We simulated a real-world testing environment, focusing on general functionality, advanced features, performance, range and security.
Wireless network performance: For our performance testing we used notebook computers from Dell Computer Corp., IBM and NEC configured with 802.11b wireless NICs from Agere Orinoco, Cisco Systems and Symbol Technologies. We chose these vendors because they are leaders in the enterprise wireless market. To evaluate a multistation wireless LAN environment, we configured three notebooks to transmit and receive files from a server using NetIQ Corp.'s Chariot software. We ran tests without WEP encryption and with 40-bit and 128-bit WEP encryption enabled. The results are shown in the performance charts in this article.
Range: Our range tests were performed in both office and residential environments. The office environment was a combination office/classroom building that was built in 1985 on the Syracuse University campus. We installed the gateways above the ceiling adjacent to a hallway and picked two locations for our testing, one about 75 feet and the other about 135 feet from the gateway under test. For the residential environment, we installed each gateway in a basement office on one end of a 2,000-square-foot, two-story house built in 1984 and ran tests from a second story room on the opposite end of the house. For all of our range tests, we used a single client device--an Agere Orinoco card--because it is the lowest-priced NIC (we found prices as low as $87 for the Silver PC Card) and the site-survey tools are among the best available, providing detailed measures of signal strength, noise and signal/noise ratio.
Handheld Test: In our handheld test, we simply determined whether a Handspring Visor Platinum with a Xircom SpringPort module and a Compaq Computer Corp. iPaq with a Silver PC Card would associate and pass data through each wireless gateway using a Web browser.
Printer Server: For products that support an integrated print-server feature, we attached a Hewlett-Packard Co. laser printer to the printer port. Then we installed the drivers to allow communication with the print-server port and the drivers for the printer. A test page was printed, as was a Web page to test the functionality.
DMZ: To verify the functionality of the DMZ host feature, we installed a Mandrake Linux server behind the SOHO gateway and configured it to be a DMZ host. The Linux Server had the following ports open: 7 (echo); 21 (FTP); 79 (finger); 80 (HTTP); 110 (POP3); 111 (RPC); 113 (auth); 515 (printer); 631 (cups); 853, 901 (swat); 3306 (MySQL); 5308 (Cold Fusion engine); 5432 (PostgreSQL); and 6000 (X Window). We then ran a port scan of the SOHO gateway to verify that all the ports on the Linux box were open via the SOHO gateways' external IP address. We also tested a few of the ports manually.
Port Forwarding: For our port-forwarding test we set up one workstation with Mandrake Linux and another with Red Hat 7.0. The Mandrake box was running an Apache Web server on Port 80, and the Red Hat box was running wu-ftpd on Port 21. Port 80 was forwarded to the Mandrake machine's IP address, and Port 21 was forwarded to the Red Hat machine's IP address. We then tested to see if we could connect to each of the services through the SOHO gateways.
Port Filtering: For the port-filtering test we used two wireless clients and verified the products' ability to deny or allow access from the clients to specific ports. One test involved letting one client have access only to HTTP and the other only to FTP. On devices that allowed for the creation of access groups, we verified that the rules would apply to all members of the group. We tested primary ports tested were FTP, HTTP and telnet. One device had time-based ACLs, which were tested as well.
VPN Testing: For our VPN testing we used a Cisco 3000 series VPN Concentrator and three wireless clients. Three clients were attached to each gateway, and each client had the Cisco VPN dialer software installed. We attempted to connect to the Cisco VPN gateway through the access point. Once one VPN tunnel was established, we would establish another tunnel with a second client behind the access point to see if the device under test could handle multiple tunnels. If two worked, we would try a third. Most of the access points failed after the second tunnel, usually by terminating previously established VPN connections.
Security Log test: For our security log test, we ran port scans on the various access points and checked to see if the logs would report the scans. Hackers often use port scans and other techniques before they launch an attack. We used a freeware program called the LANguard Port Scanner on a Microsoft Windows 2000 Professional workstation and scanned the WAN port IP addresses of the various access points. We then searched the configuration Web pages for logs and looked to see if there was any mention of the scan. Devices that failed this test never reported having been scanned.
RSS
