Siemens has added intrusion detection and prevention software to its WLAN management products, that will also help users comply with regulations such as Sarbanes-Oxley.
The HiPath Wireless Manager Advanced (HWMA) application has had AirTight Networks' software integrated, so administrators can monitor and analyse traffic passing over a wireless link, and block or break suspicious wireless connections. Algorithms will identify specific types of wireless attacks and suspicious traffic.
The software's reporting functionality should meet compliance requirements of regulations such as (in the US) Sarbanes-Oxley, HIPAA, the Gramm-Leach-Bliley Act, and Department of Defense Directive 8100.2. The solution comes with predefined business rules for such reports and checks the data against those rules to determine conformity to the regulations.
The channels on which the data was running, encrypted data, and other access points that were available but not on the system might be of interest to a government audit.
AirTight's SpectraGuard intrusion detection/prevention software, works with companion agents that run on access points, and was launched in late 2004. Siemens has taken this software and made it the native management package for its HiPath WLAN controllers and thin access points, which it acquired a year ago when it bought Chantry Networks.
While assuring compliance with multiple regulations is becoming more important, Richard Conover, research director for Current Analysis, said the quality of the embedded business rules that check for compliance are only as good as the person who wrote them.
"The question you need to ask is if the vendor has gone through the process of going to an outside firm to verify that they meet all the regulations or can they provide some level of assurance that they meet these regulations," Conover said.
Rather than shutting down a port when a rogue device is detected or using a denial of service attack against a rogue AP, both of which would reduce network availability for all legitimate users, the Siemens software sends a disassociate command to a rogue AP every time a legitimate client mistakenly tries to connect to it.
The intrusion protection and prevention capabilities also secure both the radio space and the packets across the network.
The HiPath system is not a centralised switch, says Siemens, but a thin AP architecture with a Layer 3 controller, that works at the Internet protocol level, to create a tunnel from the AP to the controller.
"This is a plug-and-play solution. A network manager can configure the AP when it connects to the network," said Luc Roy, vice president of product planning.
Although WLAN vendors supports the IEEE 802.11i security standard, this focuses on encrypting data and authenticating users, leaving wireless intrusions, such as a rogue access point masquerading as a lawful enterprise node, unattended.
A group of vendors, including AirTight, AirDefense and AirMagnet (sometimes dubbed the Air Brothers), have created software that monitors and analyses the packets being sent over the radio link.
AirTight's software also includes algorithms to pinpoint the location of any radio to a 20-foot-diameter circle. "That's more accurate than what the government requires for E911," Roy says. Location data is available for use by other applications through a documented API.
Radio frequency monitoring also makes remote troubleshooting easier, said Roy. Users only know they can't connect to the WLAN, but a HiPath administrator can run a packet trace, identify the client's media access control address, and see, for instance, that the user is trying to connect to an access point using the Service Set Identifier "visitors" when the correct name is "visitor."
HiPath access points can be dedicated to act as packet sniffers, continuously monitoring radio frequencies. Alternatively, access points can periodically switch from handling WLAN traffic to monitoring. Dedicated sensors are more likely to be needed if the WLAN is handling voice or video traffic, according to Roy.
In the US, Siemens software costs between $1,500 and $7,500, with a license required for each access point, at a cost of $338.