The forensic analysis wizard, however, listed both my clients' WEP (Wired Equivalent Privacy) status as "unknown." But running a report against the same two devices showed WEP as "on," as did a report against the AP. AirDefense says this was a bug. Additionally, the wizard and reports listed my laptop's DNS name as "Laptop," erroneously using the alias I had assigned to the device rather than actually performing a reverse lookup of the IP address or leaving it blank. AirDefense promises to address this in a future release.
Strong forensic analysis with detailed reporting
Flawed behavioral trending
Data consistency issues
AirDefense Enterprise 7.0, $8,975, server (secure platform) and four sensors, two copies of Mobile WLAN Analyzer, 25 Personal Agent connection licenses, AirDefense, (770) 663-8115. www.airdefense.net
The last wizard, intrusion analysis, lists suspected DoS (denial-of-service) attacks, wireless phishing traps, Soft APs and other events that warrant further investigation.
Another significant feature in this release is the addition of statistical base-lining: If an AP or client acts out of character, the system will flag a behavioral alarm. My test system stumbled here, failing to learn the behavior of production traffic and sending me false behavioral alarms relating to production traffic. AirDefense was not able to identify why this occurred.
A reporting section offers a host of predefined reports, and reports related to regularations such as Sarbanes-Oxley, GLBA (Gramm-Leach-Bliley Act), DoD 8100.2 and VISA CISP/PCI can be scheduled for regular compliance review.