• United States

Wireless IDSs garner attention

Oct 20, 20032 mins
Cellular NetworksIBMIntrusion Detection Software

* Aruba, IBM, AirDefense fight wireless intrusions

After the rash of Internet attacks this past summer, the emergence of wireless intrusion-detection systems and services from companies such as Aruba Wireless Networks and IBM are especially welcome.

As you likely know, intrusion detection for wireless networks entails monitoring airborne traffic to flush out unauthorized “rogue” access points (AP) flag malicious traffic signatures and identify statistically anomalous behavior that could indicate an attempted break-in or denial-of-service attack. AirDefense, for one, has long been a primary player in delivering wireless-specific IDS capabilities. The wireless LAN (WLAN) “overlay” vendor focuses on securing networks of APs made by other equipment vendors.

This week, AirDefense got some new competition when WLAN switch start-up Aruba Wireless Networks announced IDS capabilities in the latest version of its AirOS 2.0 switch software. The technology monitors Aruba’s own AP environment and, by virtue another new product it calls a WLAN multiplexer (which I’ll describe in a minute), checks other vendors’ APs for aberrant goings-on, too. Aruba’s own APs, which can double as IDS sensors, perform the air-traffic monitoring.

The multiplexer, the Aruba 800 Wi-Fi Mux, can become an IDS appliance, says the company. Its basic purpose is to enable APs made by any vendor to gain all the feature capabilities of Aruba’s 5000 WLAN management switch, of which IDS is now one, says Keerti Melkote, vice president of marketing.

You can reportedly plug anybody’s APs into this mux – likely in a wiring closet – and it will tunnel traffic to the Aruba 5000 mother switch, usually in a data center, using IPSec or Generic Route Encapsulation. Or, you can load some of the 5000’s management features onto the multiplexer, including the IDS software, to create a “mini-switch” or an IDS appliance.

The Aruba launch followed IBM Global Services’ announcement earlier this month of a managed wireless IDS service that leverages custom-developed, Linux-based sensors. Specialized IBM Tivoli software detects security events and IBM monitors sensor alerts 24-7, the company says.

Currently, the service works with 802.11b WLANs only. It generates daily reports about traffic-flow activity, but, unlike Aruba and AirDefense, doesn’t seem able to enforce a policy to take immediate action, such as

shutting down a rogue AP upon discovery.