Unauthorised wireless extensions to corporate networks (so called "rogue" access points) have become a serious problem, as 802.11 access points have plummeted in price. It is now easy for any user with even the most microscopic, discretionary budget to buy one.

Unfortunately, the IT manager's counter-weapon, the wireless IDS, has not tumbled in price - although some wireless LAN switches have IDS capability built in (see our reviews of Airespace, Aruba, and Trapeze, for example).

High deployment cost remains a problem with current wireless IDSes and rogue detection solutions, because IDS sensors have to be placed alongside wireless APs deployed throughout the enterprise infrastructure.

Competing solutions (read our reviews of AirMagnet and AirDefense, as well as Wi-Fi Watchdog) have a wider detection radius than the average AP, primarily because they receive, but do not transmit, wireless traffic. Highwall’s RDS (Rogue Detection System) takes a different approach.

Highwall uses more antennas and amplification to get better environmental coverage than its competition. As a result, it not only reduces the number of sensors needed in a single-story environment, but Highwall claims its solution can detect rogue devices anywhere in a five-story building.

Highwall's product is compared with others here, and there is a contribution from Highwall's Rich Swier in this article

The Highwall system consists of the Highwall Sentinel, the Highwall Scout, and the Windows-based management console. The introductory package includes a Highwall Sentinel, two Scouts, and the management console.

The Sentinel can detect 802.11a, b and g wireless traffic and runs an embedded version of Linux. It has two RJ45 10Base-T interfaces that support Power over Ethernet and a coaxial connection (which supports power over coaxial). The amplified Sentinel sensor should suffice if detection isn’t needed for more than one floor.

The Scout is the listening station, with eight directional panel antennas that create a dome of detection rather than a horizontal plane.

A complicated set-up
Configuring the Sentinel hardware requires you to browse to the default address of, and change the address to be static or DHCP-allocated. We wish vendors would default to using DHCP - it would make life so much simpler.

Installing the server-based management console software is fairly easy, although you must ensure that SQL Server is configured for mixed-mode authentication (Windows and SQL Server authentication). Otherwise, the Highwall installation process will exit, requiring you to start the installation again.

Once the management console is installed, you must edit the configuration file with Windows Notepad or similar to specify the addresses of the Sentinels, and other operational parameters. When you have finished editing the configuration file you can access the management console through your Web browser.

Visibility is good
We could see every operating access point, ad hoc network and wireless client in our vicinity. We could see all the published Service Set Identifiers (SSIDs - the wireless network identifiers), equipment vendors, wireless channels, media access control addresses and IP addresses assigned to non-Wired-Equivalent-Privacy-protected networks. And we could label all the access points and clients so we could filter the lists of equipment as being rogue, domestic or foreign.

The management console displays alerts for each newly encountered wireless device and network, and lets you examine the data and classify it for future reference.

The Highwall system also integrates with UniCenter eTrust and (recently launched) Wireless Site Management products from Computer Associates - the latter providing the most accurate determination of physical location.

Very good, if slightly awkward
The minuses to Highwall’s solution include a mediocre management interface and the fact that it requires a separate installation of Microsoft IIS and SQL Server to manage the data accumulated by the sensors. These shortcomings are partially overcome through integration with Computer Associates’ UniCenter eTrust and Wireless Site Management products, but that’s no consolation for those who purchase the product directly.

The Management Console allows multiple Sentinel sensors to feed to a central console and has several alarm notification levels, by e-mail, SNMP, and Syslog.

This review was condensed from a review by Victor Garza in Infoworld and a column by Mark Gibbs in Network World.


This wireless IDS compares well with the competition. Those considering it should check the requirement for supporting software and whether it works with their existing software.