With wireless security threats and incidents increasing at an alarming rate, we're considering implementing a wireless...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
LAN intrusion prevention system (IPS). Can you offer some guidance on sifting through this market? What are some must-have IPS features?
Ask the Expert!
Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)
The wireless IPS (WIPS) space has evolved rapidly over the past couple years, and additional features have been developed to better protect wireless networks. With wireless threats becoming more prominent and businesses extending their LANs using wireless technology, the need for WIPS is no longer a luxury, but a necessity.
Many of today's wireless networking vendors offer WIPS that can integrate with existing equipment, obviously an essential criterion for any organization with a sizable legacy network infrastructure. From what I've seen, however, the vendors that specialize in WIPS normally have more robust offerings that include various features. Motorola's AirDefense and Fluke's AirMagnet are two popular vendors that offer wireless IPS.
Arguably the most important feature to look for in a wireless IPS is a notification function that will alert you of rogue wireless access points (APs). Being able to review which nodes are approved and which aren't is one of the main reasons why most companies deploy this technology. When utilizing this feature, make sure that the location service works just as well as the notification feature. I can't tell you how many times I've walked around a building with an antenna trying to find a rogue access point. Not having to chase down the AP every time someone walks into the building with a wireless device that is broadcasting can save a lot of time.
Besides vulnerability management and intrusion detection (which is most likely the reason you're looking into WIPS), make sure that the WIPS has the ability to monitor the health of the APs. This is an operational feature, but if your access points differ in policy or health, it's possible they might be vulnerable to attacks that the others are not. Also, this brings up policy management concerns of determining if your access points are running approved versions of their operating systems.
These are just some of the options I would look for in a WIPS. Remember that every product is different: Most products are strong in some functions and come up short in others. Evaluate every potential purchase thoroughly; you won't know which product works best for you until you test it the scenarios in which you plan to use it.
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Related Q&A from Matthew Pascucci
A new version of the Ursnif Trojan uses mouse movements to bypass security efforts by beating sandbox detection. Expert Matthew Pascucci explains how...continue reading
Adobe Flash's end of life is coming, and it includes an incremental removal method, allotting security teams enough time to adjust. Matt Pascucci ...continue reading
Explore the differences of public versus private bug bounty programs, as well as the benefits of each one. Expert Mathew Pascucci explains the risk ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.