A new WLAN intrusion-prevention system gives IT managers a real-time map of wireless activity, and the power to shut down anything it doesn't like the look of.
SpectraGuard, from AirTight Networks, uses sensors to gather data about the WLAN environment, including neighbouring radio transmissions. The data is displayed by a Web-based management application and in colour-shaded maps. Radios can automatically be classified as authorised, rogue, or external access points and clients, and suspect devices can be isolated.
"It scans the physical footprint [of your location] and develops intelligence and context about what is a legitimate device and what is not," says Jim Slaby, senior analyst for security at The Yankee Group. "They've also got some cool features to pinpoint within a few metres where all the access points physically reside, including the bad ones."
SpectraGuard has three main components:
- The server, available preloaded on a rack-mounted appliance or as a software application running on Linux
- Sensors fitted with two radios, 802.11b/g and 802.11a, that connect to the appliance or to spare Power-over-Ethernet ports, and
- The Web-based SpectraGuard Dashboard, which is the management interface.
Administrators can specify the network protocols, access point Service Set Identifiers and products that are authorised for the WLAN. They can group alerts into those that are handled manually and those handled automatically.
The optional SpectraPlan application gives a continuous real-time map of the radio environment. Running on Windows 2000 or XP, it layers different views of the radio environment over a floor plan of the building, with colour-shaded views showing data such as link speeds, channel assignments, access point locations, indoor and outdoor radio coverage, and the radio coverage by the AirTight sensors.
When the sensors pick up rogue devices or a mistaken connection by enterprise wireless clients to neighbouring access points, SpectraGuard identifies and locates the specific client and access point, and automatically disrupts the connection between them. The SpectraGuard display uses colour shading to identify the most likely location of either a rogue access point or client, within a few metres.
AirTight previewed an earlier version of the tools in 2003, when the company was known as Wibhu Technologies (indeed, we still knew the company as Wibhu earlier this month). The company originally planned separate products for WLAN intrusion detection, WLAN radio monitoring and WLAN planning and design.
Early this year, a new management team, under former Proxim chairman and CEO David King, refocused developers on using these tools as the basis for an intrusion-prevention product, going beyond just detecting a problem to taking action on it. "Traditional intrusion-detection systems require just too darn much human intervention," Slaby says. "Intrusion prevention is a bit smarter."
An array of vendors are jumping on this same intrusion-prevention idea, including most recently AirDefense, but also location services vendors such as Newbury Networks. These all use dedicated radio scanners, while WLAN switch vendors such as Aruba and Airespace provide some similar functions using dual-purpose access points.
A starter kit with CD-ROM and two sensors costs US$7,500; sensors cost between $700 and $800.