AirWave Bolsters Rogue Detection with Wires

By Eric Griffith

March 21, 2005

Instead of using wireless sensors to monitor a network, this management vendor says its platform will make the Ethernet side do more of the work.

San Mateo, Calif.-based AirWave Wireless has upgraded its AirWave Management Platform (AMP) software to version 3.2. COO Greg Murphy says the "focus is on dramatically improving the rogue access point detection—on the wired side."

Where many systems require the use of an overlay network of wireless sensors which monitor the air to find signals from unauthorized Wi-Fi equipment, Murphy says 3.2 can "interrogate routers and switches to find where there might be access points on the network." The company calls this RAPIDS (Rogue AP Intrusion Detection System).

Rogue APs have been an issue for a while now in enterprises, leading to some companies even deciding upon a "no wireless" policy for fear that employees will bring in a wireless router from home to plug into an Ethernet jack, just for the convenience wireless brings. With the rules of Sarbanes-Oxley and HIPAA in place for specific types of businesses, Murphy says the concern has increased.

While AirWave has APIs that will allow the system to work with wireless sensor networks, he says "a lot of organizations are having sticker shock" when they see what the overlay will cost. "Covering every square inch with wireless sensors is daunting." He also says that since the mostly likely place for a rogue is a branch office, the ability to do detection over wireline is critical for the home office.

The AirWave platform works with about 70 different access points for management, and can identify even more. The process involves everything from SNMP requests to MAC address filtering to a simple process of elimination. The software can get replies from devices ranging from low-end Linksys units to full Cisco Aironet products and many others, to get 100 percent certainty of what the product is—and by comparing it to a list of allowed units, can identify whether it should be on the network. The software assigns scores to all units detected, in order to determine the likelihood that the units are rogue. Most rogues, says Murphy, would be consumer/SOHO APs: "It's unlikely that employees or intruders would use a $600 Cisco Aironet," he says.

AirWave's solution competes with many others, including Airmagnet's Enterprise 5.0, which does use an overlay network of sensors.

AirWave has seen a lot of growth lately in overseas sales, including deployment in ten universities in Spain, a marketing alliance with LANCOM Systems GmbH in Germany, and agreements with more value added resellers in Europe. Here in the U.S., Alverno Information Systems will be using AMP to run the Wi-Fi networks at seven hospitals, specifically because of the RAPIDS feature's ability to find rogues using the wireline network.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.