Wireless local-area networks (WLANs) bring a host of advantages to the enterprises that deploy them. They foster creativity of the most positive sort by enabling users to roam freely within the network's range. Unfortunately, however, that same free access can leave the enterprise open to mischief or worse. With 60% of enterprises having some sort of WLAN access, the Gartner Group recently predicted that WLANs pose the largest security problem through 2008. Enterprises with WLANs have seen numerous high-profile assaults on their networks' integrity ranging from the hijinks of hackers to more malicious intrusions with criminal intent. Wi-Fi security threats can range from rogue and misconfigured access points to client misassociation (clients connecting to a neighbor's Wi-Fi network) and ad-hoc networks (clients connecting to other clients on the network).
Fortunately, some creative approaches to safeguarding Wi-Fi networks are entering the market. One approach is AirTight Networks' SpectraGuard 2.0 (SEE FIGURE). AirTight Networks recently changed its name from Wibhu Technologies. It also received a round of venture funding. In the wake of those developments, the company offers SpectraGuard 2.0 firewall as a means of achieving the same level of security that is enjoyed by users of wired networks.
SpectraGuard is built around what AirTight calls the SpectraGuard Policy Management Server. This server is available as either a rack-mount appliance or in a software-only version. For 24-to-7 RF monitoring, the server uses sensors that are physically distributed throughout the enterprise. Device locations are displayed on a floorplan. They also are modeled by site-specific parameters, such as RF propagation and Wi-Fi-equipment characteristics. The firewall's coverage ensures that there are no security "blind spots." In addition, it allows for redundancy planning while providing visual confirmation of wireless access points.
The firewall instantly detects all RF activity within sensor range. Next, it automatically classifies all Wi-Fi devices and events as either authorized, external, or rogue. AirTight's auto-classification technology eliminates both false positives (spurious alerts and alarms caused by external neighboring activity) and false negatives (undetected intruders connecting to the network).
An intrusion-prevention system instantly blocks rogue and misconfigured access points. Plus, it automatically terminates insecure or unauthorized client connections. Wireless firewall systems "flood the air" to deny access. In contrast, SpectraGuard 2.0 uses the minimum amount of bandwidth and RF emissions to block rogue accesses and other unauthorized activity on the network.
Thanks to the precise location tracking of all Wi-Fi devices and events, enterprise users can pinpoint a rogue device or security event within a few meters. It can then be displayed live on an RF map of the building or campus. This approach facilitates a quick physical response to the security threat.