Space invaders: You and WIPS

This situation points to the need for a wireless IPS even if you haven't implemented wireless LANs internally, because all of your new notebooks have built-in wireless.

If your lot in life - your IT life, that is - centers on security, you may be many things, but bored and unchallenged are not among them. It is a given that security is an essential element of virtually every component of IT. If only it were equally true that detailed knowledge acquired in one area of security could easily be applied in others.

Although many network managers have spent recent years implementing intrusion-prevention system (IPS) solutions to harden their wired networks, it is only recently that vendors have begun delivering products to help deal with space invaders - intrusion threats carried out over wireless LANs (WLAN).

And, although the attackers' goals are the same, the nature of WLANs means radically different approaches are required to protect those LANs. Furthermore, there is no consensus among vendors on what those approaches should be.

To make an effective buying decision for wireless IPS you need to understand both the challenges and the possible solutions.

Compared with the job that wireless IPSs have to handle, their wired brethren have it easy. Wired IPS devices intercept traffic as it attempts to cross the perimeter of the network. There is no question about where the intrusion attempt originated. The IPS knows exactly which port the traffic came in on. Similarly, stopping the intrusion is simply a matter of filtering out - discarding - the traffic deemed to be a threat.

A key enabler of WLAN intrusion is the rogue access point. This is a normal access point that has been plugged into the network by someone other than the IT department. Once in place, not only can unauthorized WLAN devices inside the company interact with the corporate LAN, but so can other WLAN devices within signal range outside the company.

Thus, rooting out rogue access points is typically Job No. 1 for most wireless IPSs. Consequently, that task became Test No. 1 of a recent vendor-commissioned validation study.

The study revealed that the ability of a wireless IPS to detect rogues is influenced by whether they are on the same or different virtual LANs as the wireless IPS, whether Wired Equivalent Privacy is on or off, and a host of other factors. Rogue access point detection is not just a yes- or no- item on a checklist.

Once rogue access points are detected, it is a challenge to isolate and remove clients because the wireless IPS is not in the physical data path of the access point.

The wireless IPS typically has to send the equivalent of reset commands to attempt to disconnect the intruding users of the rogue access point from the network. No IEEE committee dictates how this is to be done. Vendors do it differently and with different levels of effectiveness.

Access points connected outside the confines of the corporate environment can represent an equally potent risk. XP's WLAN "Zero config" feature lets machines automatically seek out an accessible access point and begin communications without configuration.

Should a legitimate corporate client "mis-associate" with an access point outside the corporate network, the wireless IPS needs to spring into action. It wouldn't take long for sensitive information to flow across that connection and be swiped by a hacker.

This situation points to the need for a wireless IPS even if you haven't implemented WLANs internally, because all of your new notebooks have built-in wireless.

Copyright © 2006 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022