AirMagnet: wireless IDS/IPS overlay solutions
Yesterday, I attended AirMagnet's lunchtime seminar here in NYC entitled "Best Practices for Securing Your Wireless LAN." AirMagnet CTO and Founder Chia-Chee Kuan spoke about their new Enterprise 8.0 software which provides intrusion-detection/-prevention systems (IDS/IPS) for wireless local area networks (WLAN).
While the major wireless infrastructure vendors such as Aruba Networks, Cisco Systems, Meru Networks, Symbol Technologies and Trapeze Networks have been implementing 802.11i, the IEEE 802.11 standard specifying security mechanisms for wireless networks which was ratified over 3 years ago, some companies or institutions that need to be security-conscious as well as submit to audits for regulatory compliance might want an extra security resources that overlay these vendors' installations.
Federal compliance laws which mandate device-level compliance auditing and reporting include:
- Healthcare Insurance and Portability Act (HIPAA)
- Sarbanes Oxley (SOX)
- Federal Information Security Management Act (FISMA)
- Department of Defense (DOD) directive 8100.2
- Payment Card Industry Data Security Standard (PCI-SS)
- Gramm-Leach-Biley Act (GLBA)
The desired extra security resources include the specialized monitoring tools offered by the WIDPS (wireless IDS/IPS) vendors such as AirMagnet. These systems involve the use of sensors, in addition to access points (AP), that can keep a log of network attacks by the various popular schemes (rogue APs, man in the middle, denial of service, etc.). These sensors can also detect and characterize RF interference which is important considering that Wi-Fi operates in unlicensed spectrum, at 2.4 GHz and 5 Ghz. Devices ranging from a microwave oven to a Sony PSP gaming handheld using an ad hoc Wi-Fi network could create trouble. The industrial, scientific and medical (ISM) radio bands can operate in this range, so special consideration must be made for the hospital or clinical setting.
Even though security will always be a main concern, the capabilities of WLANs will expected to include a full portfolio of wireless services besides data, such as VoFI (voice over Wi-Fi), video, and internet access for customers. These security solutions can't diminish the robustness required for these other services. You can also add ensuring adequate coverage in all areas of a facility as another factor that has to be considered.
This is just a basic overview of the WIDPS vendors, which besides AirMagnet include AirDefense, Highwall Technologies, Network Chemistry, AirTight Networks, Airwave, Bluesocket, Cirond Technologies, Colubris Networks, Madge Networks, Newbury Networks, and Red-M Group. You can see that there are quite a few WIDPS vendors providing pure-play services that limits them to a niche market.
The major wireless infrastructure vendors do have special relationships with particular WIDPS vendors. From what I understand, AirMagnet has teamed up with Aruba and Xirrus. Since there was a Cisco rep at yesterday's meeting, I suspect they can also be included.
I know in this post I didn't get into the features of AirMagnet's latest wireless security offerings, but I wanted to do this overview first. This field certainly needs to be understood by more than just the IT folk who are coming from the wired world. For health care, it's important for doctors, nurses and other health professionals who are using these systems be aware, at least the basic level, so that they can provide input into how choices are made regarding wireless security in their workplace.
