- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Recently, a “Wireless in the Enterprise” reader reported being forced to disable intrusion-prevention monitoring within shared, multi-tenant locations because the wireless scanning system was generating a confusing abundance of red herrings, or “false positives,” from neighboring access points.
The thought of anyone forced to turn off security caused my anxiety level to spike.
It turns out that economics preclude the use of a third-party overlay monitoring system at the reader’s company, which opted instead for a combination access point (AP)/scanning system built by its Wi-Fi systems vendor. This is a pure example of the “insurance policy” nature of network security, which boils down to balancing how much you invest with the potential impact of a compromise to your organization.
You can fix the red herring problem if you are willing to spend a bit; you have to decide how much security you can justify “buying.” Most of today’s overlay systems support policy enforcement engines that automatically discover and classify nearby devices that aren’t connected to your network as unauthorized but not troublesome. Once the device has been classified as non-threatening, the system doesn’t continue generating alerts about its existence.
Among the vendors providing such systems are AirDefense, AirMagnet, AirTight Networks, Highwall Technologies, Network Chemistry and Newbury Networks. (AirDefense and AirTight are currently in patent litigation over a different component of their systems, the remote security event-filtering and transmission mechanism.)
A Network Chemistry system, for example, would identify all known APs as authorized, then use a variable such as signal strength to differentiate between threatening devices in the facility and non-threatening neighboring devices, explains Brian deHaaf, vice president of product marketing.
“For example, any AP with a signal weaker than -70db might be known to be outside of the facility. A stronger signal might indicate that it is inside the facility and, if not authorized, is a threat to be addressed.”
The automatic classification of unknown APs as rogue APs by some systems can also be problematic, adds Sri Sundaralingam, director of product management and technical marketing at AirTight. The reason is that someone with a handheld wireless analyzer will have to find and check all the “unknowns,” which can cause a scalability problem, he says.
Rss FeedRss Feed
www.google-alba.ch faqja e intrnetit me e mira ku mund te gjeni gjithcka vizitojeni dhe do te mbeteni...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment