How to Compare and Use Wireless Intrusion Detection and Prevention Systems

Rogue access points? Evil twins? Wireless IDP systems aim to defeat these and other tricky hacks.

Wireless intrusion detection and protection (IDP) systems monitor enterprise airwaves with a network of wireless monitors connected to a central server. They capture data from the radio spectrum and analyze it for rogue access points (APs), unauthorized devices, unauthorized association, adherence to policy, incorrectly configured security settings, unexpected behavior and wireless attacks such as MAC spoofing and denial of service attacks.

Wireless IDS/IPS use a network of sensors

They then provide reporting and alerts, which can be sent to workflow systems, trouble-ticketing systems or network management consoles, or they can be sent via e-mail or pager to administrators. Wireless IDP systems can also prevent against threats automatically by detecting and classifying threats.

This article examines key forces driving adoption, important criteria for comparing and choosing wireless IDP systems, plus dos and don'ts for implementation.

Also see key features and functions in Wireless Intrusion System: Selection Criteria

Wireless IDP Market Drivers

According to Gartner, the wireless intrusion prevention system market is relatively stable. Global revenue grew 18 percent between 2007 and 2008, from $119 million to $140 million, according to John Pescatore, an analyst at Gartner. He's projecting a 14 percent to 15 percent growth in 2009.

Market drivers, however, have changed in that time span, he says. Two or three years ago, companies were buying wireless IDP to detect and disallow wireless or to protect against attacks in the few areas of the enterprise where it was allowed. With the growing acceptance of wireless, however, many companies now invest in these tools to assess their vulnerability to, for instance, incorrectly configured APs, rogue APs, foreign PCs trying to connect to the company's APs or accidental association of corporate PCs with foreign APs.

"In any dense environment, you can connect to the network of the company upstairs or across the alleyway," Pescatore says. "So you're basically deploying listening sensors around the building to detect these things."

Wireless IDP tools are also hinted at as a best practice in the PCI Data Security Standard, says John Kindervag, senior analyst at Forrester Research. "We see it as a growth area because PCI is encouraging its use for wireless scanning," Kindervag says.

1 2 Page 1
Page 1 of 2
The 10 most powerful cybersecurity companies