AirMagnet strengthens WLAN defenses

Wireless intrusion-prevention software upgraded to protect against more attacks

AirMagnet this week released a new version of its wireless intrusion-detection and -prevention software for enterprise WLANs.

AirMagnet Enterprise Version 8.0 features several new or improved security features. However, the most important changes are the ways in which the application sifts, organizes and presents the information it collects from large, complex wireless LANs.

The product uses a set of wireless sensors to continuously monitor radio traffic of all types in unlicensed spectrum bands. Data is passed to the server application to detect new or suspicious wireless activity, assess whether it’s a threat and then block or isolate the suspect radio.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

AirMagnet this week released a new version of its wireless intrusion-detection and -prevention software for enterprise WLANs.

AirMagnet Enterprise Version 8.0 features several new or improved security features. However, the most important changes are the ways in which the application sifts, organizes and presents the information it collects from large, complex wireless LANs.

The product uses a set of wireless sensors to continuously monitor radio traffic of all types in unlicensed spectrum bands. Data is passed to the server application to detect new or suspicious wireless activity, assess whether it’s a threat and then block or isolate the suspect radio.

Most WLAN vendors have some kind of intrusion-detection or intrusion-prevention capability, while others integrate more advanced products from third-party software vendors, such as AirMagnet, AirDefense and AirTight (sometimes called the “Air Brothers”). These vendors all specialize in securing, not just monitoring, the WLAN airwaves. 

To beef up its own offering, Aruba recently acquired the IDS/IPS business of Network Chemistry.

Version 8.0 of AirMagnet’s offering introduces a new customizable “overview page,” which gives administrators various high-level views of WLAN events. These events can be classified using various criteria to highlight activities or a sequence of activities that are deemed more or less threatening, according to Wade Williamson, director of product management for AirMagnet, based in Sunnyvale, Calif.

In addition, the overview page can be tailored to different job descriptions, so that security managers can see high-priority threat alerts, while corporate compliance managers can see real-time data on what wireless clients are in sync with specific professional or federal information standards.

Managers can drill down via a series of mouse clicks to move from an overall wireless-network status summary to specific details about the behavior and settings of individual or groups of wireless clients or access points, according to Williamson. “Network problems can be pursued down to the packet level,” he says.

On the overview page, users can create a customized list of high-priority alarms, by dragging and dropping them from AirMagnet’s master list of wireless alerts. Network managers also can set various types of thresholds for any or all of these, based on the frequency of the event or a time period. Clicking on various tabs brings up other groupings of alerts.

In addition, new code in Version 8.0 creates a score to prioritize threats and then displays the scores graphically, to show how the network’s security is changing. This scoring also is correlated across different types of problems, and by doing so reveals that what otherwise would be a series of unconnected events is a serious attack.

“Think of a basic man-in-the-middle attack, which has multiple steps,” Williamson says. That would include an initial snoop to find clients, followed by a denial-of-service attack to knock a client off an access point, and then masquerading as the client by spoofing its MAC address. “All of these are scored by AirMagnet Enterprise and then correlated to show a high-priority event: This is an active ongoing attack,” Williamson says.