|
PolicyA
Out of the box, AirDefense Enterprise includes a comprehensive set of default policies that provided adequate protection from common threats until we customized the deployment to our specific environment.
Policies were easily configured through the Policy Manager, which could also be instantly accessed by right-clicking on a location, group or device in the management tree. From there, we could quickly view all the associations, behaviors and protocols (a,b,g) of all locations, groups and devices.
Policies are not set for individual users, but for the access points and sensors. When users moves, they are bound by the policies of the access point to which they connect. Policies can be applied individually, in groups, by device, location and globally.
There are four basic policy types: configuration, performance, vendor and channel. The first three apply to access points and the fourth to the sensors. Configuration policies determine the fundamental security configuration for how users connect to the access points.
For implementations dependent on performance, such as wireless VoIP installations, policies can be set to alert administrators when thresholds are met that could impact availability.
Using the vendor policy, we were able to limit users connecting to the network to a specific brand of access point, thus limiting the possibility of rogue devices.
The channel policies are the most powerful, offering granular control over when specific channels are allowed on the network. We set up our test policy to allow wireless traffic during business hours, to log all traffic within the confines of our building during non-working hours and to block all connections on APs located in outside public areas.
For international enterprises, AirDefense provides the ability to specify individual channels for the United States, Asia and Europe.
Logging and Reporting
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
>A
The extensive logging and reporting satisfied both our security and network appetites with instant access to real-time information and historical data in syslog format. This made it easy for us to route logs into a third-party SIM/SEM device.
The reporting features are much more user-friendly than the last time we reviewed AirDefense.
There are two types of reporting. Web Reporting is simple, with three tabs offering one-click access to standard report templates, previously published reports and favorites for frequently run reports. From the default Reports tab, we were able to quickly set up, schedule and run detailed reports on everything from network usage to security alerts. Reports could be generated in HTML, PDF and CSV formats and automatically distributed via email.
While the Web Reporting will meet the needs of those in the role of manager, administrators and network operators will want to take advantage of the Report Builder. Reports can be built from scratch or created using pre-existing templates. Users have much more control over the content than with Web Reporting. We were able to add data fields, tables and charts, as well as customize titles, headers and sections. You can also create filters using radio buttons, check boxes and text boxes. Reports can be imported and exported.
EffectivenessA
Three new features (all optional modules) stand out: advanced forensics, spectrum analysis and WEP cloaking. These features are add-on modules above the base price.
Advanced forensics covers both trouble-shooting network anomalies and digging deeper into security-related events, such as the number of policy violations and alarms on specific devices. A summary from the previous 24 hours is displayed in a graphical overview, offering a quick glance at the current threat level, traffic, associations and information about specific devices such as methods of authentication, encryption and the SSID. Additional tabs allowed us to drill down into devices, threats, applications, traffic, signal and locations.
The spectrum analysis tool offers background and dedicated spectrum scanning through the sensors. We were able to locate and identify sources of interference from other wireless networks as well as non-network devices, such as microwave ovens, baby monitors and cordless telephones. Fair warning: licenses must be purchased for individual sensors.
Similarly, the Live View feature, can be accessed by simply right-clicking on any device in the navigation tree, offers a real-time observation of sensors, APs and users (through integration with directory services). Live View offers four main categories of information: data, connections, devices and frames, as well as graphical charts for at-a-glance analysis. For historical analysis, Live View sessions can be stored and analyzed using the frame capture feature. However, Live View and the Spectrum Analysis tool cannot be run at the same time.
Recognizing that WEP remains in service, especially in retail deployments, AirDefense Enterprise has introduced WEP cloaking to mitigate the protocol's inherent vulnerabilities until legacy equipment can be upgraded. This feature operates by generating "chaff" frames to confuse commonly used wireless sniffing and WEP-cracking applications used to perform man-in-the-middle attacks. During our testing, we found WEP cloaking sufficient to foil freely available tools most often used by wireless hackers.
Verdict
AirDefense is a comprehensive, cost-effective solution for protecting and troubleshooting WLANs.
Testing methodology: We tested the product by deploying the appliance and wireless sensor on an 802.11 network utilizing 802.11a, b and g devices.
Review how we grade at searchsecurity.com/grading_criteria.
|
 |
|
