It's been more than 6 months since our last comparative review of wireless IDS products (see "Time To Tighten the Wireless Net" ). In the past few weeks, two of the participating vendors in that review--one an established player and one a relative newcomer to the market--have introduced significant upgrades to their products. AirDefense has pushed forward with its forensic analysis, which adds a great deal of insight into the history of your wireless space, while AirTight Networks has filled out its feature set and enhanced its autoclassification capability. With security concerns escalating, there's no time like the present to take another look at how the wireless IDS market is evolving.
AirDefense Enterprise 7.0
The AirDefense Enterprise wireless IDS system provides overlay security for existing Wi-Fi networks and enforces "no-Wi-Fi-allowed" policies in those organizations that have them. Version 7.0 introduces some new features such as built-in location tracking, while enhancing existing capabilities like forensic analysis. AirDefense also has revamped some underpinnings of the software's database to improve performance.
The AirDefense Enterprise system arrived as a rackmountable server with several sensors, which are powerful APs (access points) coupled with custom software that connect to the server through a serial cable the company provided. Initial server configuration is done through a menu-driven text interface, but ongoing management and policy modification is performed using a Java-based interface that runs within a Web browser or as a standalone application. After configuring the sensors to communicate with the AirDefense server, I was able to view them within the GUI. Even on my 1-GHz Windows XP machine with 384 MB of RAM, the Java interface ran snappily.
AirDefense has redesigned its dashboard by grouping its core functionality into five analysis wizards (rogue, performance, compliance, forensic and intrusion), making it easy for users to obtain information.