I've long been an Air Magnet customer, even before it became part of Fluke Networks, and have found value in a number of its tools. I like that AirMagnet can automatically push threat signature updates to existing WISP customers with what it calls Dynamic Threat Update, and I appreciate the way it keeps its signature library fresh as new bona fide threats--and even friendly features that can be used in nefarious ways--enter the picture.
But the tool is just one player in this story. As interesting is that Apple’s AirDrop wireless file sharing capability is deemed threatening enough to secure enterprise environments to be included as a signature in AirMagnet’s latest enterprise version. Apple’s Lion OS touts AirDrop as one of its competitive differentiators, allowing multiple users to share files over the WLAN. The problem is that the files may be corporate-sensitive, and the users taking part in the sharing may be on wireless machines not authorized for access. So AirMagnet dares to visit the murky junction where what you can do with your Mac crosses paths with what you shouldn’t do at work, and exposes it for those charged with network security. I have to wonder how Apple feels about AirDrop being deemed a security risk.
Given that solutions enforce policy, the "AirDrop = Security Threat" notion also has me contemplating whether corporate secure WLAN policy is keeping up with the likes of AirDrop. Yes, the BYOD tidal wave scrambles many a security policy, but AirDrop implicates a specific feature on specific devices used by specific clients, and in ways that may or may not be OK inside your own walls only. If you’ve ever written policy, you’re likely either saying, "So what--I can cover this in one general bullet point," or, "There are a lot of hairs to split here in relation to other things that we do and don’t allow." Either way, it’s thought-provoking in that policy can be very slow to change and not frequently updated because of the onerous nature of doing it right, yet change it must to address the new world we’re living in. Welcome to WLAN reality, baby.
Back to AirMagnet Enterprise 9.0. Other new signatures include the man-in-the-middle attack Karmetasploit that identifies bad guys masquerading as an AP for a number of potential undesirable reasons and the DHCP Starvation Attack, which AirMagnet says can be used to push users to a malicious WLAN, especially in unencrypted commercial hotspots. These add to an existing library that is arguably as good as any of the competitors when it comes to WIPS.
On WIPS in general, I frequently find myself pontificating about the similarities to detailed spectrum analysis. Identifying threats to your environment should be a high priority, but WIPS is a double-edged sword. Seeing that a threat is in your midst has great value, and those of us running business-class networks have no choice to but to attempt to face potential security issues and performance-robbing environmental conditions head-on. But when your network covers several square miles, or is sandwiched among other large networks (or lots and lots of small ones in residential areas), it can be hard to meaningfully react. But you have to try. And once your policy is figured out, AirMagnet’s Enterprise 9.0 is a nice weapon in the battle for wireless network security.
Other than being a customer, Lee Badman has no relationship with AirMagnet.