A two-year-old wireless LAN company next week is scheduled to introduce software and radio sensors designed to offer users a full-blown intrusion-prevention system for their corporate WLANs.
The software, SpectraGuard, from AirTight Networks Inc., is coupled with the sensors to generate a wealth of data about the WLAN environment, including neighboring radio transmissions. The data is displayed on a Web-based management application and in color-shaded maps. Radios automatically can be classified as authorized, rogue, or external access points and clients.
“It scans the physical footprint (of your location) and develops intelligence and context about what is a legitimate device and what is not,” says Jim Slaby, senior analyst for security at The Yankee Group.
Using that intelligence and the criteria of the corporation’s security policies, SpectraGuard can isolate specific problems or suspect devices, Slaby says. “They’ve also got some cool features to pinpoint within a few meters where all the access points physically reside, including the bad ones,” he says.
SpectraGuard has three main components: SpectraGuard server, available preloaded on a rack-mounted appliance or as a software application running on Linux; sensors fitted with two radios, 802.11b/g and 802.11a, that connect to the appliance or to spare Power-over-Ethernet ports; and the Web-based SpectraGuard Dashboard, which is the management interface.
Using these components, administrators can specify the network protocols, access point Service Set Identifiers and products that are authorized for the WLAN. They can group alerts into those that are handled manually and those that are handled automatically.
One optional component, which many users might consider essential, is SpectraPlan, a Windows 2000 or XP application that layers different views of the radio environment over a floor plan of the building or campus. The application’s color-shaded views show data such as link speeds, channel assignments, access point locations, indoor and outdoor radio coverage, and the radio coverage by the AirTight sensors.
The combination of these components creates a continuous real-time map of the radio environment.
When the sensors pick up rogue devices or a mistaken connection by enterprise wireless clients to neighboring access points, SpectraGuard identifies and locates the specific client and access point, and automatically disrupts the connection between them. The SpectraGuard display uses color shading to identify the most likely location of either a rogue access point or client, within a few meters.
The new products are based in part on a trio of WLAN monitoring and management tools the company previewed in 2003, when it was known as Wibhu Technologies. At that time, the company created one program for WLAN intrusion detection, one for WLAN radio monitoring and one for WLAN planning and design.
Early this year, a new management team, under former Proxim Corp. chairman and CEO David King, refocused developers on using these tools as the basis for an intrusion-prevention product, going beyond just detecting a problem to taking action on it.
“Traditional intrusion-detection systems require just too darn much human intervention,” Slaby says. “Intrusion prevention is a bit smarter.” An array of vendors are jumping on this same intrusion-prevention idea, including most recently AirDefense Inc. (www.nwfu sion.com, DocFinder: 4835), but also location services vendors such as Newbury Networks Inc. These all use dedicated radio scanners. WLAN switch vendors such as Aruba Wireless Networks Inc. and Airespace Inc. provide some similar functions.
A starter kit with CD-ROM and two sensors is priced at US$7,500; sensors are priced between US$700 and US$800.