Wireless IDS products from AirDefense Inc. and AirMagnet Inc. do a wonderful job of exorcising wireless demons, but they’re expensive. A competing solution from Network Chemistry Inc., called RFprotect, promises to do the job for much less.
RFprotect isn’t the end-all, be-all of wireless network protection, but it can help mitigate problems and provide good visibility into your network at a reasonable price.
The RFprotect solution consists of a management server, a client console, and wireless sensors. While RFprotect’s sensors aren’t the prettiest gear on the Wi-Fi landscape, they are effective. Using a radio chip set similar to that found in the sensors from AirMagnet and AirDefense, the RFprotect sensor did a comparable job of finding wireless access points in my lab and elsewhere in the surrounding area.
I installed both the management server and the client on the same Windows-based machine. I also installed the optional RFshield. Using something akin to the Fatajack denial-of-authentication technique, RFshield can isolate either an AP or a client, preventing connections for any specified length of time. The default is an extensive 48 hours.
RFprotect’s SensorManager is also worth a quick mention. Similar to a more streamlined application offered by Red-M, SensorManager makes finding scores of wireless sensors as easy as clicking a button. SensorManager is also used to update sensor firmware and configure sensor attributes, such as name and channel settings.
Enforcing policy compliance is extremely important on any network, but especially on wireless LANs. Here RFprotect falls short of AirDefense and AirMagnet. Although it can alert you to the presence of rogue devices, probes, DoS attacks, the use of WEP authentication, and other threats, you cannot create custom rules to enforce your own security policies. Network Chemistry says the next version will include a point-and-click tool for doing so. In addition to detecting rogue devices, RFprotect can triangulate their locations from AP signal strength.
RFprotect’s tabbed console interface covers all the bases. At first glance, the real-time dashboard seems simplistic, especially compared to the industrial-strength model in AirDefense. But while understated, it hits all the right points and presents a good array of wireless statistics.
Click a tab for details on the network, alerts, and radio environment. The Network tab lists wireless AP and client specifics that include the SSID (service set identifier), channel, packet rate, when the device was last seen, and its named location. The Alerts tab displays a correlative listing of devices and events, along with color-coded alerts indicating the potential severity of a problem. The RF Environment screen graphically displays spectrum usage and signal-to-noise ratios, and, in a nice touch, also includes a panel presenting the sensor scanning frequency of the multiple 802.11 channels.
Finally, the reporting options are fairly detailed, with a number of different reports that can be run on gathered statistics. Those of particular interest include a report section with HIPAA and other compliance reports.
Network Chemistry’s offering won’t win design awards for its sensor or its graphical front end, but it will save you money when it comes to protecting your wireless network. And although it isn’t as rich or polished as AirDefense or AirMagnet, it gets the job done, won’t take an overwhelming amount of training to learn, and leaves some room in the budget for other pressing needs.
Victor R. Garza is a freelance author and network security consultant in the Silicon Valley. Contact him at firstname.lastname@example.org