wifi_ab 12/5/2012 | 3:42:49 AM
re: A Security Blanket? mesh

Yes, its GRE encapsulation of AES encrypted packets as they traverse the wire.

meshsecurity 12/5/2012 | 3:42:42 AM
re: A Security Blanket? Still does not address today's basic security needs. Attacks are blended. The VPN connection is trusted, yes, but the content is not. I will commit my attack through the trusted connection.

If you have no way to inspect the traffic going through that connection then you are vulnerable.

In this architecture you would need to use point security solutions in conjunction with the wlan. Now, you run into design issues and costs (how good is your security architect?).

Now, I can see a UTM company creating a wifi switch using NextHop code and OEM'ed AP's that would integrate wifi switch capabilities, and UTM security functionality all within a single platform. Terminate the tunnel on the switch itself and perform a full content inspection from the egress of the tunnel. Then forward it off. Simple? Not so. WiFi switch companies do not have the expertise to accomplish this. A year ago the best bet for both a UTM company and WiFi switch company was to partner. Not today....

You see, the wifi switch market is a commodity and creating one is as easy as pie (thank you Airespace/Aruba, but the difficult part is the "real" security functionality. I don't see security companies having to rely on WiFi companies to innovate in this space. They can make it themselves.

Same for mesh..but that is even more interesting.

