Wireless IDS products from AirDefense (read our AirDefense review) and AirMagnet (read our AirMagnet review) do a wonderful job of exorcising wireless demons, but they’re expensive. A competing solution from Network Chemistry, called RFprotect, promises to do the job for much less. RFprotect isn’t the end-all, be-all of wireless network protection, but it can help mitigate problems and provide good visibility into your network at a reasonable price.
Not pretty, but effective
The RFprotect solution consists of a management server, a client console, and wireless sensors. While RFprotect’s sensors aren’t the prettiest gear on the Wi-Fi landscape, they are effective. Using a radio chip set similar to that found in the sensors from AirMagnet and AirDefense, the RFprotect sensor did a comparable job of finding wireless access points in my lab and elsewhere in the surrounding area.
I installed both the management server and the client on the same Windows-based machine. I also installed the optional RFshield. Using something akin to the Fatajack denial-of-authentication technique, RFshield can isolate either an AP or a client, preventing connections for any specified length of time. The default is an extensive 48 hours.
RFprotect’s SensorManager is also worth a quick mention. Similar to a more streamlined application offered by Red-M (read our review of Red-M Red Detect), SensorManager makes finding scores of wireless sensors as easy as clicking a button. SensorManager is also used to update sensor firmware and configure sensor attributes, such as name and channel settings.
No custom rules and policies
Enforcing policy compliance is extremely important on any network, but especially on wireless LANs. Here RFprotect falls short of AirDefense and AirMagnet. Although it can alert you to the presence of rogue devices, probes, DoS attacks, the use of weak WEP authentication, and other threats, you cannot create custom rules to enforce your own security policies. Network Chemistry says the next version will include a point-and-click tool for doing so. In addition to detecting rogue devices, RFprotect can triangulate their locations from AP signal strength.
RFprotect’s tabbed console interface covers all the bases. At first glance, the real-time dashboard seems simplistic, especially compared to the industrial-strength model in AirDefense. But while understated, it hits all the right points and presents a good array of wireless statistics.
Click a tab for details on the network, alerts, and radio environment. The Network tab lists wireless AP and client specifics that include the SSID (service set identifier), channel, packet rate, when the device was last seen, and its named location. The Alerts tab displays a correlative listing of devices and events, along with colour-coded alerts indicating the potential severity of a problem. The RF Environment screen graphically displays spectrum usage and signal-to-noise ratios, and, in a nice touch, also includes a panel presenting the sensor scanning frequency of the multiple 802.11 channels.
Finally, the reporting options are fairly detailed, with a number of different reports that can be run on gathered statistics. Those of particular interest include a report section with HIPAA and other compliance reports.
Network Chemistry’s offering won’t win design awards for its sensor or its graphical front end, but it will save you money when it comes to protecting your wireless network. And although it isn’t as rich or polished as AirDefense or AirMagnet, it gets the job done, won’t take an overwhelming amount of training to learn, and leaves some room in the budget for other pressing needs.
The RFprotect wireless protection system lacks some of the sophistication of competing solutions from AirDefense and AirMagnet but provides the necessary WLAN monitoring and policy enforcement capabilities at a dramatically lower price. Cost-conscious network managers should take a look.