Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Mobile

    Wireless IDSes Defend Your Airspace

    Written by

    Andrew Garcia
    Published August 7, 2004
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      eWEEK Labs advises every enterprise that is considering deployment of a wireless network or maintaining an existing one to seriously consider investing in a wireless intrusion detection system. A wide variety of these products stands ready to help identify and troubleshoot security and performance issues related to wireless technology.

      However, based on our tests of a range of these solutions, we believe companies should carefully assess their wireless security needs because their existing infrastructure devices may already fulfill them.

      Wireless IDS solutions range from handheld products that are designed for on-the-spot troubleshooting at a point in time, to capabilities integrated into existing access points and managing switches, to distributed fleets of sensors that provide round-the-clock coverage.

      In tests, weve found that defensive overlay networks, such as those from AirMagnet Inc., AirDefense Inc. and Network Chemistry Inc., provide best-of-breed capabilities. Defensive overlay products enable a host of security and performance monitoring capabilities and have strong policy options that alert administrators to any signs of trouble.

      Defensive overlay network vendors are rapidly adding features that not only alert but also can be configured to isolate and block wayward connections over the wire or over the air. These vendors also are increasingly tuning their products to use location findings to make policy decisions.

      /zimages/3/28571.gifClick here to read about how CBK, a wholesaler of home accents, is using AirMagnets overlay product to detect unauthorized intrusions and shut down rogue access points.

      Despite recent reports of vulnerabilities in the RADIUS (Remote Authentication Dial-In User Service) authentication mechanism upon which 802.11i is based, 802.11i goes a long way toward equalizing the security of known, managed devices on wireless networks and on wired ones. 802.11i does so by delivering strong standards-compliant encryption via AES (Advanced Encryption Standard) and port-based 802.1x authentication to WLANs (wireless LANs).

      /zimages/3/28571.gifClick here to read more about 802.11i.

      However, many threats remain outside the scope of 802.11i, including access points and client nodes that are loosely maintained (or are completely outside ITs control). Poor configuration practices and unauthorized usage can lead to fundamental network headaches or nefarious intrusions.

      The threat of rogue access points has been well-publicized. Employees installing their own unsecured access points on a corporate network leave a wide-open vector for LAN attacks that bypass network firewalls and wireless security measures implemented by IT.

      But misconfigured and unsecured client devices also represent a significant threat. With the proliferation of WLAN hot spots and wireless devices in the home, users are leveraging their wireless connections in a multitude of locations. To ease migration between these disparate networks, WLAN client configurations are often left in a default—and insecure—state. When first enabled, the clients probe constantly for open WLAN networks, often attaching to nearunknown access points without user knowledge or interaction.

      Man-in-the-middle attacks exploit these circumstances. A simple sniff of the air can determine a clients network name and channel information, allowing a hacker to similarly configure a rogue access point. A spoofed deauthentication packet gets the wireless client to drop its association with its known access point, and the client can then associate with the rogue, allowing an intruder to potentially capture data and passwords. If bridging between the WLAN and Ethernet adapters is enabled on this client, the two networks are suddenly connected, bypassing network perimeter security.

      In tests, eWEEK Labs has encountered interesting results from a misconfigured client bridging the internal wired network and an unknown wireless network. Weve witnessed other wired clients receiving their DHCP (Dynamic Host Configuration Protocol) address from the remote wireless networks server. Weve also seen the offending client used as a launching pad for attacks on the protected network.

      Wireless IDS products must effectively patrol the airwaves for unknown access points and open client connections. Preferably, the solution should be able to determine whether a rogue is connected to the protected network or is simply occupying the same airspace, and it should also provide the granularity of policy definition to be able to define legitimate connections and be alert for those that arent.

      Next page: Hardware closes the gap.

      Page Two

      In tests, eWEEK Labs found that distributed wireless overlay networks provide the most feature-rich products and comprehensive coverage, but infrastructure manufacturers such as Aruba Wireless Networks Inc. are quickly closing the gap with features integrated into their infrastructure access line of access points and WLAN switches.

      To test the capabilities of intrusion detection engines, we invited AirMagnet, AirDefense and Highwall Technologies Ltd. to submit products. We found that each tested product capably detected our simulated attacks and rogue devices, but there were significant differences in the sensor devices and policy creation and notification tools.

      /zimages/3/28571.gifClick here to read more about the test results.

      Theres a race among wireless IDS vendors to quickly add new features. We expect AirDefense and AirMagnet to offer significant feature upgrades within the next month. While the vendors will continue to enhance their detection and correlation routines, buyers should expect to see significant improvements in location tracking and radio-frequency jamming in future revisions.

      Better location tracking is a particularly welcome development, since weve been less than impressed with early location results. In our tests, location tracking is generally accurate only to about 30 feet, leaving roughly 314 square feet of area or more for us to manually search.

      One of the drawbacks with distributed wireless overlay solutions is that they require a separately managed overlay network, which means IT departments must deploy a fleet of sensors and face issues regarding power and network connectivity. And because many wireless networks are already deployed as an overlay to the wired infrastructure, these products can quickly lead to an out-of-control layering of the network.

      As an alternative, wireless infrastructure products are quickly gaining wireless IDS capabilities. Because these products sensor capabilities are integrated with a WLAN infrastructure, they allow greater flexibility to actively block suspicious connections via access blacklists and wireless DoS (denial-of-service) measures. If corporations are looking to replace early-generation wireless equipment to add 802.11i support, these products may well fit the bill for access and monitoring alike.

      Access points from wireless switch vendors Airespace Inc. and Trapeze Networks Inc. periodically scan all the channels as part of their operating routine, which is fine for finding rogue access points but less effective for pinpointing attacks and keeping tabs on client activity. We fully expect that all enterprise-class access points will offer some level of rogue detection within a year. For instance, Cisco Systems Inc. has integrated limited rogue detection into its access points that is enhanced when used in conjunction with the companys Wireless LAN Solution Engine.

      Aruba has taken things a step further, offering the most comprehensive IDS features among the infrastructure products weve seen. Aruba allows its access points to be configured as active access points that monitor a single channel or as sensors that sweep the spectrum.

      Handheld or laptop-based solutions are also available. Although they provide only single-point-in-time data and are therefore inadequate for security monitoring, they can be invaluable for pinpointing the location of rogue access points to disable them—a useful accessory when overlay or infrastructure location results leave a lot of room for error.

      Weve found AirMagnets Laptop Trio to be the best solution in this class, but WildPackets Inc.s AiroPeek NX and Network Instruments LLCs Observer 10 also perform well.

      Technical Analyst Andrew Garcia can be reached at [email protected].

      Next page: Where to turn for help.

      Page Three

      Where to turn for help

      Numerous products are available to help administrators monitor and manage their radio environment, ranging from free-standing overlay defensive networks to single-point-in-time-and-space detection programs. The solutions listed below not only will detect rogue access points and clients but also can help administrators identify and troubleshoot interference, possible attacks and policy violations.

      Overlay Solutions

      AirDefenses AirDefense
      AirMagnets Distributed Wireless Solution
      Bluesocket Inc.s BlueSecure Intrusion Protection System
      Highwalls Rogue Detection System
      Network Chemistrys RFprotect
      Newbury Networks Inc.s WiFi Watchdog

      Integrated-with-infrastructure Solutions

      Airespace Inc.s Wireless Protection System
      Arubas AirOS Intrusion Detection
      Cisco Systems Inc.s Wireless LAN Solution Engine
      Trapeze Networks Mobility System

      Laptop-based Solutions

      AirMagnets Laptop Trio
      Network General Corp.s Sniffer Wireless
      Network Instruments Observer
      WildPackets AiroPeek NX

      Check out eWEEK.coms Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis.

      Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page

      Andrew Garcia
      Andrew Garcia
      Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at [email protected].

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×