WLAN Monitors Thwart Rogue Access Points

Aruba Wireless Networks' access points can double as detectors of rogue equipment-an attractive option for companies that want to make sure employees aren't compromising security by sneaking WLANs in.

In the crowded wireless LAN (local area network) switching arena, Aruba Wireless Networks is courting an interesting and growing customer base: IT managers who deploy wireless networking equipment in their offices for the sole purpose of keeping wireless networking equipment out of their offices.

Officials at Aruba, in San Jose, Calif., say 30 percent of the hardware they sell is used to keep rogue, low-cost access points from being set up in their customers offices.

Much of the software in Arubas switching system focuses on security, and the companys access points can double as detectors of rogue equipment. When the Aruba access points are deployed in monitor-only mode, the system becomes a complex security structure.

"They need something to deal with the $79.99 threat," said Aruba CEO Don Lebeau, referring to the inexpensive access points that often make their way into office buildings without official sanction from IT departments. "Theres no question that the No. 1 issue is security. The existence of Wi-Fi means companies have to face a whole different security threat model."

Lebeau said one customer contacted Aruba after finding that someone, presumably a competitor, had planted access points on the underside of a conference table. But more often, these customers are just trying to make sure their own employees dont sneak WLANs in.

"From a security standpoint, we would prefer that Wi-Fi did not exist," said Jason Fuchs, director of IT and operations at Telephia Inc., a San Francisco company that deployed Arubas hardware to sniff out rogue access points.

"Just go buy a cheap Wi-Fi access point and within minutes you are broadcasting your companys internal network to the world," Fuchs said. "With the growing demand for Wi-Fi service in our office and the relative stealth and anonymity with which it can be deployed by unauthorized users, we felt that it was only a matter of time before a user took matters into their own hands."

There are plenty of inexpensive handheld WLAN monitoring systems on the market, but Aruba customers said they need something more complex to keep track of multiple locations at the same time.

/zimages/3/28571.gifClick here to read about other companies wireless security efforts.

Legal Services for New York Inc. plans to install Aruba monitors in its 16 offices. "Its impossible for me to be everywhere at once, so this centralized management piece is key," said John Grenier, chief technology officer of the Manhattan nonprofit organization.

"What weve seen is an incredible number of insecure access points all around us. Thats not a direct threat, but my concern is that a secure laptop [within the organization] might connect to an insecure access point outside," Grenier said. "Were in the midst of building a centralized data infrastructure, and by doing so, were increasing the risk that if one network is compromised, it compromises the whole city."

The organization plans to deploy its own official WLAN by the end of the year, Grenier said.

Lebeau said customers such as Grenier are the reason he decided to take the helm of Aruba earlier this year despite doubts about the WLAN switching space.

"My initial take was that it was a crowded space and I wasnt sure it was that interesting, but I came to a significant eureka that Aruba is at an intersection between security and wireless," said Lebeau, whose résumé includes five years at networking vendor Cisco Systems Inc.

Cisco has yet to offer the ability to run its WLAN hardware in monitor-only mode. A spokeswoman for the San Jose, Calif., company indicated that the feature is forthcoming but declined to say when.

Fellow WLAN hardware veteran Symbol Technologies Inc. plans to add passive monitoring features to its WLAN switch by the end of the year, said officials at the Holtsville, N.Y., company. Currently, Symbols access points can act as rogue access point detectors, but the switch doesnt support monitor-only mode. Symbol officials said they expect that even customers with existing WLANs will run some access points in monitor-only mode.

"The reason you have the passive equipment is so you can scan all the channels," said Yangmin Shen, director of wireless infrastructure at Symbol. "If its active, its also trying to be used as a regular access point. It cant do both at the same time. There would be a lag."

/zimages/3/28571.gifCheck out eWEEKs Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis. Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page: /zimages/3/19420.gif http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif