It was nearly impossible to traverse a
significant part of the show floor at this year's Networld+Interop
without encountering solutions that dealt with the thorny issue of
Indeed, when it comes to the threat matrix associated with wireless
security, there are many issues demanding attention: everything from
keeping unauthorised wireless users off wireless local area networks
(WLANs) to making sure that the traffic flowing through a WLAN is
encrypted in a way that keeps the payloads safe from prying eyes.
Although most wireless security solutions target organisations that
have deployed wireless networks, there is a class of solutions that
target all companies -- even those that haven't deployed wireless
networks. These solutions detect the existence of rogue access points.
(An access point is a transceiver that connects devices on a wireless
LAN to the wired infrastructure. A rogue access point is not authorised
by an organisation's IT department for operation.) Setting up an access
point is child's play. In addition to plugging the access point into a
power source, all one has to do is connect one end of an Ethernet cable
to an available Ethernet port, connect the other end to an access point
and voila! A new Wi-Fi WLAN is born.
Not all rogue access points are malicious. Until my IT department found
out about it and asked me to shut it down, I ran a rogue access point
for almost two years (long before Wi-Fi was popular). So early was it
in the history of Wi-Fi, that the software for setting up, managing,
and securing my Lucent-based 802.11b WLAN was both proprietary and not
very user friendly. Knowing that hardly anyone was using Wi-Fi at the
time, I didn't bother securing it. Eventually, the company standardised
on a single vendor's technology for deploying and securing WLANs and,
knowing about my access point through the grapevine, the IT department
saw my rogue WLAN for what it was: a back door that bypassed all of the
hard work and planning that went into building a secure Wi-Fi network.
Nick Miller, CEO of wireless management solution provider Cirond, put
the problem in simple terms. "Companies spend thousands upon thousands
of dollars and man-hours on network security," said Miller, "and all it
takes is a $30 access point to render that investment useless."
Why set up a rogue access point in the first place? I can
imagine at least three scenarios that could result in rogue access
points. The first of these is where people with wireless networks at
home and at work are having difficulty with home-work interoperability.
Though software is making it easier to move back and forth between the
two, I've had this problem and I also know that the easiest solution is
to have the same kind of access point in both locations.
In the second scenario, people have a wireless network at home, but
none at work. Once people catch wireless fever at home, they want it at
work, too. If, for security or budgetary reasons, their company's IT
department is unwilling to provide it, many overzealous workers are
willing to install one for themselves.
In the third scenario, someone outside the organisation --
usually someone with malicious intent -- gains access to a physical
Ethernet port on the company's network and surreptitiously connects an
access point to it. Depending on where that port is (for example,
underneath a desk in an unused cubicle), such "deployments" can easily
escape physical detection.
The last two scenarios are particularly noteworthy since they could
introduce wireless security problems to companies that have, for
whatever reasons, no deployments of wireless technology.
So high on the radar is the rogue access point problem that a
demonstration involving the surreptitious installation and subsequent
detection of one was included in Cisco CEO John Chambers'
Networld+Interop keynote speech. Cisco is one company of many that
offer methods and products for detecting rogue access points. In fact,
finding a solution isn't the challenge. The challenge is in finding a
solution where you don't pay for functionality that you already have.
At Networld+Interop, I spent time with executives from Cirond and Lockdown Networks,
both of which offer hardware-based solutions for locating rogue access
points. Whereas Lockdown Networks sees rogue access point detection as
a part of the larger problem of vulnerability management (wired or
wireless), Cirond sees it as a part of the larger problem of wireless
network management. Both companies' offers demonstrate how it's
impossible to get everything you might need -- vulnerability
management, rogue access point detection, and wireless network
management -- in a la carte fashion from best-of-breed vendors.
Even the vendors are somewhat challenged when it comes to the
positioning of the product. Cirond's Miller explained how the company's
flagship product, WiNc Manager
(which includes rogue access point detection), is having its name
changed to AirPatrol -- the name also used for the company's mobile (as
opposed to stationary) rogue access point detection solution.
Prior to the change, the company mostly emphasised WiNc's
ability to demystify the management of Wi-Fi security. One of WiNc's
strengths is in its ability to roll out uniform security settings (WEP
keys, key rotation schemes, SSIDs, channel assignments, etc.) to
heterogeneous Wi-Fi infrastructures that involve access points from
multiple vendors. Whereas the evolving 802.11 specifications include
standards for such settings as encryption and network identification,
there are no standards when it comes to the user interface on the
management software used to change those settings. As a result,
deployment of access points from multiple vendors can easily result in
the usage of just as many applications to manage them. WiNc can manage
them all from one console.
But, as rogue access point detection became equally if not more
important than WiNc's other functions, Miller was compelled to change
the product's name.
Unfortunately, if you want rogue access point detection from
Cirond, the only way to get it a la carte is by buying the mobile
product. Otherwise, for the stationary, more industrial strength
version, you must take it with the rest of the management product,
which may include functionality you already have covered (especially if
you've standardised on a single vendor for access points).
Like Cirond, LockDown sells a piece of hardware for detecting
rogue access points. It costs US$5,000. But to get it to work, you need
to own LockDown's $10,000 vulnerability assessment solution called
LockDown Auditor (or, its bigger sister LockDown DataSafe).
Vulnerability management, an important part of layered security,
involves constant testing all systems for known weaknesses or improper
security settings. Like LockDown, most of the numerous solutions for
automating the vulnerability assessment process feature a central
collection point for vulnerability assessment results. In as much as
the discovery of a rogue access point is one of those results, a
central collection point like LockDown Auditor or LockDown DataSafe is
necessary for collecting data from the detection sensor (a.k.a.
When a network management product overlaps a wireless
management product, which overlap a rogue access point detection
product, which overlaps a vulnerability assessment product, which
overlaps an intrusion detection system and so on, an IT manager's
selection process becomes more complicated. While the solutions
themselves looked great, I lament the buyer's dilemma. These days, it's
getting harder and harder to find extremely focused, best-of-breed
products that do one thing and do it extremely well.
David Berlind is an editor with ZDNet.com.