Jaguar - Apple Talks Up 802.11, Bluetooth, and Security
Though much of the keynote and subsequent buzz at this week's MacWorld focused on end users, MacOS X's upcoming release has some features of interest to network pros.
Jaguar, the new edition of MacOS X rolled out this week, is being touted to network managers as the first operating system that will ship with "full" integrated Bluetooth support. Also at MacWorld, Apple officials talked up new security features in Jaguar for both wired and 802.11 wireless nets..
Apple is "at the bleeding edge with Bluetooth," contended Thomas Weyer, Apple's network and communications manager, during MacWorld New York City. Bluetooth will complement, rather than compete with, 802.11, according to Weyer.
A developer's preview of Bluetooth shipped with MacOS 10.1 in October. Jaguar, also known as MacOS 10.2, will include the "final Bluetooth," integrated with iSync, the address book, and Internet Connect, for instance. Apple will supply APIs for developers, as well.
Unlike 802.11, Bluetooth is not really "wireless networking," Weyer maintained. "In general, I think of Bluetooth as IR (infrared) done right." Bluetooth doesn't share IR's line-of-sight requirements, he pointed out. Bluetooth is also low on power requirements.
Even though 802.11 and Bluetooth use the same ISM wireless bandwidth, "the two can coexist," because Bluetooth uses frequency hopping while 802.11 is a spread spectrum technology, Weyer said.
Collisions between 802.11 and Bluetooth are probably inevitable, but no more likely than between "802.11 and a microwave oven," he said. "Bluetooth will hop between (802.11) channels. A packet lost in a collision will be retransmitted."
Apple plans to support Bluetooth on a "Powerbook-to-phone, Mac-to-Mac, and Mac-to- phone" basis.
MacOS X support for Bluetooth already includes Palm 5xx and Visor devices, as well as several cell phones from Ericsson and Nokia. In Japan, Apple is supporting Bluetooth on Sony Clie PDAs and NTT Dokomo phones.
Apple also plans to add many new 802.11 enhancements in Jaguar beyond those released in 10.1. These will range from a new user interface to a DHCP text message option.
Airport base stations will become discoverable through Rendezvous, a new IPbased finder being introduced in Jaguar for locating nearby computers and devices.
Many of the new 802.11 features, though, are on the security side. These include PPP dial-up; PPTP and IPsec gateways; and the option to disable SNMP over the WAN, for example, according to Weyer.
A persistent theme throughout MacWorld New York City, though, was the need to make better use of existing security mechanisms for both wired and wireless nets.
Wireless LAN administrators should make sure to turn on WEP encryption, cautioned Scott McCulley, VP and managing director, Technology Operations, for The Interpublic Group of Companies.
Network managers also expressed concerns that integration of BSD Unix into the OS X kernel will turn Apple machines into more of a security target.
Doug Nomura, private consultant to Ories Scientific, mentioned a BSD Unix tool used by attackers to crack WEP encryption. "Now, it's on its way to OS X," he predicted.
"With BSD, we'll be getting viruses, viruses, and more viruses," according to Dr. Steven M. Erde, director, Office of Academic Computing, at Cornell University Medical College.
When it comes to viruses, administrators should avoid the mistake of thinking that "we're immune, because (Macintosh) isn't that popular," advised John C. Welch, IT manager at the MIT Police Department.
Up to now, Macintosh has held a "privileged position" with regard to security, Nomura concurred.
"Apple has done a good job in Jaguar, though, of 'hardening' the OS by shutting down nonessential Unix services," Nomura maintained.
Meanwhile, also in Jaguar, Apple is adding a "richer user interface" to OS X's built-in firewall, while porting over Microsoft's implementation of Kerberos encryption.
Kerberos allows for mutual authentication, so "I know (the identity) of the server on the other side," according to Weyer. The protocol is becoming popular in Apple's higher ed and business markets, he maintained
Another reason for Apple's inclusion of Kerberos is better integration with Microsoft's OS, Weyer suggested.
"Kerberos has become (known) as an underpinning of wireless security," according to Weyer. "Microsoft is including Kerberos in every edition of its OS starting with Windows 2000."
Apple plans to support Bluetooth on a "Powerbook to phone, Mac-to-Mac, and Mac to phone" basis.
MacOS X support for Bluetooth already includesPalm 5xx devices Visor Red 7, and several cell phones from Ericsson and Nokia. In Japan, Apple is supporting Bluetooth on Sony Clie devices and NTT Dokomo phones.