New tools corral WLAN radio waves

A host of new management products are giving network executives tools to control the most elusive element of wireless LANs: the radio waves that actually connect clients to access points.

A host of new management products are giving network executives tools to control the most elusive element of wireless LANs: the radio waves that actually connect clients to access points.

Most are being touted as security products because they detect, and in some cases disconnect, rogue WLAN access points and users, and show traffic patterns that might reveal an attack or a malfunction. But there are other benefits that spring from this ability to "read" radio frequency waves, including tracking the affect and location of RF interference, visualizing real-time behavior of wireless networks and fine-tuning WLAN settings to ensure optimal throughput.

The new RF tools differ from traditional network management applications, which focus on Layer 3 and rely on the fact that IP-addressable devices are physically attached via a wire to the network.

These new products use radios to scan the air, pull data from the radio chipsets in WLAN devices, and expose via GUI displays and alarms what's happening on the Layer 1 wireless connection. As such, they go beyond the capabilities of expensive, specialized and bulky wireless protocol analyzers and spectrum analyzers traditionally used in wireless engineering.

These RF tools let administrators see details such as IP headers, identify new devices that start transmitting, measure the signal strength and radio power settings of access points and client network interface cards, check if Wired Equivalent Privacy or other encryption options are turned on, detect man-in-the-middle attacks and identify electro-magnetic interference.

Much of this data can be passed to enterprise network management applications such as HP's OpenView via SNMP. These RF tools let network managers make changes such as adjust the radio power level, or block access to a rogue access point, or force some clients to disassociate from one access point and reconnect to another to balance traffic loads and improve throughput.

New products

The newest products range from full-blown RF management systems, to offerings sized for either small or large WLANs, to incremental improvements in existing products. The products include:

  • Bluesocket's BlueSecure is a stand-alone monitoring system with dedicated sensors that read traffic on 802.11a, b and g networks, and that do some initial data processing. It supports Power over Ethernet.

The ratio of sensors to access points changes depending on variables such as the number of users and the proximity of access points: One sensor for every three to six access points is the rule of thumb.

The BlueSecure Server application, with a GUI, collects, analyzes and presents the data and lets network managers configure alarms. It runs on Windows XP or 2000. The new product for now is completely separate from the vendor's flagship WLAN security gateway.

BlueSecure sensors cost $695. The server software costs $3,000. It is scheduled to be released next month.

  • Highwall's Model 500 Sentinel mimics the higher-end Model 1000. The main difference is that the 500 incorporates a single sensor, whereas the high-end model can connect to many, dubbed Highwall Scouts.

The idea is that one Model 500 box can cover all or most of a single office or small business, largely because of the company's own antenna design. Software settings can change the size and shape of the antenna's scanning area, and Highwall says the design boosts the accuracy of identifying the locations of WLAN devices.

The price is $1,500, or half the price of the Model 1000.

  • AirMagnet Mobile Suite 4.0's newly incorporated policy manager lets administrators specify rules - such as wireless clients must use a VPN session - and then track network activity against them. The software can capture intrusion attempts, subdivide them into classes of attacks and show their frequency.

Other changes include code to minimize signal fluctuations and track handoffs between access points, both aimed at diagnosing radio problems around wireless VoIP traffic.

Earlier this year, AirMagnet introduced products for monitoring Bluetooth radios. Version 4.0 software runs on laptops or PDAs, which network technicians carry to study RF activity throughout a WLAN site.

The price is $3,500 for the laptop version, $3,000 for the PDA. (AirMagnet Distributed is a sensor-based product with server software and management GUI.)

  • Meru Networks is announcing Version 2.0 of its System Director software, which runs on its WLAN switches. The new release includes an updated and more automated user interface for the Meru WLAN management software.

That program reads the radio activity of Meru access points and then automatically configures each of those devices, including radio channel assignments for the entire WLAN, based on one of several WLAN profiles selected by an administrator. The new version ships on the switch product.

  • Network Chemistry's recently unveiled RFprotect is scheduled to begin shipping this month, with RF sensors and client/server software de-signed for large-scale WLANs.

Many of these features are offered in WLAN switches from Aruba Wireless Networks, Airespace and others. These vendors typically use their companion thin access points as the RF sensors: The access point periodically stops transmitting data and momentarily scans for RF signals, reporting data back to a switch-based or PC analysis application. AirDefense is another specialized RF monitoring company.

WLAN enforcement

First Horizon Home Loan (FHHL), a mortgage company in Irving, Texas, bought Network Chemistry's initial product to enforce a "no WLAN allowed" policy at some locations, while the company worked out a WLAN strategy. Later this year, FHHL plans to deploy WLANs at headquarters and some 900 branch offices, and RFprotect will be rolled out with it: Each access point will have nearby a RFprotect sensor.

"We want to make sure that what's occurring on our wireless nets is what we want to occur," says Michael Wallis, FHHL manager of data security. "We want to detect what's going on, and this is one more tool for doing that."

Wallis says that overall the cost of installing a separate sensor network is comparable to the premium he would pay Cisco or Extreme Networks to add WLAN and RF management capabilities into a wired switch infrastructure. "It's about a break-even," he says. "We're already pulling cable for the wireless access points, so we can just run an additional string and put a sensor wherever we put an access point."

Users often talk about what these products let them actually see in terms of the wireless traffic.

"You can see the connected [WLAN] client, the [media access control] and IP addresses assigned, the user log-in," says John Greiner, CTO for Legal Services for New York, a group that offers legal assistance in civil cases to residents of the five New York City boroughs.

"You can see all the access points and how they're operating, and the power levels for the radios," Grenier adds.

Legal Services installed the Aruba WLAN switch and access points initially as a way to monitor internal and external wireless traffic, and to create an open wireless link to the Internet for staff and volunteers.

Greiner says he will expand wireless use over time, and increase the use of Aruba's monitoring features.

The new RF tools offer network executives the ability for continuous monitoring of WLAN.

"You can't predict when a rogue [user] will try to access the net," says Stan Schatt, a vice president with Forrester Research. You can't afford to wait to learn that a user doesn't have an encrypted VPN session. "You need to be alerted no matter when these things happen," Schatt says.

"RF monitoring and management is still an art, not a science," he says. As a result, vendors are scrambling to add wizards and even artificial intelligence to emerging RF products.

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies