New Tools Target WLAN Intrusions

Technologies move beyond VPNs, encryption to prevent break-ins.

Security vendors this week will introduce products that move beyond basic encryption and virtual private networking to incorporate technologies to help prevent intrusions and unauthorized connections.

AirDefense Inc. is rolling out its new ActiveDefense appliance, which includes functionality that can block intrusion attempts and trap attackers onto a phony, dead-end WLAN connection. Known as AirBlock and AirTrap, the new features work in tandem once an intrusion attempt is detected.

When an attacker connects to the network, the appliance identifies the offending session and terminates it. Then, as the attacker tries to re-connect, the appliance starts broadcasting a service set identifier and impersonating a wireless access point. The system forces the attacker to connect to the appliance instead of the access point and then traps the attacker there until he or she either leaves the area or the administrator terminates the persons session.

"Knowing that theres an unauthorized user on your network isnt that much help unless you can do something about it," said Jay Chaudhry, CEO of AirDefense, based in Alpharetta, Ga.

The company is also working on a technology that would use Global Positioning System data to triangulate the location of attackers attempting to connect to a protected network.

AirDefense this week also will release Version 2.0 of its intrusion detection software. The release includes protocol analysis and vendor fingerprinting functionality as well as correlation of network alerts. An updated policy manager enables administrators to set up policies requiring all machines and access points to have Wired Equivalent Privacy enabled or to filter new connections by media access control address.

Meanwhile, Latis Networks Inc. is unveiling a WLAN version of its Border Guard intrusion prevention software. Much like ActiveDefense, Border Guard Wireless is designed to prevent attackers from getting a foothold on wireless networks.

The software utilizes a user-defined list of machines that are allowed to connect to the network and rejects all other connection attempts. The system includes a granular access- control management feature that lets administrators set different levels of access for each user.

For example, an administrator could set up a policy granting Internet-only access privileges to certain departments, while allowing senior management and executives access to the Internet and the internal network.

Customers say such advanced protection schemes have been a long time coming to the wireless market.

"The need for this kind of stuff is very clear," said Jerry Lebow, co-chairman of Vytek Wireless Inc., a Latis customer and provider of wireless infrastructure products, based in White Plains, N.Y. "Wireless data is going to be a very big business, and the problem of security in these networks in not insignificant."