Product Details
Product Rating
AirDefense Enterprise
BlueSecure
OmniPeek
Red-Alert PRO and Red Detect
RFprotect
Wireless Site Management
BlueSecure from Bluesocket is our Best Buy. It will track all access points and wireless connections within its sensor range, integrate cleanly into the enterprise, and offer solid management capability. As well as detecting traditional attacks that are simply using a wireless connection as the transport, BlueSecure also detects uniquely wireless attacks. We found the product solid, well-documented and supported and attractively priced. RFprotect from Network Chemistry was a very close runner up and receives our Recommended award. It is also a strong product, only let down by its weak documentation and support.
Wireless security (2005)
Rogue access points can blow your organization's security apart, but there are products out there that will not only find them out, but also offer integrated wireless management, says Peter Stephenson
The wireless security marketplace abounds in diversity, unclear definitions and products that require significant analysis when selecting one for your environment.
Like the wireless world itself, the wireless security products market is still young and, in many cases, ill-defined. However, do not let that stop you from taking a closer look.
There are several classes of wireless security products that we found during our analysis.
Some products offer little more than sniffing. Sniffing in the wireless world is an ambiguous concept, however.
We found products that actually sniff the signal and collect packets for analysis on the spot. We found other products that simply sniff the wire and look for 802.1X packets to analyze.
Another class of wireless security products, moving up a step from the sniffers, is the intrusion detection and, in some cases, intrusion prevention products. At the top of the food chain are the products that integrate into your security management system and add the wireless dimension to it.
For most enterprise applications, products of this latter class are the best bet.
However, beware of products that make this claim. They are often extremely complicated to configure and implement.
For this group review, we conducted more than 125 individual tests on each product, and each test had been specifically designed for the wireless security environment.
Those tests addressed our main categories of ease of use, support, performance, documentation, value for money, and overall rating. Of the six products we reviewed, BlueSecure from Bluesocket edged out RFprotect from Network Chemistry as our choice for Best Buy.
RFprotect, however, is a strongly recommended product.
The features that we most liked in the products we tested were those that allowed us to integrate the product within an overall security strategy.
It was that difference, as well as a significant difference in cost, that caused us to select BlueSecure over RFprotect.
Although both products offer strong capability, we liked BlueSecure just that bit better. While it is rare that this integration can become part of a single point of analysis, the ability to view the wireless environment from a variety of perspectives is very important.
Another strong plus in terms of features is the ability to detect attacks "in the air," rather than wait until packets can be captured on the wire. While it might be argued that stopping attacks at a firewall is the normal network architecture, the truth is that many organizations add wireless access points often without regard for how they fit into their overall security strategy of the enterprise.
A strong wireless security product, integrated with strong policy, can allow an organization to detect rogue stations and remove them as well as allowing the same type of wireless access point pooling that we have come to use routinely with modems.
The notion of wireless access points springing up on desktops and within individual departments is akin to the old problem of unauthorized desktop modems. Both can bypass the security of the enterprise's security architecture.
However, with many of the products we reviewed, we found that there is an ability to detect rogue access points that is far superior to the usual ability to detect rogue modems.
That capability, when added to integrated wireless management and intrusion detection/prevention, makes a very strong offering.
We think that wireless security has quite a long way to go to integrate fully and seamlessly into both an information security strategy and architecture.
However, the six products we reviewed have all made strong starts in that direction.
