WLAN Security Vendors AirDefense, AirMagnet and Koolspan Prepare Updates

AirMagnet, AirDefense and Koolspan readying new versions that provide deeper security support for a broader array of technologies.

As wireless LANs continue to multiply in the enterprise, several security vendors are readying major upgrades to their WLAN defense systems that promise more advanced protection, as well as tools to help administrators manage the way WLANs are deployed and used.

AirMagnet Inc. this week plans to unveil Version 3.0 of its Mobile product suite, which includes support for 802.11g as well as a number of new management and security features. Meanwhile, WLAN security pioneer AirDefense Inc. is preparing the next version of its platform, due next month, and startup Koolspan LLC has developed a system that uses high-speed encryption to secure WLAN traffic between trusted end points.

The AirMagnet Mobile 3.0 suite comprises Laptop Trio, Reporter and Handheld—each of which has been given a face lift, although Laptop Trio boasts the most new features. In addition to the new support for the much faster 802.11g standard, the laptop WLAN management program now has the ability to identify 22 new attacks and intrusions, including new classes of denial-of-service attacks.

There is also a new signal-strength capability that can detect signal fluctuations and determine their cause. The tool can distinguish among problems caused by malfunctioning APs (access points), normal interference, and multipath interference caused by signals bouncing off interior walls and splitting.

Both Laptop Trio and Handheld, a handheld version of Laptop Trio, include a function that enables administrators to walk through an office and isolate a signal from a particular AP. This function can be used to hunt down unauthorized APs, which are sometimes hidden in ceilings or other out-of-the-way spots.

"What you get is a kind of walkabout measurement of service levels and signal strength," said Dean Au, CEO of AirMagnet, based in Sunnyvale, Calif.

The third product in the suite, Reporter, is a module that administrators can use to dig down into the statistics of usage, traffic patterns, attacks, and other anomalies and performance issues on each AP or across entire networks.

Users say the amount and depth of the data the solution can generate on APs and their configurations is key.

"It has every possible component you need in a software package like this jammed into one application," said Chris Schear, IT network security lead at The Principal Financial Group, in Des Moines, Iowa, which has used AirMagnets solution for about two years. "We initially used it for network discovery, looking for access points. But we also use it to control which MAC [media access control] addresses are allowed and for policy enforcement. It works for both network architects and security architects."


For its part, AirDefense, of Atlanta, is working to move more of the detection and monitoring functionality from its sensors to the APs.

The companys existing products protect APs and clients via AirDefense sensors, requiring customers to deploy sensors in several places for any sizable WLAN. However, company officials said AirDefense Guard Version 4.0 will start moving those functions to the APs, resulting in reduced costs and deployment times.

"The ability to do that is valuable. Correlation is the bottom line, and pulling data from as many sources as possible is whats important," said Pete Lindstrom, an analyst at Spire Security LLC, in Malvern, Pa.

For its part, Koolspan, of Bethesda, Md., early next year is planning to release a new kind of WLAN protection system that utilizes a USB (Universal Serial Bus) token for authenticating users. A users PC would establish an encrypted link to the SecurEdge Unilock device, installed behind the wireless AP. The traffic between the client machine and the SecurEdge device would be secured using 256-bit AES (Advanced Encryption Standard) encryption, according to officials.

In addition, the system could be used with any Wi-Fi-enabled client device, regardless of whether its a public or private machine.

Discuss this in the eWEEK forum.