AirTight Networks is a newcomer to the European wireless security market, but aims to stand out by providing a solution capable of detecting wireless access points and classifying them automatically.
SpectraGuard Enterprise is also dramatically different from most wireless security solutions in that it doesn’t take a total approach or anything to rogue APs and clients. Most believe that any PA they do not recognize as dishonest and, if they have activated the isolation, will attack them. Very real problems can occur when companies are close to other companies with their own wireless networks, which makes the dispute risky.
Although SpectraGuard also offers isolation, this device-based solution uses sensors that are only for monitoring, enforcing security policies and tracking location. SpectraGuard uses an obvious test when it detects a new AP, because all you need to know is if it’s connected to your network. The sensors send a broadcast packet over the wired network and check if it can be received over the wireless network. If it is confirmed that the AP is connected to your wired network but not on the authorized list, then it is dishonest. If the AP does not have a cable connection, it is left alone.
In essence, SpectraGuard may allow APs and authorized customers to associate with each other and will block authorized customers’ access to external and unauthorized APs, but will not interfere with external APs and unauthorized customers. Wireless clients that connect to an authorized AP and establish a viable session are placed on the authorized client list, but if they associate with an external AP, they will not be allowed to join the protected network.
SpectraGuard can also prevent internal wireless clients from accessing external networks other than its own, preventing incorrect client association and stopping the use of APs as songs.
For testing, we placed the device and a sensor in our lab and placed two more sensors about 50 m apart in a triangle of decent size, running them all over PoE. Little goes through the sensors while monitoring the 2.4 GHz and 5 GHz frequencies and they will see anything on the 802.11 spectrum. We let the system run for a few days and it detected 24 access points and 55 wireless clients. All APs were classified as external because we knew none of them were connected to our test LAN and all clients were classified as unauthorized. I placed a Buffalo Wireless-G AP in the lab and SpectraGuard picked it up in seconds, placing it on their external list. Then I powered a PC with a D-Link 11g wireless PCI card, which was also considered unauthorized. When we add a 3Com AP running from the lab’s PoE switch,
The Java administration interface panel clearly shows all the action. We chose our malicious AP from the main list and were able to see all the details about it, including traffic statistics and associated customers. From the drop-down menu we could authorize the AP, we can quarantine it or we can place it on a forbidden list. Selecting the option from the Location menu opens a graph showing which sensors have detected it and their distances. We imported a JPEG plan of our building and, after placing the sensor icons inside it, we were able to identify the AP position in a few meters.
SpectraGuard will only enforce compliance after you have created the policies. We’ve chosen to block only rogue access points and run the policy with just a few mouse clicks. We were surprised by the speedy justice of SpectraGuard. The wireless client PC entered the blue screen a few seconds after activating the policy. AirTight has warned us that this can happen as the sensors bombard the client’s wireless adapter with rejection packets, which can lead to buffer overruns and Windows hardware failure. But the PC was unharmed. However, the only way we could use it was to prevent it from trying to associate with dishonest PAs, remove it, or disable the policy.
SpectraGuard policies can be used to enforce anything from a wireless requirement to a ban on ad hoc networks. You will get a lot of reporting tools, allowing you to schedule queries in areas such as security events to run regularly and be produced in HTML or saved as XML. Another useful option is the SpectraGuard SAFE client, which installs transparently on laptops and enforces policies when users leave the premises.
To increase your profits, AirTight Networks’ response to dishonest isolation compares well with the well-known market price.