Wireless Local Area Networks (WLANs) enhance productivity and reduce the cost and complexity of installing wired networks. However, they also introduce new security and management challenges, particularly for government organizations, healthcare institutions, and other enterprises.

Wireless transmissions can be easily intercepted using inexpensive equipment. Since WLAN radio waves don't stop at building walls, defining and enforcing a network perimeter can be difficult. In fact, with high-gain antennae WLANs can be accessed from several miles away. This vulnerability creates an entirely new category of espionage, one that is extremely difficult to detect.

WirelessWall is system-level security software that addresses wireless networking challenges by providing both security and mobility in a highly efficient system:

Military-Grade and Enterprise-Class Privacy

• Strong authentication protects against the capture of authentication credentials during transmission and ensures session integrity.
• Layer 2 frame-level encryption protects both the data and the network.
• FIPS 140-2 certified AES cryptography is well-suited for mobile applications and creates highly-secure data privacy.
• Role-based firewalls provide flexible, highly-granular authorization control regardless of user location.

Seamless, Secure Mobility

• WirelessWall ensures the highest level of security for roaming users, even as they move across subnets.
• Mobility options accommodate roaming patterns users require.
• Users can roam seamlessly without dropping sessions and without complex, labor-intensive configuration and management.

Efficient, Centralized Monitoring and Management

• A single component solution with an intuitive web-based interface facilitates rapid installation, configuration, and remote management.
• Network administrators can leverage user credential and role information already available in existing enterprise directories for highly-granular, role-based access control.
• Customers can use any mix of wireless protocols and vendors, while maintaining a unified, trusted wireless LAN environment.
• Portable software solution operates across multiple computing platforms, eliminating the expense of proprietary hardware-based appliances.

Wireless industry groups have been working on a variety of standards to improve security, manageability, and interoperability of wireless LANs. WirelessWall embraces these industry standards, including IEEE 802.11a, 802.11b, 802.11g, 802.11j, and 802.1x.

What the standards don't - and can't -ensure is is key integrity; secure, seamless roaming; or system integrity.

Also, it is impossible to predict when hardware implementing these standards will be available, how much it will cost, and how well it will work. And standards typically define a minimum threshold, which takes a blanket, lowest common denominator approach to security.

Wired Equivalent Privacy (WEP) is an IEEE 802.11 security protocol that was intended to provide wireless LANs with a similar level of security as wired LANs. WEP has proven to be a weak security system, unable to protect WLANs from attacks from most freely available applications.

VPNs provide privacy for user data between two points (laptops and the enterprise VPN appliance, for example) and are therefore a good solution for fixed, wired remote network access. However, VPNs are generally not designed to address wireless network security, since they:

• Do not protect networks from attackers using wireless access points to enter the corporate network.
• Do not protect against interception of vital network information, like IP addresses, certain broadcast messages, computer names from NETBIOS traffic, and application information.
• Can create challenges for mobile users who roam. With VPNs, active sessions are often dropped, and users need to know how to find and reconnect to new VPN endpoints in every location covered by the wireless LAN.
• Are vulnerable to attacks such as "man-in-the-middle" and ARP poisoning denial-of-service attacks.

Some VPNs allow "split tunneling" which allows users to not only have encrypted access to the corporate LAN, but also allows unencrypted access to any site on the Internet. By enabling split tunneling on VPNs, attacks can be made via the unencrypted tunnel that can propagate throughout the enterprise LAN. WirelessWall prevents these types of VPN attacks.

Like a VPN, WirelessWall protects user data from eavesdropping. But, WirelessWall also protects the network by encrypting important IP header and other network information and implementing a firewall to control the network resources accessible via the wireless network. WirelessWall also ensures seamless, secure cross-subnet mobility for users as they roam-even across subnets.

Firewalls installed on each client can help, but they have many disadvantages in a wireless, mobile environment. To prevent bridge attacks, each client must have a properly configured personal firewall running whenever the wireless network is in use. Most large enterprises support hundreds of mobile users, each with different devices, operating systems, technical capabilities, and business requirements. Managing firewall configurations and ensuring that users do not change those configurations can be very challenging. The WirelessWall solution provides an extremely simple client that works with the WirelessWall Access Controller to deliver infrastructure-based security that cannot be compromised by improper client configurations.

Yes. WirelessWall Client and WirelessWall Access Controller are validated by the National Institute of Standards and Technology (NIST) as meeting the rigorous FIPS 140-2 standard, which is applicable to all Federal agencies that use cryptographic-based security systems to protect sensitive electronic information. Enterprises frequently use products that meet these strict certification requirements-even for applications that do not specifically require it-to ensure that their valuable resources are well protected.

To protect existing infrastructure investments and reduce overall cost of ownership, WirelessWall supports any mix of 802.11a, b, g, h, j or n access points from any vendor. Thus, you can use any Wi-Fi-compliant access points from any manufacturer. TLC has tested its solution with access points from a number of vendors, including 3COM, Buffalo, Cisco, D-Link, Enterasys, Linksys, NetGear, Proxim, and SMC.

Yes. WirelessWall is designed to facilitate whatever mobility patterns your users need. Normally, when a user moves across subnet boundaries, his or her active IP connections are lost. Depending on the application, the user may need to login again or restart a specific task.

WirelessWall provides three options for robust mobility support-the option for a user to maintain an IP address as he/she roams between subnets, ensuring application integrity; the option for a user to always attach to a given subnet, appropriate for those enterprises using static IP addresses; and the option for a user to receive a new IP address each time he/she roams between subnets. The first option is the option used in the vast majority of cases.

No, you don't have to manage another directory of users or devices with the WirelessWall solution. WirelessWall integrates easily with most popular directory systems, including Windows NT® Domains, RADIUS, Microsoft Active Directory, and any Lightweight Directory Access Protocol (LDAP)-compliant server. Your users provide the same username and password for wireless network access as they do for normal wired network access.

Yes. Because WirelessWall operates at Layer 2 (also known as the media access control or "MAC" layer), all authorized wireless clients have the same access to services on the enterprise network as their wired counterparts. You can use the same DHCP server and address scope for both wired and wireless clients, making it easier for network administrators to manage.

Yes. WirelessWall has been designed with a distributed architecture to ensure mission-critical reliability for users and network administrators. Should a failure event ever occur, an optional "Hot Standby" WirelessWall Access Controller would immediately alert the administrator and automatically take over - without any disruption in service.

WirelessWall Manager
The WirelessWall Manager is a browser-based application that provides centralized configuration, monitoring, and management of the secure wireless network. In addition to creating and maintaining local wireless access policies for mobile users, administrators use the WirelessWall Manager to monitor performance and usage of the wireless network in real-time, and quickly make any necessary adjustments.

WirelessWall Access Controller
As the gatekeeper to the wireless network, the WirelessWall Access Controller enforces the wireless access policies created on the WirelessWall Manager. The Access Controller performs all session management tasks required for secure wireless LAN operation, including encryption/decryption, firewall filtering, and secure mobility services.

WirelessWall Client
The WirelessWall Client is a zero-configuration, thin client that operates on each mobile device accessing the secure wireless network. The Client works with the WirelessWall Access Controller to encrypt/decrypt wireless traffic for each user's connection.

WirelessWall software is licensed via a "concurrent users" model. Customers only pay for the number of licenses that will be in concurrent use. For example, if a company has 3,000 users, but only 1,000 are logged in at any one time, it only needs to purchase a 1,000 concurrent user license. Other solutions require purchase of a 3,000 user license.

In addition, the WirelessWall software solution does not require companies to purchase specialized hardware and hardware support. They may use their existing purchasing and support channels as well as their corporate servers of choice. This minimizes installation, training, and support costs.