Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Always-On WLAN Monitor: Page 3 of 5

Sensor configuration is controlled within the policy manager. Options include channel scanning, allowed WEP (Wired Equivalent Privacy) modes, authentication modes and allowed data rates. These are accessed and changed by right-clicking on the individual sensor. You can also define performance-policy parameters--maximum associations allowed, number of different types of frames allowed and number of bytes allowed based on types of frames for stations and APs--and manage vendor-specific policies.

The vendor policy, used to detect identity thefts such as spoofed MAC addresses, is supported through AirDefense's OUI (organizational unique identifier) database for all major WLAN vendors. I tested this by specifying the use of a Cisco device at one of the locations and spoofing a MAC address. The sensor was sensitive enough to pick it up. The system also could detect the NetStumbler and AirMagnet probes I performed on our test network, listing them as possible attacks. And it generated alarms when a Windows XP device tried to scan the network to connect to any available AP.

Good
• Provides granular control of network policy violation reporting
• Good overall performance monitoring and reporting capabilities
Bad

• Expensive
• Slow-loading Web management console
Vendor Info
AirDefense Guard 3.0, starts at $15,000. AirDefense, (770) 663-8115, (877) 220-8301. www.airdefense.net

In addition to setting policies by sensor, APs or individual station, you can apply policies based on allowable hours of operation.