Early vulnerabilities in the Wired Equivalent Privacy (WEP) component of the IEEE 802.11 standard resulted in a broad range of professional, high-quality tools for the management of wireless LAN security and -- since security is a part of overall network management -- general WLAN management. In a previous article, I presented a landscape of wireless LAN (WLAN) security tools, dividing the world into four key categories. Here I'm offering...
a list of key companies in each category that will be of interest to value-added resellers (VARs) and systems integrators. Note that there can be significant category overlap with some products, so check the specs carefully before assembling a final list for your customers. And also note this list is not exhaustive -- these are just my favorites.
- Berkeley Varitronics -- Yellowjacket family
- Cognio -- Spectrum Expert
- Fluke Networks -- AnalyzeAir
- Metageek -- Wi-Spy
A spectrum analyzer from an electronics test equipment vendor can also work here, but I don't recommend them for field use, as they are simply not specific enough to WLANs or other devices likely to be operating in the unlicensed bands. They can also be difficult for non-engineers to use.
- Air Defense -- AirDefense Enterprise Solution
- AirTight -- SpectraGuard
- Network Chemistry -- RFprotect Distributed
WLAN management (third-party systems)
Choosing a wireless LAN security tool
Which one is right for your customers? A strategy I would suggest for starters is as follows:
- After a careful review of the requirements, tentatively select a WLAN system vendor.
- Carefully evaluate the management capabilities of the chosen product. Do not pick a product that does not operate according to your customer's needs.
- Consider the use of a third-party IDS/IPS and WLAN assurance product if the WLAN system is lacking in these areas.
- I now always recommend Cognio's Spectrum Expert, either as a standalone product or as part of another.
You may have noticed that I didn't mention site-survey tools. I'm not a big fan of doing site surveys except for post-installation analysis or maybe a quick pre-installation sweep. I also didn't discuss upper-layer security tools and techniques, such as the strong authentication provided by 802.1x and the overall network security of a VPN. These work the same way on wireless networks as they do on wired. The best advice I can offer when devising your overall security strategy is to think network, not wireless alone. As we enter the era of unified wired/wireless LANs, the next big trend in networks overall, this will become the default operational model regardless.
Finally, the early vulnerabilities in the WEP component of the IEEE 802.11 standard encouraged a broad range of hackers to experiment to their evil little hearts' content. If you're interested in the tools developed by these folks, have a look at my friend and colleague Lisa Phifer's excellent list of wireless security tools.
About the author
Craig Mathias is a principal with Farpoint Group, an advisory firm based in Ashland, Mass., specializing in wireless networking and mobile computing. The firm works with manufacturers, enterprises, carriers, government, and the financial community on all aspects of wireless and mobile. He can be reached at firstname.lastname@example.org.