Wireless LAN Controller in the Private Cloud

wlancontroller_rsserieWhether it’s the residential sector or comprehensive installations within offices, to highly sophisticated applications and even beyond, by now wireless networks can be found in almost all market segments. Wireless LAN has become far more than a mere network to supply wireless Internet connectivity. The technology is now part of a business processes. Due to the large variety of applications, it is hard to mention all of them. Nevertheless, these are the most common applications. The wireless Internet access and e-mail connection are the most common applications for sure. Some companies have even stopped using LAN cabling to a great extent. Retailers often use mobile cash registers connected via wireless LAN. Logistic companies, as well as retailers, register incoming and outgoing goods by wireless barcode scanners. And while we are on the subject of retailers and logistic companies, they nearly always have several locations and hence they are chain stores.

Today’s wireless LAN networks have become increasingly available throughout the entire company infrastructure. Therefore a variety of access points are required for a seamless network and of course, for a central management and monitoring of sometimes numerous access points, wireless LAN controllers are used.

Wireless LAN controller for chain stores and branch offices: Centralized management

We will now describe the suitability of wireless LAN controllers for chain stores in order to facilitate the monitoring and configuration of wireless LAN networks in different branches. Thus the central management and monitoring of all access points in all branches should be prioritized.

Working via a WAN connection a wireless LAN controller in remote operation, secured via a VPN tunnel, has some specific characteristics.

imagenwlanpost

In the graph above the wireless LAN controller located at the central site communicates via a secured VPN connection to numerous access points which are located in several branches.

These access points in the graph above are fat access points. Basically the wireless LAN controller centralizes configuration and monitoring. It is advantageous to process the user data in the various branches locally in order to limit the data volume transferred via the WAN connection secured by VPN. This is the case in many applications. Initially, as a fail-safe operation, a supermarket chain for example, usually processes on site and hence decentralizes the data of the supermarket checkouts and wireless barcode scanners. Only in the evening at closing time data synchronization takes place between the branches and the Head Office.

Wireless LAN controller solutions for remote operations

A further problem which occurs with the remote operation of a wireless LAN controller, is the availability of a WAN connection secured via VPN. Naturally a VPN connection cannot guarantee a hundred percent availability. Even managed VPN services only assure an availability that ranges between 95 and 98 percent. After all this could mean a failure of several days a year.

Hence, it can be said that, only wireless LAN controller solutions that are especially designed for remote operations are suitable for this type of scenario. This includes:

  • Traffic limitation between access points and the wireless LAN controller.
  • Self-sufficient operation of access points that can run for a specific period of time without being connected to the wireless LAN controller.
  • Users should make sure that the data can be processed locally in order to bridge downtimes of the VPN connections.

Bintec WLAN products can deliver a simple and powerful platform that solves common problems such as reliability, security and local/remote management of the whole WLAN network across the WAN and individual Access Points. Total integration with Teldat or bintec-elmeg routers and management platforms is indeed a strong added value for those customers who already have a significant installed base of these devices. Moreover, it is also a great added value for those who plan to deploy a large number of branch office infrastructure and need a complete network solution for wired and wireless connectivity.

Hans-Dieter Wahl: WLAN Business Line Manager

Heartbleed attacks and Internet security: Prevention is better than cure

heartbleed noticeOur daily data traffic on the Internet has reached dimensions which can hardly be put into numbers. For example, in June 2014, an average of 1.7 Tbit/s of data has been transmitted at the German DE-CIX (the largest Internet exchange point worldwide, situated in Frankfurt). Indeed, numerous transactions related to critical applications such as financial or personal data are conducted. Whether stock market transactions, online shopping or home banking, anyone who carries out such transactions counts implicitly that security, integrity and authenticity are guaranteed at any time.

For years, such processes and methods have been well established on the basis of deploying according technologies which permit to appropriately encrypt and secure data transmissions. Here, the use of SSL has become a quasi-standard.

However, it has also turned out that web server, NAS, gateways and routers, due to an implementation error are vulnerable, as sensitive data can be retrieved without being able to detect the spying of data as an attack. Furthermore, particularly worrying is that a variety of services which protect their data, typically via SSL/TLS, are affected. This also includes e-mails (POPS, IMAPS, SMTP with STARTTLS).

Anatomy of a “heart defect

 By looking closely at the problem, one realizes that the actual error is comparatively simple. In order to maintain a communication, so-called heart beats will be sent out between the communicating partners. In this process the sender transmits data (payload) to the receiver who in return sends the data back.

The problem, however, results from the fact that the receiver does not verify how much data has actually been sent. This means, if the sender “lies” and actually only sends one single byte but claims to send 16 Kbyte, the receiver responds willingly by sending back data from its random access memory. This results in phishing the random access memory of the remote station by the attacker.

If someone uses this procedure systematically and with high computing power, large quantities of credit card information and passwords can be gathered and spied upon. Furthermore, it was possible to get to the innermost part of servers in order to spy out the private key. The consequence would be that perfect imitations of servers can be placed on the Internet and the users won’t notice because they won’t get a warning message of faked certificates.

Is it possible for your data security to recover from a “heart attack”?

Users and people affected are in a rather uncertain situation. Concerning the systems to which we have access, we have to explore as soon as possible whether a serious threat exists. This can be carried out in cooperation with the corresponding manufacturer.

If this is the case, appropriate measures have to be taken quickly in order to update the affected systems. In this context, it is also advisable to replace the digital certificates and to declare already existing certificates as invalid, although this may “only” be a precaution. For services to which we do not have access, we have to rely on the respective service provider to ensure security as soon as possible. It only makes sense to change passwords, after the provider has renewed certificates.

Take security preventive measures

The use of Open Source and especially in this case of OpenSSL, shows how a fundamental and critical infrastructure on the Internet can crumble overnight.

When you look behind the scenes and see how many software engineers actually work full-time on the maintenance and development, it is indeed thought-provoking.

As a manufacturer, we also ask ourselves the question, which is the correct way into the future?.

In none of Teldat´s products are the software components mentioned above deployed. Nevertheless, we see it as part of our responsibility, towards our partners and clients, to keep developing our products continually and even more intensively.

AUTHOR: Bernd Büttner

Bernd Buettner: