Two updated software products will improve wireless LAN security, one targeting the network and the other wireless clients.
Newbury Networks' Wi-Fi Watchdog software will now isolate unauthorised access points by disconnecting corporate wireless clients that connect to them accidentally. And Funk Software has released its Odyssey Client 3.1 for Windows which now includes the full 802.11i security standard.
Newbury's Watchdog combines radio frequency sensors with its own algorithms to pinpoint the location of a WLAN client or access point. Using that data, network managers can not only see where these devices are in a building or site, but also enforce security policies according to location.
Watchdog 4.0 can forcibly disconnect wireless clients from connecting with unauthorised WLANs, whether a hostile rogue pretending to be a legitimate device or an access point in a nearby coffee shop. The Watchdog sensors, monitoring the radio waves, pick up the signals from the access point and client, and the location software detects whether the former is outside the building's walls or in an unauthorised location. The sensor then sends out packets that break the client's connection.
The new release also adds packet inspection agents to detect packet contents and patterns that indicate possible attacks. The sensors forward 802.11 packets to the inspection agents for analysis. The agents pass any identified threats to the Wi-Fi Watchdog server, which correlates the threat information with location data, and then trips an alarm. The latest version costs $15,000, which includes 10 Watchdog radio sensors. The previous version of the product is reviewed here.
Funk Software's client often features as a partner in wireless vendors' security announcements and its latest version improves Windows client security. Most vendors in the WLAN market are racing to add the improved encryption and authentication to their products, and gain Wi-Fi Alliance certification.
Odyssey Client 3.1 now supports authentication standard Extensible Authentication Protocol-Subscriber Identity Module, used in GSM-based wireless networks and Cisco's authentication protocol, Flexible Authentication via Secure Tunneling (FAST), which Cisco has proposed to the IETF.
FAST has been added to Cisco's Server ACS Security Server and Aironet wireless adapter cards, and the Funk Odyssey client software, expected out in beta next week, will allow user authentication via FAST.
It will also be able to ensure a certain PC is always logged into a machine account, which gives access to administrators. This feature duplicates capabilities in Microsoft's wireless supplicant, which is part of XP, according to Funk executives. The Odyssey client costs about $50, with volume discounts.