Answer

Choosing from must-have wireless IPS features

With wireless security threats and incidents increasing at an alarming rate, we're considering implementing a wireless LAN intrusion prevention system (IPS). Can you offer some guidance on sifting through this market? What are some must-have IPS features?

    Requires Free Membership to View

Ask the Expert!

Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)

The wireless IPS (WIPS) space has evolved rapidly over the past couple years, and additional features have been developed to better protect wireless networks. With wireless threats becoming more prominent and businesses extending their LANs using wireless technology, the need for WIPS is no longer a luxury, but a necessity.

Many of today's wireless networking vendors offer WIPS that can integrate with existing equipment, obviously an essential criterion for any organization with a sizable legacy network infrastructure. From what I've seen, however, the vendors that specialize in WIPS normally have more robust offerings that include various features. Motorola's AirDefense and Fluke's AirMagnet are two popular vendors that offer wireless IPS.

Arguably the most important feature to look for in a wireless IPS is a notification function that will alert you of rogue wireless access points (APs). Being able to review which nodes are approved and which aren't is one of the main reasons why most companies deploy this technology. When utilizing this feature, make sure that the location service works just as well as the notification feature. I can't tell you how many times I've walked around a building with an antenna trying to find a rogue access point. Not having to chase down the AP every time someone walks into the building with a wireless device that is broadcasting can save a lot of time.

Besides vulnerability management and intrusion detection (which is most likely the reason you're looking into WIPS), make sure that the WIPS has the ability to monitor the health of the APs. This is an operational feature, but if your access points differ in policy or health, it's possible they might be vulnerable to attacks that the others are not. Also, this brings up policy management concerns of determining if your access points are running approved versions of their operating systems.

These are just some of the options I would look for in a WIPS. Remember that every product is different: Most products are strong in some functions and come up short in others. Evaluate every potential purchase thoroughly; you won't know which product works best for you until you test it the scenarios in which you plan to use it.

This was first published in March 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: