craig mathias
Principal

Automating Security Testing – Big News from Motorola

Opinion
Aug 19, 20092 mins

AirDefense builds a hacker in a box - and keeps it there

Yesterday’s announcement from Motorola’s AirDefense unit of a new and novel (hey’s they already have a patent!) approach to WLAN vulnerability testing caught my eye for a number of reasons. First, this is another big leap forward for the centralization of network management and especially troubleshooting functionality. As wireless LANs grow in scope, mission, and particularly in sheer size, it’s not likely that many companies will be able to put an engineer, analysis hardware in hand, on a plane whenever a suspected problem creeps up, or just for routine verification that operations are conforming to policy and other rquirements.

Basically, the Motorola AirDefense Wireless Vulnerability Assessment simulates hacking against the target network without, of course, doing any damage. An analogy might be a virtual, automated ethical hacker. It’s thus possible to verify that appropriate security settings and capabilities are in place, and determine if both local security policies and industry requirements (like PCI) are implemented and working properly – all from the comfort of a centralized management console, which beats airports any day of the week.

The only potential negative I could think of, as the product is simulating a hacker, is that any flaws in implementation that allowed a third party with nefarious intent to compromise a given installation would be bad, and perhaps very bad. Of course, there are audit trails and other elements that keep track of what’s going on, and presumably Microsoft wasn’t involved in this implementation, so there is a good likelihood that Motorola got it right. Still, I would hope for a bit more reporting on the testing and use of this solution at actual customer sites just to make sure there aren’t any holes in what’s currently shipping. Apart from that, though, this is a terrific direction forward and should provide enormous benefits for already-overburdened network operations staff everywhere.

craig mathias

Craig J. Mathias is a principal with Farpoint Group, an advisory firm specializing in wireless networking and mobile computing. Founded in 1991, Farpoint Group works with technology developers, manufacturers, carriers and operators, enterprises, and the financial community. Craig is an internationally-recognized industry and technology analyst, consultant, conference speaker, author, columnist, and blogger. He regularly writes for Network World, CIO.com, and TechTarget. Craig holds an Sc.B. degree in Computer Science from Brown University, and is a member of the Society of Sigma Xi and the IEEE.

More from this author