AirDefense of Atlanta, GA, this week unveiled upgraded modules for its eponymously-named AirDefense WLAN security Platform, which uses captured wireless information to react to security issues.
The first is an upgrade to 3.0 for RogueWatch, a 24×7 monitoring tool for detecting rogue access points that should not be on your wireless network. RogueWatch will find not only plugged in hardware access points, but also “soft APs,” which are 802.11-equiped laptops running software that lets them function as an access points, and ad hoc networks formed when a client tries to connect to another client. It will even detect a client associating with a access point outside the network, such as one at a business on another floor of the building.
The other upgrade is AirDefense Guard 3.0, the intrusion detection part of the platform. It includes RogueWatch and has new features including recognition and monitoring for Cisco’s LEAP and 802.1X authentication, a security policy manager to enforce the network administrator’s needs on users, even a roaming policy. Guard 3.0 will capture IP address and DNS names of nodes and let you drill down for more details.
The AirDefense platform features a Linux-based central server appliance that can be accessed via SSL Web browser for secure management and monitoring. The product includes a state analysis engine for real-time 24×7 monitoring of all traffic on the network. It then correlates all traffic data with its intrusion detection engine to show security risks on the network. The appliance is connected to remote sensors that detect and monitor all packets in the air — AirDefense chief security officer Fred Tanzella describes the sensors as being “Like the video security cameras for the network.”
