By Andrew Garcia  |  Posted 2004-11-01 Print this article Print

Unlike AirMagnets Enterprise 5.0 and other wireless IDSes (intrusion detection systems), which use location tracking simply to display possible locations of wireless devices on a floor-plan diagram, Newbury Networks WiFi Watchdog 4.0 uses location tracking as a core component of MAC (media access control) authentication.

Click here to read Labs review of AirMagnets Enterprise 5.0.
The introductory WiFi Watchdog 4.0 package sells for $14,995 and includes the WiFi Watchdog 4.0 Server and Agent components, 10 LocalePoint sensors, and one LocaleGuard sensor device. Additional LocalePoints or LocaleGuards can be purchased for $250 apiece. WiFi Watchdog 4.0 started shipping in September.

When a wireless client is detected outside an administrator-authorized location, WiFi Watchdog automatically adds the clients MAC address to a deny list and informs the access point, which drops the connection until the device roams back to an approved location.

Basing network authentication on device location requires highly accurate location detection—an unlikely occurrence with simple triangulation. To increase accuracy, WiFi Watchdog requires administrators to collect an extensive series of location signatures.

We connected to the WiFi Watchdog server from a wireless client in each location we wished to sample. The server pieced together the signature from aggregate signal-strength assessments culled from each sensor device that could detect our connections.

In tests, we found that WiFi Watchdog works effectively at defining a WLAN perimeter, but we did not have enough LocalePoint sensors deployed to provide room-level granularity throughout the entire floor (despite the fact that we were using seven sensors in a space adequately served by only two access points).

WiFi Watchdogs rogue detection and location differ from competitors in that Watchdog doesnt try to pinpoint a location on the map. Instead, devices are reported according to the locale in which the system perceives the device, which isnt very helpful for finding the device if the locale is large.

With Version 4.0, Newbury has beefed up WiFi Watchdogs wireless intrusion detection capabilities, although not to the richness of features weve seen with products from AirMagnet or AirDefense Inc.

Click here to read more about wireless intrusion detection systems. The new version includes detection for MAC spoofing and broadcast storms. The packet-sniffing capability claims to be able to spot probes from common Wi-Fi attack tools such as AirJack, NetStumbler.coms NetStumbler or Wellenreiter. However, in our tests, WiFi Watchdog did not spot NetStumbler probes.

We didnt like the relative inflexibility of WiFi Watchdogs LocalePoint detection sensors. The devices support 802.11a and 802.11b/g networks, but each sensor can operate only in one band at a time, which escalates the number of sensors needed to defend the network. The LocaleGuard sensor can be used as a simple sensor or can be reconfigured as a "sniper" that can send deauthentication packets to known clients attached to rogue access points. However, switching between these roles is a multistep process that requires restarting the Watchdog Server service.

The deauthentication feature isnt particularly mature: It requires administrators to manually type in the client MAC address to initiate the attack. In tests, the attack briefly severed the clients connection to the rogue access point, but the client reconnected to the network within a few seconds as the attack subsided.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.

Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel