While the wireless LAN industry is gearing up for the wide adoption of the next generation of equipment-promising significantly improved performance and enabling more diverse applications and opportunities-enterprises and some vertical markets are tasked with effectively locking down their wireless networks for the purpose of regulatory compliance. These twin conditions present wireless intrusion prevention and monitoring vendors such as AirDefense with a golden opportunity to prove their worth by helping customers address performance, availability and security issues for these increasingly mission-critical networks.
Senior Technical Analyst Andrew Garcia recently spoke with AirDefense Chief Technology Officer Amit Sinha. Sinha discussed the current wireless threat landscape, the near-term future of 802.11n technology in the enterprise and the ramifications of patent action in the WLAN market.
What important things happened with WLAN security in 2007? Are there any new attacks gaining in prominence, or is it the same collection of things that have been talked about for a few years now?
Large enterprises are realizing that wireless is the Achilles’ heel when it comes to network security, and, from a hacker’s perspective, it is the lowest-hanging fruit. There were some very high-profile data breaches-particularly in retail sector-where lots of credit cards and personal account numbers were compromised. In many cases, those compromises have resulted from wireless security issues.
Click here to read more about a VeriWave tool that tests the performance of 802.11n WLAN equipment.
In the last 12 to 18 months, there are not substantially dramatic new forms of attack that have surfaced. But tools have gotten smarter and hackers have evolved from a classic guy sitting in mother’s basement to more organized criminals. The types of attacks we have seen involve rogue access points or other unauthorized wireless devices that are connected to an enterprise network, and, in turn, these devices have been offering backdoor access into corporate secrets.
While there have been a couple of newer attacks that have been talked about in the DefCon-type conferences-like the wireless fuzzing attacks that exploit weak driver implementations-these are not the type of attacks that organized crime is using, to the best of my knowledge. There is other lower-hanging fruit out there that results in substantial damage from the enterprise perspective, and you don’t have to be that sophisticated a hacker to breach these networks.
What will be the over-arching wireless security themes for 2008?
You will see more regulatory enforcement. For instance, the Payment Card Industry data security standard that went into effect last January has become more stringent about scanning retail environments on a quarterly basis for rogue wireless devices. They have also become much more stringent about WEP [Wired Equivalent Privacy] encryption, mandating retailers either move away from WEP or secure WEP with other layers of protections.
AirDefense Walks the WLAN Wire – Page 2
We realized during engagements with various retailers that almost half of the retailers out there have not deployed WPA2 [Wi-Fi Protected Acccess 2] because a lot of their handhelds, bar-code scanners and price-check kiosks continue to use WEP and are not upgradable to better standards. So, AirDefense released WEP Cloaking, a feature of AirDefense Enterprise that has been blessed by auditors to provide a secure and compliant upgrade path that does not require you to upgrade your entire infrastructure and all the handhelds overnight. It is not a replacement for WPA2, but it will provide you necessary security while guaranteeing compliance in the interim.
WEP Cloaking basically locks down a WEP environment by preventing hackers from breaking your WEP key. AirDefense Enterprise sensors monitor the WEP environment and carefully introduce chaff frames–propaganda frames that blend in with regular WEP traffic. When hackers try to sniff WEP packets and use statistical analysis to reverse-engineer the WEP key, those analysis techniques will fail because the chaffing frames will take the cracking tools down wrong paths or prevent them from converging.
AirDefense’s patent interference case against AirTight was recently resolved, one of several prominent patent actions in the WLAN industry that took place in 2007. What does this ruling mean for your business?
AirDefense was the first mover into the wireless security arena, and we are by far the market leaders any way you look at it-whether it is revenues or intellectual property. We own the dominant patents in the wireless intrusion detection, prevention and monitoring space, and our current patent portfolio has 27 patents, including six of the earliest, broadest and most dominant patents in the wireless intrusion prevention space.
In this particular instance, there was a patent that was issued in the wireless intrusion prevention space two-and-a-half years after AirDefense’s original granted patent, and we questioned the validity of that patent. Through the interference process, our competitor decided to further restrict the scope of its patent, and the USPTO [U.S. Patent and Trademark Office] said that it was differentiated enough that they would allow that patent to stand.
AirDefense Walks the WLAN Wire – Page 3
The ruling does not affect our intellectual property in any way. In fact, AirDefense is the only WIPS [wireless intrusion prevention system] vendor out there that can truly indemnify-and we do so-all our customers from any intellectual property disputes because we own all the dominant patents in the space.
We pride ourselves in research and development that we do here, and we are the market leaders by far. … We own all the dominant patents. But you will always have ankle-biting competitors who try and capitalize on the momentum that you have.
In 2007, we saw one WIPS vendor-Network Chemistry-get sold off to an infrastructure company, Aruba Networks. Do you anticipate further consolidation between access and security companies, or was it an isolated instance?
I wish I had a crystal ball, but, overall, I think security is one discipline where you can continue to grow the business, and the trends that I am seeing here distinctly point to an exponential growth as far AirDefense as a stand-alone entity is concerned.
In terms of wireless IDS [intrusion detection system]/IPS being consolidated into infrastructure, the Network Chemistry acquisition was not surprising to me. That was an implicit acknowledgement from infrastructure vendors that the pure checkbox wireless detection features they provide aren’t enough. It might be OK if you are not really security-savvy, but really there is a huge difference between what an AirDefense can do versus what a native infrastructure solution can do.
How would you characterize the demand for AirDefense’s Wi-Fi analysis capabilities, and what new analysis areas will AirDefense tackle next?
I would say 75 percent security versus 25 percent analysis is a good split, but that 25 percent is increasing. There are a lot of people who buy Air-Defense Enterprise for security, then they quickly realize that the remote eyes and ears we provide into their airspace are extremely beneficial for troubleshooting. Having the ability to centrally resolve wireless problems without having to send someone on-site is a huge cost savings when it comes to maximizing the ROI from the WLAN infrastructure.
AirDefense Walks the WLAN Wire – Page 4
Our customers have responded very well to the troubleshooting aspects of the product, and, in return, we’ve responded to the requests of our customer base. We introduced modules such as AirDefense Live RF to allow real-time coverage heat maps of all your facilities, and it provides wireless coverage analysis from an application layer perspective.
We are also going to release AirDefense Enterprise 7.3 very shortly, and one of the big features we’ve added is the spectrum analysis module. We quickly realized that enterprises would like to gain a better understanding of the radio frequency airspace, particularly when it comes to interference.
What does AirDefense anticipate for 802.11n in the enterprise? What can your solutions do currently, and how will you help your customers adopt and adapt to the new technology?
This year, you won’t soon see enterprises ripping apart their 802.11a/b/g WLANs to replace them with 802.11n, but certainly you will start seeing RFPs [requests for proposals] and RFQs [requests for quotations] that specifically ask about 802.11n and the upgrade process. But when it comes to [802.11n’s] multiple antenna configurations and realizing MIMO [multiple input, multiple output] benefits, everything-starting from site planning to coverage analysis to back-end switches-has to be looked at one more time, which is why enterprise adoption is not going to be as dramatic as infrastructure vendors would like it to be.
A lot of the current 802.11n draft APs [access points] that are out there today use more power than what is supported on the standard power over Ethernet, and a lot of switches that are out there today are not capable of supporting the massive throughputs and data rates that 802.11n promises. So you are talking about new switches and new power injectors-major wireless and wired upgrades that would be required to fully realize the promise of 802.11n.
Today, we are fully capable of detecting rogue APs that are based on prestandard or draft-compatible 802.11n solutions with our existing sensors. However, that is not the full picture. You don’t just want to detect rogue devices-you also want to see what they are communicating, especially if the traffic is unencrypted. And for that you need 802.11n sensors.
From a security perspective, you are going to see more attacks emerge. If you look at the media access protocol that has been extended in 802.11n, there are a lot of extensions there. The more complicated a protocol is, the more ways that exist but haven’t really been thought of to break it.
AirDefense Walks the WLAN Wire – Page 5
If you look at 802.11n’s MAC [media access control] today, it is definitely a lot more complicated than 802.11a/b/g’s MAC. You will see new attacks, new tools, new types of denial of service attacks, new types of spoofing attacks that will emerge. We have to stay ahead of the threat, as that is where a company that has dedicated its life to wireless security research will shine.
Have you seen any differences over the last couple years in the levels of interference in the 2.4GHz band? Is it any worse than it was a couple years ago?
Interference problems have only gotten worse-especially in the 2.4GHz band, which is very crowded. There are a lot of new devices, such as gaming consoles or other media-sharing devices in the home that are leveraging Wi-Fi. While the protocol itself has been designed to avoid collisions, there is only so much it can do.
In our customer base, there is a lot of concern over municipal Wi-Fi deployments. If you have an office in a busy park and there is municipal Wi-Fi all around you, how does that affect your cell plan, particularly given the fact that the 2.4GHz band only has three nonoverlapping channels? How do you go ahead and plan your APs so they don’t interfere with the pervasive deployment that is all around you?
Among your customers, is adoption of the 5GHz band fairly universal at this point, or is it still underutilized?
Overall, I have always been surprised by the slow adoption of 5GHz within the enterprise, but that might change with 802.11n. A lot of the legacy baggage that 802.11n would have to carry in the 2.4GHz band for mixed-mode traffic is not necessarily true in the 5GHz band. 802.11n uses MIMO with OFDM [Orthogonal Frequency Division Multiplexing], and in the 2.4GHz band it would have to do that with legacy DSSS [direct sequence spread spectrum]- or CCK [Complementary Code Keying]-type transmissions. At a high level, mixed-mode traffic-which means high-throughput traffic with legacy traffic-will really kill the throughput benefits that 802.11n promises.