RealTime IT News

Cisco Open to Intrusion Detection

Cisco's Structured Wireless-Aware Network (SWAN) architecture has a couple of some new additions today in the client, access point (AP) and monitoring levels.

While its centralized CiscoWorks Wireless LAN Solution Engine (WLSE) for managing the WLAN has included an intrusion detection system (IDS) for finding rogues and the like for a while, enterprises will now be able to utilize third party IDS systems. Those systems can receive data about what's happening in the air from Cisco APs in scanning mode, rather than using their own overlay hardware.

The company's initial announcement listed AirDefense as a partner. While AirDefense usually requires that sensors be set out to gather information that's sent back to the AirDefense appliance, Cisco's scan-mode APs will now gather data—beyond just what AirDefense uses—and send it back to WLSE, which will parse out what AirDefense needs.

The GUI interface for AirDefense will be available only a click away from the WLSE interface—they'll be on separate boxes, but seen on the same screen, enabling the use of a single console for all admin needs. While it's too soon to say, there could be even tighter integration between the applications in the future, according to Ron Seide, Senior Product Line Manager, Wireless Networking Business Unit at Cisco. He says, "additional data integration is probably possible and will have benefits."

This doesn't mean you can't still use the security that WLSE has been providing. "AirDefense is not a superset of what we're doing," says Seide." "It's additional and some of it overlaps. There's things we do in our infrastructure that AirDefense does not."

AirDefense won't be the only company working in the WLSE, apparently. IDS/monitoring rival AirMagnet also says it will be there, having long been a Cisco partner. Rich Mironov, vice present of marketing at AirMagnet, says, "We've architected our product for even tighter integration... we've looked forward to this for some time."

He sums up the feeling of his company, and probably any system that will work with a major industry leader like Cisco, by saying, "to be a standalone application is great, but being part of a system is better."

It'll be a few months, though—Cisco says the integration won't be ready until March 2005. Also, Jay Chaudhry, executive chairman at AirDefense, stresses that this is not a marketing agreement between the companies—Cisco isn't selling or giving away AirDefense or any other third party IDS. This is about technology steps to provide synchronization of devices, and using Cisco APs as sensors. The integration won't cost customers anything, but they'll still have to buy AirDefense separately.

Cisco's APs obviously can be deployed either for connecting clients to the WLAN or, as stated above, can be in scan mode to track what's going on in the air. To make sure the units are covering more of that air—and also to increase the capacity of the network by having more channels—Cisco has also introduced two new dual-band access points.

The newly designed, low-profile AiroNet 1130AG Series AP will cost $699, and should be available this month. The ruggedized 1230AG Series AP, meant for industrial deployments, will be $999 and out in December. Both will support 802.11a and 802.11g and are meant for indoor use.

The 11a radios in these products are new -- and according to Lorie Jurkovich, senior manager of Wireless and Mobility at Cisco, they now have just as good a range as the 11g radios, unlike older dual-band solutions. That means there's no need for two site surveys, or putting out extra 11a APs to get coverage. Previous 1100 and 1200 Series APs can be upgraded to use 11a with a $299 upgrade kit—but the 1130AG and 1230AG are each only $100 more than their upgradeable single-band siblings.

For security, Cisco APs now fully support 802.11i and have been certified by the Wi-Fi Alliance for WPA2. They'll use the advance encryption standard (AES), but in hardware, to prevent any slow-downs. For Quality of Service of video and audio, the products support the Alliance's WMM extension, a subset of the upcoming 802.11e.

Finally, at the low end of the SWAN spectrum are the clients. Cisco leaves the support there to vendors that want to integrate the Cisco Compatible Extentions (CCX) that make it easy for client systems to log on to a Cisco WLAN. Working with Intel, Cisco has CCX version 3 out in the wild—it's already installed on dual-band Centrino-based laptops and products from Dell and others.

CCXv3 products have full support for Cisco's EAP-FAST, an authentication type they began offering months ago as an open standard to replace LEAP, their proprietary EAP-type that was found to be crackable. CCXv3 products also have full security support for 802.11i/WPA2 and AES encryption. Cisco expects to see CCXv3 on other third-party devices soon.