Meru Networks introduced IEEE 802.11-based "RF Barrier" technology for proactively defending wireless networks against eavesdroppers and "parking lot" attackers who attempt to record and observe network traffic from outside a building's perimeter. The system uses specially adapted WLAN radio at the network's edge to block specific radio-frequency (RF) signals from the corporate network as they exit the building, without disrupting internal WLAN operation. This limits an attacker's ability to eavesdrop on data and perform offline analysis.
Meru's RF Barrier is formed by placing the company's wireless access point along the inside perimeter of a building, and an advanced external antenna outside the perimeter. RF Barrier technology inspects the traffic in real time to determine which part belongs to the WLAN (and is therefore designated as sensitive) and uses the external antenna to block outbound traffic at the RF layer. Would-be attackers are limited in their ability to see useful packet information about the internal network. Because RF Barrier uses directional antennas and selective enforcement technology, it has no impact on signals within the building or from other networks.
RF Barrier builds on Meru's existing security solution, which provides security across all four of the major areas subject to active wireless threats: perimeter defense, connection defense, network defense and remote threat defense. Other components of the Meru security portfolio are:
- Rogue prevention, which detects and identifies rogues based on the wired network to which a rogue is connected as well as its over-the-air signaling.
- AirFirewall, based on Meru physical security technology that can eliminate, rather than just contain or mitigate, rogue access points and evil twins attackers
- Per-user, per-application stateful firewall to allow policy enforcement based on both the user's identity and the nature of the traffic
- Signature-based firewalling, for enforcing policies on peer-to-peer applications such as Skype, as well as application flows within end-to-end encrypted VPN tunnels
- Location-based policy enforcement, which implements security decisions based on the location from which an unauthorized user is accessing the network
- Voice and video security, which prevent the introduction of local or network-wide vulnerabilities in the presence of voice, video or heavy data traffic
- FIPS 140-2-certified algorithms, with military-grade encryption and key negotiation, including EAP-TLS and AES-CCMP using 802.11i
- Secure remote access points, which extend enterprise security policies and network to the home offices of telecommuters and hotel rooms for mobile employees.