[unisog] Wireless IDS Options

Frank Bulk frnkblk at iname.com
Wed Jun 1 15:47:01 GMT 2005


Look for a review from NWC in the June 23rd issue.  A review from last
year's issue can be found here:
http://www.networkcomputing.com/showitem.jhtml?articleID=18200309&pgno=1

Here's a pretty comprehensive list of some wireless IDS/distributed wireless
security monitoring systems:
AirDefense
AirMagnet
AirTight Networks
BlueSocket's Bluesecure
Cirond's AirPatrol
Highwall Technologies
Network Chemistry
Network Instruments
Newbury Networks
Red-M
WildPacket's Omni3

Regards,

Frank Bulk


-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Dean De Beer
Sent: Tuesday, May 31, 2005 11:57 AM
To: 'UNIversity Security Operations Group'
Subject: RE: [unisog] Wireless IDS Options

Thanks Michael,

We did look at the WLSE Engine as a possible solution as we do use Cisco
access points. We felt that it was great for managing the access points but
aside from rogue AP detection/mitigation it did not offer the IDS/IPS
functionality that we're looking for.

Looking at a few of the other posts we might revisit Airmagnet as an option
(although price is still an issue). We  are looking at RFProtect and
BlueSecure  as possible solutions. Both also received good writeups in SC
magazine this month. While Kismet meets most of our requirements we are
still working out the cost of the sensor hardware and setup as compared to a
commercial offering.

Dean

-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Michael Holstein
Sent: Tuesday, May 31, 2005 9:11 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Wireless IDS Options


Dean,

If you use Cisco access points, their WLSE (Wireless Lan Services
Engine) can locate rouge AP and clients, even using Cisco compatable
(CCX) cards to cooperate in the effort.

You can install a CAD drawing of the buildings in the software,
mark/identify the access point locations, and when a problem happens, you
can look on a blueprint as to the "buest guess" as to where it is based on
RSS of the nearest APs on that channel/MAC.

It has a bunch of other features .. read about it here :

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/index.html


Cheers,


Michael Holstein CISSP GCIA
Cleveland State University _______________________________________________
unisog mailing list
unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog



_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list