Problem solve Get help with specific problems with your technologies, process and projects.

Choosing from must-have wireless IPS features

Matthew Pascucci offers tips for choosing a wireless intrusion prevention system, including what critical features to look for.

With wireless security threats and incidents increasing at an alarming rate, we're considering implementing a wireless LAN intrusion prevention system (IPS). Can you offer some guidance on sifting through this market? What are some must-have IPS features?

Ask the Expert!

Have questions about network security for expert Matt Pascucci? Send them via email today! (All questions are anonymous.)

The wireless IPS (WIPS) space has evolved rapidly over the past couple years, and additional features have been developed to better protect wireless networks. With wireless threats becoming more prominent and businesses extending their LANs using wireless technology, the need for WIPS is no longer a luxury, but a necessity.

Many of today's wireless networking vendors offer WIPS that can integrate with existing equipment, obviously an essential criterion for any organization with a sizable legacy network infrastructure. From what I've seen, however, the vendors that specialize in WIPS normally have more robust offerings that include various features. Motorola's AirDefense and Fluke's AirMagnet are two popular vendors that offer wireless IPS.

Arguably the most important feature to look for in a wireless IPS is a notification function that will alert you of rogue wireless access points (APs). Being able to review which nodes are approved and which aren't is one of the main reasons why most companies deploy this technology. When utilizing this feature, make sure that the location service works just as well as the notification feature. I can't tell you how many times I've walked around a building with an antenna trying to find a rogue access point. Not having to chase down the AP every time someone walks into the building with a wireless device that is broadcasting can save a lot of time.

Besides vulnerability management and intrusion detection (which is most likely the reason you're looking into WIPS), make sure that the WIPS has the ability to monitor the health of the APs. This is an operational feature, but if your access points differ in policy or health, it's possible they might be vulnerable to attacks that the others are not. Also, this brings up policy management concerns of determining if your access points are running approved versions of their operating systems.

These are just some of the options I would look for in a WIPS. Remember that every product is different: Most products are strong in some functions and come up short in others. Evaluate every potential purchase thoroughly; you won't know which product works best for you until you test it the scenarios in which you plan to use it.

This was last published in March 2013

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.