|
Fort Sam Houston is a prime candidate for wireless networks. The San Antonio installation is home to the commanders of the Army's medical systems and supports various military training services, including battle simulation. Because other tactical groups often conduct tests at the site, a network may be installed for a week, a few months or even a year.
On top of this, the base has 18,000 computer users and houses a number of older buildings, so running high-speed copper or fiber wiring is expensive, impractical and sometimes impossible.
Wireless local-area networks based on the popular 802.11 standards emerged as the best way to expand the base's network last year because of the easy setup and breakdown, and the minimal disruption to the existing infrastructure.
However, such an approach is not as secure as its wired counterparts, something other government agencies have discovered the hard way.
"A number of federal agencies installed wireless LANs that they thought were secure but ended up being open to eavesdroppers," said Michael Disabato, an analyst with the Burton Group, a market research firm in Salt Lake City. For Fort Sam Houston officials, security was a high priority as they shopped for a wireless LAN. A network with security flaws was not an option. Also, officials knew that they ought to follow stricter security guidelines than the average organization. "Previously, I worked for a large financial institution and understood that it was only a matter of time until federal agencies were forced to tighten up their network security requirements," said Matthew Albertson, senior network design engineer at the fort. "I did not want to walk into my office one morning, find a new policy directive and then have to revamp our network. So we searched for the most restrictive security standards that we could find and used them as the foundation for our selection." Officials at the Army base determined that to prevent unauthorized access to their wireless connections, they would have to deploy a number of extra security checks.
"Current limitations with the 802.11 security features [have] created a lot of fear, uncertainty and doubt," said J.P. Gorsky, general manager for the wireless business unit at Enterasys Networks Inc., a Cabletron Systems Inc. company in Rochester, N.H. Although "there are some potential security holes, there are also steps [information technology] departments can take to close them up."
Fort officials began their search last fall and examined wireless LAN products from various vendors, including Enterasys; Cisco Systems Inc., Linksys Group Inc. and Proxim Inc. One problem with security products is that they tend to add overhead and diminish network performance. So throughput was a top concern for base officials, who tested potential products using the largest files they could find: multiple streaming videos and high-bandwidth downloads.
The results were mixed. On the plus side, base officials found that laptop wireless cards were easy to install, had a good range and worked with a variety of brands, such as Dell Computer Corp., Toshiba Corp. and Panasonic. As far as access points ? the entry points and gatekeepers to the network ? were concerned, they found that throughput speeds and the number of channels available varied from vendor to vendor.
After testing the various products, base officials decided to deploy tools from multiple companies rather than go with a single vendor's solution.
"I think that you get the highest degree of security when you mix and match products because a hacker doesn't have to just break one firm's security check, he has to break all of them," Albertson said.
|
Linear Mode
