Newbury Unleashes Watchdog 4.0

By Ed Sutherland

November 02, 2004

The latest version of the company's distributed security system looks more closely at the client side in order to protect the overall network.

The latest version of WiFi Watchdog from Boston's Newbury Networks acts as a border patrol for your enterprise's WLAN. The new software scans Wi-Fi networks for intruder signatures, while arming IT administrators with flexible ways to respond.

Newbury, known for its location-based security applications, employs its LocalePoint sensors as sentinels that scan traffic traveling across 802.11a/b or g Wi-Fi networks. Watchdog acts as a manager, computing where the WLANs are located and whether they are trusted devices or possible intruders.

Key features of the update include intrusion containment, intruder identification, and custom alerts.

"WiFi Watchdog 4.0's active sensors provide wireless containment to prevent breaches that can regularly occur with WLAN use," according to a statement.

In a nod to the growing use of Wi-Fi in large enterprises with far-flung offices, WiFi Watchdog uses distributed agents to monitor wireless channels and report to a central RADIUS server.

Finally, the new software prevents 'collateral damage' by distinguishing friend from foe.

"If you are not correlating location information to help determine where the attacking or unapproved devices exist, such as inside or outside, you're shooting in the dark and possibly attacking neighborhood networks that may be harmless," said Michael Maggio, president and CEO of Newbury Networks.

"We did a lot of war-driving during the Democratic and Republican conventions and found many promiscuous connections," says Brian Wangerian, Newbury's product manager for WiFi Watchdog.

Watchdog blocks rogue, or unauthorized, WLANs inside an organization's security boundary. Once detected, Watchdog will disassociate and de-authenticate those unknown devices.

Likewise, if a certain region of an enterprise is meant to be wireless-free, as is the case in some government installations, Watchdog will 'snipe' or disconnect that offending client device.

While prior wireless security measures have focused on strengthening an AP's defenses, more attention is being paid to managing the security of client devices, says Wangerian.

Once sensors (about two per AP, suggests Newbury) monitor wireless data, that traffic is passed onto distributed packet inspection agents that scan wireless information for the signatures of known threats, attacks, or suspect activity.

WiFi Watchdog is able to detect the attack signatures of NetStumbler, Airjack, and other intrusion tools.

"Newbury's distributed architecture enables redundancy and load balancing in large-scale wireless deployments, and supports full wireless security for dispersed geographic locations under a single security policy," according to the company.

Wangerian points to the U.S. Air Force's use of WiFi Watchdog to cover their enormous airbases, handling great amounts of wireless traffic.

WiFi Watchdog 4.0 uses the information from sensors and agents to create alerts that form the basis of scriptable events. The software's Flexible Alerting Engine allows customers to define actions based on the location of a device, the time, or the contents of a wireless packet.

"The scriptable Alerting Engine allows immediate and real time updates without requiring re-compile, re-boot, or re-configuration," according to the company.

Newbury Networks is competing with AirMagnet, AirDefense, and others in the Wi-Fi security space.

WiFi Watchdog 4.0 is available now, and starts at $14,995.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.