AirDefense counterattacks WLAN threats

AirDefense this week is set to release the latest version of its wireless LAN protection software, with features that will let users mount counterattacks against threats to wireless clients and networks.

The changes in AirDefense Enterprise 6.0 focus on letting users block or disconnect WLAN threats, such as wireless intrusions, rogue access points and denial-of-service attacks. The product consists of radio sensors to monitor WLAN transmissions, and server software to track, record and counter an array of threats.

The changes reflect similar moves by other WLAN security vendors, among them Wibhu Technologies and Highwall Technologies, to expand WLAN security features. Intrusion prevention, which blocks attacks or prevents accidental associations with unauthorized access points, is one key area of this expansion.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

AirDefense this week is set to release the latest version of its wireless LAN protection software, with features that will let users mount counterattacks against threats to wireless clients and networks.

The changes in AirDefense Enterprise 6.0 focus on letting users block or disconnect WLAN threats, such as wireless intrusions, rogue access points and denial-of-service attacks. The product consists of radio sensors to monitor WLAN transmissions, and server software to track, record and counter an array of threats.

The changes reflect similar moves by other WLAN security vendors, among them Wibhu Technologies and Highwall Technologies, to expand WLAN security features. Intrusion prevention, which blocks attacks or prevents accidental associations with unauthorized access points, is one key area of this expansion.

This increased scope of the AirDefense software is important to Lehman Bros., a New York brokerage and investment banker. The company has only a small Cisco WLAN, but it uses AirDefense to monitor WLAN activity. Version 6.0 lets network managers immediately and remotely disable a rogue device with a single keystroke, says Frederick Nwokobia, senior engineer with Lehman's IT group.

AirDefense 6.0 includes an optional agent, dubbed AirDefense Personal, that runs on a Windows laptop PC, and watches for about 50 problematic activities. One example is connecting to what appears to be a public WLAN but actually is a username/password trap using Airsnarf. When the agent detects a problem, it can shut off the client's WLAN adapter card, for example. It then sends a report to the AirDefense server.

Such automated responses are a key part of Version 6.0, although users can opt to manually trigger these actions from a central console.

These automatic responses are married with a new feature called the rogue threat index. This is a display that detects a rogue wireless device and assigns it a low to high level of risk. "It's one thing for an [intrusion-detection system] to say 'here's a rogue,'" Nwokobia says. "But [AirDefense 6.0] now says, 'here's a rogue that's connected to your network.'"

The AirDefense release includes more than 100 new threat-detection patterns, a total of 200, for which the software continuously monitors. Another change is that AirDefense can pull user and device configuration data from Lightweight Directory Access Protocol directories without having to re-enter all this data manually.

Version 6.0 of AirDefense is scheduled to ship next month. Pricing is unchanged, starting at about $7,000 for four sensors and the server software.

AirDefense is not the only vendor embracing WLAN intrusion prevention.

Start-up Wibhu  is set to unveil at the end of this month a product broadly similar to the AirDefense 6.0. It includes sensors to pick up and monitor radio signals, and software to locate the signals, identify an array of threats, and, most importantly, take automatic action against them.

The company says it has developed algorithms that can accurately detect and identify threats, and pinpoint their location, with a high degree of accuracy, eliminating the numerous false alarms that plague many intrusion-detection tools.