The issue of managing wireless LANs has become a hot one, with new products arriving from all directions. Many of those products aim to give network executives tools to control the most elusive element of wireless LANs: the radio waves that actually connect clients to access points.
Most are being touted as security products because they detect, and in some cases disconnect, rogue WLAN access points and users, and show traffic patterns that might reveal an attack or a malfunction. But there are other benefits that spring from this ability to "read" radio frequency waves, including tracking the effect and location of RF interference, visualising real-time behaviour of wireless networks and fine-tuning WLAN settings to ensure optimal throughput.
Traditional network management applications focus on Layer 3 and rely on the fact that IP-addressable devices are physically attached via a wire to the network. RF management tools are different.
These new products use radios to scan the air, pull data from the radio chipsets in WLAN devices, and expose via GUI displays and alarms what's happening on the Layer 1 wireless connection. As such, they go beyond the capabilities of expensive, specialised and bulky wireless protocol analyzers and spectrum analysers traditionally used in wireless engineering.
These RF tools let administrators see details such as IP headers, identify new devices that start transmitting, measure the signal strength and radio power settings of access points and client network interface cards, check if Wired Equivalent Privacy or other encryption options are turned on, detect man-in-the-middle attacks and identify electro-magnetic interference.
Much of this data can be passed to enterprise network management applications such as Hewlett-Packard's OpenView, via SNMP. These RF tools let network managers make changes such as adjust the radio power level, or block access to a rogue access point, or force some clients to disassociate from one access point and reconnect to another to balance traffic loads and improve throughput.See our related article for an account of how two different companies chose different options for RF management, while here is a round-up of product options for RF management.
Products for large and small WLANs
The newest products range from full-blown RF management systems, to offerings sized for either small or large WLANs, to incremental improvements in existing products. The products include the following:
Bluesocket's BlueSecure is a stand-alone monitoring system with dedicated sensors that read traffic on 802.11a, b and g networks, and that do some initial data processing. It supports Power over Ethernet.
The ratio of sensors to access points changes depending on variables such as the number of users and the proximity of access points: One sensor for every three to six access points is the rule of thumb.
The BlueSecure Server application, with a GUI, collects, analyses and presents the data and lets network managers configure alarms. It runs on Windows XP or 2000. The new product for now is completely separate from the vendor's flagship WLAN security gateway (which is reviewed here).
BlueSecure sensors cost US$695. The server software costs $3,000. It is scheduled to be released next month.
Highwall Technologies' Model 500 Sentinel mimics the higher-end Model 1000. The main difference is that the 500 incorporates a single sensor, whereas the high-end model can connect to many sensors which the company calls Scouts.
The idea is that one Model 500 box can cover all or most of a single office or small business, largely because of the company's own antenna design. Software settings can change the size and shape of the antenna's scanning area, and Highwall says the design boosts the accuracy of identifying the locations of WLAN devices.
The price is $1,500, or half the price of the Model 1000.
AirMagnet's Mobile Suite 4.0 (a href="https://www.techworld.com/mobility/reviews/index.cfm?productID=189&reviewid=184">reviewed here) has a newly incorporated policy manager which lets administrators specify rules - such as wireless clients must use a VPN session - and then track network activity against them. The software can capture intrusion attempts, subdivide them into classes of attacks and show their frequency.
Other changes include code to minimise signal fluctuations and track handoffs between access points, both aimed at diagnosing radio problems around wireless VoIP traffic.
Earlier this year, AirMagnet introduced products for monitoring Bluetooth radios. Version 4.0 software runs on laptops or PDAs, which network technicians carry to study RF activity throughout a WLAN site.
The price is $3,500 for the laptop version, $3,000 for the PDA. (AirMagnet Distributed is a sensor-based product with server software and management GUI.)
Meru Networks (which recently arrived in Europe) is announcing Version 2.0 of its System Director software, which runs on its WLAN switches. The new release includes an updated and more automated user interface for the Meru WLAN management software.
That program reads the radio activity of Meru access points and then automatically configures each of those devices, including radio channel assignments for the entire WLAN, based on one of several WLAN profiles selected by an administrator. The new version ships on the switch product.
Network Chemistry's recently unveiled RFprotect is scheduled to begin shipping this month, with RF sensors and client/server software de-signed for large-scale WLANs.
Many of these features are also offered in WLAN switches from Aruba Wireless Networks (product reviewed here), Airespace and others. These vendors typically use their companion thin access points as the RF sensors: The access point periodically stops transmitting data and momentarily scans for RF signals, reporting data back to a switch-based or PC analysis application. AirDefense is another specialized RF monitoring company."You can't predict when a rogue (user) will try to access the net," says Stan Schatt, a vice president with Forrester Research Inc. You can't afford to wait to learn that a user doesn't have an encrypted VPN session. "You need to be alerted no matter when these things happen," Schatt says.
"RF monitoring and management is still an art, not a science," he says. As a result, vendors are scrambling to add wizards and even artificial intelligence to emerging RF products.