AirMagnet's recent self-serving press release, which essentially highlighted its relatively new Spectrum Analyzer, noted that the abundance of non-Wi-Fi-generated interference at the annual DefCon Convention (for hackers of all kinds) actually caused more disruption than the more conventional wireless attacks. The sad reality is that high-tech conventions and conferences are swamped with unintentional interference in the 2.4-GHz band from hastily deployed building- and booth-specific APs (access points), Wi-Fi-enabled laptops, Bluetooth devices and the microwaves that heat the overpriced food. Tenants stacked in multistory buildings in Manhattan can attest to similar issues on a smaller scale. And no wireless IDS system can protect against the most potent of all DoS (denial of service) attacks: RF jamming equipment.
Enterprises are usually able to design their wireless networks around potentially interfering equipment, and policies are set up to accommodate certain RF usage patterns. But traditional threats, including MAC spoofing, fake and rogue APs, and DoS attacks, are both more subversive and more targeted than the blatant assaults that completely knock out service. Wireless IDS or distributed wireless security monitoring vendors such as AirDefense, AirMagnet and Network Chemistry have been offering wireless IDS solutions for several years--but all as overlay solutions.
The debate between using an overlay wireless IDS solution and stuffing that functionality into the enterprise's WLAN infrastructure is ongoing. Overlay wireless IDS systems offer advanced, point-specific highly developed systems, but they trouble bean counters with their purchase, deployment and continued management costs. For that reason, many overlay wireless IDS systems find their way into the government and financial sectors, which explicitly calculate the risks vs. the costs. In the horizontal markets, some security teams within larger companies prefer a separate, out-of-band non-integrated system--a layered defense that doesn't require coordination with the networking group.
On the other hand, enterprise WLAN systems with IDS features--such as those from Aruba and, formerly, Airespace (now Cisco)--are available as either part of the base system or for a small incremental licensing fee. Such integration offers the advantage of using your existing and carefully deployed APs via your familiar management interface. There's no ceiling to open up again, no additional server to squeeze into your data center. And the IDS features and reporting will work fluidly with the other features of the product. What's more, scanning the airwaves while serving clients usually has a minimal effect on your data users (though our experience with VoWLAN testing has proved a bit more troublesome).