WLAN Branches Out - Page 2

AirDefense Enterprise 7.3

AirDefense Enterprise 7.3 breaks new ground with its new SA feature because it is the first enterprise product that does not require specialized hardware to detect and analyze non-802.11 sources of interference. Instead, the AirDefense SA add-on works with the standard Wi-Fi sensors that the system uses for all its other security and analysis functions. As a result, current Air-Defense customers can access this functionality on existing equipment with a software update alone.

AirDefense sells an Enterprise starter kit with pricing beginning at $7.995, which includes one appliance (for centralized data collection, sensor management, policy management and reporting) and five sensors (both the M510 sensor with two integrated antennas and the M520 sensor with a pair of external antennas can do spectrum analysis). Each additional sensor is $995, while the SA module costs $195 per sensor.

Both the M510 and M520 sensors have dual radios, each of which is typically in use for the AirDefense product's other analysis and intrusion detection functions. Triggering an SA collection will automatically disengage the sensor's intrusion detection capabilities for the duration of the session to scan both the 2.4GHz and 5GHz bands. By default, an SA session will last only 10 minutes before the sensor is returned to its regular duties, but the administrator can configure an SA session for as little as 5 minutes or to run in SA mode continuously.

While AirDefense's knack for hardware reuse can save money, using nonspecialized hardware has its drawbacks. For one thing, the SA detection and analysis capabilities of Enterprise 7.3 lack the granularity and specificity I've seen with competitive products that rely on dedicated hardware.

For instance, Enterprise 7.3 identifies only four types of device signatures: microwave ovens, Bluetooth radios, continuous wave devices (such as wireless cameras) and frequency-hopping phones. In many environments, these signatures will likely resolve the lion's share of interference problems a wireless administrator is likely to encounter, but those in harsh or troublesome environments may require greater specificity to help isolate specific interference sources.

What's more, the SA management screens in Enterprise 7.3 do not clearly delineate which Wi-Fi channels are being interfered with-the screens display the actual frequencies detected but not the corresponding Wi-Fi channels.

Enterprise 7.3 also makes it difficult to isolate the specific time and general location of interference. The product displays SA data in segments of eight blocks per minute, whereas MetaGeek's product has a sweep time of only 165 milliseconds.

Check out the cool wireless gadgets that came out of the CTIA show.

However, Enterprise 7.3 offers significant improvements in its forensic capabilities when compared with previous versions. With Version 7.3, AirDefense introduced an optional new Forensics module (at $195 per sensor) that provides historical trending analysis and tracking for Wi-Fi access points or clients over a period of months or years (rather than a 24-hour period, as with the standard forensics capability).

According to AirDefense officials, the company plans to integrate SA detection into its Forensic Analysis module. As it stands now, administrators must individually spot check all relevant sensors to determine how widespread interference may be, rather than being able to consult a single screen for multiple sensors' views of an interfering event.

In addition, because the SA detections are not yet integrated into Air-Defense's Forensic Analysis module, administrators must individually spot-check all relevant sensors to determine how widespread interference may be, rather than being able to consult a single screen for multiple sensors' views of an interfering event.

For instance, I was able to track one client's behavior over the three weeks that the AirDefense product protected my test WLAN (wireless LAN). During that period, the software identified every time my test client joined my network, logged the data rates and encryption types that my clients employed, recorded the amount and nature of transmitted and received data, and tracked the floor-plan locations where I had used my test device.

With Version 7.3, AirDefense also released an optional management console through which I could simultaneously contact and query multiple AirDefense server appliances-a capability that would allow very large enterprises to centrally monitor large, multisite deployments from a single interface.