[unisog] Wireless IDS Options

Dean De Beer ddb at plazacollege.edu
Tue May 31 16:57:14 GMT 2005


Thanks Michael,

We did look at the WLSE Engine as a possible solution as we do use Cisco
access points. We felt that it was great for managing the access points but
aside from rogue AP detection/mitigation it did not offer the IDS/IPS
functionality that we're looking for.

Looking at a few of the other posts we might revisit Airmagnet as an option
(although price is still an issue). We  are looking at RFProtect and
BlueSecure  as possible solutions. Both also received good writeups in SC
magazine this month. While Kismet meets most of our requirements we are
still working out the cost of the sensor hardware and setup as compared to a
commercial offering.

Dean

-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Michael Holstein
Sent: Tuesday, May 31, 2005 9:11 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Wireless IDS Options


Dean,

If you use Cisco access points, their WLSE (Wireless Lan Services 
Engine) can locate rouge AP and clients, even using Cisco compatable 
(CCX) cards to cooperate in the effort.

You can install a CAD drawing of the buildings in the software, 
mark/identify the access point locations, and when a problem happens, 
you can look on a blueprint as to the "buest guess" as to where it is 
based on RSS of the nearest APs on that channel/MAC.

It has a bunch of other features .. read about it here :

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/index.html


Cheers,


Michael Holstein CISSP GCIA
Cleveland State University _______________________________________________
unisog mailing list
unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog





More information about the unisog mailing list