AirMagnet offers intrusion detection
- By Victor R. Garza
- May 31, 2004
Managing wireless devices is difficult enough without worrying about hackers relentlessly probing your agency's network for weaknesses. AirMagnet Inc., known for wireless toolkits and Wi-Fi management and survey devices, takes security a step
further with a true policy-based and distributed wireless intrusion-
I've tested several products on the market that compete with AirMagnet Distributed, including AirDefense Inc.'s AirDefense and Red-M Ltd.'s Red-Detect. AirMagnet's system holds its own with the competition.
I have previously used AirMagnet as a portable wireless analyzer, a site survey tool and a security monitor. AirMagnet developers have improved the distributed version so that it can fix the location of AirMagnet sensors and manage and enforce wireless policies.
Frequent AirMagnet users will feel right at home with the sensor interface, which has the same feel that they're used to with the laptop and handheld versions of the AirMagnet product line — except the sensor is fixed to one location. Like its brethren, the sensor presents information in an easy-to-read format.
After accessing the AirMagnet console, the device that allows network administrators to manage the system, I could see the AirMagnet Remote Sensor user interface, which resembles the company's laptop console. This interface is excellent for troubleshooting problems and finding security concerns. It shows which wireless channels are in use and what devices are communicating on those channels — and are possibly vulnerable to attack. AirMagnet sensors are extremely sensitive to the wireless environment. They work as well as those from AirDefense, and they offer a better discovery range than the sensors made by Red-M.
AirMagnet Distributed takes the portable version to the next level. Collecting information from distributed sensors, AirMagnet's console presents a concise view of an agency's deployed devices. Sensors running Linux communicate with the AirMagnet Distributed server running on Microsoft Corp. Windows 2000 Server or XP Pro, which then communicates with the Windows-based AirMagnet Console application. Similar to AirDefense, all AirMagnet components communicate securely with one another via Secure Sockets Layer and Transport Layer Security encryption.
Similar to the laptop or handheld version, the AirMagnet's console displays icons of different control views across the bottom of the screen. The product's dashboard, which assists network administrators in finding and resolving problems, features:
The network tree, which separates sensor locations geographically and appears on all subsequent console views.
The policy overview, which can show nearly 100 wireless security and performance policy violations for an organization.
The infrastructure view, which outlines the most events per access point, most active access points and most active services set identifiers.
The access point and station overview, which gives more detailed information about specific events.
All of this information for 802.11a/b/g devices is displayed in hourly increments.
In addition to the dashboard's options, the console offers three other views such as AirWISE, which presents expert advice on policy events and issues regarding security and performance. This information, similar to the expert information on the other versions, is focused, detailed and extremely easy to read, making the product stand out among the competition.
AirMagnet's help system is concise and presents useful information about all of the product's components.
The last view the console offers is the chart view, which presents trends in several visual ways. Users can instantly view graphs on topics such as event trending, event summary, top access points or
The chart view of the console reveals AirMagnet's most apparent shortcoming. The product features little capacity to make charts. In addition, it requires a reporter module to provide roughly 50 SQL queries with the ability to export graphs and reports in HTML coding or as PDFs. The price of the module is $2,500 for a 20-sensor system.
All of this information in the console can be presented by location or by policy by selecting the appropriate tab at the bottom of the network tree. By clicking on a deployed sensor in the network tree view, users can see a real-time display of wireless traffic on that sensor.
Although it targets the technically savvy, AirMagnet is a solid product, and its lone shortcoming is the need for users to purchase additional software for report presentations.
If you want to see what's happening on your agency's network and don't already have a wireless intrusion-detection system, you won't be disappointed with AirMagnet's tool.
Garza is a freelance author and network security consultant in the Silicon Valley area of California. He can be reached at firstname.lastname@example.org.