With wireless security threats and incidents increasing at an alarming rate, we're considering implementing a wireless LAN intrusion prevention system (IPS). Can you offer some guidance on sifting through this market? What are some must-have IPS features?
Ask the Expert!
Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)
The wireless IPS (WIPS) space has evolved rapidly over the past couple years, and additional features have been developed to better protect wireless networks. With wireless threats becoming more prominent and businesses extending their LANs using wireless technology, the need for WIPS is no longer a luxury, but a necessity.
Many of today's wireless networking vendors offer WIPS that can integrate with existing equipment, obviously an essential criterion for any organization with a sizable legacy network infrastructure. From what I've seen, however, the vendors that specialize in WIPS normally have more robust offerings that include various features. Motorola's AirDefense and Fluke's AirMagnet are two popular vendors that offer wireless IPS.
Arguably the most important feature to look for in a wireless IPS is a notification function that will alert you of rogue wireless access points (APs). Being able to review which nodes are approved and which aren't is one of the main reasons why most companies deploy this technology. When utilizing this feature, make sure that the location service works just as well as the notification feature. I can't tell you how many times I've walked around a building with an antenna trying to find a rogue access point. Not having to chase down the AP every time someone walks into the building with a wireless device that is broadcasting can save a lot of time.
Besides vulnerability management and intrusion detection (which is most likely the reason you're looking into WIPS), make sure that the WIPS has the ability to monitor the health of the APs. This is an operational feature, but if your access points differ in policy or health, it's possible they might be vulnerable to attacks that the others are not. Also, this brings up policy management concerns of determining if your access points are running approved versions of their operating systems.
These are just some of the options I would look for in a WIPS. Remember that every product is different: Most products are strong in some functions and come up short in others. Evaluate every potential purchase thoroughly; you won't know which product works best for you until you test it the scenarios in which you plan to use it.
This was first published in March 2013