Fixed Wireless Technology

(Part III)
Taming Wireless
Security Blues with Bluesocket

We put Bluesocket to the test, subjecting its wireless gateway to a variety of authentication and VPN scenarios. Learn how the product performed in a small office setup and a wireless hotspot.

by Lisa Phifer Core Competence, Inc. [November 8, 2002]

We wrap up our evaluation of Bluesocket's wireless security system. Our final installment includes a look at Bluesocket's configuration backup and restore functions and technical support. We offer you our take on customer feedback and give you the bottom line on our overall experience.

Maintenance and High Availability
Any device that stands between your users and your network must provide robust support for configuration backup and restore functions, as well as an option for fail-over to standby.

Backing up a WG generates a binary config file that can be restored from a browser. Configs can be automatically backed up to a designated FTP server daily, weekly, or monthly. We could not tell whether these files were encrypted, but they are not human-readable. WG tables can also be exported in .CSV format (left). Export files do not contain passwords or secrets, but they do include logins and static MAC addresses. As such, they should probably be stored in a private location.

Installing a new WG release involves uploading a new image, requesting a WG-specific license from Bluesocket, then loading the new license file. If something goes wrong during the upgrade—or there is a lag between uploading the new image and getting your new license—a "switch" function lets you fall back to the previous image.

Any WG can be configured in a high-availability pair. Just drop a second WG onto the same protected and managed Ethernets, connecting HA ports with a crossover. The second WG automatically enters standby mode, while the existing WG warns "Switching to fail-over master mode." Simple enough. However, be sure to upload a license into the WG before it becomes a standby; otherwise, client logins will be rejected after fail-over.

Once an HA pair is deployed, changes are automatically synchronized. Changes that require the master to be rebooted require the same for the standby. The HA pair exchange heartbeats, using parameters that determine how quickly fail-over is initiated. Using default settings, we reset our master. Our standby missed two heartbeats before promoting itself to master about one second later. When the (former) master finished rebooting, it became the new standby.

Bluesocket's HA solution provides rapid service resumption after device failure or power loss. However, fail-over does not occur if managed or protected interfaces experience loss of reachability. In the rather unlikely event that the HA cross-over is disconnected, both WGs assume they should be master. Because they use the same IP addresses, manual reset may be necessary to put one WG back into standby mode.

In our tests, fail-over was largely transparent to non-VPN clients. Our clients averaged 25 seconds of loss—not long enough to break TCP connections. VPN clients took a heavier hit. PPTP clients prompted users to reconnect, while IPsec clients hung until users invoked DHCP release/renew. Fail-over preserves DHCP lease state; preserving VPN state as well would avoid tunnel reset. Also, status changes are shown on front-panel LCDs, but an email alert, trap, or log entry would more helpful to an admin who is not standing there when fail-over occurs.

Branding The Login Page
Clients using interactive authentication must visit the WG's login page at http:///login.pl. When an unauthenticated user tries to browse another site, the user is automatically redirected to this page. After successful login, clients can be redirected to a default URL (for example, your corporate website or hotspot terms of service). Otherwise, clients are sent on their way to the URL requested before login.

Most companies want to control or brand content on user-visible logon pages. The release we tested allows the right frame to be customized (right). Version 2.1 allows the left frame to be customized as well. Using the Maintenance menu, up to 10 blank areas of the right frame can be pointed to images (copied onto the WG) or HTML (which can reference external images). We used only images copied onto the WG because external images cause warnings that the page contains both secure and non-secure content.

Options displayed on the left frame are also configurable, like the user's ability to change his own password or select a RADIUS server. An optional logout pop-up lets the user disconnect by clicking a URL or closing the pop-up window. If the session has a RADIUS-imposed limit, remaining time is shown in the pop-up—this can be particularly handy in hotspots. The login page advises authenticated clients they are already logged on as [role] from [clientIP]. It also warns when the user is required to tunnel.

A button letting the user disconnect from the login page (without pop-up) would be a nice addition, as would an option to customize user-visible help text. A button to install the CA's certificate also appears on the login page. This requires some explanation. In the release we tested, you can upload your own certificate for IPsec authentication, but SSL still uses a certificate issued to the WG by Bluesocket. As a consequence, users must either respond "yes" to prompts every time they visit the login page or install the Bluesocket CA's self-signed root certificate. At best, this is confusing—at worst, it extends broader trust than may be appropriate. (Do you really want to trust all WGs, or just your own WGs?) We were happy to hear that v2.1 will let customers upload their own certificates for SSL server authentication.

Go to page 2: Monitoring and Logging >