Lacking Firefox 3 Support

 
 
By Andrew Garcia  |  Posted 2008-09-05 Print this article Print
 
 
 
 
 
 
 


A Java-based Web application, the Spectraguard Online portal, was designed to work in Internet Explorer. Unfortunately, I found the portal was not accessible using the Firefox 3 browser, which it doesn't currently support, according to AirTight officials. Even use with older iterations of Firefox may be a hit-and-miss affair. 

The portal includes a report generator from which administrators can create reports tailored to the various compliance specifications to which their company may be beholden, including PCI, SOX (Sarbanes-Oxley), HIPAA (Health Insurance Portability and Accountability Act) and GLBA (Gramm-Leach Bliley Act). Wireless administrators can pull up these reports on-demand for specified time periods, or they can schedule reports to run automatically at defined intervals.  Unfortunately, at this time these reports are only available in HTML or XML formats-PDF reports won't be available until the AirTight implements the next version of the core software, which should happen within the month.

SpectraGuard Online's PCI report, for instance, spells out each of the specific PCI requirements AirTight has deemed relevant for companies with sensitive customer or credit card data traversing the wireless network. After this expository data, the report offers both summary and detailed views of detected violations of the PCI requirements, organized by severity. My PCI report highlighted non-authorized client connections, rogue APs and denial-of-service attacks that posed legitimate threats to my protected network. It also spelled out nearby hotspots, open APs and all detected wireless clients that did not necessarily represent a threat but needed to be tracked in the logs nonetheless, per PCI recommendations. 

The existing PCI information is based on version 1.1 of the PCI standard, as the full details of version 1.2 will not be entirely known until October. However, AirTight officials assure me that once the standard is published, it will be easy for them to adjust their reports to meet the new criteria and guidelines.

However, it will be interesting to see how closely the PCI Council sticks to its requirement that logs be copied to an internal log server. Since SpectraGuard Online is an externally hosted database, customers would not be sticking to the letter of the law by storing their data on AirTight's servers. This could be remedied if AirTight were to give customers an option to download a CSV or database of their logs periodically, but I imagine we won't see that feature implemented until after the official standard is released in October, and more likely until we see a sign from the Council whether an internal log server really must be internal or whether a cloud-based solution-with the proper security-or a detailed report will suffice.

AirTight also offers its remediation services to SpectraGuard Online customers, allowing them to take preventative measures when bad things occur. For example, with the remediation services, Spectraguard Online can automatically jam unapproved clients from joining a protected wireless network or likewise jam an unauthorized AP connected to a protected segment from accepting client connections.

For many small companies and branch store operations looking into AirTight's hosted solution specifically to meet PCI compliance, these services may be overkill, both from a feature and a price perspective. However, for some with critical needs for active protection, an ad-hoc sprinkling of this service at certain locations could be beneficial.

The remediation service costs an additional $50 per month per sensor.

eWEEK Labs Senior Technical Analyst Andrew Garcia can be reached at agarcia@eweek.com.



 
 
 
 
Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel