A Detailed, Preliminary Report
Three days later, I received a 24-page preliminary report from AirTight detailing everything Wi-Fi the sensors detected in and around the network, an overwhelming report enumerating vulnerabilities graded into critical, high, medium, low and probable categories, according to their anticipated risk. The report specifically detailed detected ad-hoc networks, unencrypted wireless networks and known hotspots found nearby, then provided line-item accounting of every access point and wireless client detected. While daunting and overly alarmist in its tone, this report forms the basis of the next stage of the service-working with an AirTight engineer to define and implement a security policy. The AirTight representative did the work to set up the policy to match my security demands. I informed him which wireless networks I approved for corporate use-and what grade of encryption they use-and what clients would be allowed to connect to these networks (by e-mailing him a list of MAC addresses). I also defined which network segments of my wired infrastructure could have wireless attached and which segment must be a Wi-Fi-free zone. To aid in this effort, I had to ensure that one sensor was connected to each segment with a different policy to allow AirTight's algorithms to determine when detected APs are connected to protected wired network segments.The Web portal looks exactly like what the administrator of AirTight's on-site solution-SpectraGuard Enterprise-would see, telling the administrator immediately whether the wireless network is secure at this time, and highlighting any detected security or performance incidents. The administrator can also customize the portal, organizing hierarchical views of the company's locations and adding maps or floor plans as needed. The administrator should also make sure to place the sensors and known access points on the floor plan to calibrate the system if triangulation will be employed.
After the policies were configured, the engineer e-mailed me the login information to the AirTight portal so I could view real-time reports or further craft the policy to my specifications (for instance, to add more approved wireless clients). My account was also set up to receive weekly PDF-based update reports similar to the initial assessment via e-mail. I liked that the engineer who mailed these weekly reports specifically spelled out things I should look into, rather than having a robot simply e-mail me a report.