This article can also be found in the Premium Editorial Download "Information Security magazine: Unwrapping Windows Server 2003: An exclusive first look at Microsoft's new OS."
Download it now to read this article plus other related content.
Security managers have a variety of tools available for keeping WLANs safe. Here's a representative sampling:
Network discovery tools run on 802.11 stations and passively monitor beacon and probe response frames. Some actively probe for APs and stations configured for peer to peer. They typically display discovered devices by SSID, channel, MAC address and location (when used with a GPS), generating basic data that can be saved to a file.
- NetStumbler is a freeware AP discovery tool for Win32 systems.
- MacStumbler is freeware AP discovery software for Mac OS X and Apple Airport adapters.
- WaveStumbler is a freeware WLAN mapper for Linux.
- AirTouch Network's Security System War Driving Kit is a commercial war-driving kit, complete with sniffing software, 802.11b adapter and antenna.
Vulnerability assessment tools, in addition to network discovery, sniff traffic to spot security policy violations (e.g., APs with default SSID, stations or APs in open-system mode). They query APs to obtain system information and identify risks (e.g., open ports). Assessment tools build a database of known APs and stations so that rogue devices and changes can be highlighted when repeated at regular intervals. They generate alerts or reports that document vulnerabilities.
- AirMagnet's Handheld/Laptop Analyzer series are portable analyzers for Win32 laptops and Pocket PC 2002.
- Internet Security Systems' Wireless Scanner is a Windows 2000 vulnerability checker with active penetration scanning.
- WaveSecurity's WaveScanner is a detection, assessment and reporting tool for Linux; uses Prism2 adapters.
Traffic monitoring and analysis tools also provide discovery and vulnerability alerting. In addition, they capture and examine packet content (not just headers), so that applications' behavior can be examined. They're typically used for security and performance troubleshooting and trend analysis.
- WildPackets' AiroPeek is a real-time analyzer for 802.11a and b; runs on Windows XP/2000.
- Network Instruments' Network Observer is a real-time analyzer for 802.11a/b, Token Ring, and FDDI for Win32.
- Network Associates' Sniffer Wireless real-time analyzer for 802.11a/b runs on Win32 and Pocket PC 2002.
- Ethereal is a freeware network protocol analyzer with WLAN support on certain platforms.
Intrusion Detection: As in wired networks, IDSes provide 24/7 network-layer monitoring for possible intrusions. IDSes may use signature analysis, protocol inspection, rules enforcement and/or anomaly detection.
- AirDefense's Air Defense Guard IDS appliance employs remote sensors to capture 802.11 packets and send summaries to central IDS engine.
- Latis Networks' StillSecure Border Guard is a WLAN gateway that focuses on intrusion detection and content filtering for 802.11, stripping worms and similar viral payload at the gateway.
This was first published in April 2003