Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Captive to SOX compliance? A compliance guide for managers."

Download it now to read this article plus other related content.

On the Radar
Deciding what to monitor and effectively managing every RF signal in an enterprise environment are daunting tasks. Given the proliferation of wireless devices, this includes tracking both authorized and unauthorized RF signals in your airspace, and investigating and halting potential attacks.

AirTight's dashboard stood out for its ability to give you a quick assessment of your network security, and then easily drill down for details. For example, if you want to see APs using WEP, you can click on the appropriate column for a list of all the devices according to type of encryption.

AirTight's dashboard displays quarantined, known and unknown devices, as well as a security scorecard that rates the WLAN as either secure or vulnerable. Security scorecard settings can be customized so that if sensors pick up a neighboring WLAN that isn't a threat, the scorecard won't display your network as vulnerable. In the quarantine section on the dashboard, there's a button that pops you directly into the IPS policy editor for quick changes--such as when the boss arrives with a new wireless PDA and is shut out of the network. A colored bar graph gives a real-time view of what is taking place on the WLAN. Within seconds of launching our DoS attack, for example, we saw the scorecard change from green to red and the bar for DoS attacks rise. We didn't have to read any numbers or descriptions to know we had trouble.

AirMagnet's console cleanly

Requires Free Membership to View

displays all deployed sensors and policies in a tree format on the left side of the console, with one-click access to editing tools at the top of the display. However, we really had to concentrate to wade through the wealth of information--statistics displayed through both numbers and bar graphs of security events, policy violations and WLAN performance--to figure out what was happening on our network.

We had to use the menu options at the bottom of the console to access a listing on rogues, infrastructure details and AirWISE, which displays current alarms and policy violations, and their location, along with the policy and infrastructure tree similar to the console page. We actually preferred the AirWISE display to the main console.

AirMagnet's Rogue View screen lists all detected rogue devices with detailed information about them in a single view. AirMagnet showed significant improvement in triangulating the location of rogue devices compared to an earlier review, almost matching the accuracy of the other three products, all of which tracked offending devices to within a few feet of their actual location.

AirDefense's console was the easiest to navigate, despite the incredible amount of information displayed, but was visually overwhelming. AirDefense provided an extensive overview of the entire WLAN, with individual statistic areas for associations, APs and clients, signal strengths and traffic (by channel and amount transferred). We would have preferred less information up front, with the ability to drill down as needed.

Network Chemistry's console lacked the polish of the competition, but we liked the simple display that instantly showed the critical security factors of our WLAN, including a summary of security alerts (intrusions, threats, vulnerabilities and attacks), the most active devices, a summary of operational alerts (new clients and APs), number and status of sensors, an inventory of connections and their status, and a graphical breakdown of the spectrum (802.11a/b/g). More detailed information was available with a single click on a tab.

This was first published in March 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: