Buffalo AirStation Keeps WLANs Secure

By Joseph Moran | Posted August 31, 2004
The number of wireless networks (WLANs) in SMBs has exploded over the past several years, and wireless networks continue to spread thanks to inexpensive and ubiquitous equipment. However, people setting up these networks often get the equipment working and then call it quits. As a result, many SMB wireless networks operate without any security configured, due either to an unawareness of the risks or an unwillingness to endure potential configuration hassles.

Buffalo aims its AirStation WHR3-G54 with the AirStation One-Touch Security System (AOSS) feature squarely at this issue, in an effort to make configuring wireless security so easy and unobtrusive that all it requires is the press of a button.

The Setup
The G54 is fairly simple and straightforward, particularly if you use one of the setup wizards (one for DSL connections, one for cable) that get the connection up and running for you. Neither gives you the opportunity to configure any optional settings other than whether or not the DHCP server is enabled, so most people will have to delve a bit deeper into the configuration interface.

The AirStation G54 gives you a fairly extensive degree of control over wired and wireless settings, providing useful features like transmitter power control (in 25 percent increments) and privacy separator, which keeps wireless clients segregated from each other. It also provides extensive intrusion detection capability, with e-mail alerts and pop-up notification via the Buffalo Client Manager software.


The G54 also supports all major forms of wireless encryption, from WEP to WPA with either TKIP or AES encryption. When using TKIP encryption, the unit gives you a choice of using either hardware- or software-based encryption. If you choose the latter, the G54 can accommodate 50 clients — if the former, a mere 12. The G54 also supports pass-through authentication via a RADIUS server.

The point of the AOSS feature is to free you from having to be concerned with such matters as encryption methods. In order to connect an AOSS-enabled Buffalo client to a compatible router, you first press the router's AOSS button for three-to-five seconds, which illuminates a flashing amber indicator on the unit. This puts the router into "AOSS mode," during which it can accept configuration requests from AOSS clients.

AOSS lets the router specify all the encryption settings that the router and client can mutually support, which the client then uses to configure itself automatically — via a randomly generated SSID and encryption key.

Road Tested
I tested AOSS with a Buffalo WLI-CB-G54S CardBus. After clicking the AOSS button in the client software, an automated wizard appeared which went through approximately 90 seconds of machinations without any input from me before bluntly responding that the wireless connection had failed. Despite the unhappy message, however, the wireless connection had not failed, and within a few seconds the client had full wireless connectivity over an AES-encrypted connection.

There are some practical limitations to consider when using AOSS. The AirStation G54 can't configure multiple AOSS clients simultaneously (although it supports a total of 24 clients), so you'll need to add them to the network one at a time. The AOSS process also can't be initiated solely from the client — you must first press the button on the router to enable AOSS mode. This keeps you from physically securing the router from users at your location that want to connect to your network using AOSS, but it also makes sense in order to prevent unauthorized AOSS clients from attempting to connect.

The price of convenience is often paid in flexibility, and it's a good idea to put some thought into WLAN configuration settings prior to enabling AOSS. This is because there are few — if any — settings that can be changed without deleting the router's existing AOSS information and starting over from scratch and reconfiguring all the clients, one at a time. Even settings that would ostensibly have nothing to do with encryption (like channel selection) seem to be locked down once there's an AOSS client on the network.

Clever Encryption
On the other hand, other aspects of the AOSS system are quite ingenious. When you first configure a client via AOSS, it is given encryption keys for all four methods supported — WEP64, WEP128, TKIP, and AES — irrespective of which method is initially chosen.


Thebullfalo AirStation WHR3-G54 with the AirStation One-Touch Security System (AOSS)
Wireless networks need security, too. Try the Buffalo AirStation WHR3-G54 with AOSS.

The keys are stored on the system in advance, so that if it becomes necessary to manually change the encryption method later (say, to accommodate a non-Buffalo/AOSS device) all you have to do is change the encryption method and the appropriate key automatically activates on the client.

This worked very well, as changing the encryption method resulted in only a momentary interruption in connectivity as the router and client got on the same page.

Similarly, should an AOSS client come on board that doesn't support the encryption method currently in use, the router will step the network down to the highest universally supported form of encryption.

Compatible Clients
In addition to the WLI-CB-G54S CardBus, Buffalo includes AOSS capability for various other client devices, including PCI, USB, and wireless Ethernet clients, along with certain other wireless router models. Standalone clients, like wireless Ethernet adapters and bridges, sport an AOSS button on the hardware just like the routers do. Any device that works in conjunction with a PC, like a CardBus, PCI, or USB adapter, needs the Buffalo client software in order to enable AOSS connections.

The requirement for client software means that on Windows XP, the Wireless Zero Configuration (WZC) feature and AOSS are mutually exclusive. Buffalo says AOSS will work with any older Buffalo clients that are compatible with the Client Manager.

A caveat: I was initially unable to install the CardBus client software due to an odd problem with the driver CD. The CD was readable, but files and programs on it refused to execute. Buffalo was aware of the problem and has since replaced the defective CDs, but if you experience this problem you'll need to download the software from the Web site or contact the company for a new disc.

Once a client has been configured with AOSS, its information is stored in the router's database in non-volatile memory, so a router reboot or power interruption will not require the client to go through the AOSS process anew.

Obviously, the AOSS feature won't work with non-Buffalo clients, but that doesn't mean that such clients are barred from joining the network. Once the network has been configured via AOSS, it's easy enough to consult the router administration interface to see what type of encryption is being used.

On the WLAN security page, however, the specific encryption key is obscured, just as it would be in a conventional configuration. You can view the encryption key used on the G54's AOSS configuration page (a strong administrative password is recommended), and then enter it into any non-Buffalo client to add it to the WLAN.

You'll probably want to copy and paste from a text file, though — in the case of a WPA pre-shared key, AOSS configured a full 63-character pass phrase, which is neither fun nor easy to try and type error-free once, much less twice.

125 High
The WHR3-G54 uses a Broadcom WLAN chipset, and thus supports the so-called 125 High-Speed Mode (maybe that's why there's an asterisk in the product name?) which is supposed to provide throughput equivalent to a 125 Mbps 802.11g signaling rate, or about 34 Mbps in the real world. At close range, I saw only 29.3 Mbps using AES encryption, and about 27.9 Mbps using hardware TKIP.

Conclusion
Overall, AOSS proves to be a pretty useful and easy to use feature, and it should entice people to enable security on wireless networks where they might not otherwise.

Of course, you get the full benefit of AOSS when you're exclusively using supported Buffalo clients, but the system is flexible enough to let you add third-party adapters without going through any more hassle than you would on a non-AOSS network. If you want to want to maintain a wireless network with a maximum of security and a minimum of grief, the Buffalo WHR3-G54 with AOSS is a fine choice.

Adapted from PracticallyNetworked.com, part of the EarthWeb.com Network.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     


    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    • webcast video
      Microsoft Publisher Tips This video shows you how to create great-looking business brochures with Microsoft Publisher 2003.
    • webcast video
      Photoshop Tips In this video, we show you how to improve on or eliminate ugly and unwanted backgrounds.