AirMagnet Distributed System
Collects a great deal of information that is analyzed at the source, thereby minimizing the amount of data sent over the network.
There is potential to make the set-up process more intuitive, but the documentation does a good job of guiding users through the steps.
A well-designed offering. Firms should look at version 4.0 (available as a free upgrade), which came out while we were testing, because it addresses the shortcomings of 3.1 (Build no 1003).
SummaryThe AirMagnet Distributed System has a management server, a management console, and sensors that are placed throughout the network and report back to the server using wired 10/100 Ethernet.
The sensors detect unauthorized wireless connections, enforce policy, monitor network performance, and incorporate signature-based intrusion detection mechanisms.
The sensors, which can analyze 802.11a/b/g traffic, can be hardware and software implementations for Windows and Linux. We reviewed the hardware version, which analyzes at the capture point, minimizing traffic across the WLAN.
We had to follow three installation procedures during the setup. We first installed the management server from the CD in a central point on the network, after which the server runs in the background on the host computer and is accessible via a standard web browser over a secure https connection.
One should pre-configure the sensors so they can be deployed in a plug-and-play state. We connected a computer directly to the sensor with an RJ45 Ethernet crossover cable then accessed the configuration interface using a web browser. During configuration, we identified the server using a secret shared key or password and set the sensor name and IP address, before deploying the sensor. The final part of the installation procedure is the management console. This can be installed on any network-accessible machine by connecting to the server and downloading the console installation image. The console can then be launched and accessed using the logon and password chosen.
The sensors report security alerts and performance information to the management server which runs a SQL database. The database is accessed via the management console, which has sensors organized in a tree enabling one to rapidly assess the network status.
The console features a list of APs and related security alerts. The AirMagnet analysis engine can detect 12 types of denial-of-service attacks and suspicious events like rogue APs, clients sending traffic unencrypted or using default security settings, spoofed MAC addresses, and wardriving and probing activities.