AirMagnet attracts rogue signals
- By Susan M. Menke
- Mar 08, 2004
AirMagnet 4.0 samples the air, but it's not sniffing for pollutants. It's eavesdropping on wireless traffic.
The new version of the IEEE 802.11x wireless LAN security monitor from AirMagnet Inc. 'hears the conversations of all wireless access points, clients and stations on an enterprise network'not just the ones you know about,' said Rich Mironov, marketing vice president of the Sunnyvale, Calif., company.
'We ask in advance before we demonstrate,' Mironov said, 'and we discover that customers have 40 percent to 100 percent more clients than they thought.'
An administrator can walk around with AirMagnet running on a notebook PC or pocket PC to find illegal use, but 'it's easier to mount sensors in important places,' he said.
A 6- by 9-inch AirMagnet sensor has two antennas, one to eavesdrop on wireless traffic and the other to talk to its Ethernet administrative console, which runs under Microsoft Windows 2000 or XP.
One sensor, he said, can cover the physical space of about six access points on all three of the current 802.11 bands: a, b and g. A wireless network with 24 access points would need five to six sensors, costing around $8,000 including software. Additional sensors cost $750 each.
The sensors have built-in AirWise expert system software to make suggestions to the administrator's console. Optional Reporter software can produce 50 types of canned reports showing green, yellow, orange or red bands to indicate good to bad user authentication, configuration vulnerabilities, rogue clients and access points, or other traffic parameters.
The report information can be fed into enterprise network management systems such as Computer Associates Unicenter, Hewlett-Packard OpenView and IBM Tivoli.
Clicking on a sensor twice initiates a live connection to it. 'You can block a rogue remotely, or stop someone using the default Tsunami password' for Cisco Systems Inc. service set identifiers, Mironov said.