Red-Alert rides herd on wireless devices
- By Victor R. Garza
- Oct 13, 2003
Monitoring an agency's wireless terrain to ensure compliance with security policies requires constant work. Red-M Inc.'s Red-Alert offers a low-cost solution for monitoring wireless local-area networks and devices based on Bluetooth wireless technology.
The first thing I liked about the probe was its size. Resembling an oversized portable CD player, this wireless sensor was extremely easy to set up. And once running, it performed well, finding both authorized and unauthorized wireless access points and clients.
Installation involved plugging the Red-Alert sensor into my wired network and powering it up. The stripped-down Red Hat Inc. Linux appliance has embedded Bluetooth hardware, 802.11b technology and a Web server. The sensor also has a single light on its silver chassis that changes color depending on the state of the sensor.
Red-M states that an unobstructed Red-Alert sensor can cover 45,000 square feet. Testing didn't show quite that large an area of coverage, and the Red-Alert sensor missed wireless devices that were picked up by an AirMagnet Inc. handheld and an AirDefense Inc. Guard sensor. But Red-Alert's price tag of $799 more than makes up for its smaller coverage area.
Discovery reports are found on Red-Alert's Web page, which is broken into several primary sections. The events section lists all wireless devices and subsequent events that the sensor has discovered. Each event is numbered in order of discovery, along with a date/time stamp and a fairly verbose description of what was discovered and what the discovered device was doing at the time, including if Wired Equivalent Privacy encryption was enforced between access points and client connections.
The event page shows one major fault in the Red-Alert product, which is its inability to correlate individual events. With nearly 600 events discovered in 10 days — a large number of which are duplicates — the product begs for a tool for correlating events.
Red-Alert has one other notable limitation: Each sensor requires its own IP address and, accordingly, a separate Web browser window to monitor the sensor.
If your installation or agency is on a tight budget and you want to ensure wireless policy compliance, deploying a few Red-Alert sensors is an inexpensive and trouble-free way to monitor the wireless devices on your network.
Garza is a freelance author and network security consultant in the Silicon Valley area of California. He can be reached at [email protected]