The design and optimal placement of the products we tested vary. Most of the overlay devices perform monitoring from standalone hardware sensors placed throughout your wireless environment, then report back to a management server. Only Network Instruments uses a full-fledged Windows PC, coupled with a client WLAN adapter, to perform monitoring. With this approach, you must place a hulking, expensive device wherever you need RF detection.
Typically, gathered RF information can be viewed elsewhere on the network from a Web page or Windows application or by logging on to the server. Infrastructure vendors operate similarly by aggregating their collected RF data on a server or, in the case of Aruba, in a switch configured as a master. Each vendor maintained that its sensor capabilities far outshine ranges for conventional APs. Our range testing showed that this assertion was correct, though not nearly by the magnitude most claimed. These sensors provide about two to three times the range of a typical AP, so you're likely to need far fewer sensors than APs, but the ratio will vary by vendor and setup. Determining coverage on paper is difficult because the monitors are passive--they don't transmit. The vendors had trouble explaining how to figure out how far each sensor could "hear"--trial and error is the only way for now. Determining AP-to-sensor distribution isn't necessary for the Airespace and Cisco WLANs: Their APs have integrated sensor capabilities.
The solo monitors and the infrastructure devices all take the same basic approach to security: Each listens to your 802.11 traffic by scanning supported channels in the 2.4- and 5-GHz bands and gathers information on rogue APs, possible attacks in progress, exceptions to policies and other details. Despite what the vendors would have you believe, this doesn't really constitute complete WLAN monitoring, since your WLAN traffic doesn't cease when your monitors are listening on different channels. But in a practical sense, the vendors are right: One dedicated monitoring radio per channel isn't feasible, so for now we'll have to rely on scanning.
Dwell time on each channel varies from product to product, and though some traffic will be missed, enough will be seen to paint an accurate portrait of your WLAN. Our tests showed channel scanning is sufficient in most situations; but in the future, multiple radios will provide greater accuracy and flexibility.
AirDefense, AirMagnet, Aruba and Network Chemistry called to our attention their products' ability to identify attacks and anomalous behavior intelligently. Our tests showed that these capabilities are immature. It would be helpful to know exactly which attacks are bombarding your WLAN, but most of the IDSs triggered a hoard of alerts that only hinted at the type of attack in progress. Some attacks, such as MAC address spoofing, are similar to those in the wired world; but others, like deauthentication and deassociation frame floods, which are aimed at severing communication between clients and APs, are unique to WLANs. A common IDS response we saw during a test attack that spoofed APs and then sent out deauthentication packets to connected clients indicated MAC spoofing and deauthentication floods were occurring. Yes, some information is better than none, but we'd like more intelligence and alert consolidation.
Pending 6GHz spectrum availability, faster speeds, and private wireless access use drive FWA forward.
The new HPE Aruba 730 series Wi-Fi 7 access points tout high performance, enhanced security, location tracking capabilities, and more.
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
