Network Chemistry, a Palo Alto, Calif.-based startup, on Wednesday announced at the 802.11 Planet Conference and Expo an 802.11b monitoring system that can detect and report network attacks.
The Neutrino Sensor is similar in look and feel to an access point, and is deployed around a network in a similar fashion, said Chris Waters, CEO of Network Chemistry. The sensors monitor and analyze all 802.11 packets and report results back to network administrators via a management console running on a Windows- or Linux-based computer.
Waters said Neutrino sensors work completely autonomously, and can detect common problems such as rogue access points, access points with default security or performance settings, and overloaded access points.
The product is aimed at two general markets, Waters said. The first is companies who have chosen not to deploy wireless networks because of security concerns. “[These companies] would install our sensors to make sure that no one intentionally or inadvertently connects a wireless device to the network … , potentially making the whole wired network available to anyone driving by on the street.”
The second group, he said, is “companies who have a wireless network and want to monitor the ongoing security of their wireless network 24/7 in an unattended way.” In addition to worrying about the connection of unauthorized rogue access points or rogue clients, this group would also look to the sensors “to identify things like access points that fail, authentication problems, and clients who are actively trying to break into the network.”
Waters said that the sensors need to be deployed in a similar manner as access points in order to provide full coverage. “So a small installation might need just one or two sensors, or in a very large enterprise, you may need 20 or 50 sensors for an entire building or a campus.
According to the company, the Neutrino sensor can capture all 802.11b packets from any Wi-Fi compatible transmitter, including all management packets, on any channel. WEP encrypted packets can be automatically decrypted if the WEP key is available, and with the automatic channel surfing mode, a single Neutrino Sensor can monitor multiple channels simultaneously.
Neutrino is Simple Network Management Protocol (SNMP) -enabled and can use DHCP or a static IP address so that it integrates smoothly with an existing network infrastructure. The bundled Fusion, SensorManager, and Packetyzer software packages work with Microsoft Windows 95 through Windows XP.
In addition, the sensor uses an open protocol specification and libraries are available so that Sensors can be used from other platforms, including Linux and the Mac OS.
“One of the aspects of our system that is a little bit different than some of the other systems you might see on the market, is we have a very open architecture and we encourage our customers to take our solution and customize it for their particular needs,” said Waters.
“A lot of large enterprises and a lot of security service companies already have some infrastructure in place for monitoring their network and we encourage them to take our solution and integrate it with their existing monitoring solution.”
Neutrino Sensors are available immediately for $495 each for 1 to 9 units, and $395 each for 10 or more units. Discounts are available for higher volume purchases.
In addition to the Neutrino sensor for 802.11b networks, Waters said that Network Chemistry will demonstrate at the 802.11 Planet show a version of the product that supports the 802.11a and g standards as well. He said an a/b/g product should be available by the end of the summer.