Product Group Tests
Wireless Security (2008)
For its excellent value, ease of use and performance we rate AirDefense v7.3 our Best Buy.
Our Recommended product is AirMagnet Enterprise v8.0 thanks to its ease of use and good value.
Full Group Summary
Back in January 2005, Dell'Oro Group predicted that the wireless LAN market would grow to $4.3 billion (£2.2 billion) by 2009. CRN reported early last year that the market had actually surpassed $3.6 billion (£1.8 billion) in 2006. If that is true, the numbers predicted for 2009 can't be far off now. The drivers behind this growth are the vendors of wireless products, notably Cisco. The new, if hotly debated, 802.11n standard is likely to play a major part in pushing the WLAN market. Virtually all the products we tested support 802.11n in some way.
The products we looked at this time constitute a somewhat smaller group than last year. What is interesting about this batch is that three of the five products are new to our labs. These solutions are all part of larger, integrated systems. One product appears in both of our groups in somewhat different guises. This points to the convergence of functionality that includes both wired and wireless security. In one case, endpoint security can be added.
What 802.11n will mean
The key advantage of 802.11n is speed. The top end speed is 248Mbit/s as opposed to 54Mbit/s for 802.11g. This gives an average expected throughput of 74Mbit/s, far faster than the previous average 19Mbit/s. One way 802.11n achieves higher throughput is via the use of multiple input/multiple output (MIMO) technology. This requires multiple transmitter and receiver antennas, as well as aggregation in the medium access controller in the physical layer. The range for 802.11n access points is also about double that of 802.11g. But the standard is not without problems.
These mainly relate to a patent battle. The Commonwealth Scientific and Industrial Research Organization (CSIRO) holds the patent and has, as of last September, refused to provide the IEEE with a letter of assurance that it won't sue over patent infringement. This has not stopped most vendors from betting on an eventual solution to the apparent impasse.
One major difference between last year's review and this one is the improved forensics availability. Tracing wireless events with forensic certainty is beginning to reach maturity. Make sure that you choose a product with solid tracing and reporting capability that supports emerging wireless security requirements such as rogue access point identification and location, centralised logging and auditing.
Most of the products we looked at do most of the things you will need. If you have a widely geographically distributed enterprise, for example, the need for centralised monitoring, along with local monitoring options is important.
How we tested
In some regards, testing these systems is not much different from testing any IDS/IPS. Use the usual vulnerability assessment and penetration tools and treat it exactly as you would a wired network. However, once those tests are complete, the next set is unique to a wireless network. These include rogue access point detection, attempting to break encryption and trying to reconfigure access points. Rogue access point detection has two important facets. First, can the system detect the existence of a rogue access point? Second, can it detect their location?
Wireless security systems should be tested regularly. A good wireless security product should be able to detect and locate a rogue access point on your network. Simply walking your enterprise with a copy of Network Stumbler is no longer an option in today's large enterprises. However, we know of organisations that still use that approach.
Overall, this was a good bunch of tools. They all provided core functionality, although not all have robust AP location capability and some offer better reporting than others. These products tend not to be crushingly expensive, so cost should not be a major factor in deciding to implement wireless security. The differences between having exactly what you need and "making do", however, are not large enough to prevent you from buying exactly the product that will support your infrastructure.
Remember, as your enterprise approaches the 80 per cent wireless predicted by some, what you spend on protection is trivial compared to the potential risk of opening up your enterprise to enterprising attackers.
Mike Stephenson and John Aitken contributed to both group reviews this month
- For details on how we test and score products, visit http://www.scmagazineus.com/How-We-Test/section/114/