Lacking Firefox 3 Support
A Java-based Web application, the Spectraguard Online portal, was designed to work in Internet Explorer. Unfortunately, I found the portal was not accessible using the Firefox 3 browser, which it doesn't currently support, according to AirTight officials. Even use with older iterations of Firefox may be a hit-and-miss affair. The portal includes a report generator from which administrators can create reports tailored to the various compliance specifications to which their company may be beholden, including PCI, SOX (Sarbanes-Oxley), HIPAA (Health Insurance Portability and Accountability Act) and GLBA (Gramm-Leach Bliley Act). Wireless administrators can pull up these reports on-demand for specified time periods, or they can schedule reports to run automatically at defined intervals. Unfortunately, at this time these reports are only available in HTML or XML formats-PDF reports won't be available until the AirTight implements the next version of the core software, which should happen within the month.The existing PCI information is based on version 1.1 of the PCI standard, as the full details of version 1.2 will not be entirely known until October. However, AirTight officials assure me that once the standard is published, it will be easy for them to adjust their reports to meet the new criteria and guidelines. However, it will be interesting to see how closely the PCI Council sticks to its requirement that logs be copied to an internal log server. Since SpectraGuard Online is an externally hosted database, customers would not be sticking to the letter of the law by storing their data on AirTight's servers. This could be remedied if AirTight were to give customers an option to download a CSV or database of their logs periodically, but I imagine we won't see that feature implemented until after the official standard is released in October, and more likely until we see a sign from the Council whether an internal log server really must be internal or whether a cloud-based solution-with the proper security-or a detailed report will suffice. AirTight also offers its remediation services to SpectraGuard Online customers, allowing them to take preventative measures when bad things occur. For example, with the remediation services, Spectraguard Online can automatically jam unapproved clients from joining a protected wireless network or likewise jam an unauthorized AP connected to a protected segment from accepting client connections. For many small companies and branch store operations looking into AirTight's hosted solution specifically to meet PCI compliance, these services may be overkill, both from a feature and a price perspective. However, for some with critical needs for active protection, an ad-hoc sprinkling of this service at certain locations could be beneficial. The remediation service costs an additional $50 per month per sensor. eWEEK Labs Senior Technical Analyst Andrew Garcia can be reached at firstname.lastname@example.org.
SpectraGuard Online's PCI report, for instance, spells out each of the specific PCI requirements AirTight has deemed relevant for companies with sensitive customer or credit card data traversing the wireless network. After this expository data, the report offers both summary and detailed views of detected violations of the PCI requirements, organized by severity. My PCI report highlighted non-authorized client connections, rogue APs and denial-of-service attacks that posed legitimate threats to my protected network. It also spelled out nearby hotspots, open APs and all detected wireless clients that did not necessarily represent a threat but needed to be tracked in the logs nonetheless, per PCI recommendations.