The Enterprise Mobility arm of Motorola today announced a new wireless firewall designed to protect retail clients from the kinds of WLAN attacks to which firewalls optimized for wired infrastructure may be blind.
Calling it “the industry’s first wireless firewall,” Motorola says its solution meets the requirements of the latest Data Security Standards enforced by the Payment Card Industry (PCI) by providing clean separation between wireless and wired networks. Used in conjunction with Motorola’s AirDefense wireless intrusion prevention systems (WIPS), the firewall protects sensitive information, such as credit card data, by employing “unparalleled” traffic inspections at every network layer.
Motorola says its “enhanced stateful Wireless Firewall” is easy to deploy and integrates with leading enterprise authentication systems.
“There are a multitude of challenges for retailers to protect against,” said Kevin Goulet, senior director of product marketing, Enterprise WLAN Division of Motorola’s Enterprise Mobility Business unit. “Threats into networks are becoming commonplace. As the network expands, it is making the edge of that network more vulnerable. We saw the need for additional protection, not only protection between the outside Internet and the inside network, but also from the killers at the edge.”
The TJX scandal and other high-profile retail data breeches attributed to lax WLAN security have made retailers more aware of risks—and the PCI requirements help ensure greater levels of security are enforced.
“Our retailers are aware that their networks are vulnerable and need to be protected,” said Goulet. “The headlines over the past year or two, and other areas, have made them more aware than other industries. There are also retailer requirements for passing credit cards over a WLAN; they must be PCI-compliant to maintain their ability. We see the retail industry as being more aware and proactive in protecting than other industries. They see everything from DOS attacks to rogue devices.”
The fine for businesses recklessly transmitting customer credit card and personal information can be up to $300 per compromised record.
“Providing security at the edge, at the wired/wireless demarcation point, is not enough in today’s wireless enterprise deployments,” said Goulet. “We are offering location-based access control and policy enforcement.”
In other words, retailers can leverage the locationing engine built in to the Motorola firewall to enforce user identity-, role- and location-based security policies, which helps to keep access to sensitive consumer data under control. Retailers can have one policy for an employee who is accessing the network externally by connecting through mesh APs, for example, and a different security policy for employees inside headquarters using the internal network.
“This allows way more granularity, depending on role, location, time of day, etcetera,” said Goulet.
Motorola’s wireless LAN access points, switches, and mobile computing devices also support the IEEE 802.11i security standard, as mandated by the new PCI Data Security Standard (DSS) version 1.2.
“This is a new approach to firewalling that we think is right for the wireless network. In the old way, a wired firewall is acting as the demarcation point between the wired and wireless network, but this ignores the other vulnerability, which is the wireless side,” said Goulet. “This is different than AirDefense wireless intrusion detection; this is a firewall on the AP to protect the network from the attacks on the wireless side.”
Beta customers are currently testing the firewall in the field. Existing customers who have a service agreement will not have to pay to upgrade their software to include the firewall, and new customers will not see a bump in the cost of Motorola APs.
“We want to offer more features at the same price point,” said Goulet. “It really ties in to when Motorola and AirDefense, came together. We have a vision that will make ‘wireless’ and ‘security’ synonymous. We began by bringing WIPS into the wireless LAN infrastructure and we followed that up with the secure AP that had a full-time traffic cop on one radio in the AP, providing access to clients and devices. This is the third leg of that–providing firewalling and security in the network. It helps us execute that vision.”
* For more on Motorola, read “Review: Motorola RF Management Suite (Part 1),” “Review: Motorola LANPlanner (RF Management Suite, Part 2),” “Aruba/Motorola Patent Dispute Slogs On.”
* For more on Wi-Fi in the retail space, read “Retailers Need to Shore Up Defenses,” “WLAN Security Service Aims to Boost PCI Compliance,” and “RF Barrier Helps Deter Eavesdroppers.”
* To learn more about WLANs, read “Understanding WLANs: Architecture 101.”
* For more on AirDefense, read “Motorola’s AirDefense Acquisition Complete,” “Motorola’s New Indoor/Outdoor Management Solution,” and “Motorola Buys AirDefense.”