Cisco offers an enterprise wireless intrusion prevention system product called Cisco Adaptive Wireless IPS. Cisco Adaptive Wireless IPS is designed to monitor an organization's wireless local area networks for any indications of security policy violations or other security problems. Common examples are the deployment of rogue wireless access points, the use of unauthorized WLAN client devices, and any WLAN-based attacks. Like other WIPS products, Cisco Adaptive Wireless IPS will also attempt to stop most kinds of WLAN attacks. If successful, the Cisco Adaptive Wireless IPS can support the availability of the WLAN, as well as prevent some compromises of its client devices and speed detection of compromises that cannot be stopped, thus reducing the negative impact to the organization's sensitive data.
The Cisco Adaptive Wireless IPS product is available through the use of a variety of Cisco WLAN technologies, including Cisco Aironet APs, Cisco Wireless LAN Controllers and the Cisco Mobility Services Engine. In such a system, an organization would purchase a license for the Cisco Adaptive Wireless IPS software feature, which would then be activated on the Cisco Mobility Services Engine.
The Cisco Mobility Services Engine (MSE) is available in two models, each of which supports a certain number of Cisco Aironet APs for Wireless IPS purposes:
- Cisco MSE 3365 (physical): supports up to 10,000 APs
- Cisco MSE Virtual Appliance comes in three variants:
- Low-End vMSE: supports up to 2,000 APs
- Standard vMSE: supports up to 6,000 APs
- High-End vMSE: supports up to 10,000 APs
Attack discovery capabilities
The most fundamental WIPS attack discovery capabilities are detecting rogue APs and rogue WLAN connections, such as those initiated by unauthorized WLAN client devices. Cisco Adaptive Wireless IPS offers these capabilities, as well as several more advanced capabilities that include detecting denial-of-service attacks, man-in-the-middle and client impersonation attacks, and active authentication and encryption cracking attempts.
Cisco Adaptive Wireless IPS can also map the physical location of both benign and malicious or suspicious WLAN client devices and APs so that security or network administrators can further investigate activity related to those clients or APs. In fact, the Cisco Adaptive Wireless IPS is one of only a few WIPS products that offer this wide a range of attack discovery capabilities.
Data collection and reporting capabilities
In terms of data collection capabilities, Cisco Adaptive Wireless IPS is superior to most other WIPS products. In addition to collecting basic information about observed WLAN events, Cisco Adaptive Wireless IPS also offers packet capture capabilities, which are invaluable for incident response analysis and forensic investigations.
Cisco Adaptive Wireless IPS provides built-in support for security compliance reporting, specifically for the Payment Card Industry Data Security Standard. Organizations that are subject to other compliance initiatives should check with Cisco to see which initiatives the product natively provides support for, and how much effort it would take an organization to customize reporting capabilities to meet the requirements of other compliance initiatives.
Because of the complexity of Cisco WLAN architectures and the availability of several licensing models, organizations interested in evaluating the Cisco Adaptive Wireless IPS should contact Cisco directly for more guidance on the latest licensing options for their infrastructure.
The Cisco Adaptive Wireless IPS product is a software-based WIPS feature that can be activated through licensing on Cisco Mobility Service Engine physical and virtual devices. Cisco Adaptive Wireless IPS offers a particularly wide range of WLAN attack discovery capabilities, as well as superior data collection capabilities that include packet capture. Its reporting capabilities are typical for leading WIPS products.
The only potential major disadvantage of selecting Cisco Adaptive Wireless IPS as an organization's WIPS product is that it is only compatible with Cisco-based WLAN infrastructures containing components such as Cisco Aironet APs, Cisco Wireless LAN Controllers and Cisco Mobility Services Engines. Organizations that already have these components deployed should strongly consider adopting the Cisco Adaptive Wireless IPS, because doing so will require very little effort compared to other vendors' WIPS solutions. Other organizations may be reluctant to adopt the Cisco Adaptive Wireless IPS product because doing so would probably necessitate complete replacement of the existing WLAN infrastructure.
Part one of this series looks at wireless intrusion prevention systems in the enterprise
Part two of this series offers six enterprise use cases for WIPS
Part three of this series examines seven criteria for purchasing WIPS products
Part four of this series compares the best WIPS products in the market