[unisog] Wireless IDS Options

Jim Dillon Jim.Dillon at cusys.edu
Fri May 27 16:57:37 GMT 2005


I've been pretty impressed with some of the demos I've seen of Airmagnet products, but they cost, and I don't have a real world recommendation for you.  If anyone uses the Airmagnet products, it would be good to hear your review, up or down. I'm considering a purchase if I can get some good recommendations. 

My "drive bys" for audits used basic client software, netstumbler, and a tool I think was called Etherpeek, about a $3k piece of software, a couple years ago mind you, but it appears to me you can get the same and more functionality out of a Knoppix STD setup these days. (Includes Kismet amongst other tools.) The one thing you have to do is load some external data storage source, thumbdrive or something for data collection.  There are rules/scripts out there for doing this.  It is almost past my technical skills to do so anymore, but shouldn't be a problem for most on this list.  Not a great solution for ongoing IDS, but OK for an auditor with occasional discovery audits.

I think the Airmagnet products deserve a look at least.  I know they produced 3 dimensional diagrams of AP location that looked real impressive on the demo I watched, but of course caveat emptor.

Best regards,

Jim

======================================
Jim Dillon, CISA
IT Audit Manager
University of Colorado
jim.dillon at cusys.edu
Phone: 303-492-9734
Dept. Phone: 303-492-9730
Fax: 303-492-9737
======================================


-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org]On Behalf Of Dean De Beer
Sent: Thursday, May 26, 2005 3:24 PM
To: 'UNIversity Security Operations Group'
Subject: [unisog] Wireless IDS Options



Hi All,

I was wondering what solutions/products everyone is using to monitor
wireless traffic? Currently we are not looking at the traffic until it
arrives on the the switch the AP is connected to. We have snort sensors
monitoring this traffic and are testing Radware's Defense Pro. We use
Bluesocket's wireless gateways to manage logins via RADIUS, VLANS, etc...
And have been looking at their intrusion prevention product Bluesecure as a
solution for monitoring wireless traffic. It seems very similar to RFProtect
but has the added advantage of easy intergration with the wireless gateway.
Is anyone using open source products like Kismet at all?


Cheers,

Dean


Dean De Beer
Manager, I.T
Plaza College
Jackson Heights, NY



_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list