Wireless Intrusion Detection and Prevention Systems: Selection Criteria

Looking at wireless intrusion prevention and detection systems? Burton Group notes the following features and functions you may wish to consider when making a product selection. (Also see companion article on wireless IDP evaluation and implementation dos and don’ts.)

• Integration with wired-side switch port shut down. Enables automated containment on the wired side.
• Air-side containment and blocking. Enables temporary disablement of rogues and “evil twins.”
• Integration with RF topology maps. Increases efficiency of location pinpointing.
• Location-aware monitoring. Provides policy enforcement based on position of devices.
• Remote management of sensors. Particularly good for highly distributed organizations.
• Small and midsize business offering. Good for distributed companies with small sites.
• “No fly” mode or template. Useful for companies that forbid wireless in certain areas of the enterprise.
• Role-based access to management user interface. Shares information with multiple stakeholders.
• Integration with the help desk. Enables troubleshooting of wireless network connections.
• Integration with network monitoring. Enables network management from an integrated console.
• Escalated or hierarchical alerting. Provides a more efficient response.
• Support for power over ethernet. Eliminates need for additional power outlets.
• Bandwidth management. Eases burden on low-bandwidth WAN links.
• Auto-classification. Reduces false positives and eases administration.
• DoS protection. Helps maintain network availability.
• Scalability/high availability. Necessary for large, highly distributed networks.
• Preventive automation. Enables automatic break or containment of unauthorized associations.
• Integration with mobile tools. Enables reuse of site survey information gathered from mobile tool as part of the console WIPS intelligence.
• Large-area sensors. Reduces number of sensors.