This article can also be found in the Premium Editorial Download "Information Security magazine: 12 security lessons for CISOs they don't teach you in security school."
Download it now to read this article plus other related content.
SpectraGuard quarantines unauthorized clients and APs, but removal is manual. External devices that don't attempt to associate with your WLAN are detected but ignored. Network policy settings include authorized MACs, channels, SSIDs, encryption, protocols and even vendors. Creating and editing policies are simple; access point and client quarantine policies can be set globally or individually.
One sensor can monitor an office or small building, but multiple sensors are required for triangulating an offending device within a few yards. Each WLAN subnet requires a server, which limits scalability.
A well-designed Java console is the central setup and administration point for SpectraGuard. It features a wizard for the policy creation and sensor placement process. The interface features a comprehensive dashboard displaying all active wireless devices detected, administration functions and system events. Its inability to sort specific items is a bit irritating,
SpectraGuard's detailed reports cover the system, events, devices and location, and provide an overall system security scorecard. Reports can be accessed in HTML or exported as XML. SpectraGuard lacks automatic report generation and delivery--something that larger enterprises will miss.
SpectraGuard's well-designed RF propagation and planning tool gives it an edge over products that only offer a circular radius for determining coverage; this tool alone is worth the price. Its real-time RF coverage display shows dead spots using state-of-the-art RF propagation modeling. With either the location settings or the SpectraPlan plug-in (which costs an additional $2,500), users can import either .jpg or .gif layouts of the business' campus or floor plan to determine sensor placement for maximum protection. SpectraPlan's additional planning capabilities include RF sensor simulation prior to deployment--a big time-saver.
Though improved scalability and automated reporting would raise it to true large-enterprise caliber, SpectraGuard's powerful intrusion detection model, ease of management and striking RF coverage make it a genuine WLAN security competitor.
--Sandra Kay Miller
This was first published in February 2005