Strengths: Unique classification methods, good value, easy deployment, tough containment policies, accurate location tracking included
Weaknesses: Containment method may be too ruthless for some, console can be slow
Verdict: A unique wireless security solution with a smart auto-classification feature that allows you to safely and effectively contain rogue AP and clients
AirTight Networks aims to live up to its name with this unique wireless security solution that can automatically classify and control access points (APs) and wireless clients. SpectraGuard Enterprise tackles containment in a very different way to other solutions. Most vendors class all unknown APs and clients as rogues, which means they will be attacked with deauth packets, causing AP and client to disassociate. A great idea, but other businesses near your location are likely to take a very dim view of their wireless networks being disrupted.
Deployed as an appliance, SpectraGuard uses sensors that monitor both 2.4GHz and 5GHz frequencies and can see anything in the 802.11 spectrum. The sensors do not provide any access-point services and are designed to work alongside your existing wireless network. SpectraGuard only considers an AP a rogue if it is not authorised and has a wired connection to the protected LAN. An AP that is wirelessly active but not physically connected to your network is considered external. The sensors send a broadcast packet through your wired network and see if they can receive it back from the AP over a wireless connection. For Layer 3-routed networks the sensors do this in reverse.
The sensors monitor all client activity and can automatically classify them as well. Any client that associates with an authorised AP and successfully authenticates is put on the SpectraGuard authorised list. If the sensors spot an authorised client connected to an external AP it will be reclassified and will not be permitted to join the protected LAN.
The box lets you control what resources wireless clients are allowed to use. You can stop them from accessing external APs that could circumvent internal security procedures and you can also prevent incorrect associations, effectively blocking external APs being used as honey-pots or evil twins. Although not provided for review, the optional SpectraGuard SAFE client can protect users when they're out on the road as it installs transparently on their notebook and enforces policies.
We found SpectraGuard simple to deploy. We placed the appliance and one sensor in our lab and positioned two more sensors over PoE further out in the building, around 50 metres away. The sensors use triangulation for location-tracking, so we created a good sized triangle to test accuracy. The device is remotely managed via a Java application, which was sluggish at times. However, it does provide a wealth of information as its dashboard view shows lists of all detected APs and clients, their classification, any quarantined devices and security events.
The system worked flawlessly during testing, discovering 25 APs and more than 60 wireless clients. We knew none of the APs were wired to our test network and SpectraGuard classified them all as external, while all clients were correctly placed on the unauthorised list. We then added an AP that was powered from the lab's PoE switch and this was put on the rogue list within 20 seconds.
Nothing happens until you activate your policies, which can be set up very quickly. You can go for a straight no-wireless policy or declare authorised APs where you can import a list or select from those already detected and declare permitted services and encryption schemes. We opted to contain rogue devices only and SpectraGuard soon meted out a swift punishment to rogue devices.
We had a Windows Server 2003 system with a wireless PCI card installed and connected to the rogue AP, and within seconds of activating our policy it blue-screened. AirTight said that this is a distinct possibility as the wireless adapter is being hit by so many deauth packets from the sensors that it can cause a buffer overflow, which Windows sees as a hardware fault. We must stress that no test system was harmed in the making of this review and the server worked perfectly once we had removed the offending AP.
Location tracking worked well, we could select the rogue and see which sensors had spotted it. We imported a map graphic of our office complex and, after placing icons of the sensors on it, we found accuracy could be as good as two or three metres. Reporting is also particularly detailed as you have a big choice of industry-standard compliance reports to pick from and can create custom ones for areas such as security events, attacks and rogue APs.
We think SpectraGuard Enterprise offers an interesting new angle on wireless security and very good value. Its containment features are very effective, and the fact that it can auto-classify APs and clients means activating these security policies is no longer fraught with danger.