Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Distributed Wireless Security Monitoring Systems: Page 2 of 6

The rogue analysis wizard does a good job prioritizing rogue clients and APs based on the threat they pose. APs found on the wired network are clearly tagged with a higher threat level than standalone APs. On the wired side, a switch port lookup function finds rogue APs, but it requires entering all your switches' IPs and SNMP community strings one at a time or in bulk using a readily available import routine. However, when I used a Cisco AP and a wireless router as test rogues, the system had limited success, because the wired MAC address is significantly different than the rogue BSSIDs (Basic Service Set Identifiers). Even associating a client to the rogue AP and sending some traffic through did not assist with switch port lookups.

On the plus side, it's easy to select and right-click a rogue to contain it, terminate it or just find out more information about it. Termination can be performed wirelessly or by disabling the port--if AirDefense can identify which switch port the rogue is plugged into. The system also can integrate with Cisco's WLSE (Wireless LAN Solution Engine) to assist with wireside tracing and disabling.

The performance analysis wizard lists problems such as excessive roaming or traffic that crosses defined thresholds and assigns them threat levels. The compliance analysis wizard lists all those APs that are out of compliance with predefined or configured policies, such as the use of WPA (Wi-Fi Protected Access) and SSID broadcasting. The inclusion of rogue APs is unnecessary since it's already dealt with in the rogue analysis wizard.

Another complaint: The compliance wizard claimed my clients were not using TKIP (Temporal Key Integrity Protocol), although I was in fact using WPA-PSK (preshared key) with TKIP.

The forensic analysis wizard supplies an immense amount of current and historical detail on the device. AirDefense says it tracks up to 300,000 devices, each with 249 data points using a new database that dramatically increases data-retrieval speeds. For example, after a visitor outside my office turned on her laptop to do some work, the console informed me that a new device had been discovered in my airspace. Based on the time the device had been turned on and the names of each probed SSID, the forensic analysis wizard helped me figure out that the device was, in fact, my visitor's laptop. Microsoft's Wireless Zero Config, not any malicious intent by my visitor, was to blame for the laptop's probing. This wizard also offers location tracking and threat mitigation.