AirMagnet is introducing a new version of its distributed WLAN monitoring platform: The updated platform includes a completely new user interface, new rogue detection blocking and tracing, and policy management features.
AirMagnet customers place sensors throughout their WLAN network which sniff the air for unauthorized APs. From a central console, network administrators can view every AP in the network, including those in remote offices that may be around the globe. In the previous version of the product, the sensors could only identify rogue APs when their MAC address wasn't authorized. Now, the sensors can identify rogues based on manufacturer, MAC address, and SSID.
If a rogue AP is found, it can be remotely disabled essentially by jamming it. "But that doesn't pull its socket out of the wall which is what you want to do," said Rich Mironov, vice president of marketing for AirMagnet. Administrators can set how they'd like to be notified if a rogue is detected, including via a pager, and then they can go to the location of the rogue and physically disconnect it.
Users can also identify APs that might be in range of a sensor as a neighbor AP. The feature would be useful for companies located in office buildings where a nearby company may also have a WLAN with signals that bleed into the next door office. Once an AP is set as a neighbor's, the AirMagnet sensors won't send alarms based on its settings.
The sensors also flag APs that use the manufacturer's default password. Using the manufacturer's password is a security vulnerability because anyone could find out what that password is and use it.
The AirMagnet sensors can also be set to monitor security policies, which may differ from AP to AP. Any time those security policies are breached, the sensors alert the administrator.
Mironov stresses that the platform doesn't just identify issues. "It's a network overlay to diagnose problems and tell users what to do," he said. For example, when the sensors find an AP using the manufacturer's password, the software describes to the administrator why that's a problem and recommends that the administrator change the password.
AirMagnet's platform is often criticized by the new WLAN switch vendors because AirMagnet requires customers to deploy a separate network of sensors to monitor the air. "I agree in principle that the monitoring should be built in," said Mironov. Ultimately, he hopes that an AP vendor will license AirMagnet's technology and combine AirMagnet sensors in the APs. Ideally, such an AP would include two radios: one that sends and receives data for users and one dedicated to monitoring the air. Otherwise, the APs would monitor for rogues the way that the WLAN switch systems do. Currently, APs from WLAN switch vendors quickly switch the radio to monitor mode, during which time they aren't transmitting data for users.
In addition, Mironov says that a separate overlay solution like AirMagnet's may always be ideal for enterprises that use APs from a variety of vendors.