News Stay informed about the latest enterprise technology news and product updates.

Syracuse police swat WLAN weaknesses

The Syracuse, N.Y., police department says the proprietary security from Fortress Technology in its wireless LAN is secure and manageable, but experts say that a better offering from Cisco and evolving standards may cause the department to question its implementation.

When the Syracuse, N.Y., police department deployed its wireless local area network last year, it went with a vendor certified in government-level security. Though it is pleased with the implementation, especially regarding security and manageability, analysts say proprietary limitations and a changing vendor landscape may cause the department to question its decision.

The department first deployed its wireless LAN in interrogation rooms so officers could access key information without leaving the room. Later, it expanded the network to the records room. Now it is deploying an access point on the roof of its headquarters.

That access point will enable officers using laptops in their cruisers to wirelessly access criminal databases, arrest records and other files. The department will eventually deploy a much wider network that will allow officers to access data via multiple hot spots throughout the city and eventually the county.

With a wireless LAN so widespread, and carrying such sensitive data as reports about crimes currently under investigation, security and manageability were high priorities, said Scott Sheridan, vice president of Syracuse-based consultancy Naughton and Associates, which was responsible for procuring and deploying the system.

Through the Department of Justice's National Law Enforcement and Corrections Technology Center, based in Rome, N.Y., Sheridan heard about Tampa, Fla.-based Fortress Technologies Inc. Fortress, which has been in the security business for eight years, has developed a layer two encryption solution for wireless LANs.

Fortress has achieved FIPS 140 certification for its product, which enables it to sell to the military and other government organizations where security concerns are paramount, said Ken Evans, Fortress' vice president of marketing and product management.

Fortress uses a client on each computer to encrypt data. The client is compatible with a broad range of operating systems, including those used on industrial and rugged-ized devices, kiosks and more mainstream devices, such as laptops and smart phones.

While the police department has a security system that is filling its needs, it is a proprietary system that is relying on the health of a single company, said Chris Kozup a program director with the Stamford, Conn.-based research firm Meta Group.

Fortress' system is similar in approach to that of other "gateway" vendors, such as BlueSocket and ReefEdge. These vendors have a gateway that centralizes the management of wireless LANs. Instead of having to manage multiple access points individually, users can manage a number of access points through a centralized gateway. This can help users apply management and performance criteria, and it makes roaming through large networks seamless.

However, the industry's large vendors, like Cisco Systems Inc. and Symbol Technologies Inc., are now addressing many of the centralization and management issues that Fortress is addressing with its gateway. Both Cisco and Symbol are now selling switched wireless LAN systems that centralize the management of wireless systems in much the same way that Fortress' gateway does.

In addition to centralized management, Fortress also offers both a high level of encryption and an authentication server to ensure the security of the system. Fortress and other gateway vendors provide a high level of security and manageability unavailable on many older 802.11b systems, Kozup said.

That high level of security is undoubtedly attractive to customers. However, because of the positive moves being made by standards groups, such systems may soon become obsolete.

Many of the security holes with wireless LANs have been addressed by the new Wi-Fi Protected Access (WPA) standard. And when Advanced Encryption Standard (AES) becomes part of the 802.11i standard next year, wireless LANs will have an even higher level of security.

Sheridan is keeping an eye out for developing standards such as WPA, but he adds that, even if WPA were available a year and half ago when he began the deployment, it would not have worked for the police department. WPA is only available for newer operating systems.

None of the department's laptops are running Windows XP, and many of the department's decade-old applications only work on Windows 98. He needed a system that was compatible with these legacy operating systems; Fortress, he said, was flexible enough to enable the department to keep its legacy systems intact.

Still, Burton group analyst Mike Disabato said companies like Fortress will need to reinvent themselves if they want to compete as the wireless LAN market evolves.


Browse our mobile management case studies.

Read more public safety case studies.

Dig Deeper on Mobile networking

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.