Research

Making Sense Of Wireless IPSs

Forrester Research says that choosing the right intrusion prevention system is not a case of one size fits all.

By Paul Stamp

Page 2

The Most Important Questions To Ask Potential Vendors

Once youve clarified your implementation priorities for wireless IPS and received responses from the vendors on your shortlist, youll quickly realize that vendors approaches to the problem differ widely. Here are the four crucial questions you must ask:

  1. How does it work? Solutions, such as AirMagnets, process traffic information at the network sensor. This decreases the required network bandwidth between the sensor and the central server, but it means that managing and updating sensors becomes more critical. AirDefenses and Network Chemistrys wireless IDSs perform preliminary data analysis and cleaning at the sensor before forwarding to a central server for examination. This increases the burden on the network and the central server but allows for more complex correlation of data from multiple access points.

  2. How does it detect attacks? Some wireless IPSs primarily use signature-based attack detection. However, the sophistication of these signature-based solutions varies widely. For example, functionality within CiscoWorks Wireless LAN Solution Engine (WLSE) does little more than detect rogue access points. In contrast, AirMagnet, AirDefense, and Network Chemistry augment their signatures with firmware-based detection for more complex denial of service (DoS) attacks. Newbury Networks and AirTight Networks adopt a more policy-based approach to detecting attacks, using databases of known devices and technology for determining devices physical location to detect unauthorized actions on the wireless network.

  3. How does it handle attacks? Wireless IPSs employ many different methods of isolating devices associated with unauthorized activity. Simpler solutions can only deactivate the wired ports on which they find rogue access points. Other solutions, such as AirMagnets and Network Chemistrys, send disassociate or de-auth packets either to disconnect clients from unauthorized access points or to target unauthorized clients. More complex solutions, including AirDefenses and AirTight Networks, identify the make and model of the attacker and send a combination of packets that will target that device most effectively to maximize the length of time before it can launch another attack.5

  4. Whom does the vendor partner with? The web of partnerships among wireless IPS, wireless networking, and other vendors is complex. Ensure that the partners with whom your shortlist vendors interoperate work to your advantage more easily. For example, AirMagnet has well-established partnerships with AirLink Communications and Wavelink, and AirDefense has recently announced a partnership to integrate its offering with Ciscos Aironet WLAN infrastructure product. Confusingly, vendors often resell each others components on an OEM or cobranded basis; wireless IPS products from Newbury Networks and Bluesocket incorporate Network Chemistrys sensors.

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors