Review: Distributed Wireless Security Monitors

Network Computing performed an exhaustive review of these specialized overlay systems that provide wire-side and wireless rogue-device detection, RF interference and intrusion-detection capabilities as well as user and performance monitoring in the 2.4-GHz and 5-GHz ranges.

Wireless IDSs regularly monitor data that could be very valuable to attackers: SSIDs (Service Set IDs), device MAC addresses, channel usage and sometimes even packet captures. Encrypting data flow between the sensor and server is one way to hamper man-in-the-middle attacks. But not all cryptographic implementations are secure, so government agencies and contractors that deal with information categorized as sensitive but unclassified must certify their IT products with FIPS 140-2 (per OMB circular A-130). Focusing mostly on the devices' cryptographic modules, there are four levels of security ranging from no physical security mechanisms to requirements for the device to be tamper-resistant and to include physical protection around the cryptographic module. Just because a product claims FIPS 140-2 certification doesn't mean the whole system has been evaluated. Areas within the management platform, such as identification (who are they?), authentication (is the user who he says he is?) and access control (what functions can the user perform?), may not have been examined.

AirMagnet is the only wireless IDS vendor that has submitted its sensor and the sensor's version 5.2 software load for FIPS 140-2 certification. It's in the second of five stages required for final and full certification (of 143 devices submitted, only eight had completed all five stages at press time). AirMagnet says submitting its sensor for review was required for a recent deal with the military. The details of FIPS 140-2 and surrounding regulations seem to exempt most wireless IDS vendors from required certification, but verticals such as the military and financial services will appreciate a system that has gone through a formal examination process.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing