Monitoring the Wireless Network

AirTight's SpectraGuard Online service will give retailers and small businesses a relatively inexpensive option after the new specifications for the PCI DSS security standard for using wireless technologies on networks are released in October.

With SpectraGuard Online, wireless intrusion prevention vendor AirTight Networks has introduced a fast and affordable way for retail outlets and small companies to monitor their wireless LAN deployments to get out ahead of the next iteration of the of the Payment Card Industry Data Security Standard.

According to the recently released summary of changes due to come in version 1.2 of the PCI standard, which is expected to be released in October, the next version will provide greater detail regarding the use of wireless technologies on network segments containing cardholder data. For instance, logs for external-facing technologies such as wireless networks must be copied to an internal server, and a three-month audit trail must be quickly available for analysis. In addition, the use of WEP (Wired Equivalent Privacy) encryption must be phased out over the next 18 months, and further guidance will be provided for the use of wireless analyzers and intrusion prevention systems.

Small businesses could have a tough time meeting some of these requirements, as their wireless LAN infrastructure equipment may not be able to provide the logging, archiving or detection features necessary to help businesses ensure they are up to spec.

AirTight is looking to fill the breach with SpectraGuard Online, a hosted version of its enterprise wireless intrusion prevention platform. The hosted version provides all the detection and analysis capabilities found in the SpectraGuard Enterprise platform, without requiring customers to foot the upfront cash outlay for sensor and server equipment. Instead, wireless detection becomes an ongoing, monthly operational expense.

Pricing for SpectraGuard Online starts at $62.50 a month for each sensor, which includes a $50-per-month charge for the compliance and assessment services and an additional $12.50-per-month charge to lease the sensor equipment. This base price includes 24/7 phone and email support with AirTight engineers, including a series of initial calls to help define and configure the wireless security policies to meet corporate specification. Best of all, AirTight offers potential customers a 30-day free trial of the service, to see if the solution will meet their needs.

Customers with a tight budget also get the flexibility to meet PCI requirements for wireless analysis without putting a sensor in every shop full time or requiring a periodic walkabout with a handheld scanner. For instance, the current PCI specification requires a company use a wireless analysis tool on a quarterly basis, so a SpectraGuard Online customer with many small retail outlets could meet this requirement by periodically moving the sensors between facilities.

From a management perspective, it would take some juggling to track where the sensor is at a given time, but with the right organization, a company could at least theoretically share one sensor between eight and 12 different locations. All the logs would be stored in a central database, reports could be generated particular to each stop the sensor makes and each location would be scanned for one week every two to three months, thereby providing much more detailed and ongoing information than a single handheld analysis scan could achieve, while exceeding the letter of the specification.

For my tests, I wanted my experience with SpectraGuard Online to hew as closely as possible to what a customer would get with the free trial. I started the test with a discussion with AirTight engineers to determine how many sensors I needed to adequately cover my test location and whether I would need triangulation services to locate devices, which would require more sensors for accurate locations plotting. After taking measure of the building dimensions and the floor plan layout, we decided two sensors were adequate to cover the space, but that I would also get a third for location detection.

After receiving the sensors from Airtight a couple days later, I simply needed to plug the devices into my network. After about 5 minutes, the sensors loaded the most recent firmware, connected to AirTight's servers to get their instructions and were transmitting detection data back to my data store in AirTight's data center. Because privacy is paramount, the sensors are secured so they only communicate the data back to my account.