Despite valiant attempts by AirDefense's team to stem alarm floods, the alarms (albeit consolidated ones) streamed into the console in one-minute intervals. One attack could generate as many as five violations. Although our tests showed that event correlation is difficult, we'd like to see more from the self-proclaimed leader in wireless IDSs. To AirDefense's credit, with some tuning and adjusting of our policies, we could condense the volume of new events to be summarized from dozens down to just five or six alarms. Alarm notification, on the other hand, can be configured so that a continuous alarm pages the administrator only every 30 minutes.
One of AirDefense's strengths is Guard's granular security- and management-policy configuration. We could assign different security policies to APs or let certain stations connect to only some APs. Guard's new Live View feature let us do simple packet decoding, though packet capturing is still a tedious process of enabling a sensor capture, disabling it, and then converting and retrieving the resulting file from the server.
If you're an administrator concerned about the volume of data your wireless monitoring system sends across your WAN, you can set rate throttles on each sensor to bring transfer rates to the server as low as 9.6 Kbps. Unlike AirMagnet's Distributed, whose SQL database receives data in a store-and-forward system from sensors, AirDefense constantly streams updates from the sensors to the management server. Comprehensive data is gathered in one-minute intervals, which let us run reports on which APs a client had connected to during the day and how much traffic was exchanged.
Guard initially didn't do well detecting our attacks. After working with AirDefense, we discovered a bug with scanning channels and simultaneously identifying certain attacks. Once we locked our sensors down to a specific channel, Guard identified key aspects of DoS disassoc, deauth and MAC spoofing attacks. Although it could detect the software AP daemon and ad hoc networks accurately, Guard delivered a false positive for a NetStumbler scan that turned out to be one of our test laptops pinging an AP. AirDefense acknowledged that its NetStumbler signature needs some tweaking.
True to its IDS nature, Guard offers SNMP traps, syslog and e-mail notifications. It also works with systems-management platforms..
Pending 6GHz spectrum availability, faster speeds, and private wireless access use drive FWA forward.
The new HPE Aruba 730 series Wi-Fi 7 access points tout high performance, enhanced security, location tracking capabilities, and more.
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
