Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Distributed Wireless Security Monitoring Systems: Page 3 of 6

The forensic analysis wizard, however, listed both my clients' WEP (Wired Equivalent Privacy) status as "unknown." But running a report against the same two devices showed WEP as "on," as did a report against the AP. AirDefense says this was a bug. Additionally, the wizard and reports listed my laptop's DNS name as "Laptop," erroneously using the alias I had assigned to the device rather than actually performing a reverse lookup of the IP address or leaving it blank. AirDefense promises to address this in a future release.


Good

• Well-categorized wizards
• Strong forensic analysis with detailed reporting


Bad


• Flawed behavioral trending
• Data consistency issues


AirDefense Enterprise 7.0, $8,975, server (secure platform) and four sensors, two copies of Mobile WLAN Analyzer, 25 Personal Agent connection licenses, AirDefense, (770) 663-8115. www.airdefense.net

The last wizard, intrusion analysis, lists suspected DoS (denial-of-service) attacks, wireless phishing traps, Soft APs and other events that warrant further investigation.

Another significant feature in this release is the addition of statistical base-lining: If an AP or client acts out of character, the system will flag a behavioral alarm. My test system stumbled here, failing to learn the behavior of production traffic and sending me false behavioral alarms relating to production traffic. AirDefense was not able to identify why this occurred.

A reporting section offers a host of predefined reports, and reports related to regularations such as Sarbanes-Oxley, GLBA (Gramm-Leach-Bliley Act), DoD 8100.2 and VISA CISP/PCI can be scheduled for regular compliance review.