With all the security talk in the air at last week's RSA Conference in San Francisco, it seemed fitting to return to our ongoing discussion of wireless intrusion detection/prevention systems. As you likely know, WIPSs work to keep unauthorized devices from connecting to your wired and wireless networks and to prevent your internal authorized wireless client devices from associating with unauthorized access points.
Some people believe strongly in the need for full-time, dedicated WIPS, because part-time scanning performed by APs leaves channels vulnerable for much of the time. Others shy away from dedicated WIPS because they consider them too expensive. Common thinking is that dedicated WIPS is particularly pricey if procured from a third-party WIPS specialist.
This is not necessarily true – at least, from a capital and installation expense perspective. I’ve gathered some comparative capital costs across a sampling of vendors, both WLAN systems vendors and third-party overlay WIPS specialists.
The comparative costs make the following presumptions:
* An 802.11a/b/g/n environment with all channels continually scanned.
* A 50-sensor deployment (covering an installation of 200 to 250 APs).
* Cost includes any necessary appliance or PC server hardware/software for aggregating and correlating data gathered by the sensors.
* Cost includes any required server software license fees.
* Cost includes any AP/sensor software license fees.
* Cost for each vendor includes $25,000 in sensor cabling/installation (assuming an average $500 per sensor x 50 sensors).
The high-level results, based on MSRP and in alphabetical order are as follows:
Aruba WIPS (Controller-based)
Aruba RFprotect (Server-based)
Cisco Adaptive WIPS
Motorola AirDefense WIPS
As with any cost comparison study, the apples-to-apples element is the most challenging. FYI, I’ve eliminated the costs of equipment and ports an enterprise is likely to already have and would not need to invest in specifically for WIPS.
For example, the Cisco figure does not include the cost of a requisite Cisco Wireless Control System (WCS) or Catalyst 6500 Wireless Services Module (WiSM), because one is likely to be already present in a Cisco WLAN environment. But I did include the $19,995 cost of a Cisco 4402-50 Wireless LAN Controller (WLC), because Cisco 1140 sensors require one-for-one management resources on a WLC; thus, resources for controlling 50 sensors are needed.