a network.Got deployment experience and lessons to share? Let us know at firstname.lastname@example.org.
From our editors
Get a printed set of our new
2003 market overview plus IT Wireless case studies and IT
Wireless analyses in the IT Wireless Report: Trends, Analyses,
and Case Studies of Wireless Deployment in the Enterprise. Use it
as a handy reference. Share it with your colleagues and staff! You also
get a PDF version immediately upon purchase. PLUS! Subscribers get 40% off the $100 cover price and free shipping
to U.S. addresses!
In recent weeks, several companies, including Atheros Communications and Broadcom, have announced advances in chip-making that allow cheaper, more power-efficient processor chips. Power consumption and size are two barriers to creating wireless devices that can work all day with signals strong enough to use in true mobile settings. IBM has added its name to that list, with its announcement of a chip design that can improve performance fourfold or reduce power consumption fivefold in wireless devices compared to the state-of-the-art thin-silicon bipolar technology. Today, complementary metal oxide semiconductor (CMOS) chips are the foundation for computing applications, while silicon germanium (SiGe) bipolar chips provide radio frequency communications and analog functions. To improve the reliability of wireless devices, chip manufacturers have created SiGe BiCMOS chips that put computing and communications transistors onto one chip instead of using separate chips for computing and communications applications. CMOS computing chips show higher performance when built atop a thin silicon on insulator (SOI) wafer. However, traditional SiGe bipolar transistors cannot be built on a thin SOI wafer. Until now, no one had been able to find a technique to combine CMOS and SiGe bipolar onto one wafer that would maximize the performance of both.
On the product side, there were several developments of note in the past two weeks concerning wireless LANs:
There were also several developments to note concerning cellular data services:
Got a great product or technology tip? Send it to email@example.com.
The year 2003 has been a very trying
year for cellular service providers deploying infrastructure, especially for
those that have invested large amounts for third-generation (3G) licenses and
equipment, reports In-Stat/MDR. Without the
drive of high-speed data demand, the trend in units and overall base-station
revenue is down. Last year, total cellular base station revenue was over $31
billion dollars, and with continuing price pressures, spectrum efficiency
increases, and slowing subscriber growth rates, the high-tech market research
firm forecasts this same revenue to be almost half that in 2007.
Unfortunately, cellular providers have assumed that mobile data would emerge from fixed-line data in the same way that mobile voice services emerged from fixed-line voice. While voice and mobility naturally fit together, data and mobility don't. However, In-Stat/MDR finds that the number of cellular subscribers continues to grow, and infrastructure is getting better and cheaper. Still, for 3G to be successful, even as a voice technology, handsets must be reliable and cost-effective. While CDMA2000 1X handsets have met this challenge, UMTS handsets (used in GMS-based networks) have fallen short by a wide margin. It will take several years for UMTS handset prices to drop to a reasonable point, and for other UMTS handset issues to be resolved. By 2006, UMTS should be a viable solution, whereby operators will deploy UMTS without any second thoughts. That may give the U.S. a faster track to cellular data services than the rest of the world, since most U.S. networks use CDMA technology rather than GSM, while most of the rest of the world uses GSM.
In-Stat/MDR has also found that:
Meanwhile, a Dutch study threw cold water onto the European carriers' 3G fever: A government-sponsored study finds that the use of 3G phones can make some users nauseous, as reported by PC World. However, cognitive functions such as memory and response times were boosted by both 3G signals and the current signals, the study found. It says people became more alert when they were exposed to both. The double-blind laboratory tests — meaning no one in the survey knew if a 3G-like base station was actually transmitting signals — exposed test subjects to expected levels of average radiation for 3G networks when they become commercial. The study, conducted by the Dutch technological research institute TNO on behalf of three Dutch ministries, was the first to look for an impact of mobile telephones on well-being. It was also the first study to find a statistically significant negative impact from 3G base stations. Previous research on a negative health impact of mobile phones, mostly second-generation, has been inconclusive.
This issue's sponsor: Bridgewater Systems
them this newsletter
From IT Wireless
Tell a Friend!
As an IT professional, you know that wireless technologies such as 802.11 promise to provide significant benefits to your organization. Before you go full steam ahead, you need answers to your critical concerns about wireless LANs. Questions concerning security, compatibility and best practices, to name just a few. The IT Wireless Insider email newsletter is now here to help you figure it all out.
Get your FREE subscription to the email IT Wireless Insider newsletter today!
This newsletter is sent to all subscribers to the IT Wireless Insider newsletter; subscribers provided their email address at the time they requested the publication at our Web site and received a confirmation of their subscription at that time. Click here to change subscription information.