Monitoring wireless traffic

Distributed wireless monitoring solutions usually feature remote sensors that sit near 802.11 access points or

areas with a no-wireless policy and continually monitor the air and a server appliance or software to analyze wireless traffic. This enables network administrators to develop a profile of all wireless devices within radio range.

AirMagnet Inc.'s appliance, for example, can identify rogue devices by a radio band, Media Access Control address, service set identifier (SSID) and manufacturer. When a rogue device is detected, AirMagnet's appliances can block it directly, perform a trace from the wired network to locate it, and disable it with a handheld device or by reconfiguring the existing network infrastructure to turn it off.

Typically, the appliance or software analyzes the traffic collected by the sensors in real time to identify rogue wireless local-area networks, detect intruders and attacks, enforce network security policies and monitor the network's health. A signature-based engine, for example, compares traffic characteristics to those of known intrusion attempts or attacks. A separate engine may be used to monitor usage of specific access points or to ensure that agency policies are being followed.

Handheld analyzers use Microsoft Corp.'s Pocket PC operating system or a Linux-based operating system to receive wireless traffic from access points and clients. For example, Fluke Networks Inc.'s WaveRunner gathers information from wireless traffic as the user moves and displays information, including a list of wireless devices, access points, SSIDs and associated clients, and channel-activity traffic analysis.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected