By Eric Griffith
May 23, 2006
Network Chemistry’s new scanner appliance focuses on rogue detection using Ethernet; company plans quarterly threat report.
Redwood City, California-based Network Chemistry says that its RFprotect Scanner is the first product to focus on helping businesses with a no-wireless policy use their Ethernet infrastructure to look for rogue access points and other wireless issues.
“If you look at the problems people want to solve, where the most pain is, it revolves around locating and remediating rogue APs and peer connections on the network,” says Brian de Haaff, Vice President of Product Management and Marketing at Network Chemistry. “Particularly in no-wireless environments.”
The new scanner is an appliance with a database of profiles of products that could potentially open up the wired network to unwanted wireless traffic, whether the cause is an innocent employee who just plugs in an AP to get some mobility in the office, or a more malicious problem.The hard part for Network Chemistry is building the database of APs. de Haaff says there are 300 AP makers around the world and from 10,000 to 15,000 pieces of possible WLAN infrastructure equipment the scanner has to look for. “You can’t test and put profiles for all of them in a database: it’s not feasible,” he says. To get around this, the company is also offering an open source software product called RogueScanner that is “focused on device identification and rogue detection.” Data it finds is compared to the centralized Collaborative Device Classification (CDC) database, which powers the detection done by the RFprotect Scanner hardware.
The appliance doesn’t send any new data back to the CDC by default, but de Haaff says that could be turned on. RogueScanner will detect and identify rogues on a network, but does not block their use. It runs on Windows and Linux operating systems.
The Scanner appliance will have at least two versions — the SC3000, which will sell for $14,999, and the lower-end SC2000, which has no price set as yet — both should be available before the end of the third quarter [corrected May 25]. RogueScanner software is available for download now, for free.
The company is also planning to release quarterly information called the Network Chemistry Wireless Threat Index, based on information gathered by its products and the Wireless Vulnerabilities & Exploits (WVE) database it launched last year to catalog potential attacks on WLANs.
“What we can monitor is the [company security] policy and how someone actually tries to connect,” says de Haaff.
He says it will be the industry’s first ongoing index of enterprise WLAN threats. Among the myths it claims to disprove in the first report are that ad-hoc is seldom used, that users always use their VPN clients, and that a no-wireless policy actually means there’s no wireless in use.
“Trends over time will be even more interesting,” he adds.