Research

Making Sense Of Wireless IPSs

Forrester Research says that choosing the right intrusion prevention system is not a case of one size fits all.

By Paul Stamp

January 20, 2005CSO

All wireless intrusion prevention system (IPS) vendors claim that their solutions offer comprehensive intrusion prevention. The truth? Each vendor defines wireless IPS differently. Thus, the vendors products differ in design, attack detection method, and how they deal with attackers. Moreover, one size does not fit all. For example, the best product for a downtown office could be overkill for a suburban campus.

Choosing the Right Wireless IPS Solution for You

Wired and wireless intrusion detection and prevention solutions have a lot in common. Both monitor their surroundings, look for bad behavior patterns, and act accordingly. Both also seek to minimize false positives and concentrate resources on dealing with real problems. However, thats where the similarity ends. Wired IPSs monitor behavior of devices already operating on the network and then detect and block potentially harmful activity. In contrast, wireless IPSs seek to ensure that only authorized devices participate in your network.

Consequently, wireless IPS solutions focus primarily on the moment when wireless devices connect to the network, rather than on what those devices do once theyve associated with the network. As such, most good wireless IPS solutions work at the data link layer or lower to take into account prevailing circumstances in the wireless environments in which they operate.1 This is especially important in an urban environment where neighboring offices, homes, and even passing delivery vans  each equipped with wireless access points  play havoc with simpler rogue access point detection solutions.2

Your Pre-RFP Checklist For Wireless IPS

Before creating your list of potential wireless IPS vendors, ask yourself these questions:

  • What problem do you really need to solve with wireless IPS? Clarifying your objectives for implementing wireless intrusion detection system (IDS) or IPS will help narrow your list early. Vendors like AirMagnet, Network Chemistry, and AirDefense aim to detect and block egregious behavior on the WLAN, such as rogue access points or probes from common attack tools like NetStumbler or AirSnort.3 Others, such as AirTight Networks and Newbury Networks, concentrate more on keeping unauthorized wireless devices off the network based on factors like their location.

  • What is your wider strategy for wireless infrastructure? A wireless IDS is but one part of a comprehensive wireless security strategy.4 Vendors like Aruba Wireless Networks and AireSpace combine wireless IPS capabilities with wider infrastructure functions, such as performance and device management. However, because these products are less focused, their methods for attack detection and prevention tend to be less well-developed.

  • What is your appetite for vendor risk? Many of the vendors currently working in the wireless space are small startups. Thus, buyers must expect mergers and acquisitions. The big networking players, such as Cisco, 3Com, and Hewlett-Packard, may eventually move into this space, but buyers should be skeptical  the networking giants will always prioritize functionality and speed over security.

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors