Many small businesses are adopting wireless as a means of providing network and internet access to customers and their own mobile workforce. But in doing so can open up their own networks to attack. The RideWay Station WLAN Plus provides a way around the current flaws in wireless protocols to ensure secure access from wireless networks.
The box itself is tiny and sits between the DSL/Cable router and the local network and wireless network. Setting up proved to be difficult. Not the hardware set up, that was just a case of plugging in the relevant cables into the right holes. As the entire configuration is web-browser based we needed to point the browser at the device's IP address.
Initially all seemed fine and we logged in our username and password and waited for the administration screen to appear. We got halfway through loading up the home page and waited, and waited some more. The page kept saying, "Please wait while loading", we waited some more. We realised that something was amiss.
Referring to the vendor's web site we found the solution to our problem – or so we thought. It asked us to set the security option on internet explorer to "default", which we at the magazine do not like doing as it is not very secure, but in order to fix the problem we did so. And then nothing happened, which was not good. (Since then the vendor has updated their FAQ page on our recommendations).
So we then phoned up the company's support, the guy on the other end was very helpful and suggested that we needed Microsoft Virtual Machine installed on our workstation, it was included on the CD which came with the box. Obviously, they knew that this was a problem but neglected to mention this on any of the guides and manuals on the CD.
This would seem to stop Linux users in their tracks if they wanted to administer the device from their workstation (unless of course they were to use the wonderful Crossover office application and run internet explorer in that).
We would suggest the vendors would do well to include native java support in the web-based configuration, as this was just another inconvenience to be overcome. Besides which Microsoft them selves will discontinue support of Virtual Machine in September 2004. Microsoft also discourages the continued distribution of MSJVM due to its limitations on support.
After all this, the actual console appears well laid-out. The left hand panel detailed settings such as the network interfaces, firewall settings as well as VPN configuration.
Setting up the firewall was troublesome, our broadband router has a basic firewall set up on it as well as having personal firewalls running on our workstations. We did not seem to be able to connect to the internet through the device until we found buried in menu structure a check box for firewall cascading. This allowed the firewall on the device to accept private addresses as well as public addresses for its internet connection. Hopefully this meant that we had another layer of protection between our network and the internet.
Setting up access for wireless clients was straightforward, the appliance automatically seeks out computers on the wireless network, allowing administrators to authenticate and manage clients from the web interface. We liked how the device could allow guests to use the internet without stumbling onto the corporate network. This is not to say that proper precautions should be wholly abandoned, we would still recommend the use of WEP (however flawed that may be) and VPNs.
The box it connected to the wireless network through the DMZ port located on the back of the unit. A crossover cable is used to connect the two together. We presume that connecting a hub or switch to the DMZ port will allow both access point and web server etc to share the same port, although this could make things a tad crowded.
The next thing to look at was the VPN set up on the device, which is the only way the device will allow wireless users access to the wired Lan. Setting up meant adding user accounts and setting out policies. Also we could specify whether their was to be Lan-to-Lan or remote office connections. The Lan-to-Lan capability allows the establishment of a secure intranet among multiple locations. The VPN supports Microsoft Point-to-Point Tunnelling Protocol (PPTP) using 128-bit RC4 encryption as well as IPSec using 3DES 168-bit encryption.
The company also provides a dynamic DNS service for companies without a static IP address at their gateway. As long as a site is running the device, the company can have a unique hostname that is update with the IP address as it changes. This mean the remote user configures the VPN destination using the hostname as opposed to continually relying on the system administrator providing the current IP address.
On the whole the device does its all of its roles adequately. The time taken to set up thing meant that users could have a frustrating time of things which the guides failed to explain properly. However the support people made up for the lack of support that should have been in the documentation. Onsite support, according to the quick installation guide sent with the box, is limited to the D.C./Baltimore metro area.
By Rene Millman